Sucuri Security – Auditing, Malware Scanner and Security Hardening - Version 1.8.18

Version Description

  • Keep settings when the plugin is deactivated, unless the plugin is uninstalled
Download this release

Release Info

Developer ycampo
Plugin Icon 128x128 Sucuri Security – Auditing, Malware Scanner and Security Hardening
Version 1.8.18
Comparing to
See all releases

Code changes from version 1.8.17 to 1.8.18

inc/tpl/settings-general-datastorage.snippet.tpl CHANGED
@@ -6,6 +6,40 @@
6
7
<td>
8
<span class="sucuriscan-monospace">%%SUCURI.Storage.Filepath%%</span>
9
</td>
10
11
<td>
6
7
<td>
8
<span class="sucuriscan-monospace">%%SUCURI.Storage.Filepath%%</span>
9
+
10
+ <span class="sucuriscan-tooltip" content="%%SUCURI.Storage.Description%%">
11
+ <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="14" height="14">
12
+ <path fill="#000000" d="m6.998315,0.033333c-3.846307,0 -6.964982,
13
+ 3.118675 -6.964982,6.964982s3.118675,6.965574 6.964982,6.965574s6.965574,
14
+ -3.119267 6.965574,-6.965574s-3.119267,-6.964982 -6.965574,-6.964982zm1.449957,
15
+ 10.794779c-0.358509,0.141517 -0.643901,0.248833 -0.857945,0.32313c-0.213455,
16
+ 0.074296 -0.461699,0.111444 -0.744143,0.111444c-0.433985,0 -0.771855,
17
+ -0.106137 -1.012434,-0.317823s-0.360279,-0.479978 -0.360279,-0.806055c0,
18
+ -0.126776 0.008845,-0.256499 0.026534,-0.388581c0.018281,-0.132082 0.047174,
19
+ -0.280675 0.086679,-0.447547l0.448727,-1.584988c0.039507,-0.152131 0.073707,
20
+ -0.296596 0.100831,-0.431036c0.027123,-0.135621 0.040097,-0.260037 0.040097,
21
+ -0.37325c0,-0.201661 -0.041865,-0.343178 -0.125008,-0.422782c-0.08432,
22
+ -0.079603 -0.242937,-0.11852 -0.479388,-0.11852c-0.115572,0 -0.234682,
23
+ 0.0171 -0.35674,0.05307c-0.120879,0.037148 -0.225837,0.070758 -0.311926,
24
+ 0.103779l0.118521,-0.488235c0.293647,-0.119699 0.574911,-0.222299 0.843204,
25
+ -0.307209c0.268291,-0.086089 0.521842,-0.128543 0.760652,-0.128543c0.431036,
26
+ 0 0.7636,0.104959 0.997693,0.312517c0.232913,0.208147 0.350253,0.478797 0.350253,
27
+ 0.811363c0,0.068989 -0.008255,0.190458 -0.024174,0.363815c-0.015921,
28
+ 0.173947 -0.045994,0.332565 -0.089628,0.478209l-0.446368,1.580269c-0.036558,
29
+ 0.126776 -0.068988,0.271831 -0.098472,0.433985c-0.028893,0.162156 -0.043043,
30
+ 0.285983 -0.043043,0.369123c0,0.209916 0.046582,0.353202 0.140926,
31
+ 0.429268c0.093164,0.076064 0.256498,0.114392 0.487643,0.114392c0.109086,
32
+ 0 0.231144,-0.019459 0.369124,-0.057197c0.136799,-0.037737 0.23586,
33
+ -0.071349 0.298364,-0.100241l-0.119699,0.487643zm-0.079014,-6.414247c-0.208148,
34
+ 0.193407 -0.45875,0.290109 -0.751808,0.290109c-0.292469,0 -0.54484,
35
+ -0.096702 -0.754756,-0.290109c-0.208737,-0.193406 -0.314285,-0.428678 -0.314285,
36
+ -0.703457c0,-0.274188 0.106138,-0.51005 0.314285,-0.705225c0.208148,
37
+ -0.195175 0.462287,-0.293058 0.754756,-0.293058c0.293058,0 0.54425,
38
+ 0.097293 0.751808,0.293058c0.208146,0.195175 0.312516,0.431036 0.312516,
39
+ 0.705225c0,0.275368 -0.10437,0.510051 -0.312516,0.703457z">
40
+ </path>
41
+ </svg>
42
+ </span>
43
</td>
44
45
<td>
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate Link: https://sucuri.net/
4
Tags: malware, security, firewall, scan, spam, virus, sucuri, protection, blacklist, detection, hardening, file integrity
5
Requires at least: 3.6
6
Tested up to: 4.9.4
7
- Stable tag: 1.8.17
8
9
The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.
