Sucuri Security – Auditing, Malware Scanner and Security Hardening - Version 1.8.22

Version Description

  • Add "SSL existence check" to WordPress Security Recommendations
  • Add "Salt & Security Keys existence check" to WordPress Security Recommendations
  • Add "Salt & Security Keys age check" to WordPress Security Recommendations
  • Add "Admin account check" to WordPress Security Recommendations
  • Add "Single super-admin check" to WordPress Security Recommendations
  • Add "Too many plugins check" to WordPress Security Recommendations
  • Add "File editing check" to WordPress Security Recommendations
  • Add "WordPress debug check" to WordPress Security Recommendations
  • Add "Basic hardening check" to WordPress Security Recommendations
  • Add a delete button on Last Logins sections
  • Add register of logs removal on Audit Logs
  • Fix display of Access File Integrity on NGINX/IIS servers
  • Remove PHP version check from hardening page
Download this release

Release Info

Developer imgersonr
Plugin Icon 128x128 Sucuri Security – Auditing, Malware Scanner and Security Hardening
Version 1.8.22
Comparing to
See all releases

Code changes from version 1.8.21 to 1.8.22

Files changed (19) hide show
  1. inc/css/styles.css +4 -1
  2. inc/tpl/lastlogins-all.html.tpl +5 -0
  3. inc/tpl/lastlogins-failedlogins.html.tpl +5 -0
  4. inc/tpl/lastlogins.html.tpl +1 -1
  5. inc/tpl/settings-webinfo-htaccess.html.tpl +4 -0
  6. inc/tpl/settings.html.tpl +0 -2
  7. lang/sucuri-scanner.pot +787 -923
  8. readme.txt +17 -2
  9. src/event.lib.php +45 -0
  10. src/lastlogins-failed.php +5 -0
  11. src/lastlogins.php +5 -0
  12. src/pagehandler.php +1 -2
  13. src/settings-general.php +9 -1
  14. src/settings-hardening.php +0 -43
  15. src/settings-webinfo.php +6 -1
  16. src/sitecheck.lib.php +18 -40
  17. src/strings.php +4 -1
  18. src/wordpress-recommendations.lib.php +187 -37
  19. sucuri.php +2 -2
inc/css/styles.css CHANGED
@@ -576,7 +576,10 @@ body.sucuri-security_page_sucuriscan_hardening {
576
  .sucuriscan-auditlog-critical path {
577
  fill: #000;
578
  }
579
- .sucuriscan-container .sucuriscan-table {
 
 
 
580
  margin-bottom: 20px;
581
  }
582
  .sucuriscan-container .sucuriscan-table:last-child {
576
  .sucuriscan-auditlog-critical path {
577
  fill: #000;
578
  }
579
+ .sucuriscan-container .sucuriscan-table,
580
+ .sucuriscan-container .sucuriscan-panel table.sucuriscan-last-logins,
581
+ .sucuriscan-container .sucuriscan-panel table.sucuriscan-lastlogins-failed
582
+ {
583
  margin-bottom: 20px;
584
  }
585
  .sucuriscan-container .sucuriscan-table:last-child {
inc/tpl/lastlogins-all.html.tpl CHANGED
@@ -39,4 +39,9 @@
39
  </tbody>
40
  </table>
41
  </div>
 
 
 
 
 
42
  </div>
39
  </tbody>
40
  </table>
41
  </div>
42
+ <form action="%%SUCURI.URL.Lastlogins%%#allusers" method="post">
43
+ <input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
44
+ <input type="hidden" name="sucuriscan_delete_lastlogins" value="1" />
45
+ <input type="submit" value="{{Delete}}" class="button button-primary" />
46
+ </form>
47
  </div>
inc/tpl/lastlogins-failedlogins.html.tpl CHANGED
@@ -38,5 +38,10 @@
38
  </table>
39
 
40
  </form>
 
 
 
 
 
41
  </div>
42
  </div>
38
  </table>
39
 
40
  </form>
41
+ <form action="%%SUCURI.URL.Lastlogins%%#failed" method="post">
42
+ <input type="hidden" name="sucuriscan_page_nonce" value="%%SUCURI.PageNonce%%" />
43
+ <input type="hidden" name="sucuriscan_delete_failedlogins" value="1" />
44
+ <input type="submit" value="{{Delete}}" class="button button-primary" />
45
+ </form>
46
  </div>
47
  </div>
inc/tpl/lastlogins.html.tpl CHANGED
@@ -4,7 +4,7 @@
4
  <li><a href="%%SUCURI.URL.Lastlogins%%#allusers">{{All Users}}</a></li>
5
  <li><a href="%%SUCURI.URL.Lastlogins%%#admins">{{Admins}}</a></li>
6
  <li><a href="%%SUCURI.URL.Lastlogins%%#loggedin">{{Logged-in Users}}</a></li>
7
- <li><a href="%%SUCURI.URL.Lastlogins%%#failed">{{Failed logins}}</a></li>
8
  </ul>
9
 
10
  <div class="sucuriscan-tabs-containers">
4
  <li><a href="%%SUCURI.URL.Lastlogins%%#allusers">{{All Users}}</a></li>
5
  <li><a href="%%SUCURI.URL.Lastlogins%%#admins">{{Admins}}</a></li>
6
  <li><a href="%%SUCURI.URL.Lastlogins%%#loggedin">{{Logged-in Users}}</a></li>
7
+ <li><a href="%%SUCURI.URL.Lastlogins%%#failed">{{Failed Logins}}</a></li>
8
  </ul>
9
 
10
  <div class="sucuriscan-tabs-containers">
inc/tpl/settings-webinfo-htaccess.html.tpl CHANGED
@@ -13,6 +13,10 @@
13
  <p>{{Your website has no <code>.htaccess</code> file or it was not found in the default location.}}</p>
14
  </div>
15
 
 
 
 
 
16
  <div class="sucuriscan-inline-alert-info sucuriscan-%%SUCURI.HTAccess.StandardVisible%%">
17
  <p>{{The main <code>.htaccess</code> file in your site has the standard rules for a WordPress installation. You can customize it to improve the performance and change the behaviour of the redirections for pages and posts in your site. To get more information visit the official documentation at <a target="_blank" rel="noopener" href="https://codex.wordpress.org/Using_Permalinks#Creating_and_editing_.28.htaccess.29"> Codex WordPress - Creating and editing (.htaccess)</a>}}</p>
18
  </div>
13
  <p>{{Your website has no <code>.htaccess</code> file or it was not found in the default location.}}</p>
14
  </div>
15
 
16
+ <div class="sucuriscan-inline-alert-info sucuriscan-%%SUCURI.HTAccess.NotApache%%">
17
+ <p>{{Your web server does not support .htaccess files.}}</p>
18
+ </div>
19
+
20
  <div class="sucuriscan-inline-alert-info sucuriscan-%%SUCURI.HTAccess.StandardVisible%%">
21
  <p>{{The main <code>.htaccess</code> file in your site has the standard rules for a WordPress installation. You can customize it to improve the performance and change the behaviour of the redirections for pages and posts in your site. To get more information visit the official documentation at <a target="_blank" rel="noopener" href="https://codex.wordpress.org/Using_Permalinks#Creating_and_editing_.28.htaccess.29"> Codex WordPress - Creating and editing (.htaccess)</a>}}</p>
22
  </div>
inc/tpl/settings.html.tpl CHANGED
@@ -48,8 +48,6 @@
48
 
49
  %%%SUCURI.Settings.Hardening.WPVersion%%%
50
 
51
- %%%SUCURI.Settings.Hardening.PHPVersion%%%
52
-
53
  %%%SUCURI.Settings.Hardening.RemoveGenerator%%%
54
 
55
  %%%SUCURI.Settings.Hardening.NginxPHPFPM%%%
48
 
49
  %%%SUCURI.Settings.Hardening.WPVersion%%%
50
 
 
 
51
  %%%SUCURI.Settings.Hardening.RemoveGenerator%%%
52
 
53
  %%%SUCURI.Settings.Hardening.NginxPHPFPM%%%
lang/sucuri-scanner.pot CHANGED
@@ -2,9 +2,8 @@
2
  msgid ""
3
  msgstr ""
4
  "Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n"
5
- "Project-Id-Version: Sucuri Security - Auditing, Malware Scanner and "
6
- "Hardening\n"
7
- "POT-Creation-Date: 2019-02-18 18:58-0700\n"
8
  "PO-Revision-Date: 2019-02-07 02:39-0600\n"
9
  "Last-Translator: \n"
10
  "Language-Team: \n"
@@ -15,9 +14,8 @@ msgstr ""
15
  "X-Poedit-Basepath: ..\n"
16
  "X-Poedit-WPHeader: sucuri.php\n"
17
  "X-Poedit-SourceCharset: UTF-8\n"
18
- "X-Poedit-KeywordsList: __;_e;_n:1,2;_x:1,2c;_ex:1,2c;_nx:4c,1,2;esc_attr__;"
19
- "esc_attr_e;esc_attr_x:1,2c;esc_html__;esc_html_e;esc_html_x:1,2c;_n_noop:1,2;"
20
- "_nx_noop:3c,1,2;__ngettext_noop:1,2\n"
21
  "X-Poedit-SearchPath-0: .\n"
22
  "X-Poedit-SearchPathExcluded-0: *.js\n"
23
 
@@ -64,7 +62,7 @@ msgstr ""
64
  msgid "WP Engine PHP Compatibility Checker: %s (created post #%d as cache)"
65
  msgstr ""
66
 
67
- #: src/api.lib.php:991 src/api.lib.php:994
68
  msgid "WordPress version is not supported anymore"
69
  msgstr ""
70
 
@@ -101,8 +99,7 @@ msgstr ""
101
  msgid "Info:"
102
  msgstr ""
103
 
104
- #: src/cache.lib.php:392 src/cache.lib.php:412 src/cache.lib.php:453
105
- #: src/cache.lib.php:470
106
  msgid "Invalid cache key name"
107
  msgstr ""
108
 
@@ -165,25 +162,36 @@ msgstr ""
165
  msgid ""
166
  "<br><br>\n"
167
  "\n"
168
- "<em>Explanation: Someone failed to login to your site. If you are getting "
169
- "too many of these messages, it is likely your site is under a password "
170
- "guessing brute-force attack [1]. You can disable the failed login alerts "
171
- "from here [2]. Alternatively, you can consider to install a firewall between "
172
- "your website and your visitors to filter out these and other attacks, take a "
173
- "look at Sucuri Firewall [3].</em><br><br>\n"
174
  "\n"
175
- "[1] <a href='https://kb.sucuri.net/definitions/attacks/brute-force/password-"
176
- "guessing'>https://kb.sucuri.net/definitions/attacks/brute-force/password-"
177
- "guessing</a><br>\n"
178
  "[2] <a href='%s'>%s</a> <br>\n"
179
- "[3] <a href='https://sucuri.net/website-firewall/?wpalert'>https://sucuri."
180
- "net/website-firewall/</a><br>\n"
181
  msgstr ""
182
 
183
  #: src/event.lib.php:642
184
  msgid "Password Change"
185
  msgstr ""
186
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
187
  #: src/fileinfo.lib.php:291
188
  msgid "No files were found"
189
  msgstr ""
@@ -224,8 +232,8 @@ msgstr ""
224
  msgid "caching disabled (use with caution)"
225
  msgstr ""
226
 
227
- #: src/firewall.lib.php:253 src/firewall.lib.php:349 src/firewall.lib.php:567
228
- #: src/firewall.lib.php:602 src/firewall.lib.php:643 src/firewall.lib.php:735
229
  msgid "Firewall API key was not found."
230
  msgstr ""
231
 
@@ -299,7 +307,7 @@ msgstr ""
299
  msgid "IP has been unblacklisted: %s"
300
  msgstr ""
301
 
302
- #: src/globals.php:80 src/strings.php:39 src/strings.php:287
303
  msgid "Dashboard"
304
  msgstr ""
305
 
@@ -311,7 +319,7 @@ msgstr ""
311
  msgid "Last Logins"
312
  msgstr ""
313
 
314
- #: src/globals.php:83 src/strings.php:41 src/strings.php:95 src/strings.php:288
315
  msgid "Settings"
316
  msgstr ""
317
 
@@ -344,36 +352,28 @@ msgstr ""
344
  msgid "Media file added; ID: %s; name: %s; type: %s"
345
  msgstr ""
346
 
347
- #: src/hook.lib.php:82 src/hook.lib.php:108 src/hook.lib.php:197
348
- #: src/hook.lib.php:1001 src/hook.lib.php:1012 src/hook.lib.php:1042
349
- #: src/settings-general.php:408 src/settings-general.php:409
350
- #: src/settings-general.php:410 src/settings-general.php:411
351
- #: src/settings-general.php:412 src/settings-webinfo.php:40
352
  msgid "unknown"
353
  msgstr ""
354
 
355
- #: src/hook.lib.php:83 src/hook.lib.php:109 src/hook.lib.php:1002
356
- #: src/hook.lib.php:1013 src/hook.lib.php:1043
357
  msgid "user@domain.com"
358
  msgstr ""
359
 
360
  #: src/hook.lib.php:91
361
  #, php-format
362
- msgid ""
363
- "User added to website; user_id: %s; role: %s; blog_id: %s; name: %s; email: "
364
- "%s"
365
  msgstr ""
366
 
367
  #: src/hook.lib.php:117
368
  #, php-format
369
- msgid ""
370
- "User removed from website; user_id: %s; blog_id: %s; name: %s; email: %s"
371
  msgstr ""
372
 
373
- #: src/hook.lib.php:134 src/hook.lib.php:229 src/hook.lib.php:296
374
- #: src/hook.lib.php:408 src/hook.lib.php:533 src/hook.lib.php:744
375
- #: src/hook.lib.php:770 src/hook.lib.php:870 src/hook.lib.php:912
376
- #: src/lastlogins-failed.php:246
377
  msgid "Unknown"
378
  msgstr ""
379
 
@@ -413,9 +413,7 @@ msgstr ""
413
 
414
  #: src/hook.lib.php:326
415
  #, php-format
416
- msgid ""
417
- "The value of the option <b>%s</b> was changed from <b>'%s'</b> to <b>'%s'</"
418
- "b>.<br>\n"
419
  msgstr ""
420
 
421
  #: src/hook.lib.php:332
@@ -576,9 +574,7 @@ msgstr ""
576
 
577
  #: src/hook.lib.php:1022
578
  #, php-format
579
- msgid ""
580
- "User account edited; ID: %s; name: %s; old_name: %s; email: %s; old_email: "
581
- "%s; roles: %s; old_roles: %s"
582
  msgstr ""
583
 
584
  #: src/hook.lib.php:1054
@@ -591,8 +587,7 @@ msgstr ""
591
  msgid "Widget %s (%s) %s %s (#%d; size %dx%d)"
592
  msgstr ""
593
 
