Sucuri Security – Auditing, Malware Scanner and Security Hardening - Version 1.8.20

Version Description

  • Add dynamic core directories in the hardening whitelist options
  • Modify scheduled tasks panel to load the table via Ajax
  • Allow hosting details display to be filterable
  • Preparation for translations
Download this release

Release Info

Developer ycampo
Plugin Icon 128x128 Sucuri Security – Auditing, Malware Scanner and Security Hardening
Version 1.8.20
Comparing to
See all releases

Code changes from version 1.8.19 to 1.8.20

Files changed (95) hide show
  1. inc/tpl/auditlogs.html.tpl +11 -11
  2. inc/tpl/base.html.tpl +8 -8
  3. inc/tpl/dashboard.html.tpl +2 -2
  4. inc/tpl/firewall-auditlogs.html.tpl +7 -7
  5. inc/tpl/firewall-auditlogs.snippet.tpl +6 -6
  6. inc/tpl/firewall-clearcache.html.tpl +9 -9
  7. inc/tpl/firewall-ipaccess.html.tpl +11 -11
  8. inc/tpl/firewall-settings.html.tpl +11 -11
  9. inc/tpl/firewall.html.tpl +4 -4
  10. inc/tpl/integrity-correct.html.tpl +5 -5
  11. inc/tpl/integrity-diff-utility.html.tpl +2 -8
  12. inc/tpl/integrity-incorrect.html.tpl +18 -18
  13. inc/tpl/integrity-notification.html.tpl +7 -7
  14. inc/tpl/integrity.html.tpl +3 -3
  15. inc/tpl/lastlogins-admins.html.tpl +5 -5
  16. inc/tpl/lastlogins-admins.snippet.tpl +4 -4
  17. inc/tpl/lastlogins-all.html.tpl +8 -8
  18. inc/tpl/lastlogins-all.snippet.tpl +1 -1
  19. inc/tpl/lastlogins-failedlogins.html.tpl +8 -8
  20. inc/tpl/lastlogins-loggedin.html.tpl +8 -8
  21. inc/tpl/lastlogins-loggedin.snippet.tpl +1 -1
  22. inc/tpl/lastlogins.html.tpl +4 -4
  23. inc/tpl/notification-pretty.html.tpl +5 -5
  24. inc/tpl/register-site.html.tpl +9 -9
  25. inc/tpl/settings-alerts-bruteforce.html.tpl +4 -4
  26. inc/tpl/settings-alerts-events.html.tpl +5 -5
  27. inc/tpl/settings-alerts-ignore-posts.html.tpl +12 -12
  28. inc/tpl/settings-alerts-perhour.html.tpl +4 -4
  29. inc/tpl/settings-alerts-recipients.html.tpl +9 -9
  30. inc/tpl/settings-alerts-subject.html.tpl +4 -4
  31. inc/tpl/settings-alerts-trustedips.html.tpl +11 -11
  32. inc/tpl/settings-apirecovery.html.tpl +4 -4
  33. inc/tpl/settings-apiregistered.html.tpl +4 -4
  34. inc/tpl/settings-apiservice-checksums.html.tpl +6 -6
  35. inc/tpl/settings-apiservice-proxy.html.tpl +6 -6
  36. inc/tpl/settings-apiservice-status.html.tpl +5 -5
  37. inc/tpl/settings-general-apikey.html.tpl +8 -8
  38. inc/tpl/settings-general-datastorage.html.tpl +8 -8
  39. inc/tpl/settings-general-importexport.html.tpl +4 -4
  40. inc/tpl/settings-general-ipdiscoverer.html.tpl +11 -11
  41. inc/tpl/settings-general-resetoptions.html.tpl +4 -4
  42. inc/tpl/settings-general-reverseproxy.html.tpl +3 -3
  43. inc/tpl/settings-general-selfhosting.html.tpl +5 -5
  44. inc/tpl/settings-general-timezone.html.tpl +4 -4
  45. inc/tpl/settings-hardening-whitelist-phpfiles.html.tpl +11 -13
  46. inc/tpl/settings-posthack-available-updates-alert.html.tpl +5 -5
  47. inc/tpl/settings-posthack-available-updates.html.tpl +7 -7
  48. inc/tpl/settings-posthack-available-updates.snippet.tpl +1 -1
  49. inc/tpl/settings-posthack-reset-password-alert.html.tpl +1 -1
  50. inc/tpl/settings-posthack-reset-password.html.tpl +9 -9
  51. inc/tpl/settings-posthack-reset-plugins.html.tpl +12 -12
  52. inc/tpl/settings-posthack-security-keys.html.tpl +8 -8
  53. inc/tpl/settings-scanner-cronjobs.html.tpl +30 -12
  54. inc/tpl/settings-scanner-ignore-folders.html.tpl +9 -9
  55. inc/tpl/settings-scanner-integrity-cache.html.tpl +8 -8
  56. inc/tpl/settings-scanner-integrity-diff-utility.html.tpl +3 -3
  57. inc/tpl/settings-webinfo-details.html.tpl +1 -1
  58. inc/tpl/settings-webinfo-htaccess.html.tpl +6 -6
  59. inc/tpl/settings.html.tpl +8 -8
  60. inc/tpl/sitecheck-details.html.tpl +2 -2
  61. inc/tpl/sitecheck-malware.html.tpl +6 -6
  62. inc/tpl/sitecheck-malware.snippet.tpl +1 -1
  63. inc/tpl/sitecheck-recommendations.html.tpl +1 -1
  64. inc/tpl/sitecheck-target.html.tpl +5 -5
  65. lang/sucuri-scanner.pot +3238 -0
  66. readme.txt +7 -1
  67. src/api.lib.php +12 -12
  68. src/auditlogs.lib.php +6 -6
  69. src/base.lib.php +2 -8
  70. src/cache.lib.php +4 -4
  71. src/event.lib.php +17 -30
  72. src/fileinfo.lib.php +14 -10
  73. src/firewall.lib.php +29 -29
  74. src/globals.php +6 -6
  75. src/hardening.lib.php +5 -5
  76. src/hook.lib.php +73 -73
  77. src/integrity.lib.php +14 -13
  78. src/interface.lib.php +8 -8
  79. src/lastlogins-failed.php +11 -11
  80. src/lastlogins.php +4 -5
  81. src/mail.lib.php +3 -3
  82. src/option.lib.php +1 -1
  83. src/pagehandler.php +9 -8
  84. src/settings-alerts.php +76 -80
  85. src/settings-apiservice.php +11 -11
  86. src/settings-general.php +64 -64
  87. src/settings-hardening.php +93 -141
  88. src/settings-integrity.php +7 -8
  89. src/settings-posthack.php +19 -19
  90. src/settings-scanner.php +38 -21
  91. src/settings-webinfo.php +3 -3
  92. src/sitecheck.lib.php +11 -11
  93. src/strings.php +523 -0
  94. src/template.lib.php +14 -2
  95. sucuri.php +12 -4
inc/tpl/auditlogs.html.tpl CHANGED
@@ -21,9 +21,9 @@ jQuery(document).ready(function ($) {
21
url += '&paged=' + page;
22
}
23
24
- $('.sucuriscan-auditlog-response').html('<em>Loading...</em>');
25
- $('.sucuriscan-auditlog-status').html('Loading...');
26
- $('.sucuriscan-pagination-loading').html('Loading...');
27
$('.sucuriscan-pagination-panel').addClass('sucuriscan-hidden');
28
$('.sucuriscan-auditlog-footer').addClass('sucuriscan-hidden');
29
@@ -72,7 +72,7 @@ jQuery(document).ready(function ($) {
72
event.preventDefault();
73
74
$('.sucuriscan-sendlogs-panel').attr('content', '');
75
- $('.sucuriscan-auditlogs-sendlogs-response').html('Loading...');
76
77
$.post('%%SUCURI.AjaxURL.Dashboard%%', {
78
action: 'sucuriscan_ajax',
@@ -83,11 +83,11 @@ jQuery(document).ready(function ($) {
83
84
setTimeout(function (){
85
var tooltipContent =
86
- 'Total logs in the queue: {TTLLOGS}<br>' +
87
- 'Maximum execution time: {MAXTIME}<br>' +
88
- 'Successfully sent to the API: {SUCCESS}<br>' +
89
- 'Total request timeouts (failures): {FAILURE}<br>' +
90
- 'Total execution time: {ELAPSED} secs';
91
$('.sucuriscan-sendlogs-panel')
92
.attr('content', tooltipContent
93
.replace('{MAXTIME}', data.maxtime)
@@ -104,7 +104,7 @@ jQuery(document).ready(function ($) {
104
105
<div class="sucuriscan-auditlog-table">
106
<div class="sucuriscan-auditlog-response">
107
- <em>Loading...</em>
108
</div>
109
110
<div class="sucuriscan-clearfix sucuriscan-pagination-panel">
@@ -121,7 +121,7 @@ jQuery(document).ready(function ($) {
121
<div class="sucuriscan-pull-left sucuriscan-hidden sucuriscan-tooltip
122
sucuriscan-sendlogs-panel" tooltip-width="250" tooltip-html="true">
123
<small class="sucuriscan-auditlogs-sendlogs-response"></small>
124
- <small><a href="#" class="sucuriscan-auditlogs-sendlogs">Send Logs</a></small>
125
</div>
126
127
<div class="sucuriscan-pull-right">
21
url += '&paged=' + page;
22
}
23
24
+ $('.sucuriscan-auditlog-response').html('<em>{{Loading...}}</em>');
25
+ $('.sucuriscan-auditlog-status').html('{{Loading...}}');
26
+ $('.sucuriscan-pagination-loading').html('{{Loading...}}');
27
$('.sucuriscan-pagination-panel').addClass('sucuriscan-hidden');
28
$('.sucuriscan-auditlog-footer').addClass('sucuriscan-hidden');
29
72
event.preventDefault();
73
74
$('.sucuriscan-sendlogs-panel').attr('content', '');
75
+ $('.sucuriscan-auditlogs-sendlogs-response').html('{{Loading...}}');
76
77
$.post('%%SUCURI.AjaxURL.Dashboard%%', {
78
action: 'sucuriscan_ajax',
83
84
setTimeout(function (){
85
var tooltipContent =
86
+ '{{Total logs in the queue:}} {TTLLOGS}<br>' +
87
+ '{{Maximum execution time:}} {MAXTIME}<br>' +
88
+ '{{Successfully sent to the API:}} {SUCCESS}<br>' +
89
+ '{{Total request timeouts (failures):}} {FAILURE}<br>' +
90
+ '{{Total execution time:}} {ELAPSED} secs';
91
$('.sucuriscan-sendlogs-panel')
92
.attr('content', tooltipContent
93
.replace('{MAXTIME}', data.maxtime)
104
105
<div class="sucuriscan-auditlog-table">
106
<div class="sucuriscan-auditlog-response">
107
+ <em>{{Loading...}}</em>
108
</div>
109
110
<div class="sucuriscan-clearfix sucuriscan-pagination-panel">
121
<div class="sucuriscan-pull-left sucuriscan-hidden sucuriscan-tooltip
122
sucuriscan-sendlogs-panel" tooltip-width="250" tooltip-html="true">
123
<small class="sucuriscan-auditlogs-sendlogs-response"></small>
124
+ <small><a href="#" class="sucuriscan-auditlogs-sendlogs">{{Send Logs}}</a></small>
125
</div>
126
127
<div class="sucuriscan-pull-right">
inc/tpl/base.html.tpl CHANGED
@@ -8,27 +8,27 @@
8
9
<div class="sucuriscan-header sucuriscan-clearfix">
10
<div class="sucuriscan-pull-left">
11
- <a href="https://sucuri.net/signup" target="_blank" title="Sucuri Security" class="sucuriscan-logo">
12
<img src="%%SUCURI.PluginURL%%/inc/images/pluginlogo.png" alt="Sucuri Inc." />
13
</a>
14
- <span class="sucuriscan-subtitle">WP Plugin</span>
15
<span class="sucuriscan-version">v%%SUCURI.PluginVersion%%</span>
16
</div>
17
18
<div class="sucuriscan-pull-right sucuriscan-navbar">
19
<ul>
20
- <li><a href="https://goo.gl/aByqP5" target="_blank" rel="noopener" class="button button-secondary">Review</a></li>
21
22
<li class="sucuriscan-%%SUCURI.GenerateAPIKey.Visibility%%">
23
<a href="#" class="button button-primary sucuriscan-modal-button sucuriscan-register-site-button"
24
- data-modalid="sucuriscan-register-site">Generate API Key</a>
25
</li>
26
27
- <li><a href="%%SUCURI.URL.Dashboard%%" class="button button-primary">Dashboard</a></li>
28
29
- <li><a href="%%SUCURI.URL.Firewall%%" class="button button-primary">Firewall (WAF)</a></li>
30
31
- <li><a href="%%SUCURI.URL.Settings%%" class="button button-primary">Settings</a></li>
32
</ul>
33
</div>
34
</div>
@@ -38,6 +38,6 @@
38
</div>
39
40
<div class="sucuriscan-clearfix sucuriscan-footer">
41
- <div>Copyright &copy; %%SUCURI.Year%% Sucuri Inc. All Rights Reserved.</div>
42
</div>
43
</div>
8
9
<div class="sucuriscan-header sucuriscan-clearfix">
10
<div class="sucuriscan-pull-left">
11
+ <a href="https://sucuri.net/signup" target="_blank" title="{{Sucuri Security}}" class="sucuriscan-logo">
12
<img src="%%SUCURI.PluginURL%%/inc/images/pluginlogo.png" alt="Sucuri Inc." />
13
</a>
14
+ <span class="sucuriscan-subtitle">{{WP Plugin}}</span>
15
<span class="sucuriscan-version">v%%SUCURI.PluginVersion%%</span>
16
</div>
17
18
<div class="sucuriscan-pull-right sucuriscan-navbar">
19
<ul>
20
+ <li><a href="https://goo.gl/aByqP5" target="_blank" rel="noopener" class="button button-secondary">{{Review}}</a></li>
21
22
<li class="sucuriscan-%%SUCURI.GenerateAPIKey.Visibility%%">
23
<a href="#" class="button button-primary sucuriscan-modal-button sucuriscan-register-site-button"
24
+ data-modalid="sucuriscan-register-site">{{Generate API Key}}</a>
25
</li>
26
27
+ <li><a href="%%SUCURI.URL.Dashboard%%" class="button button-primary">{{Dashboard}}</a></li>
28
29
+ <li><a href="%%SUCURI.URL.Firewall%%" class="button button-primary">{{Firewall (WAF)}}</a></li>
30
31
+ <li><a href="%%SUCURI.URL.Settings%%" class="button button-primary">{{Settings}}</a></li>
32
</ul>
33
</div>
34
</div>
38
</div>
39
40
<div class="sucuriscan-clearfix sucuriscan-footer">
41
+ <div>{{Copyright}} &copy; %%SUCURI.Year%% {{Sucuri Inc. All Rights Reserved.}}</div>
42
</div>
43
</div>
inc/tpl/dashboard.html.tpl CHANGED
@@ -7,7 +7,7 @@
7
jQuery(document).ready(function ($) {
8
var sucuriscanSiteCheckLinks = function (target, links) {
9
if (links.length === 0) {
10
- $(target).html('<div><em>no data available</em></div>');
11
return;
12
}
13
@@ -51,7 +51,7 @@ jQuery(document).ready(function ($) {
51
<div class="sucuriscan-panel">
52
<div class="sucuriscan-tabs">
53
<ul class="sucuriscan-clearfix sucuriscan-tabs-buttons">
54
- <li><a href="%%SUCURI.URL.Dashboard%%#auditlogs">Audit Logs</a></li>
55
<li><a href="%%SUCURI.URL.Dashboard%%#iframes" id="sucuriscan-title-iframes">%%SUCURI.SiteCheck.iFramesTitle%%</a></li>
56
<li><a href="%%SUCURI.URL.Dashboard%%#links" id="sucuriscan-title-links">%%SUCURI.SiteCheck.LinksTitle%%</a></li>
57
<li><a href="%%SUCURI.URL.Dashboard%%#scripts" id="sucuriscan-title-scripts">%%SUCURI.SiteCheck.ScriptsTitle%%</a></li>
7
jQuery(document).ready(function ($) {
8
var sucuriscanSiteCheckLinks = function (target, links) {
9
if (links.length === 0) {
10
+ $(target).html('<div><em>{{No data available}}</em></div>');
11
return;
12
}
13
51
<div class="sucuriscan-panel">
52
<div class="sucuriscan-tabs">
53
<ul class="sucuriscan-clearfix sucuriscan-tabs-buttons">
54
+ <li><a href="%%SUCURI.URL.Dashboard%%#auditlogs">{{Audit Logs}}</a></li>
55
<li><a href="%%SUCURI.URL.Dashboard%%#iframes" id="sucuriscan-title-iframes">%%SUCURI.SiteCheck.iFramesTitle%%</a></li>
56
<li><a href="%%SUCURI.URL.Dashboard%%#links" id="sucuriscan-title-links">%%SUCURI.SiteCheck.LinksTitle%%</a></li>
57
<li><a href="%%SUCURI.URL.Dashboard%%#scripts" id="sucuriscan-title-scripts">%%SUCURI.SiteCheck.ScriptsTitle%%</a></li>
inc/tpl/firewall-auditlogs.html.tpl CHANGED
@@ -1,12 +1,12 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Firewall Audit Logs</h3>
4
5
<div class="inside">
6
- <p>The firewall logs every request involved in an attack and separates them from the legitimate requests. You can analyze the data from the latest entries in the logs using this tool and take action either enabling the advanced features of the IDS <em>(Intrusion Detection System)</em> from the <a href="https://waf.sucuri.net/?settings" target="_blank" rel="noopener">Firewall Dashboard</a> and/or blocking IP addresses and URL paths directly from the <a href="https://waf.sucuri.net/?audit" target="_blank" rel="noopener">Firewall Audit Trails</a> page.</p>
7
8
<div class="sucuriscan-inline-alert-info">
9
- <p>Non-blocked requests are hidden from the logs, this is intentional.</p>
10
</div>
11
12
<script type="text/javascript">
@@ -19,7 +19,7 @@
19
var params = {};
20
21
$('.sucuriscan-firewall-auditlogs tbody')
22
- .html('<tr><td><em>Loading...</em></td></tr>');
23
24
params.action = 'sucuriscan_ajax';
25
params.form_action = 'get_firewall_logs';
@@ -49,19 +49,19 @@
49
<select id="sucuriscan_firewall_day">%%%SUCURI.AuditLogs.DateDays%%%</select>
50
<select id="sucuriscan_firewall_month">%%%SUCURI.AuditLogs.DateMonths%%%</select>
51
<select id="sucuriscan_firewall_year">%%%SUCURI.AuditLogs.DateYears%%%</select>
52
- <button id="sucuriscan-firewall-auditlogs-button" class="button button-primary">Submit</button>
53
</fieldset>
54
55
<table class="wp-list-table widefat sucuriscan-table sucuriscan-firewall-auditlogs">
56
<thead>
57
<tr>
58
- <th>Firewall Audit Logs</th>
59
</tr>
60
</thead>
61
62
<tbody>
63
<tr>
64
- <td><em>Loading...</em></td>
65
</tr>
66
</tbody>
67
</table>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">{{Firewall Audit Logs}}</h3>
4
5
<div class="inside">
6
+ <p>{{The firewall logs every request involved in an attack and separates them from the legitimate requests. You can analyze the data from the latest entries in the logs using this tool and take action either enabling the advanced features of the IDS <em>(Intrusion Detection System)</em> from the <a href="https://waf.sucuri.net/?settings" target="_blank" rel="noopener">Firewall Dashboard</a> and/or blocking IP addresses and URL paths directly from the <a href="https://waf.sucuri.net/?audit" target="_blank" rel="noopener">Firewall Audit Trails</a> page.}}</p>
7
8
<div class="sucuriscan-inline-alert-info">
9
+ <p>{{Non-blocked requests are hidden from the logs, this is intentional.}}</p>
10
</div>
11
12
<script type="text/javascript">
19
var params = {};
20
21
$('.sucuriscan-firewall-auditlogs tbody')
22
+ .html('<tr><td><em>{{Loading...}}</em></td></tr>');
23
24
params.action = 'sucuriscan_ajax';
25
params.form_action = 'get_firewall_logs';
49
<select id="sucuriscan_firewall_day">%%%SUCURI.AuditLogs.DateDays%%%</select>
50
<select id="sucuriscan_firewall_month">%%%SUCURI.AuditLogs.DateMonths%%%</select>
51
<select id="sucuriscan_firewall_year">%%%SUCURI.AuditLogs.DateYears%%%</select>
52
+ <button id="sucuriscan-firewall-auditlogs-button" class="button button-primary">{{Submit}}</button>
53
</fieldset>
54
55
<table class="wp-list-table widefat sucuriscan-table sucuriscan-firewall-auditlogs">
56
<thead>
57
<tr>
58
+ <th>{{Firewall Audit Logs}}</th>
59
</tr>
60
</thead>
61
62
<tbody>
63
<tr>
64
+ <td><em>{{Loading...}}</em></td>
65
</tr>
66
</tbody>
67
</table>
inc/tpl/firewall-auditlogs.snippet.tpl CHANGED
@@ -9,20 +9,20 @@
9
</div>
10
11
<div class="sucuriscan-accesslog-datetime">
12
- <span class="sucuriscan-accesslog-label">Date/Time:</span>
13
<span>%%SUCURI.AccessLog.RequestDate%%</span>
14
<span>%%SUCURI.AccessLog.RequestTime%%</span>
15
<span>%%SUCURI.AccessLog.RequestTimezone%%</span>
16
</div>
17
18
<div class="sucuriscan-accesslog-signature">
19
- <span class="sucuriscan-accesslog-label">Signature:</span>