10
@@ -190,6 +190,9 @@ This version adds support for the latest version of WordPress. Introduces new fe
190
191
== Changelog ==
192
193
= 1.8.17 =
194
* Update [Terms of Service](https://sucuri.net/terms) and [Privacy Policy](https://sucuri.net/privacy)
195
4
Tags: malware, security, firewall, scan, spam, virus, sucuri, protection, blacklist, detection, hardening, file integrity
5
Requires at least: 3.6
6
Tested up to: 4.9.4
7
+ Stable tag: 1.8.18
8
9
The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.
10
190
191
== Changelog ==
192
193
+ = 1.8.18 =
194
+ * Keep settings when the plugin is deactivated, unless the plugin is uninstalled
195
+
196
= 1.8.17 =
197
* Update [Terms of Service](https://sucuri.net/terms) and [Privacy Policy](https://sucuri.net/privacy)
198
src/command.lib.php CHANGED
@@ -72,7 +72,7 @@ class SucuriScanCommand extends SucuriScan
72
}
73
74
if ($err !== 0) {
75
- return self::throwException('Command ' . $cmd . ' does not exists');
76
}
77
78
return true;
72
}
73
74
if ($err !== 0) {
75
+ return self::throwException('Command ' . $cmd . ' does not exist');
76
}
77
78
return true;
src/hardening.lib.php CHANGED
@@ -98,6 +98,10 @@ class SucuriScanHardening extends SucuriScan
98
$fhandle = @fopen($target, 'w');
99
}
100
101
$deny_rules = self::getRules();
102
$rules_text = implode("\n", $deny_rules);
103
$written = @fwrite($fhandle, "\n" . $rules_text . "\n");
98
$fhandle = @fopen($target, 'w');
99
}
100
101
+ if (!$fhandle) {
102
+ return false;
103
+ }
104
+
105
$deny_rules = self::getRules();
106
$rules_text = implode("\n", $deny_rules);
107
$written = @fwrite($fhandle, "\n" . $rules_text . "\n");
src/option.lib.php CHANGED
@@ -81,7 +81,7 @@ class SucuriScanOption extends SucuriScanRequest
81
'sucuriscan_maximum_failed_logins' => 30,
82
'sucuriscan_notify_available_updates' => 'disabled',
83
'sucuriscan_notify_bruteforce_attack' => 'disabled',
84
- 'sucuriscan_notify_failed_login' => 'enabled',
85
'sucuriscan_notify_plugin_activated' => 'enabled',
86
'sucuriscan_notify_plugin_change' => 'enabled',
87
'sucuriscan_notify_plugin_deactivated' => 'disabled',
@@ -91,7 +91,7 @@ class SucuriScanOption extends SucuriScanRequest
91
'sucuriscan_notify_post_publication' => 'enabled',
92
'sucuriscan_notify_scan_checksums' => 'disabled',
93
'sucuriscan_notify_settings_updated' => 'enabled',
94
- 'sucuriscan_notify_success_login' => 'enabled',
95
'sucuriscan_notify_theme_activated' => 'enabled',
96
'sucuriscan_notify_theme_deleted' => 'disabled',
97
'sucuriscan_notify_theme_editor' => 'enabled',
81
'sucuriscan_maximum_failed_logins' => 30,
82
'sucuriscan_notify_available_updates' => 'disabled',
83
'sucuriscan_notify_bruteforce_attack' => 'disabled',
84
+ 'sucuriscan_notify_failed_login' => 'disabled',
85
'sucuriscan_notify_plugin_activated' => 'enabled',
86
'sucuriscan_notify_plugin_change' => 'enabled',
87
'sucuriscan_notify_plugin_deactivated' => 'disabled',
91
'sucuriscan_notify_post_publication' => 'enabled',
92
'sucuriscan_notify_scan_checksums' => 'disabled',
93
'sucuriscan_notify_settings_updated' => 'enabled',
94
+ 'sucuriscan_notify_success_login' => 'disabled',
95
'sucuriscan_notify_theme_activated' => 'enabled',
96
'sucuriscan_notify_theme_deleted' => 'disabled',
97
'sucuriscan_notify_theme_editor' => 'enabled',
src/settings-general.php CHANGED
@@ -161,20 +161,20 @@ function sucuriscan_settings_general_datastorage($nonce)
161
{
162
$params = array();
163
$files = array(
164
- '', /* <root> */
165
- 'auditlogs',
166
- 'auditqueue',
167
- 'blockedusers', /* TODO: deprecated on 1.8.12 */
168
- 'failedlogins',
169
- 'hookdata',
170
- 'ignorescanning',
171
- 'integrity',
172
- 'lastlogins',
173
- 'oldfailedlogins',
174
- 'plugindata',
175
- 'settings',
176
- 'sitecheck',
177
- 'trustip',
178
);
179
180
$params['Storage.Files'] = '';