594
- #: src/integrity.lib.php:113 src/settings-general.php:46
595
- #: src/settings-general.php:594 src/settings-posthack.php:58
596
  msgid "You need to confirm that you understand the risk of this operation."
597
  msgstr ""
598
 
@@ -617,9 +612,7 @@ msgid "Nothing was selected from the list."
617
  msgstr ""
618
 
619
  #: src/integrity.lib.php:228
620
- msgid ""
621
- "Server is not fast enough to process this action; maximum execution time "
622
- "reached"
623
  msgstr ""
624
 
625
  #: src/integrity.lib.php:234
@@ -634,26 +627,23 @@ msgstr ""
634
 
635
  #: src/integrity.lib.php:321
636
  msgid ""
637
- "The plugin has no permission to delete this file because it was created by a "
638
- "different system user who has more privileges than your account. Please use "
639
- "FTP to delete it."
640
  msgstr ""
641
 
642
  #: src/integrity.lib.php:323
643
  msgid ""
644
- "The plugin has no permission to restore this file because it was modified by "
645
- "a different system user who has more privileges than your account. Please "
646
- "use FTP to restore it."
647
  msgstr ""
648
 
649
  #: src/integrity.lib.php:325
650
  msgid ""
651
- "The plugin has no permission to restore this file because its directory is "
652
- "owned by a different system user who has more privileges than your account. "
653
- "Please use FTP to restore it."
654
  msgstr ""
655
 
656
- #: src/integrity.lib.php:405 src/strings.php:475 src/strings.php:477
657
  msgid "WordPress Integrity Diff Utility"
658
  msgstr ""
659
 
@@ -668,17 +658,14 @@ msgstr ""
668
 
669
  #: src/interface.lib.php:240
670
  msgid ""
671
- "API service communication is disabled, if you just updated the plugin this "
672
- "might be a good opportunity to test this feature once again with the new "
673
- "code. Enable it again from the \"API Service\" panel located in the settings "
674
- "page."
675
  msgstr ""
676
 
677
  #: src/interface.lib.php:253
678
  msgid ""
679
- "Do you want to get vulnerability disclosures? Subscribe to our newsletter <a "
680
- "href=\"http://sucuri.hs-sites.com/subscribe-to-security\" target=\"_blank\" "
681
- "rel=\"noopener\">here</a>"
682
  msgstr ""
683
 
684
  #: src/interface.lib.php:266
@@ -696,57 +683,51 @@ msgstr ""
696
 
697
  #: src/interface.lib.php:288
698
  msgid ""
699
- "WordPress CSRF verification failed. The submitted form is missing an "
700
- "important unique code that prevents the execution of automated malicious "
701
- "scanners. Go back and try again. If you did not submit a form, this error "
702
- "message could be an indication of an incompatibility between this plugin and "
703
- "another add-on; one of them is inserting data into the global POST variable "
704
- "when the HTTP request is coming via GET. Disable them one by one (while "
705
- "reloading this page) to find the culprit."
706
  msgstr ""
707
 
708
- #: src/lastlogins-failed.php:344 src/lastlogins-failed.php:368
709
- #: src/strings.php:154 src/strings.php:167 src/strings.php:179
710
- #: src/strings.php:190 src/strings.php:410
711
  msgid "Username"
712
  msgstr ""
713
 
714
- #: src/lastlogins-failed.php:345 src/lastlogins-failed.php:369
715
  msgid "Password"
716
  msgstr ""
717
 
718
- #: src/lastlogins-failed.php:346 src/lastlogins-failed.php:370
719
- #: src/strings.php:81 src/strings.php:160 src/strings.php:168
720
- #: src/strings.php:180 src/strings.php:193 src/strings.php:272
721
  msgid "IP Address"
722
  msgstr ""
723
 
724
- #: src/lastlogins-failed.php:347 src/lastlogins-failed.php:371
725
  msgid "Attempt Timestamp"
726
  msgstr ""
727
 
728
- #: src/lastlogins-failed.php:348 src/lastlogins-failed.php:372
729
  msgid "Attempt Date/Time"
730
  msgstr ""
731
 
732
- #: src/lastlogins.php:124
733
  #, php-format
734
  msgid "Last-logins data file is not writable: <code>%s</code>"
735
  msgstr ""
736
 
737
- #: src/lastlogins.php:300
738
  msgid "Invalid last-logins storage file"
739
  msgstr ""
740
 
741
- #: src/lastlogins.php:307
742
  msgid "No last-logins data is available"
743
  msgstr ""
744
 
745
- #: src/lastlogins.php:451
746
  #, php-format
747
- msgid ""
748
- "Last login was at <b>%s</b> from <b>%s</b> <em>(%s)</em> <a href=\"%s\" "
749
- "target=\"_self\">view all logs</a>"
750
  msgstr ""
751
 
752
  #: src/mail.lib.php:80
@@ -762,8 +743,7 @@ msgstr ""
762
  msgid "Sucuri Alert"
763
  msgstr ""
764
 
765
- #: src/option.lib.php:148 src/settings-alerts.php:209
766
- #: src/settings-alerts.php:210 src/settings-alerts.php:211
767
  #, php-format
768
  msgid "Sucuri Alert, %s, %s, %s"
769
  msgstr ""
@@ -780,18 +760,17 @@ msgstr ""
780
  msgid "Scripts"
781
  msgstr ""
782
 
783
- #: src/pagehandler.php:47 src/pagehandler.php:48 src/pagehandler.php:49
784
- #: src/strings.php:26 src/strings.php:53 src/strings.php:65 src/strings.php:76
785
- #: src/strings.php:108 src/strings.php:143 src/strings.php:397
786
- #: src/strings.php:407 src/strings.php:418 src/strings.php:449
787
  msgid "Loading..."
788
  msgstr ""
789
 
790
- #: src/pagehandler.php:97
791
  msgid "Last-Logins logs were successfully reset."
792
  msgstr ""
793
 
794
- #: src/pagehandler.php:99
795
  msgid "Could not reset the last-logins data file."
796
  msgstr ""
797
 
@@ -858,8 +837,7 @@ msgstr ""
858
  msgid "n/a"
859
  msgstr ""
860
 
861
- #: src/settings-alerts.php:208 src/settings-alerts.php:212
862
- #: src/settings-alerts.php:213
863
  #, php-format
864
  msgid "Sucuri Alert, %s, %s"
865
  msgstr ""
@@ -945,15 +923,14 @@ msgstr ""
945
 
946
  #: src/settings-alerts.php:364
947
  #, php-format
948
- msgid ""
949
- "Consider brute-force attack after <code>%s</code> failed logins per hour"
950
  msgstr ""
951
 
952
  #: src/settings-alerts.php:369
953
  #, php-format
954
  msgid ""
955
- "The plugin will assume that your website is under a brute-force attack after "
956
- "%s failed logins are detected during the same hour"
957
  msgstr ""
958
 
959
  #: src/settings-alerts.php:371
@@ -965,15 +942,11 @@ msgid "Receive email alerts for changes in the settings of the plugin"
965
  msgstr ""
966
 
967
  #: src/settings-alerts.php:397
968
- msgid ""
969
- "Receive email alerts in HTML <em>(there may be issues with some mail "
970
- "services)</em>"
971
  msgstr ""
972
 
973
  #: src/settings-alerts.php:398
974
- msgid ""
975
- "Use WordPress functions to send mails <em>(uncheck to use native PHP "
976
- "functions)</em>"
977
  msgstr ""
978
 
979
  #: src/settings-alerts.php:399
@@ -997,21 +970,15 @@ msgid "Receive email alerts for successful login attempts"
997
  msgstr ""
998
 
999
  #: src/settings-alerts.php:404
1000
- msgid ""
1001
- "Receive email alerts for failed login attempts <em>(you may receive tons of "
1002
- "emails)</em>"
1003
  msgstr ""
1004
 
1005
  #: src/settings-alerts.php:405
1006
- msgid ""
1007
- "Receive email alerts for password guessing attacks <em>(summary of failed "
1008
- "logins per hour)</em>"
1009
  msgstr ""
1010
 
1011
  #: src/settings-alerts.php:406
1012
- msgid ""
1013
- "Receive email alerts for changes in the post status <em>(configure from "
1014
- "Ignore Posts Changes)</em>"
1015
  msgstr ""
1016
 
1017
  #: src/settings-alerts.php:407
@@ -1104,21 +1071,17 @@ msgstr ""
1104
  msgid "List of monitored post-types has been updated"
1105
  msgstr ""
1106
 
1107
- #: src/settings-alerts.php:574 src/settings-scanner.php:179
1108
- #: src/settings-scanner.php:239 src/strings.php:46 src/strings.php:159
1109
- #: src/strings.php:171 src/strings.php:183 src/strings.php:275
1110
- #: src/strings.php:380 src/strings.php:471
1111
  msgid "no data available"
1112
  msgstr ""
1113
 
1114
- #: src/settings-apiservice.php:36 src/settings-general.php:304
1115
- #: src/settings-general.php:370 src/settings-general.php:417
1116
  #: src/settings-integrity.php:80
1117
  msgid "Enabled"
1118
  msgstr ""
1119
 
1120
- #: src/settings-apiservice.php:37 src/settings-general.php:305
1121
- #: src/settings-general.php:371 src/settings-general.php:418
1122
  #: src/settings-integrity.php:81
1123
  msgid "Disable"
1124
  msgstr ""
@@ -1132,13 +1095,11 @@ msgstr ""
1132
  msgid "The status of the API service has been changed"
1133
  msgstr ""
1134
 
1135
- #: src/settings-apiservice.php:63 src/settings-general.php:347
1136
- #: src/settings-general.php:391 src/settings-general.php:452
1137
  msgid "Disabled"
1138
  msgstr ""
1139
 
1140
- #: src/settings-apiservice.php:64 src/settings-general.php:348
1141
- #: src/settings-general.php:392 src/settings-general.php:453
1142
  msgid "Enable"
1143
  msgstr ""
1144
 
@@ -1177,9 +1138,7 @@ msgid "Sucuri API key was added manually."
1177
  msgstr ""
1178
 
1179
  #: src/settings-general.php:100
1180
- msgid ""
1181
- "You must accept the Terms of Service and Privacy Policy in order to request "
1182
- "an API key."
1183
  msgstr ""
1184
 
1185
  #: src/settings-general.php:107
@@ -1208,403 +1167,353 @@ msgstr ""
1208
 
1209
  #: src/settings-general.php:165
1210
  #, php-format
1211
- msgid ""
1212
- "Cache to store the system logs obtained from the API service; expires after "
1213
- "%s seconds."
1214
  msgstr ""
1215
 
1216
  #: src/settings-general.php:166
1217
- msgid ""
1218
- "Local queue to store the most recent logs before they are sent to the remote "
1219
- "API service."
1220
  msgstr ""
1221
 
1222
  #: src/settings-general.php:167
1223
- msgid ""
1224
- "Deprecated on 1.8.12; it was used to store a list of blocked user names."
1225
  msgstr ""
1226
 
1227
  #: src/settings-general.php:168
1228
  msgid ""
1229
- "Stores the data for every failed login attempt. The data is moved to "
1230
- "\"oldfailedlogins\" every hour during a brute force password attack."
1231
  msgstr ""
1232
 
1233
  #: src/settings-general.php:169
1234
  msgid ""
1235
- "Temporarily stores data to complement the logs during destructive operations "
1236
- "like deleting a post, page, comment, etc."
1237
  msgstr ""
1238
 
1239
  #: src/settings-general.php:170
1240
- msgid ""
1241
- "Stores a list of files and folders chosen by the user to be ignored by the "
1242
- "file system scanner."
1243
  msgstr ""
1244
 
1245
  #: src/settings-general.php:171
1246
- msgid ""
1247
- "Stores a list of files marked as fixed by the user via the WordPress "
1248
- "Integrity tool."
1249
  msgstr ""
1250
 
1251
  #: src/settings-general.php:172
1252
  msgid ""
1253
- "Stores the data associated to every successful user login. The data never "
1254
- "expires; manually delete if the file is too large."
1255
  msgstr ""
1256
 
1257
  #: src/settings-general.php:173
1258
  msgid ""
1259
- "Stores the data for every failed login attempt after the plugin sends a "
1260
- "report about a brute force password attack via email."
1261
  msgstr ""
1262
 
1263
  #: src/settings-general.php:174
1264
  #, php-format
1265
- msgid ""
1266
- "Cache to store the data associated to the installed plugins listed in the "
1267
- "Post-Hack page. Expires after %s seconds."
1268
  msgstr ""
1269
 
1270
  #: src/settings-general.php:175
1271
- msgid ""
1272
- "Stores all the options used to configure the functionality and behavior of "
1273
- "the plugin."
1274
  msgstr ""
1275
 
1276
  #: src/settings-general.php:176
1277
  #, php-format
1278
- msgid ""
1279
- "Cache to store the result of the malware scanner. Expires after %s seconds, "
1280
- "reset at any time to force a re-scan."
1281
  msgstr ""
1282
 
1283
  #: src/settings-general.php:177
1284
  msgid ""
1285
- "Stores a list of IP addresses trusted by the plugin, events triggered by one "
1286
- "of these IPs will not be reported to the remote monitoring API service."
 