20
<span>%%SUCURI.AccessLog.SucuriBlockCode%%</span>
21
<span>(%%SUCURI.AccessLog.SucuriBlockReason%%)</span>
22
</div>
23
24
<div class="sucuriscan-accesslog-request">
25
- <span class="sucuriscan-accesslog-label">Request:</span>
26
<span>%%SUCURI.AccessLog.HttpProtocol%%</span>
27
<span>%%SUCURI.AccessLog.RequestMethod%%</span>
28
<span>%%SUCURI.AccessLog.HttpStatus%%</span>
@@ -30,17 +30,17 @@
30
</div>
31
32
<div class="sucuriscan-accesslog-useragent">
33
- <span class="sucuriscan-accesslog-label">U-Agent:</span>
34
<span>%%SUCURI.AccessLog.HttpUserAgent%%</span>
35
</div>
36
37
<div class="sucuriscan-accesslog-target">
38
- <span class="sucuriscan-accesslog-label">Target.:</span>
39
<span>%%SUCURI.AccessLog.ResourcePath%%</span>
40
</div>
41
42
<div class="sucuriscan-accesslog-referer">
43
- <span class="sucuriscan-accesslog-label">Referer:</span>
44
<span>%%SUCURI.AccessLog.HttpReferer%%</span>
45
</div>
46
</td>
9
</div>
10
11
<div class="sucuriscan-accesslog-datetime">
12
+ <span class="sucuriscan-accesslog-label">{{Date/Time:}}</span>
13
<span>%%SUCURI.AccessLog.RequestDate%%</span>
14
<span>%%SUCURI.AccessLog.RequestTime%%</span>
15
<span>%%SUCURI.AccessLog.RequestTimezone%%</span>
16
</div>
17
18
<div class="sucuriscan-accesslog-signature">
19
+ <span class="sucuriscan-accesslog-label">{{Signature:}}</span>
20
<span>%%SUCURI.AccessLog.SucuriBlockCode%%</span>
21
<span>(%%SUCURI.AccessLog.SucuriBlockReason%%)</span>
22
</div>
23
24
<div class="sucuriscan-accesslog-request">
25
+ <span class="sucuriscan-accesslog-label">{{Request:}}</span>
26
<span>%%SUCURI.AccessLog.HttpProtocol%%</span>
27
<span>%%SUCURI.AccessLog.RequestMethod%%</span>
28
<span>%%SUCURI.AccessLog.HttpStatus%%</span>
30
</div>
31
32
<div class="sucuriscan-accesslog-useragent">
33
+ <span class="sucuriscan-accesslog-label">{{U-Agent:}}</span>
34
<span>%%SUCURI.AccessLog.HttpUserAgent%%</span>
35
</div>
36
37
<div class="sucuriscan-accesslog-target">
38
+ <span class="sucuriscan-accesslog-label">{{Target:}}</span>
39
<span>%%SUCURI.AccessLog.ResourcePath%%</span>
40
</div>
41
42
<div class="sucuriscan-accesslog-referer">
43
+ <span class="sucuriscan-accesslog-label">{{Referer:}}</span>
44
<span>%%SUCURI.AccessLog.HttpReferer%%</span>
45
</div>
46
</td>
inc/tpl/firewall-clearcache.html.tpl CHANGED
@@ -8,7 +8,7 @@ jQuery(document).ready(function ($) {
8
9
var button = $(this);
10
button.attr('disabled', true);
11
- button.html('Loading...');
12
$('#firewall-clear-cache-response').html('');
13
14
$.post('%%SUCURI.AjaxURL.Firewall%%', {
@@ -24,7 +24,7 @@ jQuery(document).ready(function ($) {
24
$('#firewall-clear-cache-auto').on('change', 'input:checkbox', function () {
25
var checked = $(this).is(':checked');
26
27
- $('#firewall-clear-cache-auto span').html('Clear cache when a post or page is updated (Loading...)');
28
29
$.post('%%SUCURI.AjaxURL.Firewall%%', {
30
action: 'sucuriscan_ajax',
@@ -32,32 +32,32 @@ jQuery(document).ready(function ($) {
32
form_action: 'firewall_auto_clear_cache',
33
auto_clear_cache: (checked?'enable':'disable'),
34
}, function () {
35
- $('#firewall-clear-cache-auto span').html('Clear cache when a post or page is updated');
36
});
37
});
38
});
39
</script>
40
41
<div class="sucuriscan-panel">
42
- <h3 class="sucuriscan-title">Clear Cache</h3>
43
44
<div class="inside">
45
- <p>The firewall offers multiple options to configure the cache level applied to your website. You can either enable the full cache which is the recommended setting, or you can set the cache level to minimal which will keep the pages static for a couple of minutes, or force the usage of the website headers <em>(only for advanced users)</em>, or in extreme cases where you do not need the cache you can simply disable it. Find more information about it in the <a href="https://kb.sucuri.net/firewall/Performance/caching-options" target="_blank" rel="noopener">Sucuri Knowledge Base</a> website.</p>
46
47
<div class="sucuriscan-inline-alert-info">
48
- <p>Note that the firewall has <a href="https://kb.sucuri.net/firewall/Performance/cache-exceptions" target="_blank" rel="noopener">special caching rules</a> for Images, CSS, PDF, TXT, JavaScript, media files and a few more extensions that are stored on our <a href="https://en.wikipedia.org/wiki/Edge_device" target="_blank" rel="noopener">edge</a>. The only way to flush the cache for these files is by clearing the firewall's cache completely <em>(for the whole website)</em>. Due to our caching of JavaScript and CSS files, often, as is best practice, the use of versioning during development will ensure updates going live as expected. This is done by adding a query string such as <code>?ver=1.2.3</code> and incrementing on each update.</p>
49
</div>
50
51
- <p>A web cache (or HTTP cache) is an information technology for the temporary storage (caching) of web documents, such as HTML pages and images, to reduce bandwidth usage, server load, and perceived lag. A web cache system stores copies of documents passing through it; subsequent requests may be satisfied from the cache if certain conditions are met. A web cache system can refer either to an appliance, or to a computer program. &mdash; <a href="https://en.wikipedia.org/wiki/Web_cache" target="_blank" rel="noopener">WikiPedia - Web Cache</a></p>
52
53
<div id="firewall-clear-cache-auto">
54
<label>
55
<input type="checkbox" name="sucuriscan_auto_clear_cache" value="true" %%SUCURI.FirewallAutoClearCache%% />
56
- <span>Clear cache when a post or page is updated</span>
57
</label>
58
</div>
59
60
<div id="firewall-clear-cache-response"></div>
61
- <button id="firewall-clear-cache-button" class="button button-primary">Clear Cache</button>
62
</div>
63
</div>
8
9
var button = $(this);
10
button.attr('disabled', true);
11
+ button.html('{{Loading...}}');
12
$('#firewall-clear-cache-response').html('');
13
14
$.post('%%SUCURI.AjaxURL.Firewall%%', {
24
$('#firewall-clear-cache-auto').on('change', 'input:checkbox', function () {
25
var checked = $(this).is(':checked');
26
27
+ $('#firewall-clear-cache-auto span').html('{{Clear cache when a post or page is updated (Loading...)}}');
28
29
$.post('%%SUCURI.AjaxURL.Firewall%%', {
30
action: 'sucuriscan_ajax',
32
form_action: 'firewall_auto_clear_cache',
33
auto_clear_cache: (checked?'enable':'disable'),
34
}, function () {
35
+ $('#firewall-clear-cache-auto span').html('{{Clear cache when a post or page is updated}}');
36
});
37
});
38
});
39
</script>
40
41
<div class="sucuriscan-panel">
42
+ <h3 class="sucuriscan-title">{{Clear Cache}}</h3>
43
44
<div class="inside">
45
+ <p>{{The firewall offers multiple options to configure the cache level applied to your website. You can either enable the full cache which is the recommended setting, or you can set the cache level to minimal which will keep the pages static for a couple of minutes, or force the usage of the website headers <em>(only for advanced users)</em>, or in extreme cases where you do not need the cache you can simply disable it. Find more information about it in the <a href="https://kb.sucuri.net/firewall/Performance/caching-options" target="_blank" rel="noopener">Sucuri Knowledge Base</a> website.}}</p>
46
47
<div class="sucuriscan-inline-alert-info">
48
+ <p>{{Note that the firewall has <a href="https://kb.sucuri.net/firewall/Performance/cache-exceptions" target="_blank" rel="noopener">special caching rules</a> for Images, CSS, PDF, TXT, JavaScript, media files and a few more extensions that are stored on our <a href="https://en.wikipedia.org/wiki/Edge_device" target="_blank" rel="noopener">edge</a>. The only way to flush the cache for these files is by clearing the firewalls cache completely <em>(for the whole website)</em>. Due to our caching of JavaScript and CSS files, often, as is best practice, the use of versioning during development will ensure updates going live as expected. This is done by adding a query string such as <code>?ver=1.2.3</code> and incrementing on each update.}}</p>
49
</div>
50
51
+ <p>{{A web cache (or HTTP cache) is an information technology for the temporary storage (caching) of web documents, such as HTML pages and images, to reduce bandwidth usage, server load, and perceived lag. A web cache system stores copies of documents passing through it; subsequent requests may be satisfied from the cache if certain conditions are met. A web cache system can refer either to an appliance, or to a computer program. &mdash; <a href="https://en.wikipedia.org/wiki/Web_cache" target="_blank" rel="noopener">WikiPedia - Web Cache</a>}}</p>
52
53
<div id="firewall-clear-cache-auto">
54
<label>
55
<input type="checkbox" name="sucuriscan_auto_clear_cache" value="true" %%SUCURI.FirewallAutoClearCache%% />
56
+ <span>{{Clear cache when a post or page is updated}}</span>
57
</label>
58
</div>
59
60
<div id="firewall-clear-cache-response"></div>
61
+ <button id="firewall-clear-cache-button" class="button button-primary">{{Clear Cache}}</button>
62
</div>
63
</div>
inc/tpl/firewall-ipaccess.html.tpl CHANGED
@@ -19,7 +19,7 @@ jQuery(document).ready(function ($) {
19
$('.sucuriscan-ipaccess-table tbody').append('<tr>' +
20
'<td><span class="sucuriscan-monospace">' + data.blacklist[i] + '</span></td>' +
21
'<td><button class="button button-primary sucuriscan-deblacklist" ' +
22
- 'ip="' + data.blacklist[i] + '">Delete</button></td>' +
23
'</tr>');
24
}
25
});
@@ -27,7 +27,7 @@ jQuery(document).ready(function ($) {
27
28
var sucuriscanPrintStatus = function (button, data) {
29
button.attr('disabled', false);
30
- button.html('Submit');
31
32
if (data.ok) {
33
sucuriscanLoadIPAccess();
@@ -49,7 +49,7 @@ jQuery(document).ready(function ($) {
49
var ip = $('.sucuriscan-ipaccess-form input[name=sucuriscan_ip]').val();
50
51
button.attr('disabled', true);
52
- button.html('Loading...');
53
$('#sucuriscan-ipaccess-response').html('');
54
55
$.post('%%SUCURI.AjaxURL.Firewall%%', {
@@ -68,7 +68,7 @@ jQuery(document).ready(function ($) {
68
var button = $(this);
69
70
button.attr('disabled', true);
71
- button.html('Loading...');
72
$('#sucuriscan-ipaccess-response').html('');
73
74
$.post('%%SUCURI.AjaxURL.Firewall%%', {
@@ -86,32 +86,32 @@ jQuery(document).ready(function ($) {
86
</script>
87
88
<div class="sucuriscan-panel">
89
- <h3 class="sucuriscan-title">IP Address Access</h3>
90
91
<div class="inside">
92
- <p>This tool allows you to whitleist and blacklist one or more IP addresses from accessing your website. You can also configure the plugin to automatically blacklist any IP address involved in a password guessing brute-force attack. If a legitimate user fails to submit the correct credentials of their account they will have to log into the Firewall dashboard in order to delete their IP address from the blacklist, or try to login once again through a VPN.</p>
93
94
<div id="sucuriscan-ipaccess-response"></div>
95
96
<form action="%%SUCURI.URL.Firewall%%#ipaccess" method="post" class="sucuriscan-ipaccess-form">
97
<input type="hidden" name="sucuriscan_blacklist_ip" value="true" />
98
<fieldset class="sucuriscan-clearfix">
99
- <label>Blacklist IP:</label>
100
- <input type="text" name="sucuriscan_ip" placeholder="e.g. 192.168.1.54" />
101
- <button class="button button-primary sucuriscan-ipaccess-button">Submit</button>
102
</fieldset>
103
</form>
104
105
<table class="wp-list-table widefat sucuriscan-table sucuriscan-ipaccess-table">
106
<thead>
107
<tr>
108
- <th>IP Address</th>
109
<th>&nbsp;</th>
110
</tr>
111
</thead>
112
113
<tbody>
114
- <tr><td colspan="2">Loading...</td></tr>
115
</tbody>
116
</table>
117
</div>
19
$('.sucuriscan-ipaccess-table tbody').append('<tr>' +
20
'<td><span class="sucuriscan-monospace">' + data.blacklist[i] + '</span></td>' +
21
'<td><button class="button button-primary sucuriscan-deblacklist" ' +
22
+ 'ip="' + data.blacklist[i] + '">{{Delete}}</button></td>' +
23
'</tr>');
24
}
25
});
27
28
var sucuriscanPrintStatus = function (button, data) {
29
button.attr('disabled', false);
30
+ button.html('{{Submit}}');
31
32
if (data.ok) {
33
sucuriscanLoadIPAccess();
49
var ip = $('.sucuriscan-ipaccess-form input[name=sucuriscan_ip]').val();
50
51
button.attr('disabled', true);
52
+ button.html('{{Loading...}}');
53
$('#sucuriscan-ipaccess-response').html('');
54
55
$.post('%%SUCURI.AjaxURL.Firewall%%', {
68
var button = $(this);
69
70
button.attr('disabled', true);
71
+ button.html('{{Loading...}}');
72
$('#sucuriscan-ipaccess-response').html('');
73
74
$.post('%%SUCURI.AjaxURL.Firewall%%', {
86
</script>
87
88
<div class="sucuriscan-panel">
89
+ <h3 class="sucuriscan-title">{{IP Address Access}}</h3>
90
91
<div class="inside">
92
+ <p>{{This tool allows you to whitelist and blacklist one or more IP addresses from accessing your website. You can also configure the plugin to automatically blacklist any IP address involved in a password guessing brute-force attack. If a legitimate user fails to submit the correct credentials of their account they will have to log into the Firewall dashboard in order to delete their IP address from the blacklist, or try to login once again through a VPN.}}</p>
93
94
<div id="sucuriscan-ipaccess-response"></div>
95
96
<form action="%%SUCURI.URL.Firewall%%#ipaccess" method="post" class="sucuriscan-ipaccess-form">
97
<input type="hidden" name="sucuriscan_blacklist_ip" value="true" />
98
<fieldset class="sucuriscan-clearfix">
99
+ <label>{{Blacklist IP:}}</label>
100
+ <input type="text" name="sucuriscan_ip" placeholder="{{e.g. 192.168.1.54}}" />
101
+ <button class="button button-primary sucuriscan-ipaccess-button">{{Submit}}</button>
102
</fieldset>
103
</form>
104
105
<table class="wp-list-table widefat sucuriscan-table sucuriscan-ipaccess-table">
106
<thead>
107
<tr>
108
+ <th>{{IP Address}}</th>
109
<th>&nbsp;</th>
110
</tr>
111
</thead>
112
113
<tbody>
114
+ <tr><td colspan="2">{{Loading...}}</td></tr>
115
</tbody>
116
</table>
117
</div>
inc/tpl/firewall-settings.html.tpl CHANGED
@@ -31,30 +31,30 @@ jQuery(document).ready(function ($) {
31
</script>
32
33
<div class="sucuriscan-panel">
34
- <h3 class="sucuriscan-title">Firewall Settings</h3>
35
36
<div class="inside">
37
- <p>A powerful Web Application Firewall and <b>Intrusion Detection System</b> for any WordPress user and many other platforms. This page will help you to configure and monitor your site through the <b>Sucuri Firewall</b>. Once enabled, our firewall will act as a shield, protecting your site from attacks and preventing malware infections and reinfections. It will block SQL injection attempts, brute force attacks, XSS, RFI, backdoors and many other threats against your site.</p>
38
39
<div class="sucuriscan-inline-alert-info sucuriscan-%%SUCURI.Firewall.APIKeyFormVisibility%%">
40
- <p>Add your <a href="https://waf.sucuri.net/?settings&panel=api" target="_blank" rel="noopener">Firewall API key</a> in the form below to start communicating with the firewall API service.</p>
41
</div>
42
43
<div class="sucuriscan-hstatus sucuriscan-hstatus-2 sucuriscan-firewall-apikey sucuriscan-%%SUCURI.Firewall.APIKeyVisibility%%">
44
- <strong>Firewall API Key:</strong>
45
<span class="sucuriscan-monospace">%%SUCURI.Firewall.APIKey%%</span>
46
<form action="%%SUCURI.URL.Firewall%%" method="post">
47
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
48
- <button type="submit" name="sucuriscan_delete_wafkey" class="button button-primary">Delete</button>
49
</form>
50
</div>
51
52
<form action="%%SUCURI.URL.Firewall%%" method="post" class="sucuriscan-%%SUCURI.Firewall.APIKeyFormVisibility%%">
53
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
54
<fieldset class="sucuriscan-clearfix">
55
- <label>Firewall API Key:</label>
56
<input type="text" name="sucuriscan_cloudproxy_apikey" />
57
- <button type="submit" class="button button-primary">Save</button>
58
</fieldset>
59
<br>
60
</form>
@@ -62,16 +62,16 @@ jQuery(document).ready(function ($) {
62
<table class="wp-list-table widefat sucuriscan-table" id="firewall-settings-table">
63
<thead>
64
<tr>
65
- <th>Name</th>
66
- <th>Value</th>
67
</tr>
68
</thead>
69
70
<tbody>
71
- <tr><td colspan="2">Loading...</td></tr>
72
</tbody>
73
</table>
74
75
- <p><em>[1]</em> More information about the <a href="https://sucuri.net/website-firewall/" target="_blank" rel="noopener">Sucuri Firewall</a>, features and pricing.<br><em>[2]</em> Instructions and videos in the official <a href="https://kb.sucuri.net/firewall" target="_blank" rel="noopener">Knowledge Base</a> site.<br><em>[3]</em> <a href="https://login.sucuri.net/signup2/create?CloudProxy" target="_blank" rel="noopener">Sign up</a> for a new account and start protecting your site.</p>
76
</div>
77
</div>
31
</script>
32
33
<div class="sucuriscan-panel">
34
+ <h3 class="sucuriscan-title">{{Firewall Settings}}</h3>
35
36
<div class="inside">
37
