Sucuri Security – Auditing, Malware Scanner and Security Hardening - Version 1.8.14

Version Description

This version adds support for the latest version of WordPress. Introduces new features and fixes some bugs reported by the WordPress community as well as bugs found by our automated testing system.

=

Download this release

Release Info

Developer yorman
Plugin Icon 128x128 Sucuri Security – Auditing, Malware Scanner and Security Hardening
Version 1.8.14
Comparing to
See all releases

Code changes from version 1.8.13 to 1.8.14

Files changed (5) hide show
  1. readme.txt +5 -2
  2. src/globals.php +3 -0
  3. src/hook.lib.php +93 -0
  4. src/option.lib.php +1 -1
  5. sucuri.php +2 -2
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate Link: https://sucuri.net/
4
Tags: malware, security, firewall, scan, spam, virus, sucuri, protection, WordPress Security, Login Security, Security Auditing, File Integrity, htaccess, phishing, backdoors, SQL Injection, RFI, LFI, XSS, CSRF, website firewall, Website Security, Performance Optimization, Zero Day, Software Vulnerability, Exploits, Hacks, Attackers, Bad Actors, Reverse Proxy, Two Factor Security, Two Factor Authentication, Security Logs, HeatBleed Vulnerability, Website Protection, Bash Vulnerability, RevSlider Vulnerability, MailPoet Vulnerability, Malware Prevention, Website Security, Website Firewall, Website AntiVirus, Security Response, Security Detection, Security Prevention
5
Requires at least: 3.6
6
Tested up to: 4.9.4
7
- Stable tag: 1.8.13
8
9
The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.
10
@@ -181,11 +181,14 @@ No, it is not required. The Website Firewall runs in the cloud without the need
181
182
== Upgrade Notice ==
183
184
- = 1.8.13 =
185
This version adds support for the latest version of WordPress. Introduces new features and fixes some bugs reported by the WordPress community as well as bugs found by our automated testing system.
186
187
== Changelog ==
188
189
= 1.8.13 =
190
* Add new version of the GPL v2 license file
191
* Remove unused option to reduce number of failed logins
4
Tags: malware, security, firewall, scan, spam, virus, sucuri, protection, WordPress Security, Login Security, Security Auditing, File Integrity, htaccess, phishing, backdoors, SQL Injection, RFI, LFI, XSS, CSRF, website firewall, Website Security, Performance Optimization, Zero Day, Software Vulnerability, Exploits, Hacks, Attackers, Bad Actors, Reverse Proxy, Two Factor Security, Two Factor Authentication, Security Logs, HeatBleed Vulnerability, Website Protection, Bash Vulnerability, RevSlider Vulnerability, MailPoet Vulnerability, Malware Prevention, Website Security, Website Firewall, Website AntiVirus, Security Response, Security Detection, Security Prevention
5
Requires at least: 3.6
6
Tested up to: 4.9.4
7
+ Stable tag: 1.8.14
8
9
The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.
10
181
182
== Upgrade Notice ==
183
184
+ = 1.8.14 =
185
This version adds support for the latest version of WordPress. Introduces new features and fixes some bugs reported by the WordPress community as well as bugs found by our automated testing system.
186
187
== Changelog ==
188
189
+ = 1.8.14 =
190
+ * Add filter to allow automatic configuration of the settings
191
+
192
= 1.8.13 =
193
* Add new version of the GPL v2 license file
194
* Remove unused option to reduce number of failed logins
src/globals.php CHANGED
@@ -142,6 +142,7 @@ if (defined('SUCURISCAN')) {
142
add_action('activated_plugin', 'SucuriScanHook::hookPluginActivate', 50, 2);