 
 
 
 
1287
  msgstr ""
1288
 
1289
- #: src/settings-general.php:211
1290
  #, php-format
1291
- msgid "%d out of %d files has been deleted"
1292
  msgstr ""
1293
 
1294
- #: src/settings-general.php:229 src/settings-posthack.php:308
1295
  msgid "Not Writable"
1296
  msgstr ""
1297
 
1298
- #: src/settings-general.php:230
1299
  msgid "Does Not Exist"
1300
  msgstr ""
1301
 
1302
- #: src/settings-general.php:236
1303
  msgid "Exists"
1304
  msgstr ""
1305
 
1306
- #: src/settings-general.php:242 src/strings.php:328
1307
  msgid "Writable"
1308
  msgstr ""
1309
 
1310
- #: src/settings-general.php:316
1311
  msgid "Log exporter was disabled"
1312
  msgstr ""
1313
 
1314
- #: src/settings-general.php:322
1315
  msgid "The log exporter feature has been disabled"
1316
  msgstr ""
1317
 
1318
- #: src/settings-general.php:324
1319
  msgid "File should not be publicly accessible."
1320
  msgstr ""
1321
 
1322
- #: src/settings-general.php:326
1323
  msgid "File already exists and will not be overwritten."
1324
  msgstr ""
1325
 
1326
- #: src/settings-general.php:328
1327
  msgid "File parent directory is not writable."
1328
  msgstr ""
1329
 
1330
- #: src/settings-general.php:332
1331
  msgid "Log exporter file path was correctly set"
1332
  msgstr ""
1333
 
1334
- #: src/settings-general.php:338
1335
- msgid ""
1336
- "The log exporter feature has been enabled and the data file was successfully "
1337
- "set."
1338
  msgstr ""
1339
 
1340
- #: src/settings-general.php:414
1341
  msgid "INVALID"
1342
  msgstr ""
1343
 
1344
- #: src/settings-general.php:432
1345
  #, php-format
1346
  msgid "DNS lookups for reverse proxy detection <code>%s</code>"
1347
  msgstr ""
1348
 
1349
- #: src/settings-general.php:437
1350
- msgid ""
1351
- "The status of the DNS lookups for the reverse proxy detection has been "
1352
- "changed"
1353
  msgstr ""
1354
 
1355
- #: src/settings-general.php:585
1356
  #, php-format
1357
  msgid "%d out of %d option have been successfully imported"
1358
  msgstr ""
1359
 
1360
- #: src/settings-general.php:591
1361
  msgid "Data is incorrectly encoded"
1362
  msgstr ""
1363
 
1364
- #: src/settings-general.php:649
1365
  #, php-format
1366
  msgid "Timezone override will use %s"
1367
  msgstr ""
1368
 
1369
- #: src/settings-general.php:654
1370
  msgid "The timezone for the date and time in the audit logs has been changed"
1371
  msgstr ""
1372
 
1373
- #: src/settings-hardening.php:102
1374
  msgid ""
1375
- "The firewall is a premium service that you need purchase at - <a href="
1376
- "\"https://sucuri.net/website-firewall/signup\" target=\"_blank\">Sucuri Firewall</a>"
1377
  msgstr ""
1378
 
1379
- #: src/settings-hardening.php:107
1380
  msgid "Website Firewall Protection"
1381
  msgstr ""
1382
 
1383
- #: src/settings-hardening.php:108
1384
  msgid ""
1385
- "A WAF is a protection layer for your web site, blocking all sort of attacks "
1386
- "(brute force attempts, DDoS, SQL injections, etc) and helping it remain "
1387
- "malware and blacklist free. This test checks if your site is using Sucuri "
1388
- "Firewall to protect your site."
1389
  msgstr ""
1390
 
1391
- #: src/settings-hardening.php:112 src/settings-hardening.php:193
1392
- #: src/settings-hardening.php:301 src/settings-hardening.php:360
1393
- #: src/settings-hardening.php:429 src/settings-hardening.php:461
1394
- #: src/settings-hardening.php:501 src/settings-hardening.php:594
1395
  msgid "Apply Hardening"
1396
  msgstr ""
1397
 
1398
- #: src/settings-hardening.php:116 src/settings-hardening.php:190
1399
- #: src/settings-hardening.php:212 src/settings-hardening.php:293
1400
- #: src/settings-hardening.php:297 src/settings-hardening.php:352
1401
- #: src/settings-hardening.php:356 src/settings-hardening.php:421
1402
- #: src/settings-hardening.php:425 src/settings-hardening.php:464
1403
- #: src/settings-hardening.php:497 src/settings-hardening.php:590
1404
  msgid "Revert Hardening"
1405
  msgstr ""
1406
 
1407
- #: src/settings-hardening.php:141
1408
  msgid "Check Updates Now"
1409
  msgstr ""
1410
 
1411
- #: src/settings-hardening.php:142
1412
  msgid "Verify WordPress Version"
1413
  msgstr ""
1414
 
1415
- #: src/settings-hardening.php:143
1416
  msgid ""
1417
- "Why keep your site updated? WordPress is an open-source project which means "
1418
- "that with every update the details of the changes made to the source code "
1419
- "are made public, if there were security fixes then someone with malicious "
1420
- "intent can use this information to attack any site that has not been "
1421
- "upgraded."
1422
  msgstr ""
1423
 
1424
- #: src/settings-hardening.php:147
1425
  msgid "WordPress Update Available"
1426
  msgstr ""
1427
 
1428
- #: src/settings-hardening.php:179
1429
- msgid ""
1430
- "Ask your hosting provider to install an updated version of PHP - <a href="
1431
- "\"http://php.net/supported-versions.php\" target=\"_blank\" rel=\"noopener"
1432
- "\">List of PHP Supported Versions</a>"
1433
- msgstr ""
1434
-
1435
- #: src/settings-hardening.php:184
1436
- msgid "Verify PHP Version"
1437
- msgstr ""
1438
-
1439
- #: src/settings-hardening.php:185
1440
- #, php-format
1441
- msgid "PHP %s is installed."
1442
- msgstr ""
1443
-
1444
- #: src/settings-hardening.php:210
1445
  msgid "Remove WordPress Version"
1446
  msgstr ""
1447
 
1448
- #: src/settings-hardening.php:214
1449
  msgid ""
1450
- "It checks if your WordPress version is being leaked to the public via a HTML "
1451
- "meta-tag. Many web vulnerability scanners use this to determine which "
1452
- "version of the code is running in your website. They use this to find "
1453
- "disclosed vulnerabilities associated to this version number. A vulnerability "
1454
- "scanner can still guess which version of WordPress is installed by comparing "
1455
- "the checksum of some static files."
1456
  msgstr ""
1457
 
1458
- #: src/settings-hardening.php:234
1459
  msgid ""
1460
- "Read the official WordPress guidelines to learn how to restrict access to "
1461
- "PHP files in sensitive directories - <a href=\"https://codex.wordpress.org/"
1462
- "Nginx#Global_restrictions_file\" target=\"_blank\" rel=\"noopener\">Nginx "
1463
- "Global Restrictions For WordPress</a>"
1464
  msgstr ""
1465
 
1466
- #: src/settings-hardening.php:238
1467
  msgid "Block of Certain PHP Files"
1468
  msgstr ""
1469
 
1470
- #: src/settings-hardening.php:241
1471
  msgid "Check Hardening"
1472
  msgstr ""
1473
 
1474
- #: src/settings-hardening.php:242 src/settings-hardening.php:288
1475
- #: src/settings-hardening.php:347 src/settings-hardening.php:416
1476
  msgid ""
1477
- "Block the execution of PHP files in sensitive directories. Be careful while "
1478
- "applying this hardening option as there are many plugins and theme which "
1479
- "rely on the ability to execute PHP files in the content directory to "
1480
- "generate images or save temporary data. Use the \"Whitelist PHP Files\" tool "
1481
- "to add exceptions to individual files."
1482
  msgstr ""
1483
 
1484
- #: src/settings-hardening.php:269 src/settings-hardening.php:270
1485
  msgid "Hardening applied to the uploads directory"
1486
  msgstr ""
1487
 
1488
- #: src/settings-hardening.php:272 src/settings-hardening.php:331
1489
- #: src/settings-hardening.php:398
1490
  msgid "Error hardening directory, check the permissions."
1491
  msgstr ""
1492
 
1493
- #: src/settings-hardening.php:280 src/settings-hardening.php:281
1494
  msgid "Hardening reverted in the uploads directory"
1495
  msgstr ""
1496
 
1497
- #: src/settings-hardening.php:283 src/settings-hardening.php:342
1498
- #: src/settings-hardening.php:411
1499
  msgid "Access file is not writable, check the permissions."
1500
  msgstr ""
1501
 
1502
- #: src/settings-hardening.php:287
1503
  msgid "Block PHP Files in Uploads Directory"
1504
  msgstr ""
1505
 
1506
- #: src/settings-hardening.php:328 src/settings-hardening.php:329
1507
  msgid "Hardening applied to the content directory"
1508
  msgstr ""
1509
 
1510
- #: src/settings-hardening.php:339 src/settings-hardening.php:340
1511
  msgid "Hardening reverted in the content directory"
1512
  msgstr ""
1513
 
1514
- #: src/settings-hardening.php:346
1515
  msgid "Block PHP Files in WP-CONTENT Directory"
1516
  msgstr ""
1517
 
1518
- #: src/settings-hardening.php:392 src/settings-hardening.php:393
1519
  msgid "Hardening applied to the library directory"
1520
  msgstr ""
1521
 
1522
- #: src/settings-hardening.php:408 src/settings-hardening.php:409
1523
  msgid "Hardening reverted in the library directory"
1524
  msgstr ""
1525
 
1526
- #: src/settings-hardening.php:415
1527
  msgid "Block PHP Files in WP-INCLUDES Directory"
1528
  msgstr ""
1529
 
1530
- #: src/settings-hardening.php:448
1531
  #, php-format
1532
  msgid "Cannot delete <code>%s/readme.html</code>"
1533
  msgstr ""
1534
 
1535
- #: src/settings-hardening.php:450 src/settings-hardening.php:451
1536
  msgid "Hardening applied to the <code>readme.html</code> file"
1537
  msgstr ""
1538
 
1539
- #: src/settings-hardening.php:455
1540
  msgid "Information Leakage"
1541
  msgstr ""
1542
 
1543
- #: src/settings-hardening.php:456
1544
  msgid ""
1545
- "Checks if the WordPress README file still exists in the website. The "
1546
- "information in this file can be used by malicious users to pin-point which "
1547
- "disclosed vulnerabilities are associated to the website. Be aware that "
1548
- "WordPress recreates this file automatically with every update."
1549
  msgstr ""
1550
 
1551
- #: src/settings-hardening.php:491
1552
  msgid "Default Admin Account"
1553
  msgstr ""
1554
 
1555
- #: src/settings-hardening.php:492
1556
  msgid ""
1557
- "Check if the primary user account still uses the name \"admin\". This allows "
1558
- "malicious users to easily identify which account has the highest privileges "
1559
- "to target an attack."
1560
  msgstr ""
1561
 
1562
- #: src/settings-hardening.php:521 src/settings-hardening.php:552
1563
- #: src/settings-posthack.php:63
1564
  msgid "WordPress configuration file was not found."
1565
  msgstr ""
1566
 
1567
- #: src/settings-hardening.php:523 src/settings-hardening.php:554
1568
- #: src/settings-posthack.php:76
1569
  msgid "WordPress configuration file is not writable."
1570
  msgstr ""
1571
 
1572
- #: src/settings-hardening.php:543 src/settings-hardening.php:544
1573
  msgid "Hardening applied to the plugin and theme editor"
1574
  msgstr ""
1575
 
1576
- #: src/settings-hardening.php:572
1577
  msgid ""
1578
- "File Editor was not disabled using this tool. You must scan your project for "
1579
- "a constant defined as DISALLOW_FILE_EDIT, then either delete it or set its "
1580
- "value to False. Any plugin/theme can disable the file editor, so it is "
1581
- "impossible to determine the origin of the constant."
1582
  msgstr ""
1583
 
1584
- #: src/settings-hardening.php:578 src/settings-hardening.php:579
1585
  msgid "Hardening reverted in the plugin and theme editor"
1586
  msgstr ""
1587
 
1588
- #: src/settings-hardening.php:584
1589
  msgid "Plugin and Theme Editor"
1590
  msgstr ""
1591
 
1592
- #: src/settings-hardening.php:585
1593
  msgid ""
1594
- "Disables the theme and plugin editors to prevent unwanted modifications to "
1595
- "the code. If you are having problems reverting this please open the wp-"
1596
- "config.php file and delete the line with the constant DISALLOW_FILE_EDIT."
1597
  msgstr ""
1598
 
1599
- #: src/settings-hardening.php:636
1600
  msgid "The file has been whitelisted from the hardening"
1601
  msgstr ""
1602
 
1603
- #: src/settings-hardening.php:641
1604
  msgid "Specified folder is not hardened by this plugin"
1605
  msgstr ""
1606
 
1607
- #: src/settings-hardening.php:655
1608
  msgid "Selected files have been removed"
1609
  msgstr ""
1610
 
@@ -1856,32 +1765,25 @@ msgstr ""
1856
 
1857
  #: src/strings.php:51
1858
  msgid ""
1859
- "The firewall logs every request involved in an attack and separates them "
1860
- "from the legitimate requests. You can analyze the data from the latest "
1861
- "entries in the logs using this tool and take action either enabling the "
1862
- "advanced features of the IDS <em>(Intrusion Detection System)</em> from the "
1863
- "<a href=\"https://waf.sucuri.net/?settings\" target=\"_blank\" rel=\"noopener"
1864
- "\">Firewall Dashboard</a> and/or blocking IP addresses and URL paths "
1865
- "directly from the <a href=\"https://waf.sucuri.net/?audit\" target=\"_blank"
1866
- "\" rel=\"noopener\">Firewall Audit Trails</a> page."
1867
  msgstr ""
1868
 
1869
  #: src/strings.php:52
1870
  msgid "Non-blocked requests are hidden from the logs, this is intentional."
1871
  msgstr ""
1872
 
1873
- #: src/strings.php:54 src/strings.php:75 src/strings.php:128
1874
- #: src/strings.php:213 src/strings.php:219 src/strings.php:226
1875
- #: src/strings.php:234 src/strings.php:246 src/strings.php:253
1876
- #: src/strings.php:263 src/strings.php:270 src/strings.php:282
1877
- #: src/strings.php:295 src/strings.php:335 src/strings.php:353
1878
- #: src/strings.php:363 src/strings.php:369 src/strings.php:375
1879
- #: src/strings.php:414 src/strings.php:427 src/strings.php:451
1880
- #: src/strings.php:458 src/strings.php:523
1881
  msgid "Submit"
1882
  msgstr ""
1883
 
1884
- #: src/strings.php:57 src/strings.php:200
1885
  msgid "Date/Time:"
1886
  msgstr ""
1887
 
@@ -1919,46 +1821,35 @@ msgstr ""
1919
 
1920
  #: src/strings.php:69
1921
  msgid ""
1922
- "The firewall offers multiple options to configure the cache level applied to "
1923
- "your website. You can either enable the full cache which is the recommended "
1924
- "setting, or you can set the cache level to minimal which will keep the pages "
1925
- "static for a couple of minutes, or force the usage of the website headers "
1926
- "<em>(only for advanced users)</em>, or in extreme cases where you do not "
1927
- "need the cache you can simply disable it. Find more information about it in "
1928
- "the <a href=\"https://kb.sucuri.net/firewall/Performance/caching-options\" "
1929
- "target=\"_blank\" rel=\"noopener\">Sucuri Knowledge Base</a> website."
1930
  msgstr ""
1931
 
1932
  #: src/strings.php:70
1933
  msgid ""
1934
- "Note that the firewall has <a href=\"https://kb.sucuri.net/firewall/"
1935
- "Performance/cache-exceptions\" target=\"_blank\" rel=\"noopener\">special "
1936
- "caching rules</a> for Images, CSS, PDF, TXT, JavaScript, media files and a "
1937
- "few more extensions that are stored on our <a href=\"https://en.wikipedia."
1938
- "org/wiki/Edge_device\" target=\"_blank\" rel=\"noopener\">edge</a>. The only "
1939
- "way to flush the cache for these files is by clearing the firewall’s cache "
1940
- "completely <em>(for the whole website)</em>. Due to our caching of "
1941
- "JavaScript and CSS files, often, as is best practice, the use of versioning "
1942
- "during development will ensure updates going live as expected. This is done "
1943
- "by adding a query string such as <code>?ver=1.2.3</code> and incrementing on "
1944
- "each update."
1945
  msgstr ""
1946
 