+ <p>{{A powerful Web Application Firewall and <b>Intrusion Detection System</b> for any WordPress user and many other platforms. This page will help you to configure and monitor your site through the <b>Sucuri Firewall</b>. Once enabled, our firewall will act as a shield, protecting your site from attacks and preventing malware infections and reinfections. It will block SQL injection attempts, brute force attacks, XSS, RFI, backdoors and many other threats against your site.}}</p>
38
39
<div class="sucuriscan-inline-alert-info sucuriscan-%%SUCURI.Firewall.APIKeyFormVisibility%%">
40
+ <p>{{Add your <a href="https://waf.sucuri.net/?settings&panel=api" target="_blank" rel="noopener">Firewall API key</a> in the form below to start communicating with the firewall API service.}}</p>
41
</div>
42
43
<div class="sucuriscan-hstatus sucuriscan-hstatus-2 sucuriscan-firewall-apikey sucuriscan-%%SUCURI.Firewall.APIKeyVisibility%%">
44
+ <strong>{{Firewall API Key:}}</strong>
45
<span class="sucuriscan-monospace">%%SUCURI.Firewall.APIKey%%</span>
46
<form action="%%SUCURI.URL.Firewall%%" method="post">
47
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
48
+ <button type="submit" name="sucuriscan_delete_wafkey" class="button button-primary">{{Delete}}</button>
49
</form>
50
</div>
51
52
<form action="%%SUCURI.URL.Firewall%%" method="post" class="sucuriscan-%%SUCURI.Firewall.APIKeyFormVisibility%%">
53
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
54
<fieldset class="sucuriscan-clearfix">
55
+ <label>{{Firewall API Key:}}</label>
56
<input type="text" name="sucuriscan_cloudproxy_apikey" />
57
+ <button type="submit" class="button button-primary">{{Save}}</button>
58
</fieldset>
59
<br>
60
</form>
62
<table class="wp-list-table widefat sucuriscan-table" id="firewall-settings-table">
63
<thead>
64
<tr>
65
+ <th>{{Name}}</th>
66
+ <th>{{Value}}</th>
67
</tr>
68
</thead>
69
70
<tbody>
71
+ <tr><td colspan="2">{{Loading...}}</td></tr>
72
</tbody>
73
</table>
74
75
+ <p>{{<em>[1]</em> More information about the <a href="https://sucuri.net/website-firewall/" target="_blank" rel="noopener">Sucuri Firewall</a>, features and pricing.<br><em>[2]</em> Instructions and videos in the official <a href="https://kb.sucuri.net/firewall" target="_blank" rel="noopener">Knowledge Base</a> site.<br><em>[3]</em> <a href="https://login.sucuri.net/signup2/create?CloudProxy" target="_blank" rel="noopener">Sign up</a> for a new account and start protecting your site.}}</p>
76
</div>
77
</div>
inc/tpl/firewall.html.tpl CHANGED
@@ -1,10 +1,10 @@
1
2
<div class="sucuriscan-tabs">
3
<ul class="sucuriscan-clearfix sucuriscan-tabs-buttons">
4
- <li><a href="%%SUCURI.URL.Firewall%%#settings">Settings</a></li>
5
- <li><a href="%%SUCURI.URL.Firewall%%#auditlogs">Audit Logs</a></li>
6
- <li><a href="%%SUCURI.URL.Firewall%%#ipaccess">IP Access</a></li>
7
- <li><a href="%%SUCURI.URL.Firewall%%#clearcache">Clear Cache</a></li>
8
</ul>
9
10
<div class="sucuriscan-tabs-containers">
1
2
<div class="sucuriscan-tabs">
3
<ul class="sucuriscan-clearfix sucuriscan-tabs-buttons">
4
+ <li><a href="%%SUCURI.URL.Firewall%%#settings">{{Settings}}</a></li>
5
+ <li><a href="%%SUCURI.URL.Firewall%%#auditlogs">{{Audit Logs}}</a></li>
6
+ <li><a href="%%SUCURI.URL.Firewall%%#ipaccess">{{IP Access}}</a></li>
7
+ <li><a href="%%SUCURI.URL.Firewall%%#clearcache">{{Clear Cache}}</a></li>
8
</ul>
9
10
<div class="sucuriscan-tabs-containers">
inc/tpl/integrity-correct.html.tpl CHANGED
@@ -2,17 +2,17 @@
2
<div class="sucuriscan-panel sucuriscan-integrity sucuriscan-integrity-correct">
3
<div class="sucuriscan-clearfix">
4
<div class="sucuriscan-pull-left sucuriscan-integrity-left">
5
- <h2 class="sucuriscan-title">WordPress Integrity</h2>
6
7
- <p>We inspect your WordPress installation and look for modifications on the core files as provided by WordPress.org. Files located in the root directory, wp-admin and wp-includes will be compared against the files distributed with v%%SUCURI.WordPressVersion%%; all files with inconsistencies will be listed here. Any changes might indicate a hack.</p>
8
</div>
9
10
<div class="sucuriscan-pull-right sucuriscan-integrity-right">
11
- <h2 class="sucuriscan-subtitle">All Core WordPress Files Are Correct</h2>
12
13
- <p>We have not identified additional files, deleted files, or relevant changes to the core files in your WordPress installation. If you are experiencing other malware issues, please use a <a href="https://sucuri.net/website-security/malware-removal" target="_blank" rel="noopener">Server Side Scanner</a>.</p>
14
15
- <p><a href="%%SUCURI.URL.Settings%%#scanner">Review False Positives</a></p>
16
</div>
17
</div>
18
2
<div class="sucuriscan-panel sucuriscan-integrity sucuriscan-integrity-correct">
3
<div class="sucuriscan-clearfix">
4
<div class="sucuriscan-pull-left sucuriscan-integrity-left">
5
+ <h2 class="sucuriscan-title">{{WordPress Integrity}}</h2>
6
7
+ <p>{{We inspect your WordPress installation and look for modifications on the core files as provided by WordPress.org. Files located in the root directory, wp-admin and wp-includes will be compared against the files distributed with v%%SUCURI.WordPressVersion%%; all files with inconsistencies will be listed here. Any changes might indicate a hack.}}</p>
8
</div>
9
10
<div class="sucuriscan-pull-right sucuriscan-integrity-right">
11
+ <h2 class="sucuriscan-subtitle">{{All Core WordPress Files Are Correct}}</h2>
12
13
+ <p>{{We have not identified additional files, deleted files, or relevant changes to the core files in your WordPress installation. If you are experiencing other malware issues, please use a <a href="https://sucuri.net/website-security/malware-removal" target="_blank" rel="noopener">Server Side Scanner</a>.}}</p>
14
15
+ <p><a href="%%SUCURI.URL.Settings%%#scanner">{{Review False Positives}}</a></p>
16
</div>
17
</div>
18
inc/tpl/integrity-diff-utility.html.tpl CHANGED
@@ -16,7 +16,7 @@
16
window.scrollTo(0, 0);
17
var filepath = $(this).attr('data-filepath');
18
$('.sucuriscan-diff-utility-modal').removeClass('sucuriscan-hidden');
19
- $('.sucuriscan-diff-utility-modal .sucuriscan-modal-inside').html('Loading...');
20
21
$.post('%%SUCURI.AjaxURL.Dashboard%%', {
22
action: 'sucuriscan_ajax',
@@ -25,13 +25,7 @@
25
filepath: filepath,
26
}, function (data) {
27
$('.sucuriscan-diff-utility-modal .sucuriscan-modal-inside').html(data);
28
- $('.sucuriscan-diff-content').before('<p>Lines with a <b>minus' +
29
- '</b> sign as the prefix <em>(here in red)</em> show the origi' +
30
- 'nal code. Lines with a <b>plus</b> sign as the prefix <em>(he' +
31
- 're in green)</em> show the modified code. You can read more a' +
32
- 'bout the DIFF format from the WikiPedia article about the <a ' +
33
- 'target="_blank" href="https://en.wikipedia.org/wiki/Diff_util' +
34
- 'ity" rel="noopener">Unix Diff Utility</a>.</p>');
35
});
36
});
37
});
16
window.scrollTo(0, 0);
17
var filepath = $(this).attr('data-filepath');
18
$('.sucuriscan-diff-utility-modal').removeClass('sucuriscan-hidden');
19
+ $('.sucuriscan-diff-utility-modal .sucuriscan-modal-inside').html('{{Loading...}}');
20
21
$.post('%%SUCURI.AjaxURL.Dashboard%%', {
22
action: 'sucuriscan_ajax',
25
filepath: filepath,
26
}, function (data) {
27
$('.sucuriscan-diff-utility-modal .sucuriscan-modal-inside').html(data);
28
+ $('.sucuriscan-diff-content').before('<p>{{Lines with a <b>minus</b> sign as the prefix <em>(here in red)</em> show the original code. Lines with a <b>plus</b> sign as the prefix <em>(here in green)</em> show the modified code. You can read more about the DIFF format from the WikiPedia article about the <a target="_blank" href="https://en.wikipedia.org/wiki/Diff_utility" rel="noopener">Unix Diff Utility</a>.}}</p>');
29
});
30
});
31
});
inc/tpl/integrity-incorrect.html.tpl CHANGED
@@ -2,17 +2,17 @@
2
<div class="sucuriscan-panel sucuriscan-integrity sucuriscan-integrity-incorrect">
3
<div class="sucuriscan-clearfix">
4
<div class="sucuriscan-pull-left sucuriscan-integrity-left">
5
- <h2 class="sucuriscan-title">WordPress Integrity</h2>
6
7
- <p>We inspect your WordPress installation and look for modifications on the core files as provided by WordPress.org. Files located in the root directory, wp-admin and wp-includes will be compared against the files distributed with v%%SUCURI.WordPressVersion%%; all files with inconsistencies will be listed here. Any changes might indicate a hack.</p>
8
</div>
9
10
<div class="sucuriscan-pull-right sucuriscan-integrity-right">
11
- <h2 class="sucuriscan-subtitle">Core WordPress Files Were Modified</h2>
12
13
- <p>We identified that some of your WordPress core files were modified. That might indicate a hack or a broken file on your installation. If you are experiencing other malware issues, please use a <a href="https://sucuri.net/website-security/malware-removal" target="_blank" rel="noopener">Server Side Scanner</a>.</p>
14
15
- <p><a href="%%SUCURI.URL.Settings%%#scanner">Review False Positives</a></p>
16
</div>
17
</div>
18
@@ -27,9 +27,9 @@
27
<thead>
28
<tr>
29
<th colspan="5">
30
- <span>WordPress Integrity (%%SUCURI.Integrity.ListCount%%)</span>
31
32
- <span class="sucuriscan-tooltip sucuriscan-hidden" content="The Unix Diff Utility is enabled. You can click the files in the table to see the differences detected by the scanner. If you consider the differences to be harmless you can mark the file as fixed, otherwise it is adviced to restore the original content immediately.">
33
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="14" height="14">
34
<path fill="#000000" d="m6.998315,0.033333c-3.846307,0 -6.964982,
35
3.118675 -6.964982,6.964982s3.118675,6.965574 6.964982,6.965574s6.965574,
@@ -67,13 +67,13 @@
67
68
<tr>
69
<td id="cb" class="manage-column column-cb check-column">
70
- <label class="screen-reader-text" for="cb-select-all-1">Select All</label>
71
<input id="cb-select-all-1" type="checkbox">
72
</td>
73
<th width="20" class="manage-column">&nbsp;</th>
74
- <th width="100" class="manage-column">File Size</th>
75
- <th width="200" class="manage-column">Modified At</th>
76
- <th class="manage-column">File Path</th>
77
</tr>
78
</thead>
79
@@ -86,22 +86,22 @@
86
<label>
87
<input type="hidden" name="sucuriscan_process_form" value="0" />
88
<input type="checkbox" name="sucuriscan_process_form" value="1" />
89
- <span>I understand that this operation can not be reverted.</span>
90
</label>
91
</p>
92
93
<fieldset class="sucuriscan-clearfix">
94
- <label>Action:</label>
95
96
<select name="sucuriscan_integrity_action">
97
- <option value="fixed">Mark as Fixed</option>
98
- <option value="restore">Restore File</option>
99
- <option value="delete">Delete File</option>
100
</select>
101
102
- <button type="submit" class="button button-primary">Submit</button>
103
104
- <span class="sucuriscan-tooltip" content="Marking one or more files as fixed will force the plugin to ignore them during the next scan, very useful when you find false positives. Additionally you can restore the original content of the core files that appear as modified or deleted, this will tell the plugin to download a copy of the original files from the official WordPress repository. Deleting a file is an irreversible action, be careful.">
105
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="14" height="14">
106
<path fill="#000000" d="m6.998315,0.033333c-3.846307,0 -6.964982,
107
3.118675 -6.964982,6.964982s3.118675,6.965574 6.964982,6.965574s6.965574,
2
<div class="sucuriscan-panel sucuriscan-integrity sucuriscan-integrity-incorrect">
3
<div class="sucuriscan-clearfix">
4
<div class="sucuriscan-pull-left sucuriscan-integrity-left">
5
+ <h2 class="sucuriscan-title">{{WordPress Integrity}}</h2>
6
7
+ <p>{{We inspect your WordPress installation and look for modifications on the core files as provided by WordPress.org. Files located in the root directory, wp-admin and wp-includes will be compared against the files distributed with v%%SUCURI.WordPressVersion%%; all files with inconsistencies will be listed here. Any changes might indicate a hack.}}</p>
8
</div>
9
10
<div class="sucuriscan-pull-right sucuriscan-integrity-right">
11
+ <h2 class="sucuriscan-subtitle">{{Core WordPress Files Were Modified}}</h2>
12
13
+ <p>{{We identified that some of your WordPress core files were modified. That might indicate a hack or a broken file on your installation. If you are experiencing other malware issues, please use a <a href="https://sucuri.net/website-security/malware-removal" target="_blank" rel="noopener">Server Side Scanner</a>.}}</p>
14
15
+ <p><a href="%%SUCURI.URL.Settings%%#scanner">{{Review False Positives}}</a></p>
16
</div>
17
</div>
18
27
<thead>
28
<tr>
29
<th colspan="5">
30
+ <span>{{WordPress Integrity (%%SUCURI.Integrity.ListCount%%)}}</span>
31
32
+ <span class="sucuriscan-tooltip sucuriscan-hidden" content="{{The Unix Diff Utility is enabled. You can click the files in the table to see the differences detected by the scanner. If you consider the differences to be harmless you can mark the file as fixed, otherwise it is advised to restore the original content immediately.}}">
33
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="14" height="14">
34
<path fill="#000000" d="m6.998315,0.033333c-3.846307,0 -6.964982,
35
3.118675 -6.964982,6.964982s3.118675,6.965574 6.964982,6.965574s6.965574,
67
68
<tr>
69
<td id="cb" class="manage-column column-cb check-column">
70
+ <label class="screen-reader-text" for="cb-select-all-1">{{Select All}}</label>
71
<input id="cb-select-all-1" type="checkbox">
72
</td>
73
<th width="20" class="manage-column">&nbsp;</th>
74
+ <th width="100" class="manage-column">{{File Size}}</th>
75
+ <th width="200" class="manage-column">{{Modified At}}</th>
76
+ <th class="manage-column">{{File Path}}</th>
77
</tr>
78
</thead>
79
86
<label>
87
<input type="hidden" name="sucuriscan_process_form" value="0" />
88
<input type="checkbox" name="sucuriscan_process_form" value="1" />
89
+ <span>{{I understand that this operation cannot be reverted.}}</span>
90
</label>
91
</p>
92
93
<fieldset class="sucuriscan-clearfix">
94
+ <label>{{Action:}}</label>
95
96
<select name="sucuriscan_integrity_action">
97
+ <option value="fixed">{{Mark as Fixed}}</option>
98
+ <option value="restore">{{Restore File}}</option>
99
+ <option value="delete">{{Delete File}}</option>
100
</select>
101
102
+ <button type="submit" class="button button-primary">{{Submit}}</button>
103
104
+ <span class="sucuriscan-tooltip" content="{{Marking one or more files as fixed will force the plugin to ignore them during the next scan, very useful when you find false positives. Additionally you can restore the original content of the core files that appear as modified or deleted, this will tell the plugin to download a copy of the original files from the official WordPress repository. Deleting a file is an irreversible action, be careful.}}">
105
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="14" height="14">
106
<path fill="#000000" d="m6.998315,0.033333c-3.846307,0 -6.964982,
107
3.118675 -6.964982,6.964982s3.118675,6.965574 6.964982,6.965574s6.965574,
inc/tpl/integrity-notification.html.tpl CHANGED
@@ -1,18 +1,18 @@
1
2
- <p>We identified that some of your WordPress core files were modified. That might indicate a hack or a broken file on your installation. If you are experiencing other malware issues, please use a <a href="https://sucuri.net/website-security/malware-removal" target="_blank" rel="noopener">Server Side Scanner</a>.</p>
3
4
<table border="1" cellspacing="1" cellpadding="5">
5
<thead>
6
<tr>
7
- <th colspan="5">WordPress Integrity (%%SUCURI.Integrity.ListCount%%)</th>
8
</tr>
9
10
<tr>
11
<th>&nbsp;</th>
12
- <th width="80">Status</th>
13
- <th width="100">File Size</th>
14
- <th width="170">Modified At</th>
15
- <th>File Path</th>
16
</tr>
17
</thead>
18
@@ -23,7 +23,7 @@
23
<tfoot>
24
<tr>
25
<td colspan="5">
26
- <p>Marking one or more files as fixed will force the plugin to ignore them during the next scan, very useful when you find false positives. Additionally you can restore the original content of the core files that appear as modified or deleted, this will tell the plugin to download a copy of the original files from the official WordPress repository. Deleting a file is an irreversible action, be careful.</p>
27
</td>
28
</tr>
29
</tfoot>
1
2
+ <p>{{We identified that some of your WordPress core files were modified. That might indicate a hack or a broken file on your installation. If you are experiencing other malware issues, please use a <a href="https://sucuri.net/website-security/malware-removal" target="_blank" rel="noopener">Server Side Scanner</a>.}}</p>
3
4
<table border="1" cellspacing="1" cellpadding="5">
5
<thead>
6
<tr>
7
+ <th colspan="5">{{WordPress Integrity (%%SUCURI.Integrity.ListCount%%)}}</th>