143
add_action('add_attachment', 'SucuriScanHook::hookAttachmentAdd', 50, 5);
144
add_action('add_link', 'SucuriScanHook::hookLinkAdd', 50, 5);
145
add_action('before_delete_post', 'SucuriScanHook::hookPostBeforeDelete', 50, 5);
146
add_action('create_category', 'SucuriScanHook::hookCategoryCreate', 50, 5);
147
add_action('deactivated_plugin', 'SucuriScanHook::hookPluginDeactivate', 50, 2);
@@ -149,9 +150,11 @@ if (defined('SUCURISCAN')) {
149
add_action('delete_user', 'SucuriScanHook::hookUserDelete', 50, 5);
150
add_action('edit_link', 'SucuriScanHook::hookLinkEdit', 50, 5);
151
add_action('login_form_resetpass', 'SucuriScanHook::hookLoginFormResetpass', 50, 5);
152
add_action('publish_page', 'SucuriScanHook::hookPublishPage', 50, 5);
153
add_action('publish_phone', 'SucuriScanHook::hookPublishPhone', 50, 5);
154
add_action('publish_post', 'SucuriScanHook::hookPublishPost', 50, 5);
155
add_action('retrieve_password', 'SucuriScanHook::hookRetrievePassword', 50, 5);
156
add_action('switch_theme', 'SucuriScanHook::hookThemeSwitch', 50, 5);
157
add_action('transition_post_status', 'SucuriScanHook::hookPostStatus', 50, 3);
142
add_action('activated_plugin', 'SucuriScanHook::hookPluginActivate', 50, 2);
143
add_action('add_attachment', 'SucuriScanHook::hookAttachmentAdd', 50, 5);
144
add_action('add_link', 'SucuriScanHook::hookLinkAdd', 50, 5);
145
+ add_action('add_user_to_blog', 'SucuriScanHook::hookAddUserToBlog', 50, 4);
146
add_action('before_delete_post', 'SucuriScanHook::hookPostBeforeDelete', 50, 5);
147
add_action('create_category', 'SucuriScanHook::hookCategoryCreate', 50, 5);
148
add_action('deactivated_plugin', 'SucuriScanHook::hookPluginDeactivate', 50, 2);
150
add_action('delete_user', 'SucuriScanHook::hookUserDelete', 50, 5);
151
add_action('edit_link', 'SucuriScanHook::hookLinkEdit', 50, 5);
152
add_action('login_form_resetpass', 'SucuriScanHook::hookLoginFormResetpass', 50, 5);
153
+ add_action('profile_update','SucuriScanHook::hookProfileUpdate', 50, 5);
154
add_action('publish_page', 'SucuriScanHook::hookPublishPage', 50, 5);
155
add_action('publish_phone', 'SucuriScanHook::hookPublishPhone', 50, 5);
156
add_action('publish_post', 'SucuriScanHook::hookPublishPost', 50, 5);
157
+ add_action('remove_user_from_blog', 'SucuriScanHook::hookRemoveUserFromBlog', 50, 2);
158
add_action('retrieve_password', 'SucuriScanHook::hookRetrievePassword', 50, 5);
159
add_action('switch_theme', 'SucuriScanHook::hookThemeSwitch', 50, 5);
160
add_action('transition_post_status', 'SucuriScanHook::hookPostStatus', 50, 3);
src/hook.lib.php CHANGED
@@ -69,6 +69,59 @@ class SucuriScanHook extends SucuriScanEvent
69
self::reportNoticeEvent($message);
70
self::notifyEvent('post_publication', $message);
71
}
72
73
/**
74
* Send an alert notifying that a category was created.
@@ -938,6 +991,46 @@ class SucuriScanHook extends SucuriScanEvent
938
self::reportWarningEvent('User account deleted; ID: ' . $id);
939
}
940
941
/**
942
* Send an alert notifying that a new user account was created.
943
*
69
self::reportNoticeEvent($message);
70
self::notifyEvent('post_publication', $message);
71
}
72
+
73
+ /**
74
+ * Send and alert notifying that a user was added to a blog.
75
+ *
76
+ * @param int $user_id User ID.
77
+ * @param string $role User role.
78
+ * @param int $blog_id Blog ID.
79
+ */
80
+ public static function hookAddUserToBlog($user_id, $role, $blog_id)
81
+ {
82
+ $title = 'unknown';
83
+ $email = 'user@domain.com';
84