1947
  #: src/strings.php:71
1948
  msgid ""
1949
- "A web cache (or HTTP cache) is an information technology for the temporary "
1950
- "storage (caching) of web documents, such as HTML pages and images, to reduce "
1951
- "bandwidth usage, server load, and perceived lag. A web cache system stores "
1952
- "copies of documents passing through it; subsequent requests may be satisfied "
1953
- "from the cache if certain conditions are met. A web cache system can refer "
1954
- "either to an appliance, or to a computer program. &mdash; <a href=\"https://"
1955
- "en.wikipedia.org/wiki/Web_cache\" target=\"_blank\" rel=\"noopener"
1956
- "\">WikiPedia - Web Cache</a>"
1957
  msgstr ""
1958
 
1959
- #: src/strings.php:74 src/strings.php:88 src/strings.php:256
1960
- #: src/strings.php:276 src/strings.php:318 src/strings.php:329
1961
- #: src/strings.php:381
1962
  msgid "Delete"
1963
  msgstr ""
1964
 
@@ -1968,13 +1859,10 @@ msgstr ""
1968
 
1969
  #: src/strings.php:78
1970
  msgid ""
1971
- "This tool allows you to whitelist and blacklist one or more IP addresses "
1972
- "from accessing your website. You can also configure the plugin to "
1973
- "automatically blacklist any IP address involved in a password guessing brute-"
1974
- "force attack. If a legitimate user fails to submit the correct credentials "
1975
- "of their account they will have to log into the Firewall dashboard in order "
1976
- "to delete their IP address from the blacklist, or try to login once again "
1977
- "through a VPN."
1978
  msgstr ""
1979
 
1980
  #: src/strings.php:79
@@ -1991,20 +1879,16 @@ msgstr ""
1991
 
1992
  #: src/strings.php:85
1993
  msgid ""
1994
- "A powerful Web Application Firewall and <b>Intrusion Detection System</b> "
1995
- "for any WordPress user and many other platforms. This page will help you to "
1996
- "configure and monitor your site through the <b>Sucuri Firewall</b>. Once "
1997
- "enabled, our firewall will act as a shield, protecting your site from "
1998
- "attacks and preventing malware infections and reinfections. It will block "
1999
- "SQL injection attempts, brute force attacks, XSS, RFI, backdoors and many "
2000
- "other threats against your site."
2001
  msgstr ""
2002
 
2003
  #: src/strings.php:86
2004
  msgid ""
2005
- "Add your <a href=\"https://waf.sucuri.net/?settings&panel=api\" target="
2006
- "\"_blank\" rel=\"noopener\">Firewall API key</a> in the form below to start "
2007
- "communicating with the firewall API service."
2008
  msgstr ""
2009
 
2010
  #: src/strings.php:87
@@ -2015,24 +1899,21 @@ msgstr ""
2015
  msgid "Save"
2016
  msgstr ""
2017
 
2018
- #: src/strings.php:90 src/strings.php:385 src/strings.php:393
2019
- #: src/strings.php:423 src/strings.php:434 src/strings.php:445
2020
  msgid "Name"
2021
  msgstr ""
2022
 
2023
- #: src/strings.php:91 src/strings.php:435
2024
  msgid "Value"
2025
  msgstr ""
2026
 
2027
  #: src/strings.php:92
2028
  msgid ""
2029
- "<em>[1]</em> More information about the <a href=\"https://sucuri.net/website-"
2030
- "firewall/\" target=\"_blank\" rel=\"noopener\">Sucuri Firewall</a>, features "
2031
- "and pricing.<br><em>[2]</em> Instructions and videos in the official <a href="
2032
- "\"https://kb.sucuri.net/firewall\" target=\"_blank\" rel=\"noopener"
2033
- "\">Knowledge Base</a> site.<br><em>[3]</em> <a href=\"https://login.sucuri."
2034
- "net/signup2/create?CloudProxy\" target=\"_blank\" rel=\"noopener\">Sign up</"
2035
- "a> for a new account and start protecting your site."
2036
  msgstr ""
2037
 
2038
  #: src/strings.php:97
@@ -2046,11 +1927,9 @@ msgstr ""
2046
  #: src/strings.php:102 src/strings.php:113 src/strings.php:142
2047
  #, php-format
2048
  msgid ""
2049
- "We inspect your WordPress installation and look for modifications on the "
2050
- "core files as provided by WordPress.org. Files located in the root "
2051
- "directory, wp-admin and wp-includes will be compared against the files "
2052
- "distributed with v%%SUCURI.WordPressVersion%%; all files with "
2053
- "inconsistencies will be listed here. Any changes might indicate a hack."
2054
  msgstr ""
2055
 
2056
  #: src/strings.php:103
@@ -2059,11 +1938,9 @@ msgstr ""
2059
 
2060
  #: src/strings.php:104
2061
  msgid ""
2062
- "We have not identified additional files, deleted files, or relevant changes "
2063
- "to the core files in your WordPress installation. If you are experiencing "
2064
- "other malware issues, please use a <a href=\"https://sucuri.net/website-"
2065
- "security/malware-removal\" target=\"_blank\" rel=\"noopener\">Server Side "
2066
- "Scanner</a>."
2067
  msgstr ""
2068
 
2069
  #: src/strings.php:105 src/strings.php:116
@@ -2072,11 +1949,10 @@ msgstr ""
2072
 
2073
  #: src/strings.php:109
2074
  msgid ""
2075
- "Lines with a <b>minus</b> sign as the prefix <em>(here in red)</em> show the "
2076
- "original code. Lines with a <b>plus</b> sign as the prefix <em>(here in "
2077
- "green)</em> show the modified code. You can read more about the DIFF format "
2078
- "from the WikiPedia article about the <a target=\"_blank\" href=\"https://en."
2079
- "wikipedia.org/wiki/Diff_utility\" rel=\"noopener\">Unix Diff Utility</a>."
2080
  msgstr ""
2081
 
2082
  #: src/strings.php:114
@@ -2085,11 +1961,9 @@ msgstr ""
2085
 
2086
  #: src/strings.php:115 src/strings.php:132
2087
  msgid ""
2088
- "We identified that some of your WordPress core files were modified. That "
2089
- "might indicate a hack or a broken file on your installation. If you are "
2090
- "experiencing other malware issues, please use a <a href=\"https://sucuri.net/"
2091
- "website-security/malware-removal\" target=\"_blank\" rel=\"noopener\">Server "
2092
- "Side Scanner</a>."
2093
  msgstr ""
2094
 
2095
  #: src/strings.php:117 src/strings.php:133
@@ -2099,20 +1973,17 @@ msgstr ""
2099
 
2100
  #: src/strings.php:118
2101
  msgid ""
2102
- "The Unix Diff Utility is enabled. You can click the files in the table to "
2103
- "see the differences detected by the scanner. If you consider the differences "
2104
- "to be harmless you can mark the file as fixed, otherwise it is advised to "
2105
- "restore the original content immediately."
2106
  msgstr ""
2107
 
2108
- #: src/strings.php:119 src/strings.php:224 src/strings.php:237
2109
- #: src/strings.php:254 src/strings.php:271 src/strings.php:324
2110
- #: src/strings.php:376 src/strings.php:409 src/strings.php:422
2111
- #: src/strings.php:444 src/strings.php:459 src/strings.php:467
2112
  msgid "Select All"
2113
  msgstr ""
2114
 
2115
- #: src/strings.php:120 src/strings.php:135 src/strings.php:326
2116
  msgid "File Size"
2117
  msgstr ""
2118
 
@@ -2120,17 +1991,15 @@ msgstr ""
2120
  msgid "Modified At"
2121
  msgstr ""
2122
 
2123
- #: src/strings.php:122 src/strings.php:137 src/strings.php:325
2124
- #: src/strings.php:377 src/strings.php:460 src/strings.php:470
2125
  msgid "File Path"
2126
  msgstr ""
2127
 
2128
- #: src/strings.php:123 src/strings.php:334 src/strings.php:352
2129
- #: src/strings.php:436
2130
  msgid "I understand that this operation cannot be reverted."
2131
  msgstr ""
2132
 
2133
- #: src/strings.php:124 src/strings.php:450
2134
  msgid "Action:"
2135
  msgstr ""
2136
 
@@ -2148,16 +2017,13 @@ msgstr ""
2148
 
2149
  #: src/strings.php:129 src/strings.php:138
2150
  msgid ""
2151
- "Marking one or more files as fixed will force the plugin to ignore them "
2152
- "during the next scan, very useful when you find false positives. "
2153
- "Additionally you can restore the original content of the core files that "
2154
- "appear as modified or deleted, this will tell the plugin to download a copy "
2155
- "of the original files from the official WordPress repository. Deleting a "
2156
- "file is an irreversible action, be careful."
2157
  msgstr ""
2158
 
2159
- #: src/strings.php:134 src/strings.php:327 src/strings.php:426
2160
- #: src/strings.php:433 src/strings.php:461
2161
  msgid "Status"
2162
  msgstr ""
2163
 
@@ -2173,8 +2039,8 @@ msgstr ""
2173
  msgid "Logged-in Users"
2174
  msgstr ""
2175
 
2176
- #: src/strings.php:149 src/strings.php:177
2177
- msgid "Failed logins"
2178
  msgstr ""
2179
 
2180
  #: src/strings.php:152
@@ -2182,9 +2048,7 @@ msgid "Successful Logins (admins)"
2182
  msgstr ""
2183
 
2184
  #: src/strings.php:153
2185
- msgid ""
2186
- "Here you can see a list of all the successful logins of accounts with admin "
2187
- "privileges."
2188
  msgstr ""
2189
 
2190
  #: src/strings.php:155
@@ -2195,11 +2059,11 @@ msgstr ""
2195
  msgid "Newest To Oldest"
2196
  msgstr ""
2197
 
2198
- #: src/strings.php:161 src/strings.php:170 src/strings.php:181
2199
  msgid "Date/Time"
2200
  msgstr ""
2201
 
2202
- #: src/strings.php:162 src/strings.php:174 src/strings.php:196
2203
  msgid "Edit"
2204
  msgstr ""
2205
 
@@ -2216,994 +2080,886 @@ msgid "Hostname"
2216
  msgstr ""
2217
 
2218
  #: src/strings.php:178
 
 
 
 
2219
  #, php-format
2220
  msgid ""
2221
- "This information will be used to determine if your site is being victim of "
2222
- "<a href=\"https://kb.sucuri.net/definitions/attacks/brute-force/password-"
2223
- "guessing\" target=\"_blank\" rel=\"noopener\">Password Guessing Brute Force "
2224
- "Attacks</a>. These logs will be accumulated and the plugin will send a "
2225
- "report via email if there are more than <code>%%SUCURI.FailedLogins."
2226
- "MaxFailedLogins%%</code> failed login attempts during the same hour, you can "
2227
- "change this number from <a href=\"%%SUCURI.URL.Settings%%#alerts\">here</a>. "
2228
- "<b>NOTE:</b> Some <em>\"Two-Factor Authentication\"</em> plugins do not "
2229
- "follow the same rules that WordPress have to report failed login attempts, "
2230
- "so you may not see all the attempts in this panel if you have one of these "
2231
- "plugins installed."
2232
  msgstr ""
2233
 
2234
- #: src/strings.php:182
2235
  msgid "Web Browser"
2236
  msgstr ""
2237
 
2238
- #: src/strings.php:184
2239
  msgid "Block"
2240
  msgstr ""
2241
 
2242
- #: src/strings.php:187
2243
  msgid "Logged-in Users}"
2244
  msgstr ""
2245
 
2246
- #: src/strings.php:188
2247
  msgid "Here you can see a list of the users that are currently logged-in."
2248
  msgstr ""
2249
 
2250
- #: src/strings.php:189
2251
  msgid "ID"
2252
  msgstr ""
2253
 
2254
- #: src/strings.php:191
2255
  msgid "Last Activity"
2256
  msgstr ""
2257
 
2258
- #: src/strings.php:192 src/strings.php:412
2259
  msgid "Registered"
2260
  msgstr ""
2261
 
2262
- #: src/strings.php:197 src/strings.php:206 src/strings.php:343
2263
  msgid "Website:"
2264
  msgstr ""
2265
 
2266
- #: src/strings.php:198 src/strings.php:268
2267
  msgid "IP Address:"
2268
  msgstr ""
2269
 
2270
- #: src/strings.php:199
2271
  msgid "Reverse IP:"
2272
  msgstr ""
2273
 
2274
- #: src/strings.php:201
2275
  msgid "Message:"
2276
  msgstr ""
2277
 
2278
- #: src/strings.php:204
2279
  msgid ""
2280
- "An API key is required to activate some additional tools available in this "
2281
- "plugin. The keys are free and you can virtually generate an unlimited number "
2282
- "of them as long as the domain name and email address are unique. The key is "
2283
- "used to authenticate the HTTP requests sent by the plugin to an API service "
2284
- "managed by Sucuri Inc."
2285
  msgstr ""
2286
 
2287
- #: src/strings.php:205
2288
  msgid ""
2289
- "If you experience issues generating the API key you can request one by "
2290
- "sending the domain name and email address that you want to use to <a href="
2291
- "\"mailto:info@sucuri.net\">info@sucuri.net</a>. Note that generating a key "
2292
- "for a website that is not facing the Internet is not possible because the "
2293
- "API service needs to validate that the domain name exists."
2294
  msgstr ""
2295
 
2296
- #: src/strings.php:207 src/strings.php:251
2297
  msgid "E-mail:"
2298
  msgstr ""
2299
 
2300
- #: src/strings.php:208
2301
  msgid "DNS Lookups"
2302
  msgstr ""
2303
 
2304
- #: src/strings.php:209
2305
  msgid ""
2306
- "Check the box if your website is behind a known firewall service, this "
2307
- "guarantees that the IP address of your visitors will be detected correctly "
2308
- "for the security logs. You can change this later from the settings."
2309
  msgstr ""
2310
 
2311
- #: src/strings.php:210
2312
  msgid "Enable DNS Lookups On Startup"
2313
  msgstr ""
2314
 
2315
- #: src/strings.php:211
2316
- msgid ""
2317
- "I agree to the <a target=\"_blank\" href=\"https://sucuri.net/terms\">Terms "
2318
- "of Service</a>."
2319
  msgstr ""
2320
 
2321
- #: src/strings.php:212
2322
- msgid ""
2323
- "I have read and understand the <a target=\"_blank\" href=\"https://sucuri."
2324
- "net/privacy\">Privacy Policy</a>."
2325
  msgstr ""
2326
 
2327
- #: src/strings.php:216
2328
  msgid "Password Guessing Brute Force Attacks"
2329
  msgstr ""
2330
 
2331
- #: src/strings.php:217
2332
  msgid ""
2333
- "<a href=\"https://kb.sucuri.net/definitions/attacks/brute-force/password-"
2334
- "guessing\" target=\"_blank\" rel=\"noopener\">Password guessing brute force "
2335
- "attacks</a> are very common against web sites and web servers. They are one "
2336
- "of the most common vectors used to compromise web sites. The process is very "
2337
- "simple and the attackers basically try multiple combinations of usernames "
2338
- "and passwords until they find one that works. Once they get in, they can "
2339
- "compromise the web site with malware, spam , phishing or anything else they "
2340
- "want."
2341
  msgstr ""
2342
 