8
</tr>
9
10
<tr>
11
<th>&nbsp;</th>
12
+ <th width="80">{{Status}}</th>
13
+ <th width="100">{{File Size}}</th>
14
+ <th width="170">{{Modified At}}</th>
15
+ <th>{{File Path}}</th>
16
</tr>
17
</thead>
18
23
<tfoot>
24
<tr>
25
<td colspan="5">
26
+ <p>{{Marking one or more files as fixed will force the plugin to ignore them during the next scan, very useful when you find false positives. Additionally you can restore the original content of the core files that appear as modified or deleted, this will tell the plugin to download a copy of the original files from the official WordPress repository. Deleting a file is an irreversible action, be careful.}}</p>
27
</td>
28
</tr>
29
</tfoot>
inc/tpl/integrity.html.tpl CHANGED
@@ -20,9 +20,9 @@ jQuery(document).ready(function ($) {
20
<div class="sucuriscan-panel sucuriscan-integrity sucuriscan-integrity-loading">
21
<div class="sucuriscan-clearfix">
22
<div class="sucuriscan-pull-left sucuriscan-integrity-left">
23
- <h2 class="sucuriscan-title">WordPress Integrity</h2>
24
25
- <p>We inspect your WordPress installation and look for modifications on the core files as provided by WordPress.org. Files located in the root directory, wp-admin and wp-includes will be compared against the files distributed with v%%SUCURI.WordPressVersion%%; all files with inconsistencies will be listed here. Any changes might indicate a hack.</p>
26
</div>
27
28
<div class="sucuriscan-pull-right sucuriscan-integrity-right">
@@ -32,6 +32,6 @@ jQuery(document).ready(function ($) {
32
</div>
33
</div>
34
35
- <p>Loading...</p>
36
</div>
37
</div>
20
<div class="sucuriscan-panel sucuriscan-integrity sucuriscan-integrity-loading">
21
<div class="sucuriscan-clearfix">
22
<div class="sucuriscan-pull-left sucuriscan-integrity-left">
23
+ <h2 class="sucuriscan-title">{{WordPress Integrity}}</h2>
24
25
+ <p>{{We inspect your WordPress installation and look for modifications on the core files as provided by WordPress.org. Files located in the root directory, wp-admin and wp-includes will be compared against the files distributed with v%%SUCURI.WordPressVersion%%; all files with inconsistencies will be listed here. Any changes might indicate a hack.}}</p>
26
</div>
27
28
<div class="sucuriscan-pull-right sucuriscan-integrity-right">
32
</div>
33
</div>
34
35
+ <p>{{Loading...}}</p>
36
</div>
37
</div>
inc/tpl/lastlogins-admins.html.tpl CHANGED
@@ -1,16 +1,16 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Successful Logins (admins)</h3>
4
5
<div class="inside">
6
- <p>Here you can see a list of all the successful logins of accounts with admin privileges.</p>
7
8
<table class="wp-list-table widefat sucuriscan-table sucuriscan-table-double-title sucuriscan-adminusers">
9
<thead>
10
<tr>
11
- <th class="manage-column">Username</th>
12
- <th class="manage-column">Registration</th>
13
- <th class="manage-column">Newest To Oldest</th>
14
<th class="manage-column">&nbsp;</th>
15
</tr>
16
</thead>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">{{Successful Logins (admins)}}</h3>
4
5
<div class="inside">
6
+ <p>{{Here you can see a list of all the successful logins of accounts with admin privileges.}}</p>
7
8
<table class="wp-list-table widefat sucuriscan-table sucuriscan-table-double-title sucuriscan-adminusers">
9
<thead>
10
<tr>
11
+ <th class="manage-column">{{Username}}</th>
12
+ <th class="manage-column">{{Registration}}</th>
13
+ <th class="manage-column">{{Newest To Oldest}}</th>
14
<th class="manage-column">&nbsp;</th>
15
</tr>
16
</thead>
inc/tpl/lastlogins-admins.snippet.tpl CHANGED
@@ -6,14 +6,14 @@
6
7
<td class="adminusers-lastlogin">
8
<div class="sucuriscan-%%SUCURI.AdminUsers.NoLastLogins%%">
9
- <em>no data available</em>
10
</div>
11
12
<table class="widefat sucuriscan-admins-lastlogins sucuriscan-%%SUCURI.AdminUsers.NoLastLoginsTable%%">
13
<thead>
14
<tr>
15
- <th>IP Address</th>
16
- <th>Date/Time</th>
17
</tr>
18
</thead>
19
@@ -24,6 +24,6 @@
24
</td>
25
26
<td>
27
- <a href="%%SUCURI.AdminUsers.UserURL%%" target="_blank" class="button button-primary" rel="noopener">Edit</a>
28
</td>
29
</tr>
6
7
<td class="adminusers-lastlogin">
8
<div class="sucuriscan-%%SUCURI.AdminUsers.NoLastLogins%%">
9
+ <em>{{no data available}}</em>
10
</div>
11
12
<table class="widefat sucuriscan-admins-lastlogins sucuriscan-%%SUCURI.AdminUsers.NoLastLoginsTable%%">
13
<thead>
14
<tr>
15
+ <th>{{IP Address}}</th>
16
+ <th>{{Date/Time}}</th>
17
</tr>
18
</thead>
19
24
</td>
25
26
<td>
27
+ <a href="%%SUCURI.AdminUsers.UserURL%%" target="_blank" class="button button-primary" rel="noopener">{{Edit}}</a>
28
</td>
29
</tr>
inc/tpl/lastlogins-all.html.tpl CHANGED
@@ -1,21 +1,21 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Successful Logins (all)</h3>
4
5
<div class="inside">
6
- <p>Here you can see a list of all the successful user logins.</p>
7
8
<table class="wp-list-table widefat sucuriscan-table sucuriscan-table-double-title sucuriscan-last-logins">
9
<thead>
10
<tr>
11
- <th colspan="5">Successful Logins (all)</th>
12
</tr>
13
14
<tr>
15
- <th class="manage-column">Username</th>
16
- <th class="manage-column">IP Address</th>
17
- <th class="manage-column">Hostname</th>
18
- <th class="manage-column">Date/Time</th>
19
<th class="manage-column">&nbsp;</th>
20
</tr>
21
</thead>
@@ -25,7 +25,7 @@
25
26
<tr class="sucuriscan-%%SUCURI.UserList.NoItemsVisibility%%">
27
<td colspan="5">
28
- <em>no data available</em>
29
</td>
30
</tr>
31
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">{{Successful Logins (all)}}</h3>
4
5
<div class="inside">
6
+ <p>{{Here you can see a list of all the successful user logins.}}</p>
7
8
<table class="wp-list-table widefat sucuriscan-table sucuriscan-table-double-title sucuriscan-last-logins">
9
<thead>
10
<tr>
11
+ <th colspan="5">{{Successful Logins (all)}}</th>
12
</tr>
13
14
<tr>
15
+ <th class="manage-column">{{Username}}</th>
16
+ <th class="manage-column">{{IP Address}}</th>
17
+ <th class="manage-column">{{Hostname}}</th>
18
+ <th class="manage-column">{{Date/Time}}</th>
19
<th class="manage-column">&nbsp;</th>
20
</tr>
21
</thead>
25
26
<tr class="sucuriscan-%%SUCURI.UserList.NoItemsVisibility%%">
27
<td colspan="5">
28
+ <em>{{no data available}}</em>
29
</td>
30
</tr>
31
inc/tpl/lastlogins-all.snippet.tpl CHANGED
@@ -8,5 +8,5 @@
8
9
<td><span title="%%SUCURI.UserList.Datetime%%">%%SUCURI.UserList.TimeAgo%%</span></td>
10
11
- <td><a href="%%SUCURI.UserList.UserURL%%" target="_blank" rel="noopener">Edit</a></td>
12
</tr>
8
9
<td><span title="%%SUCURI.UserList.Datetime%%">%%SUCURI.UserList.TimeAgo%%</span></td>
10
11
+ <td><a href="%%SUCURI.UserList.UserURL%%" target="_blank" rel="noopener">{{Edit}}</a></td>
12
</tr>
inc/tpl/lastlogins-failedlogins.html.tpl CHANGED
@@ -1,9 +1,9 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Failed logins</h3>
4
5
<div class="inside">
6
- <p>This information will be used to determine if your site is being victim of <a href="https://kb.sucuri.net/definitions/attacks/brute-force/password-guessing" target="_blank" rel="noopener">Password Guessing Brute Force Attacks</a>. These logs will be accumulated and the plugin will send a report via email if there are more than <code>%%SUCURI.FailedLogins.MaxFailedLogins%%</code> failed login attempts during the same hour, you can change this number from <a href="%%SUCURI.URL.Settings%%#alerts">here</a>. <b>NOTE:</b> Some <em>"Two-Factor Authentication"</em> plugins do not follow the same rules that WordPress have to report failed login attempts, so you may not see all the attempts in this panel if you have one of these plugins installed.</p>
7
8
<form action="%%SUCURI.URL.Lastlogins%%#blocked" method="post">
9
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
@@ -11,10 +11,10 @@
11
<table class="wp-list-table widefat sucuriscan-table sucuriscan-lastlogins-failed">
12
<thead>
13
<tr>
14
- <th class="manage-column">Username</th>
15
- <th class="manage-column">IP Address</th>
16
- <th class="manage-column">Date/Time</th>
17
- <th class="manage-column" width="300">Web Browser</th>
18
</tr>
19
</thead>
20
@@ -23,7 +23,7 @@
23
24
<tr class="sucuriscan-%%SUCURI.FailedLogins.NoItemsVisibility%%">
25
<td colspan="4">
26
- <em>no data available</em>
27
</td>
28
</tr>
29
@@ -37,7 +37,7 @@
37
</tbody>
38
</table>
39
40
- <button type="submit" class="button button-primary">Block</button>
41
</form>
42
</div>
43
</div>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">{{Failed logins}}</h3>
4
5
<div class="inside">
6
+ <p>{{This information will be used to determine if your site is being victim of <a href="https://kb.sucuri.net/definitions/attacks/brute-force/password-guessing" target="_blank" rel="noopener">Password Guessing Brute Force Attacks</a>. These logs will be accumulated and the plugin will send a report via email if there are more than <code>%%SUCURI.FailedLogins.MaxFailedLogins%%</code> failed login attempts during the same hour, you can change this number from <a href="%%SUCURI.URL.Settings%%#alerts">here</a>. <b>NOTE:</b> Some <em>"Two-Factor Authentication"</em> plugins do not follow the same rules that WordPress have to report failed login attempts, so you may not see all the attempts in this panel if you have one of these plugins installed.}}</p>
7
8
<form action="%%SUCURI.URL.Lastlogins%%#blocked" method="post">
9
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
11
<table class="wp-list-table widefat sucuriscan-table sucuriscan-lastlogins-failed">
12
<thead>
13
<tr>
14
+ <th class="manage-column">{{Username}}</th>
15
+ <th class="manage-column">{{IP Address}}</th>
16
+ <th class="manage-column">{{Date/Time}}</th>
17
+ <th class="manage-column" width="300">{{Web Browser}}</th>
18
</tr>
19
</thead>
20
23
24
<tr class="sucuriscan-%%SUCURI.FailedLogins.NoItemsVisibility%%">
25
<td colspan="4">
26
+ <em>{{no data available}}</em>
27
</td>
28
</tr>
29
37
</tbody>
38
</table>
39
40
+ <button type="submit" class="button button-primary">{{Block}}</button>
41
</form>
42
</div>
43
</div>
inc/tpl/lastlogins-loggedin.html.tpl CHANGED
@@ -1,22 +1,22 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Logged-in Users</h3>
4
5
<div class="inside">
6
- <p>Here you can see a list of the users that are currently logged-in.</p>
7
8
<table class="wp-list-table widefat sucuriscan-loggedin-users">
9
<thead>
10
<tr>
11
- <th colspan="6">Logged-in Users</th>
12
</tr>
13
14
<tr>
15
- <th>ID</th>
16
- <th>Username</th>
17
- <th>Last Activity</th>
18
- <th>Registered</th>
19
- <th>IP Address</th>
20
<th>&nbsp;</th>
21
</tr>
22
</thead>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">{{Logged-in Users}}</h3>
4
5
<div class="inside">
6
+ <p>{{Here you can see a list of the users that are currently logged-in.}}</p>
7
8
<table class="wp-list-table widefat sucuriscan-loggedin-users">
9
<thead>
10
<tr>
11
+ <th colspan="6">{{Logged-in Users}}</th>
12
</tr>
13
14
<tr>
15
+ <th>{{ID}}</th>
16
+ <th>{{Username}}</th>
17
+ <th>{{Last Activity}}</th>
18
+ <th>{{Registered}}</th>
19
+ <th>{{IP Address}}</th>
20
<th>&nbsp;</th>
21
</tr>
22
</thead>
inc/tpl/lastlogins-loggedin.snippet.tpl CHANGED
@@ -10,5 +10,5 @@
10
11
<td class="sucuriscan-monospace">%%SUCURI.LoggedInUsers.RemoteAddr%%</td>
12
13
- <td><a href="%%SUCURI.LoggedInUsers.UserURL%%" target="_blank">Edit</a></td>
14
</tr>
10
11
<td class="sucuriscan-monospace">%%SUCURI.LoggedInUsers.RemoteAddr%%</td>
12
13
+ <td><a href="%%SUCURI.LoggedInUsers.UserURL%%" target="_blank">{{Edit}}</a></td>
14
</tr>
inc/tpl/lastlogins.html.tpl CHANGED
@@ -1,10 +1,10 @@
1
2
<div class="sucuriscan-tabs">
3
<ul class="sucuriscan-clearfix sucuriscan-tabs-buttons">
4
- <li><a href="%%SUCURI.URL.Lastlogins%%#allusers">All Users</a></li>
5
- <li><a href="%%SUCURI.URL.Lastlogins%%#admins">Admins</a></li>
6
- <li><a href="%%SUCURI.URL.Lastlogins%%#loggedin">Logged-in Users</a></li>
7
- <li><a href="%%SUCURI.URL.Lastlogins%%#failed">Failed logins</a></li>
8
</ul>
9
10
<div class="sucuriscan-tabs-containers">
1
2
<div class="sucuriscan-tabs">
3
<ul class="sucuriscan-clearfix sucuriscan-tabs-buttons">
4
+ <li><a href="%%SUCURI.URL.Lastlogins%%#allusers">{{All Users}}</a></li>
5
+ <li><a href="%%SUCURI.URL.Lastlogins%%#admins">{{Admins}}</a></li>
6
+ <li><a href="%%SUCURI.URL.Lastlogins%%#loggedin">{{Logged-in Users}}</a></li>
7
+ <li><a href="%%SUCURI.URL.Lastlogins%%#failed">{{Failed logins}}</a></li>
8
</ul>
9
10
<div class="sucuriscan-tabs-containers">
inc/tpl/notification-pretty.html.tpl CHANGED
@@ -16,13 +16,13 @@
16
<td style="padding:20px 20px 10px 20px;border:1px solid #ccc;border-top:none">
17
<h4 style="text-transform:uppercase;margin:0">Information:</h4>
18
<p style="margin:0 0 10px 0">
19
- Website: <a href="http://%%SUCURI.Website%%">%%SUCURI.Website%%</a><br>
20
- IP Address: %%SUCURI.RemoteAddress%%<br>
21
- Reverse IP: %%SUCURI.ReverseAddress%%<br>
22
- Date/Time: %%SUCURI.Time%%<br>
23
%%SUCURI.User%%
24
</p>
25
- <h4 style="text-transform:uppercase;margin:0">Message:</h4>
26
<p style="margin:0 0 10px 0">%%%SUCURI.Message%%%</p>
27
</td>
28
</tr>
16
<td style="padding:20px 20px 10px 20px;border:1px solid #ccc;border-top:none">
17
<h4 style="text-transform:uppercase;margin:0">Information:</h4>
18
<p style="margin:0 0 10px 0">
19
+ {{Website:}} <a href="http://%%SUCURI.Website%%">%%SUCURI.Website%%</a><br>
20
+ {{IP Address:}} %%SUCURI.RemoteAddress%%<br>
21
+ {{Reverse IP:}} %%SUCURI.ReverseAddress%%<br>
22
+ {{Date/Time:}} %%SUCURI.Time%%<br>
23
%%SUCURI.User%%
24
</p>
25
+ <h4 style="text-transform:uppercase;margin:0">{{Message:}}</h4>
26
<p style="margin:0 0 10px 0">%%%SUCURI.Message%%%</p>
27
</td>
28
</tr>
inc/tpl/register-site.html.tpl CHANGED
@@ -1,8 +1,8 @@
1
2
- <p>An API key is required to activate some additional tools available in this plugin. The keys are free and you can virtually generate an unlimited number of them as long as the domain name and email address are unique. The key is used to authenticate the HTTP requests sent by the plugin to an API service managed by Sucuri Inc.</p>
3
4
<div class="sucuriscan-inline-alert-info">
5
- <p>If you experience issues generating the API key you can request one by sending the domain name and email address that you want to use to <a href="mailto:info@sucuri.net">info@sucuri.net</a>. Note that generating a key for a website that is not facing the Internet is not possible because the API service needs to validate that the domain name exists.</p>
6
</div>
7
8
<form action="%%SUCURI.URL.Settings%%" method="post">
@@ -10,29 +10,29 @@
10
<input type="hidden" name="sucuriscan_plugin_api_key" value="1" />
11
12
<fieldset class="sucuriscan-clearfix">
13
- <label>Website:</label>
14
<input type="text" value="%%SUCURI.CleanDomain%%" readonly="readonly">
15
</fieldset>
16
17
<fieldset class="sucuriscan-clearfix">
18
- <label>E-mail:</label>
19
<select name="sucuriscan_setup_user">
20
%%%SUCURI.AdminEmails%%%
21
</select>
22
</fieldset>
23
24
<fieldset class="sucuriscan-clearfix">
25
- <label>DNS Lookups</label>
26
<input type="hidden" name="sucuriscan_dns_lookups" value="disable" />
27
<input type="checkbox" name="sucuriscan_dns_lookups" value="enable" checked="checked" />
28
- <span class="sucuriscan-tooltip" content="Check the box if your website is behind a known firewall service, this guarantees that the IP address of your visitors will be detected correctly for the security logs. You can change this later from the settings.">Enable DNS Lookups On Startup</span>
29
</fieldset>
30
31
<p>
32
<label>
33
<input type="hidden" name="sucuriscan_consent_tos" value="0" />
34
<input type="checkbox" name="sucuriscan_consent_tos" value="1" />
35
- <span>I agree to the <a target="_blank" href="https://sucuri.net/terms">Terms of Service</a>.</span>
36
</label>
37
</p>
38
@@ -40,13 +40,13 @@
40
<label>
41
<input type="hidden" name="sucuriscan_consent_priv" value="0" />
42
<input type="checkbox" name="sucuriscan_consent_priv" value="1" />
43
- <span>I have read and understand the <a target="_blank" href="https://sucuri.net/privacy">Privacy Policy</a>.</span>
44
</label>
45
</p>
46
47
<div class="sucuriscan-clearfix">
48
<div class="sucuriscan-pull-left">
49
- <button type="submit" class="button button-primary">Submit</button>
50
</div>
51
</div>
52
</form>
1
2
+ <p>{{An API key is required to activate some additional tools available in this plugin. The keys are free and you can virtually generate an unlimited number of them as long as the domain name and email address are unique. The key is used to authenticate the HTTP requests sent by the plugin to an API service managed by Sucuri Inc.}}</p>
3
4
<div class="sucuriscan-inline-alert-info">
5
+ <p>{{If you experience issues generating the API key you can request one by sending the domain name and email address that you want to use to <a href="mailto:info@sucuri.net">info@sucuri.net</a>. Note that generating a key for a website that is not facing the Internet is not possible because the API service needs to validate that the domain name exists.}}</p>