@@ -190,7 +190,7 @@ function sucuriscan_settings_general_datastorage($nonce)
190
$short = substr($filename, 7); /* drop directroy path */
191
$short = substr($short, 0, -4); /* drop file extension */
192
193
- if (!$short || empty($short) || !in_array($short, $files)) {
194
continue; /* prevent path traversal */
195
}
196
@@ -216,7 +216,12 @@ function sucuriscan_settings_general_datastorage($nonce)
216
}
217
}
218
219
- foreach ($files as $name) {
220
$fsize = 0;
221
$fname = ($name ? sprintf('sucuri-%s.php', $name) : '');
222
$fpath = SucuriScan::dataStorePath($fname);
@@ -247,6 +252,7 @@ function sucuriscan_settings_general_datastorage($nonce)
247
$params['Storage.DisabledInput'] = $disabled;
248
$params['Storage.Existence'] = $labelExistence;
249
$params['Storage.Writability'] = $labelWritability;
250
251
if (is_dir($fpath)) {
252
$params['Storage.Filesize'] = '';
161
{
162
$params = array();
163
$files = array(
164
+ '<root>' => 'Directory used to store the plugin settings, cache and system logs',
165
+ 'auditlogs' => 'Cache to store the system logs obtained from the API service; expires after ' . SUCURISCAN_AUDITLOGS_LIFETIME . ' seconds.',
166
+ 'auditqueue' => 'Local queue to store the most recent logs before they are sent to the remote API service.',
167
+ 'blockedusers' => 'Deprecated on 1.8.12; it was used to store a list of blocked user names.', /* TODO: deprecated on 1.8.12 */
168
+ 'failedlogins' => 'Stores the data for every failed login attempt. The data is moved to "oldfailedlogins" every hour during a brute force password attack.',
169
+ 'hookdata' => 'Temporarily stores data to complement the logs during destructive operations like deleting a post, page, comment, etc.',
170
+ 'ignorescanning' => 'Stores a list of files and folders chosen by the user to be ignored by the file system scanner.',
171
+ 'integrity' => 'Stores a list of files marked as fixed by the user via the WordPress Integrity tool.',
172
+ 'lastlogins' => 'Stores the data associated to every successful user login. The data never expires; manually delete if the file is too large.',
173
+ 'oldfailedlogins' => 'Stores the data for every failed login attempt after the plugin sends a report about a brute force password attack via email.',
174
+ 'plugindata' => 'Cache to store the data associated to the installed plugins listed in the Post-Hack page. Expires after ' . SUCURISCAN_GET_PLUGINS_LIFETIME . ' seconds.',
175
+ 'settings' => 'Stores all the options used to configure the functionality and behavior of the plugin.',
176
+ 'sitecheck' => 'Cache to store the result of the malware scanner. Expires after ' . SUCURISCAN_SITECHECK_LIFETIME . ' seconds, reset at any time to force a re-scan.',
177
+ 'trustip' => 'Stores a list of IP addresses trusted by the plugin, events triggered by one of these IPs will not be reported to the remote monitoring API service.',
178
);
179
180
$params['Storage.Files'] = '';
190
$short = substr($filename, 7); /* drop directroy path */
191
$short = substr($short, 0, -4); /* drop file extension */
192
193
+ if (!$short || empty($short) || !array_key_exists($short, $files)) {
194
continue; /* prevent path traversal */
195
}
196
216
}
217
}
218
219
+ foreach ($files as $name => $desc) {
220
+ if ($name === '<root>') {
221
+ /* convert to folder */
222
+ $name = '';
223
+ }
224
+
225
$fsize = 0;
226
$fname = ($name ? sprintf('sucuri-%s.php', $name) : '');
227
$fpath = SucuriScan::dataStorePath($fname);
252
$params['Storage.DisabledInput'] = $disabled;
253
$params['Storage.Existence'] = $labelExistence;
254
$params['Storage.Writability'] = $labelWritability;
255
+ $params['Storage.Description'] = $desc;
256
257
if (is_dir($fpath)) {
258
$params['Storage.Filesize'] = '';
sucuri.php CHANGED
@@ -6,7 +6,7 @@
6
* Plugin URI: https://wordpress.sucuri.net/
7
* Author URI: https://sucuri.net/
8
* Author: Sucuri Inc.