2343
- #: src/strings.php:218
2344
  msgid "Consider Brute-Force Attack After:"
2345
  msgstr ""
2346
 
2347
- #: src/strings.php:222
2348
  msgid "Security Alerts"
2349
  msgstr ""
2350
 
2351
- #: src/strings.php:223
2352
  msgid ""
2353
- "You have installed a plugin or theme that is not fully compatible with our "
2354
- "plugin, some of the security alerts (like the successful and failed logins) "
2355
- "will not be sent to you. To prevent an infinite loop while detecting these "
2356
- "changes in the website and sending the email alerts via a custom SMTP "
2357
- "plugin, we have decided to stop any attempt to send the emails to prevent "
2358
- "fatal errors."
2359
  msgstr ""
2360
 
2361
- #: src/strings.php:225
2362
  msgid "Event"
2363
  msgstr ""
2364
 
2365
- #: src/strings.php:229
2366
  msgid "Post-Type Alerts"
2367
  msgstr ""
2368
 
2369
- #: src/strings.php:230
2370
  msgid ""
2371
- "It seems that you disabled the email alerts for <b>new site content</b>, "
2372
- "this panel is intended to provide a way to ignore specific events in your "
2373
- "site and with that the alerts reported to your email. Since you have "
2374
- "deactivated the <b>new site content</b> alerts, this panel will be disabled "
2375
- "too."
2376
  msgstr ""
2377
 
2378
- #: src/strings.php:231
2379
  msgid ""
2380
- "This is a list of registered <a href=\"https://codex.wordpress.org/Post_Types"
2381
- "\" target=\"_blank\" rel=\"noopener\">Post Types</a>. You will receive an "
2382
- "email alert when a custom page or post associated to any of these types is "
2383
- "created or updated. If you don’t want to receive one or more of these "
2384
- "alerts, feel free to uncheck the boxes in the table below. If you are "
2385
- "receiving alerts for post types that are not listed in this table, it may be "
2386
- "because there is an add-on that that is generating a custom post-type on "
2387
- "runtime, you will have to find out by yourself what is the unique ID of that "
2388
- "post-type and type it in the form below. The plugin will do its best to "
2389
- "ignore these alerts as long as the unique ID is valid."
2390
  msgstr ""
2391
 
2392
- #: src/strings.php:232
2393
  msgid "Stop Alerts For This Post-Type:"
2394
  msgstr ""
2395
 
2396
- #: src/strings.php:233
2397
  msgid "e.g. unique_post_type_id"
2398
  msgstr ""
2399
 
2400
- #: src/strings.php:235
2401
  msgid "Show Post-Types Table"
2402
  msgstr ""
2403
 
2404
- #: src/strings.php:236
2405
  msgid "Hide Post-Types Table"
2406
  msgstr ""
2407
 
2408
- #: src/strings.php:238
2409
  msgid "Post Type"
2410
  msgstr ""
2411
 
2412
- #: src/strings.php:239
2413
  msgid "Post Type ID"
2414
  msgstr ""
2415
 
2416
- #: src/strings.php:240
2417
  msgid "Ignored At (optional)"
2418
  msgstr ""
2419
 
2420
- #: src/strings.php:243
2421
  msgid "Alerts Per Hour"
2422
  msgstr ""
2423
 
2424
- #: src/strings.php:244
2425
  msgid ""
2426
- "Configure the maximum number of email alerts per hour. If the number is "
2427
- "exceeded and the plugin detects more events during the same hour, it will "
2428
- "still log the events into the audit logs but will not send the email alerts. "
2429
- "Be careful with this as you will miss important information."
2430
  msgstr ""
2431
 
2432
- #: src/strings.php:245
2433
  msgid "Maximum Alerts Per Hour:"
2434
  msgstr ""
2435
 
2436
- #: src/strings.php:249
2437
  msgid "Alerts Recipient"
2438
  msgstr ""
2439
 
2440
- #: src/strings.php:250
2441
  msgid ""
2442
- "By default, the plugin will send the email alerts to the primary admin "
2443
- "account, the same account created during the installation of WordPress in "
2444
- "your web server. You can add more people to the list, they will receive a "
2445
- "copy of the same security alerts."
2446
  msgstr ""
2447
 
2448
- #: src/strings.php:252
2449
  msgid "e.g. user@example.com"
2450
  msgstr ""
2451
 
2452
- #: src/strings.php:255 src/strings.php:411
2453
  msgid "E-mail"
2454
  msgstr ""
2455
 
2456
- #: src/strings.php:257
2457
  msgid "Test Alerts"
2458
  msgstr ""
2459
 
2460
- #: src/strings.php:260
2461
  msgid "Alert Subject"
2462
  msgstr ""
2463
 
2464
- #: src/strings.php:261
2465
  msgid ""
2466
- "Format of the subject for the email alerts, by default the plugin will use "
2467
- "the website name and the event identifier that is being reported, you can "
2468
- "use this panel to include the IP address of the user that triggered the "
2469
- "event and some additional data. You can create filters in your email client "
2470
- "creating a custom email subject using the pseudo-tags shown below."
2471
  msgstr ""
2472
 
2473
- #: src/strings.php:262
2474
  msgid "Custom Format"
2475
  msgstr ""
2476
 
2477
- #: src/strings.php:266
2478
  msgid "Trusted IP Addresses"
2479
  msgstr ""
2480
 
2481
- #: src/strings.php:267
2482
  msgid ""
2483
- "If you are working in a LAN <em>(Local Area Network)</em> you may want to "
2484
- "include the IP addresses of all the nodes in the subnet, this will force the "
2485
- "plugin to stop sending email alerts about actions executed from trusted IP "
2486
- "addresses. Use the CIDR <em>(Classless Inter Domain Routing)</em> format to "
2487
- "specify ranges of IP addresses <em>(only 8, 16, and 24)</em>."
2488
  msgstr ""
2489
 
2490
- #: src/strings.php:269
2491
  msgid "e.g. 182.120.56.0/24"
2492
  msgstr ""
2493
 
2494
- #: src/strings.php:273
2495
  msgid "CIDR Format"
2496
  msgstr ""
2497
 
2498
- #: src/strings.php:274
2499
  msgid "IP Added At"
2500
  msgstr ""
2501
 
2502
- #: src/strings.php:279
2503
  msgid ""
2504
- "If this operation was successful you will receive a message in the email "
2505
- "used during the registration of the API key <em>(usually the email of the "
2506
- "main admin user)</em>. This message contains the key in plain text, copy and "
2507
- "paste the key in the form field below. The plugin will verify the "
2508
- "authenticity of the key sending an initial HTTP request to the API service, "
2509
- "if this fails the key will be removed automatically and you will have to "
2510
- "start the process all over again."
2511
  msgstr ""
2512
 
2513
- #: src/strings.php:280
2514
  msgid ""
2515
- "There are cases where this operation may fail, an example would be when the "
2516
- "email address is not associated with the domain anymore, this happens when "
2517
- "the base URL changes <em>(from www to none or viceversa)</em>. If you are "
2518
- "having issues recovering the key please send an email explaining the "
2519
- "situation to <a href=\"mailto:info@sucuri.net\">info@sucuri.net</a>"
2520
  msgstr ""
2521
 
2522
- #: src/strings.php:281 src/strings.php:319
2523
  msgid "API Key:"
2524
  msgstr ""
2525
 
2526
- #: src/strings.php:285
2527
  msgid ""
2528
- "Congratulations! The rest of the features available in the plugin have been "
2529
- "enabled. This product is designed to supplement existing security products. "
2530
- "It’s not a silver bullet for your security needs, but it’ll give you greater "
2531
  "security awareness and better posture, all with the intent of reducing risk."
2532
  msgstr ""
2533
 
2534
- #: src/strings.php:286
2535
  msgid ""
2536
- "Your website has been granted a new API key and it was associated to the "
2537
- "email address that you chose during the registration process. You can use "
2538
- "the same email to recover the key if you happen to lose it sometime. We "
2539
- "encourage you to check the rest of the settings page and configure the "
2540
- "plugin to your own needs."
2541
  msgstr ""
2542
 
2543
- #: src/strings.php:291 src/strings.php:293
2544
  msgid "WordPress Checksums API"
2545
  msgstr ""
2546
 
2547
- #: src/strings.php:292
2548
  msgid ""
2549
- "The WordPress integrity tool uses a remote API service maintained by the "
2550
- "WordPress organization to determine which files in the installation were "
2551
- "added, removed or modified. The API returns a list of files with their "
2552
- "respective checksums, this information guarantees that the installation is "
2553
- "not corrupt. You can, however, point the integrity tool to a GitHub "
2554
- "repository in case that you are using a custom version of WordPress like the "
2555
- "<a href=\"https://github.com/WordPress/WordPress\" target=\"_blank\" rel="
2556
- "\"noopener\">development version of the code</a>."
2557
  msgstr ""
2558
 
2559
- #: src/strings.php:294
2560
  msgid "e.g. URL — or — user/repo"
2561
  msgstr ""
2562
 
2563
- #: src/strings.php:298
2564
  msgid "API Communication via Proxy"
2565
  msgstr ""
2566
 
2567
- #: src/strings.php:299
2568
  msgid ""
2569
- "All the HTTP requests used to communicate with the API service are being "
2570
- "sent using the WordPress built-in functions, so (almost) all its official "
2571
- "features are inherited, this is useful if you need to pass these HTTP "
2572
- "requests through a proxy. According to the <a href=\"https://developer."
2573
- "wordpress.org/reference/classes/wp_http_proxy/\" target=\"_blank\" rel="
2574
- "\"noopener\">official documentation</a> you have to add some constants to "
2575
- "the main configuration file: <em>WP_PROXY_HOST, WP_PROXY_PORT, "
2576
- "WP_PROXY_USERNAME, WP_PROXY_PASSWORD</em>."
2577
  msgstr ""
2578
 
2579
- #: src/strings.php:300
2580
  msgid "HTTP Proxy Hostname"
2581
  msgstr ""
2582
 
2583
- #: src/strings.php:301
2584
  msgid "HTTP Proxy Port num"
2585
  msgstr ""
2586
 
2587
- #: src/strings.php:302
2588
  msgid "HTTP Proxy Username"
2589
  msgstr ""
2590
 
2591
- #: src/strings.php:303
2592
  msgid "HTTP Proxy Password"
2593
  msgstr ""
2594
 
2595
- #: src/strings.php:306 src/strings.php:496
2596
  msgid "API Service Communication"
2597
  msgstr ""
2598
 
2599
- #: src/strings.php:307
2600
  msgid ""
2601
- "Once the API key is generate the plugin will communicate with a remote API "
2602
- "service that will act as a safe data storage for the audit logs generated "
2603
- "when the website triggers certain events that the plugin monitors. If the "
2604
- "website is hacked the attacker will not have access to these logs and that "
2605
- "way you can investigate what was modified <em>(for malware infaction)</em> "
2606
- "and/or how the malicious person was able to gain access to the website."
2607
  msgstr ""
2608
 
2609
- #: src/strings.php:308
2610
  #, php-format
2611
  msgid ""
2612
- "Disabling the API service communication will stop the event monitoring, "
2613
- "consider to enable the <a href=\"%%SUCURI.URL.Settings%%#general\">Log "
2614
- "Exporter</a> to keep the monitoring working while the HTTP requests are "
2615
- "ignored, otherwise an attacker may execute an action that will not be "
2616
- "registered in the security logs and you will not have a way to investigate "
2617
  "the attack in the future."
2618
  msgstr ""
2619
 
2620
- #: src/strings.php:309
2621
  msgid ""
2622
- "<strong>Are you a developer?</strong> You may be interested in our API. Feel "
2623
- "free to use the URL shown below to access the latest 50 entries in your "
2624
- "security log, change the value for the parameter <code>l=N</code> if you "
2625
- "need more. Be aware that the API doesn’t provides an offset parameter, so if "
2626
- "you have the intension to query specific sections of the log you will need "
2627
- "to wrap the HTTP request around your own cache mechanism. We <strong>DO NOT</"
2628
- "strong> take feature requests for the API, this is a semi-private service "
2629
- "tailored for the specific needs of the plugin and not intended to be used by "
2630
- "3rd-party apps, we may change the behavior of each API endpoint without "
2631
- "previous notice, use it at your own risk."
2632
  msgstr ""
2633
 
2634
- #: src/strings.php:312
2635
  msgid "API Key"
2636
  msgstr ""
2637
 
2638
- #: src/strings.php:313
2639
  msgid ""
2640
- "An API key is required to prevent attackers from deleting audit logs that "
2641
- "can help you investigate and recover after a hack, and allows the plugin to "
2642
- "display statistics. By generating an API key, you agree that Sucuri will "
2643
- "collect and store anonymous data about your website. We take your privacy "
2644
- "seriously."
2645
  msgstr ""
2646
 
2647
- #: src/strings.php:314
2648
  #, php-format
2649
  msgid ""
2650
- "Your domain <code>%%SUCURI.CleanDomain%%</code> does not seems to have a DNS "
2651
- "<code>A</code> record so it will be considered as <em>invalid</em> by the "
2652
- "API interface when you request the generation of a new key. Adding "
2653
- "<code>www</code> at the beginning of the domain name may fix this issue. If "
2654
- "you do not understand what is this then send an email to our support team "
2655
- "requesting the key."
2656
  msgstr ""
2657
 
2658
- #: src/strings.php:315
2659
  msgid "Recover Via E-mail"
2660
  msgstr ""
2661
 
2662
- #: src/strings.php:316
2663
  msgid "Manual Activation"
2664
  msgstr ""
2665
 
2666
- #: src/strings.php:317
2667
  msgid ""
2668
- "If you do not have access to the administrator email, you can reinstall the "
2669
- "plugin. The API key is generated using an administrator email and the domain "
2670
- "of the website. Click the \"Manual Activation\" button if you already have a "
2671
- "valid API key to authenticate this website with the remote API web service."
2672
  msgstr ""
2673
 
2674
- #: src/strings.php:322
2675
  msgid "Data Storage"
2676
  msgstr ""
2677
 
2678
- #: src/strings.php:323
2679
  msgid ""
2680
- "This is the directory where the plugin will store the security logs, the "
2681
- "list of files marked as fixed in the core integrity tool, the cache for the "
2682
- "malware scanner and 3rd-party plugin metadata. The plugin requires write "
2683
- "permissions in this directory as well as the files contained in it. If you "
2684
- "prefer to keep these files in a non-public directory <em>(one level up the "
2685
- "document root)</em> please define a constant in the <em>\"wp-config.php\"</"
2686
- "em> file named <em>\"SUCURI_DATA_STORAGE\"</em> with the absolute path to "
2687
- "the new directory."
2688
  msgstr ""
2689
 