6
</div>
7
8
<form action="%%SUCURI.URL.Settings%%" method="post">
10
<input type="hidden" name="sucuriscan_plugin_api_key" value="1" />
11
12
<fieldset class="sucuriscan-clearfix">
13
+ <label>{{Website:}}</label>
14
<input type="text" value="%%SUCURI.CleanDomain%%" readonly="readonly">
15
</fieldset>
16
17
<fieldset class="sucuriscan-clearfix">
18
+ <label>{{E-mail:}}</label>
19
<select name="sucuriscan_setup_user">
20
%%%SUCURI.AdminEmails%%%
21
</select>
22
</fieldset>
23
24
<fieldset class="sucuriscan-clearfix">
25
+ <label>{{DNS Lookups}}</label>
26
<input type="hidden" name="sucuriscan_dns_lookups" value="disable" />
27
<input type="checkbox" name="sucuriscan_dns_lookups" value="enable" checked="checked" />
28
+ <span class="sucuriscan-tooltip" content="{{Check the box if your website is behind a known firewall service, this guarantees that the IP address of your visitors will be detected correctly for the security logs. You can change this later from the settings.}}">{{Enable DNS Lookups On Startup}}</span>
29
</fieldset>
30
31
<p>
32
<label>
33
<input type="hidden" name="sucuriscan_consent_tos" value="0" />
34
<input type="checkbox" name="sucuriscan_consent_tos" value="1" />
35
+ <span>{{I agree to the <a target="_blank" href="https://sucuri.net/terms">Terms of Service</a>.}}</span>
36
</label>
37
</p>
38
40
<label>
41
<input type="hidden" name="sucuriscan_consent_priv" value="0" />
42
<input type="checkbox" name="sucuriscan_consent_priv" value="1" />
43
+ <span>{{I have read and understand the <a target="_blank" href="https://sucuri.net/privacy">Privacy Policy</a>.}}</span>
44
</label>
45
</p>
46
47
<div class="sucuriscan-clearfix">
48
<div class="sucuriscan-pull-left">
49
+ <button type="submit" class="button button-primary">{{Submit}}</button>
50
</div>
51
</div>
52
</form>
inc/tpl/settings-alerts-bruteforce.html.tpl CHANGED
@@ -1,18 +1,18 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Password Guessing Brute Force Attacks</h3>
4
5
<div class="inside">
6
- <p><a href="https://kb.sucuri.net/definitions/attacks/brute-force/password-guessing" target="_blank" rel="noopener">Password guessing brute force attacks</a> are very common against web sites and web servers. They are one of the most common vectors used to compromise web sites. The process is very simple and the attackers basically try multiple combinations of usernames and passwords until they find one that works. Once they get in, they can compromise the web site with malware, spam , phishing or anything else they want.</p>
7
8
<form action="%%SUCURI.URL.Settings%%#alerts" method="post">
9
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
10
<fieldset class="sucuriscan-clearfix">
11
- <label>Consider Brute-Force Attack After:</label>
12
<select name="sucuriscan_maximum_failed_logins">
13
%%%SUCURI.Alerts.BruteForce%%%
14
</select>
15
- <button type="submit" class="button button-primary">Submit</button>
16
</fieldset>
17
</form>
18
</div>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">{{Password Guessing Brute Force Attacks}}</h3>
4
5
<div class="inside">
6
+ <p>{{<a href="https://kb.sucuri.net/definitions/attacks/brute-force/password-guessing" target="_blank" rel="noopener">Password guessing brute force attacks</a> are very common against web sites and web servers. They are one of the most common vectors used to compromise web sites. The process is very simple and the attackers basically try multiple combinations of usernames and passwords until they find one that works. Once they get in, they can compromise the web site with malware, spam , phishing or anything else they want.}}</p>
7
8
<form action="%%SUCURI.URL.Settings%%#alerts" method="post">
9
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
10
<fieldset class="sucuriscan-clearfix">
11
+ <label>{{Consider Brute-Force Attack After:}}</label>
12
<select name="sucuriscan_maximum_failed_logins">
13
%%%SUCURI.Alerts.BruteForce%%%
14
</select>
15
+ <button type="submit" class="button button-primary">{{Submit}}</button>
16
</fieldset>
17
</form>
18
</div>
inc/tpl/settings-alerts-events.html.tpl CHANGED
@@ -1,10 +1,10 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Security Alerts</h3>
4
5
<div class="inside">
6
<div class="sucuriscan-inline-alert-error sucuriscan-%%SUCURI.Alerts.NoAlertsVisibility%%">
7
- <p>You have installed a plugin or theme that is not fully compatible with our plugin, some of the security alerts (like the successful and failed logins) will not be sent to you. To prevent an infinite loop while detecting these changes in the website and sending the email alerts via a custom SMTP plugin, we have decided to stop any attempt to send the emails to prevent fatal errors.</p>
8
</div>
9
10
<form action="%%SUCURI.URL.Settings%%#alerts" method="post">
@@ -14,10 +14,10 @@
14
<thead>
15
<tr>
16
<td id="cb" class="manage-column column-cb check-column">
17
- <label class="screen-reader-text" for="cb-select-all-1">Select All</label>
18
<input id="cb-select-all-1" type="checkbox">
19
</td>
20
- <th class="manage-column">Event</th>
21
</tr>
22
</thead>
23
@@ -27,7 +27,7 @@
27
</table>
28
29
<div class="sucuriscan-recipient-form">
30
- <button type="submit" name="sucuriscan_save_alert_events" class="button button-primary">Submit</button>
31
</div>
32
</form>
33
</div>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">{{Security Alerts}}</h3>
4
5
<div class="inside">
6
<div class="sucuriscan-inline-alert-error sucuriscan-%%SUCURI.Alerts.NoAlertsVisibility%%">
7
+ <p>{{You have installed a plugin or theme that is not fully compatible with our plugin, some of the security alerts (like the successful and failed logins) will not be sent to you. To prevent an infinite loop while detecting these changes in the website and sending the email alerts via a custom SMTP plugin, we have decided to stop any attempt to send the emails to prevent fatal errors.}}</p>
8
</div>
9
10
<form action="%%SUCURI.URL.Settings%%#alerts" method="post">
14
<thead>
15
<tr>
16
<td id="cb" class="manage-column column-cb check-column">
17
+ <label class="screen-reader-text" for="cb-select-all-1">{{Select All}}</label>
18
<input id="cb-select-all-1" type="checkbox">
19
</td>
20
+ <th class="manage-column">{{Event}}</th>
21
</tr>
22
</thead>
23
27
</table>
28
29
<div class="sucuriscan-recipient-form">
30
+ <button type="submit" name="sucuriscan_save_alert_events" class="button button-primary">{{Submit}}</button>
31
</div>
32
</form>
33
</div>
inc/tpl/settings-alerts-ignore-posts.html.tpl CHANGED
@@ -1,28 +1,28 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Post-Type Alerts</h3>
4
5
<div class="inside">
6
<div class="sucuriscan-inline-alert-error sucuriscan-%%SUCURI.PostTypes.ErrorVisibility%%">
7
- <p>It seems that you disabled the email alerts for <b>new site content</b>, this panel is intended to provide a way to ignore specific events in your site and with that the alerts reported to your email. Since you have deactivated the <b>new site content</b> alerts, this panel will be disabled too.</p>
8
</div>
9
10
- <p>This is a list of registered <a href="https://codex.wordpress.org/Post_Types" target="_blank" rel="noopener">Post Types</a>. You will receive an email alert when a custom page or post associated to any of these types is created or updated. If you don't want to receive one or more of these alerts, feel free to uncheck the boxes in the table below. If you are receiving alerts for post types that are not listed in this table, it may be because there is an add-on that that is generating a custom post-type on runtime, you will have to find out by yourself what is the unique ID of that post-type and type it in the form below. The plugin will do its best to ignore these alerts as long as the unique ID is valid.</p>
11
12
<form action="%%SUCURI.URL.Settings%%#alerts" method="post">
13
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
14
<input type="hidden" name="sucuriscan_ignorerule_action" value="add">
15
16
<fieldset class="sucuriscan-clearfix">
17
- <label>Stop Alerts For This Post-Type:</label>
18
- <input type="text" name="sucuriscan_ignorerule" placeholder="e.g. unique_post_type_id" />
19
- <button type="submit" class="button button-primary">Submit</button>
20
</fieldset>
21
</form>
22
23
<hr>
24
25
- <button class="button button-primary sucuriscan-show-section" section="sucuriscan-ignorerules" on="Show Post-Types Table" off="Hide Post-Types Table">Show Post-Types Table</button>
26
27
<div class="sucuriscan-hidden" id="sucuriscan-ignorerules">
28
<hr>
@@ -35,12 +35,12 @@
35
<thead>
36
<tr>
37
<td id="cb" class="manage-column column-cb check-column">
38
- <label class="screen-reader-text" for="cb-select-all-1">Select All</label>
39
<input id="cb-select-all-1" type="checkbox">
40
</td>
41
- <th class="manage-column">Post Type</th>
42
- <th class="manage-column">Post Type ID</th>
43
- <th class="manage-column">Ignored At (optional)</th>
44
</tr>
45
</thead>
46
@@ -49,7 +49,7 @@
49
</tbody>
50
</table>
51
52
- <button type="submit" class="button button-primary">Submit</button>
53
</form>
54
</div>
55
</div>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">{{Post-Type Alerts}}</h3>
4
5
<div class="inside">
6
<div class="sucuriscan-inline-alert-error sucuriscan-%%SUCURI.PostTypes.ErrorVisibility%%">
7
+ <p>{{It seems that you disabled the email alerts for <b>new site content</b>, this panel is intended to provide a way to ignore specific events in your site and with that the alerts reported to your email. Since you have deactivated the <b>new site content</b> alerts, this panel will be disabled too.}}</p>
8
</div>
9
10
+ <p>{{This is a list of registered <a href="https://codex.wordpress.org/Post_Types" target="_blank" rel="noopener">Post Types</a>. You will receive an email alert when a custom page or post associated to any of these types is created or updated. If you dont want to receive one or more of these alerts, feel free to uncheck the boxes in the table below. If you are receiving alerts for post types that are not listed in this table, it may be because there is an add-on that that is generating a custom post-type on runtime, you will have to find out by yourself what is the unique ID of that post-type and type it in the form below. The plugin will do its best to ignore these alerts as long as the unique ID is valid.}}</p>
11
12
<form action="%%SUCURI.URL.Settings%%#alerts" method="post">
13
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
14
<input type="hidden" name="sucuriscan_ignorerule_action" value="add">
15
16
<fieldset class="sucuriscan-clearfix">
17
+ <label>{{Stop Alerts For This Post-Type:}}</label>
18
+ <input type="text" name="sucuriscan_ignorerule" placeholder="{{e.g. unique_post_type_id}}" />
19
+ <button type="submit" class="button button-primary">{{Submit}}</button>
20
</fieldset>
21
</form>
22
23
<hr>
24
25
+ <button class="button button-primary sucuriscan-show-section" section="sucuriscan-ignorerules" on="{{Show Post-Types Table}}" off="{{Hide Post-Types Table}}">{{Show Post-Types Table}}</button>
26
27
<div class="sucuriscan-hidden" id="sucuriscan-ignorerules">
28
<hr>
35
<thead>
36
<tr>
37
<td id="cb" class="manage-column column-cb check-column">
38
+ <label class="screen-reader-text" for="cb-select-all-1">{{Select All}}</label>
39
<input id="cb-select-all-1" type="checkbox">
40
</td>
41
+ <th class="manage-column">{{Post Type}}</th>
42
+ <th class="manage-column">{{Post Type ID}}</th>
43
+ <th class="manage-column">{{Ignored At (optional)}}</th>
44
</tr>
45
</thead>
46
49
</tbody>
50
</table>
51
52
+ <button type="submit" class="button button-primary">{{Submit}}</button>
53
</form>
54
</div>
55
</div>
inc/tpl/settings-alerts-perhour.html.tpl CHANGED
@@ -1,18 +1,18 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Alerts Per Hour</h3>
4
5
<div class="inside">
6
- <p>Configure the maximum number of email alerts per hour. If the number is exceeded and the plugin detects more events during the same hour, it will still log the events into the audit logs but will not send the email alerts. Be careful with this as you will miss important information.</p>
7
8
<form action="%%SUCURI.URL.Settings%%#alerts" method="post">
9
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
10
<fieldset class="sucuriscan-clearfix">
11
- <label>Maximum Alerts Per Hour:</label>
12
<select name="sucuriscan_emails_per_hour">
13
%%%SUCURI.Alerts.PerHour%%%
14
</select>
15
- <button type="submit" class="button button-primary">Submit</button>
16
</fieldset>
17
</form>
18
</div>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">{{Alerts Per Hour}}</h3>
4
5
<div class="inside">
6
+ <p>{{Configure the maximum number of email alerts per hour. If the number is exceeded and the plugin detects more events during the same hour, it will still log the events into the audit logs but will not send the email alerts. Be careful with this as you will miss important information.}}</p>
7
8
<form action="%%SUCURI.URL.Settings%%#alerts" method="post">
9
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
10
<fieldset class="sucuriscan-clearfix">
11
+ <label>{{Maximum Alerts Per Hour:}}</label>
12
<select name="sucuriscan_emails_per_hour">
13
%%%SUCURI.Alerts.PerHour%%%
14
</select>
15
+ <button type="submit" class="button button-primary">{{Submit}}</button>
16
</fieldset>
17
</form>
18
</div>
inc/tpl/settings-alerts-recipients.html.tpl CHANGED
@@ -1,27 +1,27 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Alerts Recipient</h3>
4
5
<div class="inside">
6
- <p>By default, the plugin will send the email alerts to the primary admin account, the same account created during the installation of WordPress in your web server. You can add more people to the list, they will receive a copy of the same security alerts.</p>
7
8
<form action="%%SUCURI.URL.Settings%%#alerts" method="post">
9
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
10
11
<fieldset class="sucuriscan-clearfix">
12
- <label>E-mail:</label>
13
- <input type="text" name="sucuriscan_recipient" placeholder="e.g. user@example.com" />
14
- <button type="submit" name="sucuriscan_save_recipient" class="button button-primary">Submit</button>
15
</fieldset>
16
17
<table class="wp-list-table widefat sucuriscan-table">
18
<thead>
19
<tr>
20
<td id="cb" class="manage-column column-cb check-column">
21
- <label class="screen-reader-text" for="cb-select-all-1">Select All</label>
22
<input id="cb-select-all-1" type="checkbox">
23
</td>
24
- <th class="manage-column">E-mail</th>
25
</tr>
26
</thead>
27
@@ -30,8 +30,8 @@
30
</tbody>
31
</table>
32
33
- <button type="submit" name="sucuriscan_delete_recipients" class="button button-primary">Delete</button>
34
- <button type="submit" name="sucuriscan_debug_email" value="1" class="button button-primary">Test Alerts</button>
35
</form>
36
</div>
37
</div>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">{{Alerts Recipient}}</h3>
4
5
<div class="inside">
6
+ <p>{{By default, the plugin will send the email alerts to the primary admin account, the same account created during the installation of WordPress in your web server. You can add more people to the list, they will receive a copy of the same security alerts.}}</p>
7
8
<form action="%%SUCURI.URL.Settings%%#alerts" method="post">
9
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
10
11
<fieldset class="sucuriscan-clearfix">
12
+ <label>{{E-mail:}}</label>
13
+ <input type="text" name="sucuriscan_recipient" placeholder="{{e.g. user@example.com}}" />
14
+ <button type="submit" name="sucuriscan_save_recipient" class="button button-primary">{{Submit}}</button>
15
</fieldset>
16
17
<table class="wp-list-table widefat sucuriscan-table">
18
<thead>
19
<tr>
20
<td id="cb" class="manage-column column-cb check-column">
21
+ <label class="screen-reader-text" for="cb-select-all-1">{{Select All}}</label>
22
<input id="cb-select-all-1" type="checkbox">
23
</td>
24
+ <th class="manage-column">{{E-mail}}</th>
25
</tr>
26
</thead>
27
30
</tbody>
31
</table>
32
33
+ <button type="submit" name="sucuriscan_delete_recipients" class="button button-primary">{{Delete}}</button>
34
+ <button type="submit" name="sucuriscan_debug_email" value="1" class="button button-primary">{{Test Alerts}}</button>
35
</form>
36
</div>
37
</div>
inc/tpl/settings-alerts-subject.html.tpl CHANGED
@@ -1,9 +1,9 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Alert Subject</h3>
4
5
<div class="inside">
6
- <p>Format of the subject for the email alerts, by default the plugin will use the website name and the event identifier that is being reported, you can use this panel to include the IP address of the user that triggered the event and some additional data. You can create filters in your email client creating a custom email subject using the pseudo-tags shown below.</p>