9
- * Version: 1.8.17
10
*
11
* PHP version 5
12
*
@@ -83,7 +83,7 @@ define('SUCURISCAN', 'sucuriscan');
83
/**
84
* Current version of the plugin's code.
85
*/
86
- define('SUCURISCAN_VERSION', '1.8.17');
87
88
/**
89
* Defines the human readable name of the plugin.
@@ -242,18 +242,31 @@ if (defined('WP_CLI') && WP_CLI) {
242
}
243
244
/**
245
- * Uninstalls the plugin, its settings and reverts the hardening.
246
*
247
- * When the user decides to deactivate and/or uninstall the plugin it will call
248
- * this method to delete all traces of data inserted into the database by older
249
- * versions of the code, will remove the scheduled task, will delte the options
250
- * inserted into the sub-database associated to a multi-site installation, will
251
- * revert the hardening applied to the core directories, and will delete all the
252
- * security logs, cache and additional data stored in the storage directory.
253
*
254
* @return void
255
*/
256
function sucuriscanResetAndDeactivate()
257
{
258
if (array_key_exists('wpdb', $GLOBALS)) {
259
/* Delete all plugin related options from the database */
@@ -268,9 +281,6 @@ function sucuriscanResetAndDeactivate()
268
}
269
}
270
271
- /* Delete scheduled task from the system */
272
- wp_clear_scheduled_hook('sucuriscan_scheduled_scan');
273
-
274
/* Delete settings from the database if they exist */
275
$options = SucuriScanOption::getDefaultOptionNames();
276
foreach ($options as $option_name) {
@@ -296,3 +306,5 @@ function sucuriscanResetAndDeactivate()
296
}
297
298
register_deactivation_hook(__FILE__, 'sucuriscanResetAndDeactivate');
6
* Plugin URI: https://wordpress.sucuri.net/
7
* Author URI: https://sucuri.net/
8
* Author: Sucuri Inc.
9
+ * Version: 1.8.18
10
*
11
* PHP version 5
12
*
83
/**
84
* Current version of the plugin's code.
85
*/
86
+ define('SUCURISCAN_VERSION', '1.8.18');
87
88
/**
89
* Defines the human readable name of the plugin.
242
}
243
244
/**
245
+ * Deactivated the plugin
246
*
247
+ * Remove the scheduled task, but don't clear other things yet until the plugin is uninstalled.
248
*
249
* @return void
250
*/
251
function sucuriscanResetAndDeactivate()
252
+ {
253
+ /* Delete scheduled task from the system */
254
+ wp_clear_scheduled_hook('sucuriscan_scheduled_scan');
255
+ }
256
+
257
+ /**
258
+ * Uninstalled the plugin
259
+ *
260
+ * When the user decides to uninstall the plugin it will call this method to
261
+ * delete all traces of data inserted into the database by older versions of the
262
+ * code, will delete the options inserted into the sub-database associated to a
263
+ * multi-site installation, will revert the hardening applied to the core
264
+ * directories, and will delete all the logs, cache and additional data stored
265
+ * in the storage directory.
266
+ *
267
+ * @return void
268
+ */
269
+ function sucuriscanUninstall()
270
{
271
if (array_key_exists('wpdb', $GLOBALS)) {
272
/* Delete all plugin related options from the database */
281
}
282
}
283
284
/* Delete settings from the database if they exist */
285
$options = SucuriScanOption::getDefaultOptionNames();
286
foreach ($options as $option_name) {
306
}
307
308
register_deactivation_hook(__FILE__, 'sucuriscanResetAndDeactivate');
309
+
310
+ register_uninstall_hook(__FILE__, 'sucuriscanUninstall');