2690
- #: src/strings.php:332
2691
  msgid "Import &amp; Export Settings"
2692
  msgstr ""
2693
 
2694
- #: src/strings.php:333
2695
  msgid ""
2696
- "Copy the JSON-encoded data from the box below, go to your other websites and "
2697
- "click the <em>\"Import\"</em> button in the settings page. The plugin will "
2698
- "start using the same settings from this website. Notice that some options "
2699
- "are omitted as they contain values specific to this website. To import the "
2700
- "settings from another website into this one, replace the JSON-encoded data "
2701
- "in the box below with the JSON-encoded data exported from the other website, "
2702
- "then click the button <em>\"Import\"</em>. Notice that some options will not "
2703
- "be imported to reduce the security risk of writing arbitrary data into the "
2704
- "disk."
2705
  msgstr ""
2706
 
2707
- #: src/strings.php:338
2708
  msgid "IP Address Discoverer"
2709
  msgstr ""
2710
 
2711
- #: src/strings.php:339
2712
  msgid ""
2713
- "IP address discoverer will use DNS lookups to automatically detect if the "
2714
- "website is behind the <a href=\"https://sucuri.net/website-firewall/\" "
2715
- "target=\"_blank\" rel=\"noopener\">Sucuri Firewall</a>, in which case it "
2716
- "will modify the global server variable <em>Remote-Addr</em> to set the real "
2717
- "IP of the website’s visitors. This check runs on every WordPress init action "
2718
- "and that is why it may slow down your website as some hosting providers rely "
2719
- "on slow DNS servers which makes the operation take more time than it should."
2720
  msgstr ""
2721
 
2722
- #: src/strings.php:340
2723
  msgid "HTTP Header:"
2724
  msgstr ""
2725
 
2726
- #: src/strings.php:341
2727
  msgid "Proceed"
2728
  msgstr ""
2729
 
2730
- #: src/strings.php:342
2731
  msgid "Sucuri Firewall"
2732
  msgstr ""
2733
 
2734
- #: src/strings.php:344
2735
  msgid "Top Level Domain:"
2736
  msgstr ""
2737
 
2738
- #: src/strings.php:345
2739
  msgid "Hostname:"
2740
  msgstr ""
2741
 
2742
- #: src/strings.php:346
2743
  msgid "IP Address (Hostname):"
2744
  msgstr ""
2745
 
2746
- #: src/strings.php:347
2747
  msgid "IP Address (Username):"
2748
  msgstr ""
2749
 
2750
- #: src/strings.php:350
2751
  msgid "Reset Security Logs, Hardening and Settings"
2752
  msgstr ""
2753
 
2754
- #: src/strings.php:351
2755
  msgid ""
2756
- "This action will trigger the deactivation / uninstallation process of the "
2757
- "plugin. All local security logs, hardening and settings will be deleted. "
2758
- "Notice that the security logs stored in the API service will not be deleted, "
2759
- "this is to prevent tampering from a malicious user. You can request a new "
2760
- "API key if you want to start from scratch."
2761
  msgstr ""
2762
 
2763
- #: src/strings.php:356
2764
  msgid "Reverse Proxy"
2765
  msgstr ""
2766
 
2767
- #: src/strings.php:357
2768
  msgid ""
2769
- "The event monitor uses the API address of the origin of the request to track "
2770
- "the actions. The plugin uses two methods to retrieve this: the main method "
2771
- "uses the global server variable <em>Remote-Addr</em> available in most "
2772
- "modern web servers, and an alternative method uses custom HTTP headers "
2773
- "<em>(which are unsafe by default)</em>. You should not worry about this "
2774
- "option unless you know what a reverse proxy is. Services like the <a href="
2775
- "\"https://sucuri.net/website-firewall/\" target=\"_blank\" rel=\"noopener"
2776
- "\">Sucuri Firewall</a> &mdash; once active &mdash; force the network traffic "
2777
- "to pass through them to filter any security threat that may affect the "
2778
- "original server. A side effect of this is that the real IP address is no "
2779
- "longer available in the global server variable <em>Remote-Addr</em> but in a "
2780
- "custom HTTP header with a name provided by the service."
2781
  msgstr ""
2782
 
2783
- #: src/strings.php:360
2784
  msgid "Log Exporter"
2785
  msgstr ""
2786
 
2787
- #: src/strings.php:361
2788
  msgid ""
2789
- "This option allows you to export the WordPress audit logs to a local log "
2790
- "file that can be read by a SIEM or any log analysis software <em>(we "
2791
- "recommend OSSEC)</em>. That will give visibility from within WordPress to "
2792
- "complement your log monitoring infrastructure. <b>NOTE:</b> Do not use a "
2793
- "publicly accessible file, you must use a file at least one level up the "
2794
- "document root to prevent leaks of information."
2795
  msgstr ""
2796
 
2797
- #: src/strings.php:362 src/strings.php:374
2798
  msgid "File Path:"
2799
  msgstr ""
2800
 
2801
- #: src/strings.php:366
2802
  msgid "Timezone Override"
2803
  msgstr ""
2804
 
2805
- #: src/strings.php:367
2806
  msgid ""
2807
- "This option defines the timezone that will be used through out the entire "
2808
- "plugin to print the dates and times whenever is necessary. This option also "
2809
- "affects the date and time of the logs visible in the audit logs panel which "
2810
- "is data that comes from a remote server configured to use Eastern Daylight "
2811
- "Time (EDT). WordPress offers an option in the general settings page to allow "
2812
- "you to configure the timezone for the entire website, however, if you are "
2813
- "experiencing problems with the time in the audit logs, this option will help "
2814
- "you fix them."
2815
  msgstr ""
2816
 
2817
- #: src/strings.php:368
2818
  msgid "Timezone:"
2819
  msgstr ""
2820
 
2821
- #: src/strings.php:372
2822
  msgid "Whitelist Blocked PHP Files"
2823
  msgstr ""
2824
 
2825
- #: src/strings.php:373
2826
  msgid ""
2827
- "After you apply the hardening in either the includes, content, and/or "
2828
- "uploads directories, the plugin will add a rule in the access control file "
2829
- "to deny access to any PHP file located in these folders. This is a good "
2830
- "precaution in case an attacker is able to upload a shell script. With a few "
2831
- "exceptions the <em>\"index.php\"</em> file is the only one that should be "
2832
- "publicly accessible, however many theme/plugin developers decide to use "
2833
- "these folders to process some operations. In this case applying the "
2834
- "hardening <strong>may break</strong> their functionality."
2835
  msgstr ""
2836
 
2837
- #: src/strings.php:378
2838
  msgid "Directory"
2839
  msgstr ""
2840
 
2841
- #: src/strings.php:379
2842
  msgid "Pattern"
2843
  msgstr ""
2844
 
2845
- #: src/strings.php:384 src/strings.php:392
2846
  msgid ""
2847
- "WordPress has a big user base in the public Internet, which brings interest "
2848
- "to attackers to find vulnerabilities in the code, 3rd-party extensions, and "
2849
- "themes that other companies develop. You should keep every piece of code "
2850
- "installed in your website updated to prevent attacks as soon as disclosed "
2851
- "vulnerabilities are patched."
2852
  msgstr ""
2853
 
2854
- #: src/strings.php:386 src/strings.php:394 src/strings.php:424
2855
  msgid "Version"
2856
  msgstr ""
2857
 
2858
- #: src/strings.php:387 src/strings.php:395
2859
  msgid "Update"
2860
  msgstr ""
2861
 
2862
- #: src/strings.php:388 src/strings.php:396
2863
  msgid "Tested With"
2864
  msgstr ""
2865
 
2866
- #: src/strings.php:391
2867
  msgid "Available Plugin and Theme Updates"
2868
  msgstr ""
2869
 
2870
- #: src/strings.php:400
2871
  msgid "Download"
2872
  msgstr ""
2873
 
2874
- #: src/strings.php:403
2875
  msgid ""
2876
- "WordPress has generated a new (random) password for your account <b>%%SUCURI."
2877
- "ResetPassword.UserName%%</b> at <a target=\"_blank\" href=\"http://%%SUCURI."
2878
- "ResetPassword.Website%%\" rel=\"noopener\">%%SUCURI.ResetPassword.Website%%</"
2879
- "a>. The change has been requested by one of the admins in this website for "
2880
- "security reasons. Your new password is &mdash; <span style=\"font-family:"
2881
- "Menlo, Monaco, monospace, serif;font-weight:700\">%%%SUCURI.ResetPassword."
2882
- "Password%%%</span> &mdash; please change it as soon as possible."
2883
  msgstr ""
2884
 
2885
- #: src/strings.php:406
2886
  msgid "Reset User Password"
2887
  msgstr ""
2888
 
2889
- #: src/strings.php:408
2890
  msgid ""
2891
- "You can generate a new random password for the user accounts that you select "
2892
- "from the list. An email with the new password will be sent to the email "
2893
- "address of each chosen user. If you choose to change the password of your "
2894
- "own user, then your current session will expire immediately. You will need "
2895
- "to log back into the admin panel with the new password that will be sent to "
2896
- "your email."
2897
  msgstr ""
2898
 
2899
- #: src/strings.php:413
2900
  msgid "Roles"
2901
  msgstr ""
2902
 
2903
- #: src/strings.php:417
2904
  msgid "Reset Installed Plugins"
2905
  msgstr ""
2906
 
2907
- #: src/strings.php:419
2908
  msgid ""
2909
- "In case you suspect having an infection in your site, or after you got rid "
2910
- "of a malicious code, it’s recommended to reinstall all the plugins installed "
2911
- "in your site, including the ones you are not using. Notice that premium "
2912
- "plugins will not be automatically reinstalled to prevent backward "
2913
- "compatibility issues and problems with licenses."
2914
  msgstr ""
2915
 
2916
- #: src/strings.php:420
2917
  #, php-format
2918
  msgid ""
2919
- "The information shown here is cached for %%SUCURI.ResetPlugin.CacheLifeTime"
2920
- "%% seconds. This is necessary to reduce the quantity of HTTP requests sent "
2921
- "to the WordPress servers and the bandwidth of your site. Currently there is "
2922
- "no option to recreate this cache."
2923
  msgstr ""
2924
 
2925
- #: src/strings.php:421
2926
  msgid ""
2927
- "<b>WARNING!</b> This procedure can break your website. The reset will not "
2928
- "affect the database nor the settings of each plugin, but depending on how "
2929
- "they were written the reset action might break them. Be sure to create a "
2930
- "backup of the plugins directory before the execution of this tool."
2931
  msgstr ""
2932
 
2933
- #: src/strings.php:425
2934
  msgid "Type"
2935
  msgstr ""
2936
 
2937
- #: src/strings.php:430
2938
  msgid "Update Secret Keys"
2939
  msgstr ""
2940
 
2941
- #: src/strings.php:431
2942
  msgid ""
2943
- "The secret or security keys are a list of constants added to your site to "
2944
- "ensure better encryption of information stored in the user’s cookies. A "
2945
- "secret key makes your site harder to hack by adding random elements to the "
2946
- "password. You do not have to remember the keys, just write a random, "
2947
- "complicated, and long string in the <code>wp-config.php</code> file. You can "
2948
- "change these keys at any point in time. Changing them will invalidate all "
2949
- "existing cookies, forcing all logged in users to login again."
2950
  msgstr ""
2951
 
2952
- #: src/strings.php:432
2953
  msgid "Your current session will expire once the form is submitted."
2954
  msgstr ""
2955
 
2956
- #: src/strings.php:437
2957
  msgid "Generate New Security Keys"
2958
  msgstr ""
2959
 
2960
- #: src/strings.php:440
2961
  msgid "Scheduled Tasks"
2962
  msgstr ""
2963
 
2964
- #: src/strings.php:441
2965
  msgid ""
2966
- "The plugin scans your entire website looking for changes which are later "
2967
- "reported via the API in the audit logs page. By default the scanner runs "
2968
- "daily but you can change the frequency to meet your requirements. Notice "
2969
- "that scanning your project files too frequently may affect the performance "
2970
- "of your website. Be sure to have enough server resources before changing "
2971
- "this option. The memory limit and maximum execution time are two of the PHP "
2972
- "options that your server will set to stop your website from consuming too "
2973
- "much resources."
2974
  msgstr ""
2975
 
2976
- #: src/strings.php:442
2977
  msgid ""
2978
- "The scanner uses the <a href=\"http://php.net/manual/en/class.splfileobject."
2979
- "php\" target=\"_blank\" rel=\"noopener\">PHP SPL library</a> and the <a "
2980
- "target=\"_blank\" href=\"http://php.net/manual/en/class.filesystemiterator."
2981
- "php\" rel=\"noopener\">Filesystem Iterator</a> class to scan the directory "
2982
- "tree where your website is located in the server. This library is only "
2983
- "available on PHP 5 >= 5.3.0 &mdash; OR &mdash; PHP 7; if you have an older "
2984
- "version of PHP the plugin will not work as expected. Please ask your hosting "
2985
- "provider to advise you on this matter."
2986
  msgstr ""
2987
 
2988
- #: src/strings.php:443
2989
  msgid ""
2990
- "Scheduled tasks are rules registered in your database by a plugin, theme, or "
2991
- "the base system itself; they are used to automatically execute actions "
2992
- "defined in the code every certain amount of time. A good use of these rules "
2993
- "is to generate backup files of your site, execute a security scanner, or "
2994
- "remove unused elements like drafts. <b>Note:</b> Scheduled tasks can be re-"
2995
- "installed by any plugin/theme automatically."
2996
  msgstr ""
2997
 
2998
- #: src/strings.php:446
2999
  msgid "Schedule"
3000
  msgstr ""
3001
 
3002
- #: src/strings.php:447
3003
  msgid "Next Due"
3004
  msgstr ""
3005
 
3006
- #: src/strings.php:448
3007
  msgid "Arguments"
3008
  msgstr ""
3009
 
3010
- #: src/strings.php:454
3011
  msgid "Ignore Files And Folders During The Scans"
3012
  msgstr ""
3013
 
3014
- #: src/strings.php:455
3015
  msgid ""
3016
- "Use this tool to select the files and/or folders that are too heavy for the "
3017
- "scanner to process. These are usually folders with images, media files like "
3018
- "videos and audios, backups and &mdash; in general &mdash; anything that is "
3019
- "not code-related. Ignoring these files or folders will reduce the memory "
3020
- "consumption of the PHP script."
3021
  msgstr ""
3022
 
3023
- #: src/strings.php:456
3024
  msgid "Ignore a file or directory:"
3025
  msgstr ""
3026
 
3027
- #: src/strings.php:457
3028
  msgid "e.g. /private/directory/"
3029
  msgstr ""
3030
 
3031
- #: src/strings.php:462
3032
  msgid "Unignore Selected Directories"
3033
  msgstr ""
3034
 
3035
- #: src/strings.php:465
3036
  msgid "WordPress Integrity (False Positives)"
3037
  msgstr ""
3038
 