7
8
<form action="%%SUCURI.URL.Settings%%#alerts" method="post">
9
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
@@ -14,14 +14,14 @@
14
<li>
15
<label>
16
<input type="radio" name="sucuriscan_email_subject" value="custom" %%SUCURI.Alerts.CustomChecked%% />
17
- <span>Custom Format</span>
18
<input type="text" name="sucuriscan_custom_email_subject" value="%%SUCURI.Alerts.CustomValue%%" />
19
</label>
20
</li>
21
</ul>
22
23
<div class="sucuriscan-recipient-form">
24
- <button type="submit" class="button button-primary">Submit</button>
25
</div>
26
</form>
27
</div>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">{{Alert Subject}}</h3>
4
5
<div class="inside">
6
+ <p>{{Format of the subject for the email alerts, by default the plugin will use the website name and the event identifier that is being reported, you can use this panel to include the IP address of the user that triggered the event and some additional data. You can create filters in your email client creating a custom email subject using the pseudo-tags shown below.}}</p>
7
8
<form action="%%SUCURI.URL.Settings%%#alerts" method="post">
9
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
14
<li>
15
<label>
16
<input type="radio" name="sucuriscan_email_subject" value="custom" %%SUCURI.Alerts.CustomChecked%% />
17
+ <span>{{Custom Format}}</span>
18
<input type="text" name="sucuriscan_custom_email_subject" value="%%SUCURI.Alerts.CustomValue%%" />
19
</label>
20
</li>
21
</ul>
22
23
<div class="sucuriscan-recipient-form">
24
+ <button type="submit" class="button button-primary">{{Submit}}</button>
25
</div>
26
</form>
27
</div>
inc/tpl/settings-alerts-trustedips.html.tpl CHANGED
@@ -1,17 +1,17 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Trusted IP Addresses</h3>
4
5
<div class="inside">
6
- <p>If you are working in a LAN <em>(Local Area Network)</em> you may want to include the IP addresses of all the nodes in the subnet, this will force the plugin to stop sending email alerts about actions executed from trusted IP addresses. Use the CIDR <em>(Classless Inter Domain Routing)</em> format to specify ranges of IP addresses <em>(only 8, 16, and 24)</em>.</p>
7
8
<form action="%%SUCURI.URL.Settings%%#alerts" method="POST">
9
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
10
11
<fieldset class="sucuriscan-clearfix">
12
- <label>IP Address:</label>
13
- <input type="text" name="sucuriscan_trust_ip" placeholder="e.g. 182.120.56.0/24" />
14
- <input type="submit" value="Submit" class="button button-primary" />
15
</fieldset>
16
</form>
17
@@ -24,12 +24,12 @@
24
<thead>
25
<tr>
26
<td id="cb" class="manage-column column-cb check-column">
27
- <label class="screen-reader-text" for="cb-select-all-1">Select All</label>
28
<input id="cb-select-all-1" type="checkbox">
29
</td>
30
- <th class="manage-column">IP Address</th>
31
- <th class="manage-column">CIDR Format</th>
32
- <th class="manage-column">IP Added At</th>
33
</tr>
34
</thead>
35
@@ -38,13 +38,13 @@
38
39
<tr class="sucuriscan-%%SUCURI.TrustedIPs.NoItems.Visibility%%">
40
<td colspan="4">
41
- <em>no data available</em>
42
</td>
43
</tr>
44
</tbody>
45
</table>
46
47
- <button type="submit" class="button button-primary">Delete</button>
48
</form>
49
</div>
50
</div>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">{{Trusted IP Addresses}}</h3>
4
5
<div class="inside">
6
+ <p>{{If you are working in a LAN <em>(Local Area Network)</em> you may want to include the IP addresses of all the nodes in the subnet, this will force the plugin to stop sending email alerts about actions executed from trusted IP addresses. Use the CIDR <em>(Classless Inter Domain Routing)</em> format to specify ranges of IP addresses <em>(only 8, 16, and 24)</em>.}}</p>
7
8
<form action="%%SUCURI.URL.Settings%%#alerts" method="POST">
9
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
10
11
<fieldset class="sucuriscan-clearfix">
12
+ <label>{{IP Address:}}</label>
13
+ <input type="text" name="sucuriscan_trust_ip" placeholder="{{e.g. 182.120.56.0/24}}" />
14
+ <input type="submit" value="{{Submit}}" class="button button-primary" />
15
</fieldset>
16
</form>
17
24
<thead>
25
<tr>
26
<td id="cb" class="manage-column column-cb check-column">
27
+ <label class="screen-reader-text" for="cb-select-all-1">{{Select All}}</label>
28
<input id="cb-select-all-1" type="checkbox">
29
</td>
30
+ <th class="manage-column">{{IP Address}}</th>
31
+ <th class="manage-column">{{CIDR Format}}</th>
32
+ <th class="manage-column">{{IP Added At}}</th>
33
</tr>
34
</thead>
35
38
39
<tr class="sucuriscan-%%SUCURI.TrustedIPs.NoItems.Visibility%%">
40
<td colspan="4">
41
+ <em>{{no data available}}</em>
42
</td>
43
</tr>
44
</tbody>
45
</table>
46
47
+ <button type="submit" class="button button-primary">{{Delete}}</button>
48
</form>
49
</div>
50
</div>
inc/tpl/settings-apirecovery.html.tpl CHANGED
@@ -1,15 +1,15 @@
1
2
<div class="sucuriscan-clearfix">
3
- <p>If this operation was successful you will receive a message in the email used during the registration of the API key <em>(usually the email of the main admin user)</em>. This message contains the key in plain text, copy and paste the key in the form field below. The plugin will verify the authenticity of the key sending an initial HTTP request to the API service, if this fails the key will be removed automatically and you will have to start the process all over again.</p>
4
5
- <p>There are cases where this operation may fail, an example would be when the email address is not associated with the domain anymore, this happens when the base URL changes <em>(from www to none or viceversa)</em>. If you are having issues recovering the key please send an email explaining the situation to <a href="mailto:info@sucuri.net">info@sucuri.net</a></p>
6
7
<form action="%%SUCURI.URL.Settings%%" method="post">
8
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
9
<fieldset class="sucuriscan-clearfix">
10
- <label>API Key:</label>
11
<input type="text" name="sucuriscan_manual_api_key" />
12
- <button type="submit" class="button button-primary">Submit</button>
13
</fieldset>
14
</form>
15
</div>
1
2
<div class="sucuriscan-clearfix">
3
+ <p>{{If this operation was successful you will receive a message in the email used during the registration of the API key <em>(usually the email of the main admin user)</em>. This message contains the key in plain text, copy and paste the key in the form field below. The plugin will verify the authenticity of the key sending an initial HTTP request to the API service, if this fails the key will be removed automatically and you will have to start the process all over again.}}</p>
4
5
+ <p>{{There are cases where this operation may fail, an example would be when the email address is not associated with the domain anymore, this happens when the base URL changes <em>(from www to none or viceversa)</em>. If you are having issues recovering the key please send an email explaining the situation to <a href="mailto:info@sucuri.net">info@sucuri.net</a>}}</p>
6
7
<form action="%%SUCURI.URL.Settings%%" method="post">
8
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
9
<fieldset class="sucuriscan-clearfix">
10
+ <label>{{API Key:}}</label>
11
<input type="text" name="sucuriscan_manual_api_key" />
12
+ <button type="submit" class="button button-primary">{{Submit}}</button>
13
</fieldset>
14
</form>
15
</div>
inc/tpl/settings-apiregistered.html.tpl CHANGED
@@ -3,13 +3,13 @@
3
<div class="sucuriscan-pull-left sucuriscan-sitelogo">&nbsp;</div>
4
5
<div class="sucuriscan-pull-right">
6
- <p>Congratulations! The rest of the features available in the plugin have been enabled. This product is designed to supplement existing security products. It's not a silver bullet for your security needs, but it'll give you greater security awareness and better posture, all with the intent of reducing risk.</p>
7
8
<div class="sucuriscan-inline-alert-success">
9
- <p>Your website has been granted a new API key and it was associated to the email address that you chose during the registration process. You can use the same email to recover the key if you happen to lose it sometime. We encourage you to check the rest of the settings page and configure the plugin to your own needs.</p>
10
</div>
11
12
- <a href="%%SUCURI.URL.Dashboard%%" class="button button-primary">Dashboard</a>
13
- <a href="%%SUCURI.URL.Settings%%" class="button button-primary">Settings</a>
14
</div>
15
</div>
3
<div class="sucuriscan-pull-left sucuriscan-sitelogo">&nbsp;</div>
4
5
<div class="sucuriscan-pull-right">
6
+ <p>{{Congratulations! The rest of the features available in the plugin have been enabled. This product is designed to supplement existing security products. Its not a silver bullet for your security needs, but itll give you greater security awareness and better posture, all with the intent of reducing risk.}}</p>
7
8
<div class="sucuriscan-inline-alert-success">
9
+ <p>{{Your website has been granted a new API key and it was associated to the email address that you chose during the registration process. You can use the same email to recover the key if you happen to lose it sometime. We encourage you to check the rest of the settings page and configure the plugin to your own needs.}}</p>
10
</div>
11
12
+ <a href="%%SUCURI.URL.Dashboard%%" class="button button-primary">{{Dashboard}}</a>
13
+ <a href="%%SUCURI.URL.Settings%%" class="button button-primary">{{Settings}}</a>
14
</div>
15
</div>
inc/tpl/settings-apiservice-checksums.html.tpl CHANGED
@@ -1,12 +1,12 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">WordPress Checksums API</h3>
4
5
<div class="inside">
6
- <p>The WordPress integrity tool uses a remote API service maintained by the WordPress organization to determine which files in the installation were added, removed or modified. The API returns a list of files with their respective checksums, this information guarantees that the installation is not corrupt. You can, however, point the integrity tool to a GitHub repository in case that you are using a custom version of WordPress like the <a href="https://github.com/WordPress/WordPress" target="_blank" rel="noopener">development version of the code</a>.</p>
7
8
<div class="sucuriscan-hstatus sucuriscan-hstatus-2">
9
- <span>WordPress Checksums API &mdash; <a target="_blank"
10
href="%%SUCURI.ChecksumsAPI%%">%%SUCURI.ChecksumsAPI%%</a>
11
</span>
12
</div>
@@ -14,9 +14,9 @@
14
<form action="%%SUCURI.URL.Settings%%#apiservice" method="post">
15
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
16
<fieldset class="sucuriscan-clearfix">
17
- <label>WordPress Checksums API:</label>
18
- <input type="text" name="sucuriscan_checksum_api" placeholder="e.g. URL — or — user/repo" size="30" />
19
- <button type="submit" class="button button-primary">Submit</button>
20
</fieldset>
21
</form>
22
</div>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">{{WordPress Checksums API}}</h3>
4
5
<div class="inside">
6
+ <p>{{The WordPress integrity tool uses a remote API service maintained by the WordPress organization to determine which files in the installation were added, removed or modified. The API returns a list of files with their respective checksums, this information guarantees that the installation is not corrupt. You can, however, point the integrity tool to a GitHub repository in case that you are using a custom version of WordPress like the <a href="https://github.com/WordPress/WordPress" target="_blank" rel="noopener">development version of the code</a>.}}</p>
7
8
<div class="sucuriscan-hstatus sucuriscan-hstatus-2">
9
+ <span>{{WordPress Checksums API}} &mdash; <a target="_blank"
10
href="%%SUCURI.ChecksumsAPI%%">%%SUCURI.ChecksumsAPI%%</a>
11
</span>
12
</div>
14
<form action="%%SUCURI.URL.Settings%%#apiservice" method="post">
15
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
16
<fieldset class="sucuriscan-clearfix">
17
+ <label>{{WordPress Checksums API}}:</label>
18
+ <input type="text" name="sucuriscan_checksum_api" placeholder="{{e.g. URL — or — user/repo}}" size="30" />
19
+ <button type="submit" class="button button-primary">{{Submit}}</button>
20
</fieldset>
21
</form>
22
</div>
inc/tpl/settings-apiservice-proxy.html.tpl CHANGED
@@ -1,15 +1,15 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">API Communication via Proxy</h3>
4
5
<div class="inside">
6
- <p>All the HTTP requests used to communicate with the API service are being sent using the WordPress built-in functions, so (almost) all its official features are inherited, this is useful if you need to pass these HTTP requests through a proxy. According to the <a href="https://developer.wordpress.org/reference/classes/wp_http_proxy/" target="_blank" rel="noopener">official documentation</a> you have to add some constants to the main configuration file: <em>WP_PROXY_HOST, WP_PROXY_PORT, WP_PROXY_USERNAME, WP_PROXY_PASSWORD</em>.</p>
7
8
<div class="sucuriscan-hstatus sucuriscan-hstatus-2 sucuriscan-monospace">
9
- <div>HTTP Proxy Hostname: %%SUCURI.APIProxy.Host%%</div>
10
- <div>HTTP Proxy Port num: %%SUCURI.APIProxy.Port%%</div>
11
- <div>HTTP Proxy Username: %%SUCURI.APIProxy.Username%%</div>
12
- <div>HTTP Proxy Password: <span class="sucuriscan-label-%%SUCURI.APIProxy.PasswordType%%">%%SUCURI.APIProxy.PasswordText%%</span></div>
13
</div>
14
</div>
15
</div>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">{{API Communication via Proxy}}</h3>
4
5
<div class="inside">
6
+ <p>{{All the HTTP requests used to communicate with the API service are being sent using the WordPress built-in functions, so (almost) all its official features are inherited, this is useful if you need to pass these HTTP requests through a proxy. According to the <a href="https://developer.wordpress.org/reference/classes/wp_http_proxy/" target="_blank" rel="noopener">official documentation</a> you have to add some constants to the main configuration file: <em>WP_PROXY_HOST, WP_PROXY_PORT, WP_PROXY_USERNAME, WP_PROXY_PASSWORD</em>.}}</p>
7
8
<div class="sucuriscan-hstatus sucuriscan-hstatus-2 sucuriscan-monospace">
9
+ <div>{{HTTP Proxy Hostname}}: %%SUCURI.APIProxy.Host%%</div>
10
+ <div>{{HTTP Proxy Port num}}: %%SUCURI.APIProxy.Port%%</div>
11
+ <div>{{HTTP Proxy Username}}: %%SUCURI.APIProxy.Username%%</div>
12
+ <div>{{HTTP Proxy Password}}: <span class="sucuriscan-label-%%SUCURI.APIProxy.PasswordType%%">%%SUCURI.APIProxy.PasswordText%%</span></div>
13
</div>
14
</div>
15
</div>
inc/tpl/settings-apiservice-status.html.tpl CHANGED
@@ -1,16 +1,16 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">API Service Communication</h3>
4
5
<div class="inside">
6
- <p>Once the API key is generate the plugin will communicate with a remote API service that will act as a safe data storage for the audit logs generated when the website triggers certain events that the plugin monitors. If the website is hacked the attacker will not have access to these logs and that way you can investigate what was modified <em>(for malware infaction)</em> and/or how the malicious person was able to gain access to the website.</p>
7
8
<div class="sucuriscan-inline-alert-error sucuriscan-%%SUCURI.ApiStatus.ErrorVisibility%%">
9
- <p>Disabling the API service communication will stop the event monitoring, consider to enable the <a href="%%SUCURI.URL.Settings%%#general">Log Exporter</a> to keep the monitoring working while the HTTP requests are ignored, otherwise an attacker may execute an action that will not be registered in the security logs and you will not have a way to investigate the attack in the future.</p>
10
</div>
11
12
<div class="sucuriscan-hstatus sucuriscan-hstatus-%%SUCURI.ApiStatus.StatusNum%%">
13
- <span>API Service Communication &mdash; %%SUCURI.ApiStatus.Status%% &mdash;</span>
14
<span class="sucuriscan-monospace">%%SUCURI.ApiStatus.ServiceURL%%</span>
15
<form action="%%SUCURI.URL.Settings%%#apiservice" method="post">
16
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
@@ -20,7 +20,7 @@
20
</div>
21
22
<p>
23
- <strong>Are you a developer?</strong> You may be interested in our API. Feel free to use the URL shown below to access the latest 50 entries in your security log, change the value for the parameter <code>l=N</code> if you need more. Be aware that the API doesn't provides an offset parameter, so if you have the intension to query specific sections of the log you will need to wrap the HTTP request around your own cache mechanism. We <strong>DO NOT</strong> take feature requests for the API, this is a semi-private service tailored for the specific needs of the plugin and not intended to be used by 3rd-party apps, we may change the behavior of each API endpoint without previous notice, use it at your own risk.