+ $data = get_userdata($user_id);
85
+
86
+ if ($data) {
87
+ $title = $data->user_login;
88
+ $email = $data->user_email;
89
+ }
90
+
91
+ $message = sprintf('User added to website; user_id: %s; role: %s; blog_id: %s; name: %s; email: %s',
92
+ $user_id,
93
+ $role,
94
+ $blog_id,
95
+ $title,
96
+ $email
97
+ );
98
+ self::reportWarningEvent($message);
99
+ }
100
+
101
+ /**
102
+ * Send and alert notifying that a user was removed from a blog.
103
+ *
104
+ * @param int $user_id User ID.
105
+ * @param int $blog_id Blog ID.
106
+ */
107
+ public static function hookRemoveUserFromBlog($user_id, $blog_id) {
108
+ $title = 'unknown';
109
+ $email = 'user@domain.com';
110
+ $data = get_userdata($user_id);
111
+
112
+ if ($data) {
113
+ $title = $data->user_login;
114
+ $email = $data->user_email;
115
+ }
116
+
117
+ $message = sprintf('User removed from website; user_id: %s; blog_id: %s; name: %s; email: %s',
118
+ $user_id,
119
+ $blog_id,
120
+ $title,
121
+ $email
122
+ );
123
+ self::reportWarningEvent($message);
124
+ }
125
126
/**
127
* Send an alert notifying that a category was created.
991
self::reportWarningEvent('User account deleted; ID: ' . $id);
992
}
993
994
+ /**
995
+ * Send an alert notifying that a user was edited.
996
+ * @param int $id The identifier of the edited user account
997
+ * @param object $old_user_data Object containing user's data prior to update.
998
+ */
999
+ public static function hookProfileUpdate($id = 0, $old_user_data)
1000
+ {
1001
+ $title = 'unknown';
1002
+ $email = 'user@domain.com';
1003
+ $roles = 'none';
1004
+ $data = get_userdata($id);
1005
+
1006
+ if ($data) {
1007
+ $title = $data->user_login;
1008
+ $email = $data->user_email;
1009
+ $roles = @implode(', ', $data->roles);
1010
+ }
1011
+
1012
+ $old_title = 'unknown';
1013
+ $old_email = 'user@domain.com';
1014
+ $old_roles = 'none';
1015
+
1016
+ if($old_user_data) {
1017
+ $old_title = $old_user_data->user_login;
1018
+ $old_email = $old_user_data->user_email;
1019
+ $old_roles = @implode(', ', $old_user_data->roles);
1020
+ }
1021
+
1022
+ $message = sprintf('User account edited; ID: %s; name: %s; old_name: %s; email: %s; old_email: %s; roles: %s; old_roles: %s',
1023
+ $id,
1024
+ $title,
1025
+ $old_title,
1026
+ $email,
1027
+ $old_email,
1028
+ $roles,
1029
+ $old_roles
1030
+ );
1031
+ self::reportWarningEvent($message);
1032
+ }
1033
+
1034
/**
1035
* Send an alert notifying that a new user account was created.
1036
*
src/option.lib.php CHANGED
@@ -114,7 +114,7 @@ class SucuriScanOption extends SucuriScanRequest
114
'sucuriscan_use_wpmail' => 'enabled',
115
);
116
117
- return $defaults;
118
}
119
120
/**
114
'sucuriscan_use_wpmail' => 'enabled',
115
);
116
117
+ return (array) apply_filters('sucuriscan_option_defaults', $defaults);
118
}
119
120
/**
sucuri.php CHANGED
@@ -6,7 +6,7 @@
6
* Plugin URI: https://wordpress.sucuri.net/
7
* Author URI: https://sucuri.net/
8
* Author: Sucuri Inc.
9
- * Version: 1.8.13
10
*
11
* PHP version 5
12
*
@@ -83,7 +83,7 @@ define('SUCURISCAN', 'sucuriscan');
83
/**
84
* Current version of the plugin's code.
85
*/
86
- define('SUCURISCAN_VERSION', '1.8.13');
87
88
/**
89
* Defines the human readable name of the plugin.
6
* Plugin URI: https://wordpress.sucuri.net/
7
* Author URI: https://sucuri.net/
8
* Author: Sucuri Inc.
9
+ * Version: 1.8.14
10
*
11
* PHP version 5
12
*
83
/**
84
* Current version of the plugin's code.
85
*/
86
+ define('SUCURISCAN_VERSION', '1.8.14');
87
88
/**
89
* Defines the human readable name of the plugin.