3039
- #: src/strings.php:466
3040
  msgid ""
3041
- "Since the scanner doesn’t read the files during the execution of the "
3042
- "integrity check, it is possible to find false positives. Files listed here "
3043
- "have been marked as false positives and will be ignored by the scanner in "
3044
- "subsequent scans."
3045
  msgstr ""
3046
 
3047
- #: src/strings.php:468
3048
  msgid "Reason"
3049
  msgstr ""
3050
 
3051
- #: src/strings.php:469
3052
  msgid "Ignored At"
3053
  msgstr ""
3054
 
3055
- #: src/strings.php:472
3056
  msgid "Stop Ignoring the Selected Files"
3057
  msgstr ""
3058
 
3059
- #: src/strings.php:476
3060
  msgid ""
3061
- "If your server allows the execution of system commands, you can configure "
3062
- "the plugin to use the <a href=\"https://en.wikipedia.org/wiki/Diff_utility\" "
3063
- "target=\"_blank\" rel=\"noopener\">Unix Diff Utility</a> to compare the "
3064
- "actual content of the file installed in the website and the original file "
3065
- "provided by WordPress. This will show the differences between both files and "
3066
- "then you can act upon the information provided."
3067
  msgstr ""
3068
 
3069
- #: src/strings.php:480
3070
  msgid "Environment Variables"
3071
  msgstr ""
3072
 
3073
- #: src/strings.php:483
3074
  msgid "Access File Integrity"
3075
  msgstr ""
3076
 
3077
- #: src/strings.php:484
3078
  msgid ""
3079
- "The <code>.htaccess</code> file is a distributed configuration file, and is "
3080
- "how the Apache web server handles configuration changes on a per-directory "
3081
- "basis. WordPress uses this file to manipulate how Apache serves files from "
3082
- "its root directory and subdirectories thereof; most notably, it modifies "
3083
- "this file to be able to handle pretty permalinks."
3084
  msgstr ""
3085
 
3086
- #: src/strings.php:485
3087
  msgid "Htaccess file found in"
3088
  msgstr ""
3089
 
3090
- #: src/strings.php:486
3091
- msgid ""
3092
- "Your website has no <code>.htaccess</code> file or it was not found in the "
3093
- "default location."
3094
  msgstr ""
3095
 
3096
- #: src/strings.php:487
 
 
 
 
3097
  msgid ""
3098
- "The main <code>.htaccess</code> file in your site has the standard rules for "
3099
- "a WordPress installation. You can customize it to improve the performance "
3100
- "and change the behaviour of the redirections for pages and posts in your "
3101
- "site. To get more information visit the official documentation at <a target="
3102
- "\"_blank\" rel=\"noopener\" href=\"https://codex.wordpress.org/"
3103
- "Using_Permalinks#Creating_and_editing_.28.htaccess.29\"> Codex WordPress - "
3104
- "Creating and editing (.htaccess)</a>"
3105
  msgstr ""
3106
 
3107
- #: src/strings.php:488
3108
  msgid "Codex WordPress HTAccess"
3109
  msgstr ""
3110
 
3111
- #: src/strings.php:491
3112
  msgid "General Settings"
3113
  msgstr ""
3114
 
3115
- #: src/strings.php:492
3116
  msgid "Scanner"
3117
  msgstr ""
3118
 
3119
- #: src/strings.php:493
3120
  msgid "Hardening"
3121
  msgstr ""
3122
 
3123
- #: src/strings.php:494
3124
  msgid "Post-Hack"
3125
  msgstr ""
3126
 
3127
- #: src/strings.php:495
3128
  msgid "Alerts"
3129
  msgstr ""
3130
 
3131
- #: src/strings.php:497
3132
  msgid "Website Info"
3133
  msgstr ""
3134
 
3135
- #: src/strings.php:498
3136
  msgid "Hardening Options"
3137
  msgstr ""
3138
 
3139
- #: src/strings.php:501
3140
  #, php-format
3141
  msgid "This information will be updated %%SUCURI.SiteCheck.Lifetime%%"
3142
  msgstr ""
3143
 
3144
- #: src/strings.php:502
3145
  msgid "Refresh Malware Scan"
3146
  msgstr ""
3147
 
3148
- #: src/strings.php:505
3149
  msgid "No malicious JavaScript"
3150
  msgstr ""
3151
 
3152
- #: src/strings.php:506
3153
  msgid "No malicious iFrames"
3154
  msgstr ""
3155
 
3156
- #: src/strings.php:507
3157
  msgid "No suspicious redirections"
3158
  msgstr ""
3159
 
3160
- #: src/strings.php:508
3161
  msgid "No blackhat SEO spam"
3162
  msgstr ""
3163
 
3164
- #: src/strings.php:509
3165
  msgid "No anomaly detection"
3166
  msgstr ""
3167
 
3168
- #: src/strings.php:510
3169
  msgid ""
3170
- "Some types of problems cannot be detected by this scanner. If this scanner "
3171
- "did not detect any issue and you still suspect a problem exists, you can <a "
3172
- "href=\"https://sucuri.net/website-security-platform/signup\" target=\"_blank"
3173
- "\" rel=\"noopener\">sign up with Sucuri</a> for a complete and in-depth scan "
3174
- "+ cleanup (not included in the free checks)."
3175
  msgstr ""
3176
 
3177
- #: src/strings.php:513
3178
  msgid "Hover to see the Payload"
3179
  msgstr ""
3180
 
3181
- #: src/strings.php:516
3182
  msgid "Recommendations"
3183
  msgstr ""
3184
 
3185
- #: src/strings.php:519 src/strings.php:521
3186
  msgid "Malware Scan Target"
3187
  msgstr ""
3188
 
3189
- #: src/strings.php:520
3190
  msgid ""
3191
- "The remote malware scanner provided by the plugin is powered by <a href="
3192
- "\"https://sitecheck.sucuri.net/\" target=\"_blank\" rel=\"noopener\">Sucuri "
3193
- "SiteCheck</a>, a service that takes a publicly accessible URL and scans it "
3194
- "for malicious code. If your website is not visible to the Internet, for "
3195
- "example, if it is hosted in a local development environment or a restricted "
3196
- "network, the scanner will not be able to work on it. Additionally, if the "
3197
- "website was installed in a non-standard directory the scanner will report a "
3198
- "\"404 Not Found\" error. You can use this option to change the URL that will "
3199
  "be scanned."
3200
  msgstr ""
3201
 
3202
- #: src/strings.php:522
3203
  msgid "Malware Scan Target:"
3204
  msgstr ""
3205
 
3206
- #: src/strings.php:526
3207
  msgid "WordPress Security Recommendations"
3208
  msgstr ""
3209
 
@@ -3211,21 +2967,131 @@ msgstr ""
3211
  msgid "Invalid template type"
3212
  msgstr ""
3213
 
3214
- #: src/wordpress-recommendations.php:62
 
 
 
 
 
 
 
 
 
 
3215
  msgid "Upgrade PHP to a supported version"
3216
  msgstr ""
3217
 
3218
- #: src/wordpress-recommendations.php:63
3219
- msgid "The PHP version you are using no longer receives security support and could be exposed to unpatched security vulnerabilities."
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
3220
  msgstr ""
3221
 
3222
- #: src/wordpress-recommendations.php:76
3223
  msgid ""
3224
- "Your WordPress install is following <a href=\"https://sucuri.net/guides/wordpress-security\" target=\"_blank\" rel=\"noopener\">"
3225
- "the security best practices</a>."
3226
  msgstr ""
3227
 
3228
- #: sucuri.php:316
3229
  msgid "Sucuri plugin has been uninstalled"
3230
  msgstr ""
3231
 
@@ -3239,12 +3105,10 @@ msgstr ""
3239
 
3240
  #. Description of the plugin/theme
3241
  msgid ""
3242
- "The <a href=\"https://sucuri.net/\" target=\"_blank\">Sucuri</a> plugin "
3243
- "provides the website owner the best Activity Auditing, SiteCheck Remote "
3244
- "Malware Scanning, Effective Security Hardening and Post-Hack features. "
3245
- "SiteCheck will check for malware, spam, blacklisting and other security "
3246
- "issues like .htaccess redirects, hidden eval code, etc. The best thing about "
3247
- "it is it's completely free."
3248
  msgstr ""
3249
 
3250
  #. Author of the plugin/theme
2
  msgid ""
3
  msgstr ""
4
  "Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n"
5
+ "Project-Id-Version: Sucuri Security - Auditing, Malware Scanner and Hardening\n"
6
+ "POT-Creation-Date: 2019-08-26 17:12-0500\n"
 
7
  "PO-Revision-Date: 2019-02-07 02:39-0600\n"
8
  "Last-Translator: \n"
9
  "Language-Team: \n"
14
  "X-Poedit-Basepath: ..\n"
15
  "X-Poedit-WPHeader: sucuri.php\n"
16
  "X-Poedit-SourceCharset: UTF-8\n"
17
+ "X-Poedit-KeywordsList: __;_e;_n:1,2;_x:1,2c;_ex:1,2c;_nx:4c,1,2;esc_attr__;esc_attr_e;esc_attr_x:1,2c;esc_html__;"
18
+ "esc_html_e;esc_html_x:1,2c;_n_noop:1,2;_nx_noop:3c,1,2;__ngettext_noop:1,2\n"
 
19
  "X-Poedit-SearchPath-0: .\n"
20
  "X-Poedit-SearchPathExcluded-0: *.js\n"
21
 
62
  msgid "WP Engine PHP Compatibility Checker: %s (created post #%d as cache)"
63
  msgstr ""
64
 
65
+ #: src/api.lib.php:991 src/api.lib.php:996
66
  msgid "WordPress version is not supported anymore"
67
  msgstr ""
68
 
99
  msgid "Info:"
100
  msgstr ""
101
 
102
+ #: src/cache.lib.php:392 src/cache.lib.php:412 src/cache.lib.php:453 src/cache.lib.php:470
 
103
  msgid "Invalid cache key name"
104
  msgstr ""
105
 
162
  msgid ""
163
  "<br><br>\n"
164
  "\n"
165
+ "<em>Explanation: Someone failed to login to your site. If you are getting too many of these messages, it is likely your "
166
+ "site is under a password guessing brute-force attack [1]. You can disable the failed login alerts from here [2]. "
167
+ "Alternatively, you can consider to install a firewall between your website and your visitors to filter out these and other "
168
+ "attacks, take a look at Sucuri Firewall [3].</em><br><br>\n"
 
 
169
  "\n"
170
+ "[1] <a href='https://kb.sucuri.net/definitions/attacks/brute-force/password-guessing'>https://kb.sucuri.net/definitions/"
171
+ "attacks/brute-force/password-guessing</a><br>\n"
 
172
  "[2] <a href='%s'>%s</a> <br>\n"
173
+ "[3] <a href='https://sucuri.net/website-firewall/?wpalert'>https://sucuri.net/website-firewall/</a><br>\n"
 
174
  msgstr ""
175
 
176
  #: src/event.lib.php:642
177
  msgid "Password Change"
178
  msgstr ""
179
 
180
+ #: src/event.lib.php:747
181
+ #, php-format
182
+ msgid "%s cannot be deleted."
183
+ msgstr ""
184
+
185
+ #: src/event.lib.php:759
186
+ #, php-format
187
+ msgid "%s was deleted."
188
+ msgstr ""
189
+
190
+ #: src/event.lib.php:765
191
+ #, php-format
192
+ msgid "%s was deleted."
193
+ msgstr ""
194
+
195
  #: src/fileinfo.lib.php:291
196
  msgid "No files were found"
197
  msgstr ""
232
  msgid "caching disabled (use with caution)"
233
  msgstr ""
234
 
235
+ #: src/firewall.lib.php:253 src/firewall.lib.php:349 src/firewall.lib.php:567 src/firewall.lib.php:602
236
+ #: src/firewall.lib.php:643 src/firewall.lib.php:735
237
  msgid "Firewall API key was not found."
238
  msgstr ""
239
 
307
  msgid "IP has been unblacklisted: %s"
308
  msgstr ""
309
 
310
+ #: src/globals.php:80 src/strings.php:39 src/strings.php:289
311
  msgid "Dashboard"
312
  msgstr ""
313
 
319
  msgid "Last Logins"
320
  msgstr ""
321
 
322
+ #: src/globals.php:83 src/strings.php:41 src/strings.php:95 src/strings.php:290
323
  msgid "Settings"
324
  msgstr ""
325
 
352
  msgid "Media file added; ID: %s; name: %s; type: %s"
353
  msgstr ""
354
 
355
+ #: src/hook.lib.php:82 src/hook.lib.php:108 src/hook.lib.php:197 src/hook.lib.php:1001 src/hook.lib.php:1012
356
+ #: src/hook.lib.php:1042 src/settings-general.php:416 src/settings-general.php:417 src/settings-general.php:418
357
+ #: src/settings-general.php:419 src/settings-general.php:420 src/settings-webinfo.php:40
 
 
358
  msgid "unknown"
359
  msgstr ""
360
 
361
+ #: src/hook.lib.php:83 src/hook.lib.php:109 src/hook.lib.php:1002 src/hook.lib.php:1013 src/hook.lib.php:1043
 
362
  msgid "user@domain.com"
363
  msgstr ""
364
 
365
  #: src/hook.lib.php:91
366
  #, php-format
367
+ msgid "User added to website; user_id: %s; role: %s; blog_id: %s; name: %s; email: %s"
 
 
368
  msgstr ""
369
 
370
  #: src/hook.lib.php:117
371
  #, php-format
372
+ msgid "User removed from website; user_id: %s; blog_id: %s; name: %s; email: %s"
 
373
  msgstr ""
374
 
375
+ #: src/hook.lib.php:134 src/hook.lib.php:229 src/hook.lib.php:296 src/hook.lib.php:408 src/hook.lib.php:533
376
+ #: src/hook.lib.php:744 src/hook.lib.php:770 src/hook.lib.php:870 src/hook.lib.php:912 src/lastlogins-failed.php:251
 
 
377
  msgid "Unknown"
378
  msgstr ""
379
 
413
 
414
  #: src/hook.lib.php:326
415
  #, php-format
416
+ msgid "The value of the option <b>%s</b> was changed from <b>'%s'</b> to <b>'%s'</b>.<br>\n"
 
 
417
  msgstr ""
418
 
419
  #: src/hook.lib.php:332
574
 
575
  #: src/hook.lib.php:1022
576
  #, php-format
577
+ msgid "User account edited; ID: %s; name: %s; old_name: %s; email: %s; old_email: %s; roles: %s; old_roles: %s"
 
 
578
  msgstr ""
579
 
580
  #: src/hook.lib.php:1054
587
  msgid "Widget %s (%s) %s %s (#%d; size %dx%d)"
588
  msgstr ""
589
 
590
+ #: src/integrity.lib.php:113 src/settings-general.php:46 src/settings-general.php:602 src/settings-posthack.php:58
 
591
  msgid "You need to confirm that you understand the risk of this operation."
592
  msgstr ""
593
 
612
  msgstr ""
613
 
614
  #: src/integrity.lib.php:228
615
+ msgid "Server is not fast enough to process this action; maximum execution time reached"
 
 
616
  msgstr ""
617
 
618
  #: src/integrity.lib.php:234
627
 
628
  #: src/integrity.lib.php:321
629
  msgid ""
630
+ "The plugin has no permission to delete this file because it was created by a different system user who has more privileges "
631
+ "than your account. Please use FTP to delete it."
 