24
</p>
25
26
<div class="sucuriscan-hstatus sucuriscan-hstatus-2 sucuriscan-monospace">
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">{{API Service Communication}}</h3>
4
5
<div class="inside">
6
+ <p>{{Once the API key is generate the plugin will communicate with a remote API service that will act as a safe data storage for the audit logs generated when the website triggers certain events that the plugin monitors. If the website is hacked the attacker will not have access to these logs and that way you can investigate what was modified <em>(for malware infaction)</em> and/or how the malicious person was able to gain access to the website.}}</p>
7
8
<div class="sucuriscan-inline-alert-error sucuriscan-%%SUCURI.ApiStatus.ErrorVisibility%%">
9
+ <p>{{Disabling the API service communication will stop the event monitoring, consider to enable the <a href="%%SUCURI.URL.Settings%%#general">Log Exporter</a> to keep the monitoring working while the HTTP requests are ignored, otherwise an attacker may execute an action that will not be registered in the security logs and you will not have a way to investigate the attack in the future.}}</p>
10
</div>
11
12
<div class="sucuriscan-hstatus sucuriscan-hstatus-%%SUCURI.ApiStatus.StatusNum%%">
13
+ <span>{{API Service Communication}} &mdash; %%SUCURI.ApiStatus.Status%% &mdash;</span>
14
<span class="sucuriscan-monospace">%%SUCURI.ApiStatus.ServiceURL%%</span>
15
<form action="%%SUCURI.URL.Settings%%#apiservice" method="post">
16
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
20
</div>
21
22
<p>
23
+ {{<strong>Are you a developer?</strong> You may be interested in our API. Feel free to use the URL shown below to access the latest 50 entries in your security log, change the value for the parameter <code>l=N</code> if you need more. Be aware that the API doesn't provides an offset parameter, so if you have the intension to query specific sections of the log you will need to wrap the HTTP request around your own cache mechanism. We <strong>DO NOT</strong> take feature requests for the API, this is a semi-private service tailored for the specific needs of the plugin and not intended to be used by 3rd-party apps, we may change the behavior of each API endpoint without previous notice, use it at your own risk.}}
24
</p>
25
26
<div class="sucuriscan-hstatus sucuriscan-hstatus-2 sucuriscan-monospace">
inc/tpl/settings-general-apikey.html.tpl CHANGED
@@ -4,13 +4,13 @@
4
%%%SUCURI.ModalForApiKeyRecovery%%%
5
6
<div class="sucuriscan-panel">
7
- <h3 class="sucuriscan-title">API Key</h3>
8
9
<div class="inside">
10
- <p>An API key is required to prevent attackers from deleting audit logs that can help you investigate and recover after a hack, and allows the plugin to display statistics. By generating an API key, you agree that Sucuri will collect and store anonymous data about your website. We take your privacy seriously.</p>
11
12
<div class="sucuriscan-inline-alert-error sucuriscan-%%SUCURI.InvalidDomainVisibility%%">
13
- <p>Your domain <code>%%SUCURI.CleanDomain%%</code> does not seems to have a DNS <code>A</code> record so it will be considered as <em>invalid</em> by the API interface when you request the generation of a new key. Adding <code>www</code> at the beginning of the domain name may fix this issue. If you do not understand what is this then send an email to our support team requesting the key.</p>
14
</div>
15
16
<div class="sucuriscan-%%SUCURI.APIKey.RecoverVisibility%%">
@@ -18,19 +18,19 @@
18
<div class="sucuriscan-monospace">API Key: %%SUCURI.APIKey%%</div>
19
<form action="%%SUCURI.URL.Settings%%#general" method="post">
20
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
21
- <button type="submit" name="sucuriscan_recover_key" class="button button-primary">Recover Via E-mail</button>
22
- <a href="%%SUCURI.URL.Settings%%&recover#general" class="button button-primary">Manual Activation</a>
23
</form>
24
</div>
25
26
- <p>If you do not have access to the administrator email, you can reinstall the plugin. The API key is generated using an administrator email and the domain of the website. Click the "Manual Activation" button if you already have a valid API key to authenticate this website with the remote API web service.</p>
27
</div>
28
29
<div class="sucuriscan-hstatus sucuriscan-hstatus-1 sucuriscan-%%SUCURI.APIKey.RemoveVisibility%%">
30
- <div class="sucuriscan-monospace">API Key: %%SUCURI.APIKey%%</div>
31
<form action="%%SUCURI.URL.Settings%%#general" method="post">
32
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
33
- <button type="submit" name="sucuriscan_remove_api_key" class="button button-primary">Delete</button>
34
</form>
35
</div>
36
</div>
4
%%%SUCURI.ModalForApiKeyRecovery%%%
5
6
<div class="sucuriscan-panel">
7
+ <h3 class="sucuriscan-title">{{API Key}}</h3>
8
9
<div class="inside">
10
+ <p>{{An API key is required to prevent attackers from deleting audit logs that can help you investigate and recover after a hack, and allows the plugin to display statistics. By generating an API key, you agree that Sucuri will collect and store anonymous data about your website. We take your privacy seriously.}}</p>
11
12
<div class="sucuriscan-inline-alert-error sucuriscan-%%SUCURI.InvalidDomainVisibility%%">
13
+ <p>{{Your domain <code>%%SUCURI.CleanDomain%%</code> does not seems to have a DNS <code>A</code> record so it will be considered as <em>invalid</em> by the API interface when you request the generation of a new key. Adding <code>www</code> at the beginning of the domain name may fix this issue. If you do not understand what is this then send an email to our support team requesting the key.}}</p>
14
</div>
15
16
<div class="sucuriscan-%%SUCURI.APIKey.RecoverVisibility%%">
18
<div class="sucuriscan-monospace">API Key: %%SUCURI.APIKey%%</div>
19
<form action="%%SUCURI.URL.Settings%%#general" method="post">
20
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
21
+ <button type="submit" name="sucuriscan_recover_key" class="button button-primary">{{Recover Via E-mail}}</button>
22
+ <a href="%%SUCURI.URL.Settings%%&recover#general" class="button button-primary">{{Manual Activation}}</a>
23
</form>
24
</div>
25
26
+ <p>{{If you do not have access to the administrator email, you can reinstall the plugin. The API key is generated using an administrator email and the domain of the website. Click the "Manual Activation" button if you already have a valid API key to authenticate this website with the remote API web service.}}</p>
27
</div>
28
29
<div class="sucuriscan-hstatus sucuriscan-hstatus-1 sucuriscan-%%SUCURI.APIKey.RemoveVisibility%%">
30
+ <div class="sucuriscan-monospace">{{API Key:}} %%SUCURI.APIKey%%</div>
31
<form action="%%SUCURI.URL.Settings%%#general" method="post">
32
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
33
+ <button type="submit" name="sucuriscan_remove_api_key" class="button button-primary">{{Delete}}</button>
34
</form>
35
</div>
36
</div>
inc/tpl/settings-general-datastorage.html.tpl CHANGED
@@ -1,9 +1,9 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Data Storage</h3>
4
5
<div class="inside">
6
- <p>This is the directory where the plugin will store the security logs, the list of files marked as fixed in the core integrity tool, the cache for the malware scanner and 3rd-party plugin metadata. The plugin requires write permissions in this directory as well as the files contained in it. If you prefer to keep these files in a non-public directory <em>(one level up the document root)</em> please define a constant in the <em>"wp-config.php"</em> file named <em>"SUCURI_DATA_STORAGE"</em> with the absolute path to the new directory.</p>
7
</div>
8
9
<div class="sucuriscan-hstatus sucuriscan-hstatus-2">
@@ -18,13 +18,13 @@
18
<thead>
19
<tr>
20
<td id="cb" class="manage-column column-cb check-column">
21
- <label class="screen-reader-text" for="cb-select-all-1">Select All</label>
22
<input id="cb-select-all-1" type="checkbox">
23
</td>
24
- <th class="manage-column">File Path</th>
25
- <th class="manage-column">File Size</th>
26
- <th class="manage-column">Status</th>
27
- <th class="manage-column">Writable</th>
28
</tr>
29
</thead>
30
@@ -34,7 +34,7 @@
34
</table>
35
36
<p>
37
- <button type="submit" class="button button-primary">Delete</button>
38
</p>
39
</form>
40
</div>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">{{Data Storage}}</h3>
4
5
<div class="inside">
6
+ <p>{{This is the directory where the plugin will store the security logs, the list of files marked as fixed in the core integrity tool, the cache for the malware scanner and 3rd-party plugin metadata. The plugin requires write permissions in this directory as well as the files contained in it. If you prefer to keep these files in a non-public directory <em>(one level up the document root)</em> please define a constant in the <em>"wp-config.php"</em> file named <em>"SUCURI_DATA_STORAGE"</em> with the absolute path to the new directory.}}</p>
7
</div>
8
9
<div class="sucuriscan-hstatus sucuriscan-hstatus-2">
18
<thead>
19
<tr>
20
<td id="cb" class="manage-column column-cb check-column">
21
+ <label class="screen-reader-text" for="cb-select-all-1">{{Select All}}</label>
22
<input id="cb-select-all-1" type="checkbox">
23
</td>
24
+ <th class="manage-column">{{File Path}}</th>
25
+ <th class="manage-column">{{File Size}}</th>
26
+ <th class="manage-column">{{Status}}</th>
27
+ <th class="manage-column">{{Writable}}</th>
28
</tr>
29
</thead>
30
34
</table>
35
36
<p>
37
+ <button type="submit" class="button button-primary">{{Delete}}</button>
38
</p>
39
</form>
40
</div>
inc/tpl/settings-general-importexport.html.tpl CHANGED
@@ -1,12 +1,12 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Import &amp; Export Settings</h3>
4
5
<div class="inside">
6
<form action="%%SUCURI.URL.Settings%%" method="post">
7
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
8
9
- <p>Copy the JSON-encoded data from the box below, go to your other websites and click the <em>"Import"</em> button in the settings page. The plugin will start using the same settings from this website. Notice that some options are omitted as they contain values specific to this website. To import the settings from another website into this one, replace the JSON-encoded data in the box below with the JSON-encoded data exported from the other website, then click the button <em>"Import"</em>. Notice that some options will not be imported to reduce the security risk of writing arbitrary data into the disk.</p>
10
11
<textarea name="sucuriscan_settings" class="sucuriscan-full-textarea sucuriscan-monospace">%%SUCURI.Export%%</textarea>
12
@@ -14,11 +14,11 @@
14
<label>
15
<input type="hidden" name="sucuriscan_process_form" value="0" />
16
<input type="checkbox" name="sucuriscan_process_form" value="1" />
17
- <span>I understand that this operation can not be reverted.</span>
18
</label>
19
</p>
20
21
- <button type="submit" name="sucuriscan_import" class="button button-primary">Submit</button>
22
</form>
23
</div>
24
</div>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">{{Import &amp; Export Settings}}</h3>
4
5
<div class="inside">
6
<form action="%%SUCURI.URL.Settings%%" method="post">
7
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
8
9
+ <p>{{Copy the JSON-encoded data from the box below, go to your other websites and click the <em>"Import"</em> button in the settings page. The plugin will start using the same settings from this website. Notice that some options are omitted as they contain values specific to this website. To import the settings from another website into this one, replace the JSON-encoded data in the box below with the JSON-encoded data exported from the other website, then click the button <em>"Import"</em>. Notice that some options will not be imported to reduce the security risk of writing arbitrary data into the disk.}}</p>
10
11
<textarea name="sucuriscan_settings" class="sucuriscan-full-textarea sucuriscan-monospace">%%SUCURI.Export%%</textarea>
12
14
<label>
15
<input type="hidden" name="sucuriscan_process_form" value="0" />
16
<input type="checkbox" name="sucuriscan_process_form" value="1" />
17
+ <span>{{I understand that this operation cannot be reverted.}}</span>
18
</label>
19
</p>
20
21
+ <button type="submit" name="sucuriscan_import" class="button button-primary">{{Submit}}</button>
22
</form>
23
</div>
24
</div>
inc/tpl/settings-general-ipdiscoverer.html.tpl CHANGED
@@ -1,12 +1,12 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">IP Address Discoverer</h3>
4
5
<div class="inside">
6
- <p>IP address discoverer will use DNS lookups to automatically detect if the website is behind the <a href="https://sucuri.net/website-firewall/" target="_blank" rel="noopener">Sucuri Firewall</a> in which case will modify the global server variable <em>Remote-Addr</em> to set the real IP of the website's visitors. This check runs on every WordPress init action and that is why it may slow down your website as some hosting providers rely on slow DNS servers which makes the operation take more time than it should.</p>
7
8
<div class="sucuriscan-hstatus sucuriscan-hstatus-2">
9
- <span>IP Address Discoverer &mdash; %%SUCURI.DnsLookupsStatus%%</span>
10
11
<form action="%%SUCURI.URL.Settings%%" method="post">
12
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
@@ -19,20 +19,20 @@
19
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
20
21
<fieldset class="sucuriscan-clearfix">
22
- <label>HTTP Header:</label>
23
<select name="sucuriscan_addr_header">
24
%%%SUCURI.AddrHeaderOptions%%%
25
</select>
26
- <button type="submit" class="button button-primary">Proceed</button>
27
</fieldset>
28
29
<div class="sucuriscan-hstatus sucuriscan-hstatus-2 sucuriscan-monospace">
30
- <div>Sucuri Firewall &mdash; %%SUCURI.IsUsingFirewall%%</div>
31
- <div>Website: %%SUCURI.WebsiteURL%%</div>
32
- <div>Top Level Domain: %%SUCURI.TopLevelDomain%%</div>
33
- <div>Hostname: %%SUCURI.WebsiteHostName%%</div>
34
- <div>IP Address (Hostname): %%SUCURI.WebsiteHostAddress%%</div>
35
- <div>IP Address (Username): %%SUCURI.RemoteAddress%% (%%SUCURI.RemoteAddressHeader%%)</div>
36
</div>
37
</form>
38
</div>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">{{IP Address Discoverer}}</h3>
4
5
<div class="inside">
6
+ <p>{{IP address discoverer will use DNS lookups to automatically detect if the website is behind the <a href="https://sucuri.net/website-firewall/" target="_blank" rel="noopener">Sucuri Firewall</a>, in which case it will modify the global server variable <em>Remote-Addr</em> to set the real IP of the websites visitors. This check runs on every WordPress init action and that is why it may slow down your website as some hosting providers rely on slow DNS servers which makes the operation take more time than it should.}}</p>
7
8
<div class="sucuriscan-hstatus sucuriscan-hstatus-2">
9
+ <span>{{IP Address Discoverer}} &mdash; %%SUCURI.DnsLookupsStatus%%</span>
10
11
<form action="%%SUCURI.URL.Settings%%" method="post">
12
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
19
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
20
21
<fieldset class="sucuriscan-clearfix">
22
+ <label>{{HTTP Header:}}</label>
23
<select name="sucuriscan_addr_header">
24
%%%SUCURI.AddrHeaderOptions%%%
25
</select>
26
+ <button type="submit" class="button button-primary">{{Proceed}}</button>
27
</fieldset>
28
29
<div class="sucuriscan-hstatus sucuriscan-hstatus-2 sucuriscan-monospace">
30
+ <div>{{Sucuri Firewall}} &mdash; %%SUCURI.IsUsingFirewall%%</div>
31
+ <div>{{Website:}} %%SUCURI.WebsiteURL%%</div>
32
+ <div>{{Top Level Domain:}} %%SUCURI.TopLevelDomain%%</div>
33
+ <div>{{Hostname:}} %%SUCURI.WebsiteHostName%%</div>
34
+ <div>{{IP Address (Hostname):}} %%SUCURI.WebsiteHostAddress%%</div>
35
+ <div>{{IP Address (Username):}} %%SUCURI.RemoteAddress%% (%%SUCURI.RemoteAddressHeader%%)</div>
36
</div>
37
</form>
38
</div>
inc/tpl/settings-general-resetoptions.html.tpl CHANGED
@@ -1,9 +1,9 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Reset Security Logs, Hardening and Settings</h3>
4
5
<div class="inside">
6
- <p>This action will trigger the deactivation / uninstallation process of the plugin. All local security logs, hardening and settings will be deleted. Notice that the security logs stored in the API service will not be deleted, this is to prevent tampering from a malicious user. You can request a new API key if you want to start from scratch.</p>
7
8
<form action="%%SUCURI.URL.Settings%%" method="post">
9
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
@@ -11,10 +11,10 @@
11
<label>
12
<input type="hidden" name="sucuriscan_process_form" value="0" />
13
<input type="checkbox" name="sucuriscan_process_form" value="1" />
14
- <span>I understand that this operation can not be reverted.</span>
15
</label>
16
</p>
17
- <button type="submit" name="sucuriscan_reset_options" class="button button-primary">Submit</button>
18
</form>
19
</div>
20
</div>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">{{Reset Security Logs, Hardening and Settings}}</h3>
4
5
<div class="inside">
6
+ <p>{{This action will trigger the deactivation / uninstallation process of the plugin. All local security logs, hardening and settings will be deleted. Notice that the security logs stored in the API service will not be deleted, this is to prevent tampering from a malicious user. You can request a new API key if you want to start from scratch.}}</p>
7
8
<form action="%%SUCURI.URL.Settings%%" method="post">
9
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
11
<label>
12
<input type="hidden" name="sucuriscan_process_form" value="0" />
13
<input type="checkbox" name="sucuriscan_process_form" value="1" />
14
+ <span>{{I understand that this operation cannot be reverted.}}</span>
15
</label>
16
</p>
17
+ <button type="submit" name="sucuriscan_reset_options" class="button button-primary">{{Submit}}</button>
18
</form>
19
</div>
20
</div>
inc/tpl/settings-general-reverseproxy.html.tpl CHANGED
@@ -1,12 +1,12 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Reverse Proxy</h3>
4
5
<div class="inside">
6
- <p>The event monitor uses the API address of the origin of the request to track the actions, the plugin uses two methods to retrieve this: the main method uses the global server variable <em>Remote-Addr</em> available in most modern web servers, an alternative method uses custom HTTP headers <em>(which are unsafe by default)</em>. You should not worry about this option unless you know what a reverse proxy is. Services like the <a href="https://sucuri.net/website-firewall/" target="_blank" rel="noopener">Sucuri Firewall</a> &mdash; once active &mdash; forces the network traffic to pass through them to filter any security threat that may affect the original server. A side effect of this is that the real IP address is no longer available in the global server variable <em>REMOTE-ADDR</em> but in a custom HTTP header with a name provided by the service.</p>
7
8
<div class="sucuriscan-hstatus sucuriscan-hstatus-2">
9
- <span>Reverse Proxy &mdash; %%SUCURI.ReverseProxyStatus%%</span>
10
11
<form action="%%SUCURI.URL.Settings%%" method="post">
12
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">{{Reverse Proxy}}</h3>
4
5
<div class="inside">
6
+ <p>{{The event monitor uses the API address of the origin of the request to track the actions. The plugin uses two methods to retrieve this: the main method uses the global server variable <em>Remote-Addr</em> available in most modern web servers, and an alternative method uses custom HTTP headers <em>(which are unsafe by default)</em>. You should not worry about this option unless you know what a reverse proxy is. Services like the <a href="https://sucuri.net/website-firewall/" target="_blank" rel="noopener">Sucuri Firewall</a> &mdash; once active &mdash; force the network traffic to pass through them to filter any security threat that may affect the original server. A side effect of this is that the real IP address is no longer available in the global server variable <em>Remote-Addr</em> but in a custom HTTP header with a name provided by the service.}}</p>
7
8
<div class="sucuriscan-hstatus sucuriscan-hstatus-2">
9
+ <span>{{Reverse Proxy}} &mdash; %%SUCURI.ReverseProxyStatus%%</span>
10
11
<form action="%%SUCURI.URL.Settings%%" method="post">
12
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
inc/tpl/settings-general-selfhosting.html.tpl CHANGED
@@ -1,12 +1,12 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Log Exporter</h3>
4
5
<div class="inside">
6
- <p>This option allows you to export the WordPress audit logs to a local log file that can be read by a SIEM or any log analysis software <em>(we recommend OSSEC)</em>. That will give visibility from within WordPress to complement your log monitoring infrastructure. <b>NOTE:</b> Do not use a publicly accessible file, you must use a file at least one level up the document root to prevent leaks of information.</p>
7
8
<div class="sucuriscan-hstatus sucuriscan-hstatus-2 sucuriscan-%%SUCURI.SelfHosting.DisabledVisibility%%">
9
- <span>Log Exporter &mdash; %%SUCURI.SelfHosting.Status%%</span>
10
</div>
11
12
<div class="sucuriscan-hstatus sucuriscan-hstatus-2 sucuriscan-monitor-fpath sucuriscan-%%SUCURI.SelfHosting.FpathVisibility%%">
@@ -21,9 +21,9 @@
21
<form action="%%SUCURI.URL.Settings%%#general" method="post">
22
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
23
<fieldset class="sucuriscan-clearfix">
24
- <label>File Path:</label>
25
<input type="text" name="sucuriscan_selfhosting_fpath" />
26
- <button type="submit" class="button button-primary">Submit</button>
27
</fieldset>
28
</form>
29
</div>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">{{Log Exporter}}</h3>
4
5
<div class="inside">
6
+ <p>{{This option allows you to export the WordPress audit logs to a local log file that can be read by a SIEM or any log analysis software <em>(we recommend OSSEC)</em>. That will give visibility from within WordPress to complement your log monitoring infrastructure. <b>NOTE:</b> Do not use a publicly accessible file, you must use a file at least one level up the document root to prevent leaks of information.}}</p>
7
8
<div class="sucuriscan-hstatus sucuriscan-hstatus-2 sucuriscan-%%SUCURI.SelfHosting.DisabledVisibility%%">
9
+ <span>{{Log Exporter}} &mdash; %%SUCURI.SelfHosting.Status%%</span>
10
</div>
11
12
<div class="sucuriscan-hstatus sucuriscan-hstatus-2 sucuriscan-monitor-fpath sucuriscan-%%SUCURI.SelfHosting.FpathVisibility%%">
21
<form action="%%SUCURI.URL.Settings%%#general" method="post">
22
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
23
<fieldset class="sucuriscan-clearfix">
24
+ <label>{{File Path:}}</label>
25
<input type="text" name="sucuriscan_selfhosting_fpath" />
26
+ <button type="submit" class="button button-primary">{{Submit}}</button>
27
</fieldset>
28
</form>
29
</div>
inc/tpl/settings-general-timezone.html.tpl CHANGED
@@ -1,18 +1,18 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Timezone</h3>
4
5
<div class="inside">
6
- <p>This option defines the timezone that will be used through out the entire plugin to print the dates and times whenever is necessary. This option also affects the date and time of the logs visible in the audit logs panel which is data that comes from a remote server configured to use Eastern Daylight Time (EDT). WordPress offers an option in the general settings page to allow you to configure the timezone for the entire website, however, if you are experiencing problems with the time in the audit logs, this option will help you fix them.</p>
7
8
<form action="%%SUCURI.URL.Settings%%" method="post">
9
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
10
<fieldset class="sucuriscan-clearfix">
11
- <label>Timezone:</label>
12
<select name="sucuriscan_timezone">
13
%%%SUCURI.Timezone.Dropdown%%%
14
</select>
15
- <button type="submit" class="button button-primary">Submit</button>
16
<span><em>(%%SUCURI.Timezone.Example%%)</em></span>
17
</fieldset>
18
</form>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">{{Timezone}}</h3>
4
5
<div class="inside">
6
+ <p>{{This option defines the timezone that will be used through out the entire plugin to print the dates and times whenever is necessary. This option also affects the date and time of the logs visible in the audit logs panel which is data that comes from a remote server configured to use Eastern Daylight Time (EDT). WordPress offers an option in the general settings page to allow you to configure the timezone for the entire website, however, if you are experiencing problems with the time in the audit logs, this option will help you fix them.}}</p>
7
8
<form action="%%SUCURI.URL.Settings%%" method="post">
9
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
10
<fieldset class="sucuriscan-clearfix">
11
+ <label>{{Timezone:}}</label>
12
<select name="sucuriscan_timezone">
13
%%%SUCURI.Timezone.Dropdown%%%
14
</select>
15
+ <button type="submit" class="button button-primary">{{Submit}}</button>
16
<span><em>(%%SUCURI.Timezone.Example%%)</em></span>
17
</fieldset>
18
</form>
inc/tpl/settings-hardening-whitelist-phpfiles.html.tpl CHANGED
@@ -1,21 +1,19 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Whitelist Blocked PHP Files</h3>
4
5
<div class="inside">
6
- <p>After you apply the hardening in either the includes, content, and/or upload directories the plugin will add a rule in the access control file to deny access to any PHP file located in these folders, this is a good precaution in case that an attacker is able to upload a shell script; with a few exceptions the <em>"index.php"</em> is the only one that should be publicly accessible, however many theme/plugin developers decide to use these folders to process some operations, in this case applying the hardening <strong>may break</strong> their functionality.</p>
7
8
<form action="%%SUCURI.URL.Settings%%#hardening" method="post">
9
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
10
<fieldset class="sucuriscan-clearfix">
11
- <label>File Path:</label>
12
<input type="text" name="sucuriscan_hardening_whitelist" placeholder="e.g. wp-tinymce.php" />
13
<select name="sucuriscan_hardening_folder">
14
- <option value="wp-includes">wp-includes</option>
15
- <option value="wp-content">wp-content</option>
16
- <option value="wp-content/uploads">wp-content/uploads</option>
17
</select>
18
- <button type="submit" class="button button-primary">Submit</button>
19
</fieldset>
20
</form>
21
@@ -27,12 +25,12 @@
27
<table class="wp-list-table widefat sucuriscan-table sucuriscan-hardening-whitelist-table">
28
<thead>
29
<td id="cb" class="manage-column column-cb check-column">
30
- <label class="screen-reader-text" for="cb-select-all-1">Select All</label>
31
<input id="cb-select-all-1" type="checkbox">
32
</td>
33
- <th class="manage-column">File Path</th>
34
- <th class="manage-column">Directory</th>
35
- <th class="manage-column">Pattern</th>
36
</thead>
37
38
<tbody>
@@ -40,13 +38,13 @@
40
41
<tr class="sucuriscan-%%SUCURI.HardeningWhitelist.NoItemsVisibility%%">
42
<td colspan="4">
43
- <em>no data available</em>
44
</td>
45
</tr>
46
</tbody>
47
</table>
48
49
- <button type="submit" class="button button-primary">Delete</button>
50
</form>
51
</div>
52
</div>
1
2
<div class="sucuriscan-panel">
3
+ <h3 class="sucuriscan-title">{{Whitelist Blocked PHP Files}}</h3>
4
5
<div class="inside">
6
+ <p>{{After you apply the hardening in either the includes, content, and/or uploads directories, the plugin will add a rule in the access control file to deny access to any PHP file located in these folders. This is a good precaution in case an attacker is able to upload a shell script. With a few exceptions the <em>"index.php"</em> file is the only one that should be publicly accessible, however many theme/plugin developers decide to use these folders to process some operations. In this case applying the hardening <strong>may break</strong> their functionality.}}</p>
7
8
<form action="%%SUCURI.URL.Settings%%#hardening" method="post">
9
<input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
10
<fieldset class="sucuriscan-clearfix">
11
+ <label>{{File Path:}}</label>
12
<input type="text" name="sucuriscan_hardening_whitelist" placeholder="e.g. wp-tinymce.php" />
13
<select name="sucuriscan_hardening_folder">
14
+ %%%SUCURI.HardeningWhitelist.AllowedFolders%%%
15
</select>
16
+ <button type="submit" class="button button-primary">{{Submit}}</button>
17
</fieldset>
18
</form>
19
25
<table class="wp-list-table widefat sucuriscan-table sucuriscan-hardening-whitelist-table">
26
<thead>
27
<td id="cb" class="manage-column column-cb check-column">
28
+ <label class="screen-reader-text" for="cb-select-all-1">{{Select All}}</label>
29
<input id="cb-select-all-1" type="checkbox">
30
</td>
31
+ <th class="manage-column">{{File Path}}</th>
32
+ <th class="manage-column">{{Directory}}</th>
33
+ <th class="manage-column">{{Pattern}}</th>
34
</thead>
35
36
<tbody>
38
39
<tr class="sucuriscan-%%SUCURI.HardeningWhitelist.NoItemsVisibility%%">
40
<td colspan="4">
41
+ <em>{{no data available}}</em>
42
</td>
43
</tr>
44
</tbody>
45
</table>
46
47
+ <button type="submit" class="button button-primary">{{Delete}}</button>
48
</form>
49
</div>
50
</div>
inc/tpl/settings-posthack-available-updates-alert.html.tpl CHANGED
@@ -1,13 +1,13 @@
1
2
- <p>WordPress has a big user base in the public Internet, this brings interest to malicious people to find vulnerabilities in the code, 3rd-party extensions, and themes that other companies develop. You should keep every piece of code installed in your website update to prevent attacks as soon as disclosed vulnerabilities are patched.</p>
3
4
<table border="1" cellspacing="1" cellpadding="5">
5
<thead>
6
<tr>
7
- <th>Name</th>
8
- <th>Version</th>
9
- <th>Update</th>
10
- <th>Tested With</th>
11
<th>&nbsp;</th>
12
</tr>
13
</thead>
1
2
+ <p>{{WordPress has a big user base in the public Internet, which brings interest to attackers to find vulnerabilities in the code, 3rd-party extensions, and themes that other companies develop. You should keep every piece of code installed in your website updated to prevent attacks as soon as disclosed vulnerabilities are patched.}}</p>
3
4
<table border="1" cellspacing="1" cellpadding="5">
5
<thead>
6
<tr>
7
+ <th>{{Name}}</th>
8
+ <th>{{Version}}</th>
9
+ <th>{{Update}}</th>
10
+ <th>{{Tested With}}</th>
11
<th>&nbsp;</th>
12
</tr>
13
</thead>
inc/tpl/settings-posthack-available-updates.html.tpl CHANGED
@@ -1,6 +1,6 @@
1
2
<div class="sucuriscan-panel">
3
- <h3 class="sucuriscan-title">Available Plugin and Theme Updates</h3>
4
5
<script type="text/javascript">
6
/* global jQuery */
@@ -17,15 +17,15 @@
17
</script>
18
19
<div class="inside">
20
- <p>WordPress has a big user base in the public Internet, this brings interest to malicious people to find vulnerabilities in the code, 3rd-party extensions, and themes that other companies develop. You should keep every piece of code installed in your website update to prevent attacks as soon as disclosed vulnerabilities are patched.</p>
21
22
<table class="wp-list-table widefat sucuriscan-table sucuriscan-available-updates-table">
23
<thead>
24
<tr>
25
- <th class="manage-column">Name</th>
26
- <th class="manage-column">Version</th>
27
- <th class="manage-column">Update</th>
28
- <th class="manage-column">Tested With</th>
29
<th class="manage-column">&nbsp;</th>
30
</tr>
31
</thead>
@@ -33,7 +33,7 @@
33
<tbody>
34
<tr>
35
<td colspan="5">
36
-