632
  msgstr ""
633
 
634
  #: src/integrity.lib.php:323
635
  msgid ""
636
+ "The plugin has no permission to restore this file because it was modified by a different system user who has more "
637
+ "privileges than your account. Please use FTP to restore it."
 
638
  msgstr ""
639
 
640
  #: src/integrity.lib.php:325
641
  msgid ""
642
+ "The plugin has no permission to restore this file because its directory is owned by a different system user who has more "
643
+ "privileges than your account. Please use FTP to restore it."
 
644
  msgstr ""
645
 
646
+ #: src/integrity.lib.php:405 src/strings.php:477 src/strings.php:479
647
  msgid "WordPress Integrity Diff Utility"
648
  msgstr ""
649
 
658
 
659
  #: src/interface.lib.php:240
660
  msgid ""
661
+ "API service communication is disabled, if you just updated the plugin this might be a good opportunity to test this "
662
+ "feature once again with the new code. Enable it again from the \"API Service\" panel located in the settings page."
 
 
663
  msgstr ""
664
 
665
  #: src/interface.lib.php:253
666
  msgid ""
667
+ "Do you want to get vulnerability disclosures? Subscribe to our newsletter <a href=\"http://sucuri.hs-sites.com/subscribe-"
668
+ "to-security\" target=\"_blank\" rel=\"noopener\">here</a>"
 
669
  msgstr ""
670
 
671
  #: src/interface.lib.php:266
683
 
684
  #: src/interface.lib.php:288
685
  msgid ""
686
+ "WordPress CSRF verification failed. The submitted form is missing an important unique code that prevents the execution of "
687
+ "automated malicious scanners. Go back and try again. If you did not submit a form, this error message could be an "
688
+ "indication of an incompatibility between this plugin and another add-on; one of them is inserting data into the global "
689
+ "POST variable when the HTTP request is coming via GET. Disable them one by one (while reloading this page) to find the "
690
+ "culprit."
 
 
691
  msgstr ""
692
 
693
+ #: src/lastlogins-failed.php:349 src/lastlogins-failed.php:373 src/strings.php:154 src/strings.php:167 src/strings.php:180
694
+ #: src/strings.php:192 src/strings.php:412
 
695
  msgid "Username"
696
  msgstr ""
697
 
698
+ #: src/lastlogins-failed.php:350 src/lastlogins-failed.php:374
699
  msgid "Password"
700
  msgstr ""
701
 
702
+ #: src/lastlogins-failed.php:351 src/lastlogins-failed.php:375 src/strings.php:81 src/strings.php:160 src/strings.php:168
703
+ #: src/strings.php:181 src/strings.php:195 src/strings.php:274
 
704
  msgid "IP Address"
705
  msgstr ""
706
 
707
+ #: src/lastlogins-failed.php:352 src/lastlogins-failed.php:376
708
  msgid "Attempt Timestamp"
709
  msgstr ""
710
 
711
+ #: src/lastlogins-failed.php:353 src/lastlogins-failed.php:377
712
  msgid "Attempt Date/Time"
713
  msgstr ""
714
 
715
+ #: src/lastlogins.php:129
716
  #, php-format
717
  msgid "Last-logins data file is not writable: <code>%s</code>"
718
  msgstr ""
719
 
720
+ #: src/lastlogins.php:305
721
  msgid "Invalid last-logins storage file"
722
  msgstr ""
723
 
724
+ #: src/lastlogins.php:312
725
  msgid "No last-logins data is available"
726
  msgstr ""
727
 
728
+ #: src/lastlogins.php:456
729
  #, php-format
730
+ msgid "Last login was at <b>%s</b> from <b>%s</b> <em>(%s)</em> <a href=\"%s\" target=\"_self\">view all logs</a>"
 
 
731
  msgstr ""
732
 
733
  #: src/mail.lib.php:80
743
  msgid "Sucuri Alert"
744
  msgstr ""
745
 
746
+ #: src/option.lib.php:148 src/settings-alerts.php:209 src/settings-alerts.php:210 src/settings-alerts.php:211
 
747
  #, php-format
748
  msgid "Sucuri Alert, %s, %s, %s"
749
  msgstr ""
760
  msgid "Scripts"
761
  msgstr ""
762
 
763
+ #: src/pagehandler.php:47 src/pagehandler.php:48 src/pagehandler.php:49 src/strings.php:26 src/strings.php:53
764
+ #: src/strings.php:65 src/strings.php:76 src/strings.php:108 src/strings.php:143 src/strings.php:399 src/strings.php:409
765
+ #: src/strings.php:420 src/strings.php:451
 
766
  msgid "Loading..."
767
  msgstr ""
768
 
769
+ #: src/pagehandler.php:100
770
  msgid "Last-Logins logs were successfully reset."
771
  msgstr ""
772
 
773
+ #: src/pagehandler.php:102
774
  msgid "Could not reset the last-logins data file."
775
  msgstr ""
776
 
837
  msgid "n/a"
838
  msgstr ""
839
 
840
+ #: src/settings-alerts.php:208 src/settings-alerts.php:212 src/settings-alerts.php:213
 
841
  #, php-format
842
  msgid "Sucuri Alert, %s, %s"
843
  msgstr ""
923
 
924
  #: src/settings-alerts.php:364
925
  #, php-format
926
+ msgid "Consider brute-force attack after <code>%s</code> failed logins per hour"
 
927
  msgstr ""
928
 
929
  #: src/settings-alerts.php:369
930
  #, php-format
931
  msgid ""
932
+ "The plugin will assume that your website is under a brute-force attack after %s failed logins are detected during the same "
933
+ "hour"
934
  msgstr ""
935
 
936
  #: src/settings-alerts.php:371
942
  msgstr ""
943
 
944
  #: src/settings-alerts.php:397
945
+ msgid "Receive email alerts in HTML <em>(there may be issues with some mail services)</em>"
 
 
946
  msgstr ""
947
 
948
  #: src/settings-alerts.php:398
949
+ msgid "Use WordPress functions to send mails <em>(uncheck to use native PHP functions)</em>"
 
 
950
  msgstr ""
951
 
952
  #: src/settings-alerts.php:399
970
  msgstr ""
971
 
972
  #: src/settings-alerts.php:404
973
+ msgid "Receive email alerts for failed login attempts <em>(you may receive tons of emails)</em>"
 
 
974
  msgstr ""
975
 
976
  #: src/settings-alerts.php:405
977
+ msgid "Receive email alerts for password guessing attacks <em>(summary of failed logins per hour)</em>"
 
 
978
  msgstr ""
979
 
980
  #: src/settings-alerts.php:406
981
+ msgid "Receive email alerts for changes in the post status <em>(configure from Ignore Posts Changes)</em>"
 
 
982
  msgstr ""
983
 
984
  #: src/settings-alerts.php:407
1071
  msgid "List of monitored post-types has been updated"
1072
  msgstr ""
1073
 
1074
+ #: src/settings-alerts.php:574 src/settings-scanner.php:179 src/settings-scanner.php:239 src/strings.php:46
1075
+ #: src/strings.php:159 src/strings.php:171 src/strings.php:184 src/strings.php:277 src/strings.php:382 src/strings.php:473
 
 
1076
  msgid "no data available"
1077
  msgstr ""
1078
 
1079
+ #: src/settings-apiservice.php:36 src/settings-general.php:312 src/settings-general.php:378 src/settings-general.php:425
 
1080
  #: src/settings-integrity.php:80
1081
  msgid "Enabled"
1082
  msgstr ""
1083
 
1084
+ #: src/settings-apiservice.php:37 src/settings-general.php:313 src/settings-general.php:379 src/settings-general.php:426
 
1085
  #: src/settings-integrity.php:81
1086
  msgid "Disable"
1087
  msgstr ""
1095
  msgid "The status of the API service has been changed"
1096
  msgstr ""
1097
 
1098
+ #: src/settings-apiservice.php:63 src/settings-general.php:355 src/settings-general.php:399 src/settings-general.php:460
 
1099
  msgid "Disabled"
1100
  msgstr ""
1101
 
1102
+ #: src/settings-apiservice.php:64 src/settings-general.php:356 src/settings-general.php:400 src/settings-general.php:461
 
1103
  msgid "Enable"
1104
  msgstr ""
1105
 
1138
  msgstr ""
1139
 
1140
  #: src/settings-general.php:100
1141
+ msgid "You must accept the Terms of Service and Privacy Policy in order to request an API key."
 
 
1142
  msgstr ""
1143
 
1144
  #: src/settings-general.php:107
1167
 
1168
  #: src/settings-general.php:165
1169
  #, php-format
1170
+ msgid "Cache to store the system logs obtained from the API service; expires after %s seconds."
 
 
1171
  msgstr ""
1172
 
1173
  #: src/settings-general.php:166
1174
+ msgid "Local queue to store the most recent logs before they are sent to the remote API service."
 
 
1175
  msgstr ""
1176
 
1177
  #: src/settings-general.php:167
1178
+ msgid "Deprecated on 1.8.12; it was used to store a list of blocked user names."
 
1179
  msgstr ""
1180
 
1181
  #: src/settings-general.php:168
1182
  msgid ""
1183
+ "Stores the data for every failed login attempt. The data is moved to \"oldfailedlogins\" every hour during a brute force "
1184
+ "password attack."
1185
  msgstr ""
1186
 
1187
  #: src/settings-general.php:169
1188
  msgid ""
1189
+ "Temporarily stores data to complement the logs during destructive operations like deleting a post, page, comment, etc."
 
1190
  msgstr ""
1191
 
1192
  #: src/settings-general.php:170
1193
+ msgid "Stores a list of files and folders chosen by the user to be ignored by the file system scanner."
 
 
1194
  msgstr ""
1195
 
1196
  #: src/settings-general.php:171
1197
+ msgid "Stores a list of files marked as fixed by the user via the WordPress Integrity tool."
 
 
1198
  msgstr ""
1199
 
1200
  #: src/settings-general.php:172
1201
  msgid ""
1202
+ "Stores the data associated to every successful user login. The data never expires; manually delete if the file is too "
1203
+ "large."
1204
  msgstr ""
1205
 
1206
  #: src/settings-general.php:173
1207
  msgid ""
1208
+ "Stores the data for every failed login attempt after the plugin sends a report about a brute force password attack via "
1209
+ "email."
1210
  msgstr ""
1211
 
1212
  #: src/settings-general.php:174
1213
  #, php-format
1214
+ msgid "Cache to store the data associated to the installed plugins listed in the Post-Hack page. Expires after %s seconds."
 
 
1215
  msgstr ""
1216
 
1217
  #: src/settings-general.php:175
1218
+ msgid "Stores all the options used to configure the functionality and behavior of the plugin."
 
 
1219
  msgstr ""
1220
 
1221
  #: src/settings-general.php:176
1222
  #, php-format
1223
+ msgid "Cache to store the result of the malware scanner. Expires after %s seconds, reset at any time to force a re-scan."
 
 
1224
  msgstr ""
1225
 
1226
  #: src/settings-general.php:177
1227
  msgid ""
1228
+ "Stores a list of IP addresses trusted by the plugin, events triggered by one of these IPs will not be reported to the "
1229
+ "remote monitoring API service."
1230
+ msgstr ""
1231
+
1232
+ #: src/settings-general.php:212
1233
+ #, php-format
1234
+ msgid "%s were deleted."
1235
  msgstr ""
1236
 
1237
+ #: src/settings-general.php:219
1238
  #, php-format
1239
+ msgid "%d out of %d files have been deleted."
1240
  msgstr ""
1241
 
1242
+ #: src/settings-general.php:237 src/settings-posthack.php:308
1243
  msgid "Not Writable"
1244
  msgstr ""
1245
 
1246
+ #: src/settings-general.php:238
1247
  msgid "Does Not Exist"
1248
  msgstr ""
1249
 
1250
+ #: src/settings-general.php:244
1251
  msgid "Exists"
1252
  msgstr ""
1253
 
1254
+ #: src/settings-general.php:250 src/strings.php:330
1255
  msgid "Writable"
1256
  msgstr ""
1257
 
1258
+ #: src/settings-general.php:324
1259
  msgid "Log exporter was disabled"
1260
  msgstr ""
1261
 
1262
+ #: src/settings-general.php:330
1263
  msgid "The log exporter feature has been disabled"
1264
  msgstr ""
1265
 
1266
+ #: src/settings-general.php:332
1267
  msgid "File should not be publicly accessible."
1268
  msgstr ""
1269
 
1270
+ #: src/settings-general.php:334
1271
  msgid "File already exists and will not be overwritten."
1272
  msgstr ""
1273
 
1274
+ #: src/settings-general.php:336
1275
  msgid "File parent directory is not writable."
1276
  msgstr ""
1277
 
1278
+ #: src/settings-general.php:340
1279
  msgid "Log exporter file path was correctly set"
1280
  msgstr ""
1281
 
1282
+ #: src/settings-general.php:346
1283
+ msgid "The log exporter feature has been enabled and the data file was successfully set."
 
 
1284
  msgstr ""
1285
 
1286
+ #: src/settings-general.php:422
1287
  msgid "INVALID"
1288
  msgstr ""
1289
 
1290
+ #: src/settings-general.php:440
1291
  #, php-format
1292
  msgid "DNS lookups for reverse proxy detection <code>%s</code>"
1293
  msgstr ""
1294
 
1295
+ #: src/settings-general.php:445
1296
+ msgid "The status of the DNS lookups for the reverse proxy detection has been changed"
 
 
1297
  msgstr ""
1298
 
1299
+ #: src/settings-general.php:593
1300
  #, php-format
1301
  msgid "%d out of %d option have been successfully imported"
1302
  msgstr ""
1303
 
1304
+ #: src/settings-general.php:599
1305
  msgid "Data is incorrectly encoded"
1306
  msgstr ""
1307
 
1308
+ #: src/settings-general.php:657
1309
  #, php-format
1310
  msgid "Timezone override will use %s"
1311
  msgstr ""
1312
 
1313
+ #: src/settings-general.php:662
1314
  msgid "The timezone for the date and time in the audit logs has been changed"
1315
  msgstr ""
1316
 
1317
+ #: src/settings-hardening.php:100
1318
  msgid ""
1319
+ "The firewall is a premium service that you need purchase at - <a href=\"https://sucuri.net/website-firewall/signup\" "
1320
+ "target=\"_blank\">Sucuri Firewall</a>"
1321
  msgstr ""
1322
 
1323
+ #: src/settings-hardening.php:105
1324
  msgid "Website Firewall Protection"
1325
  msgstr ""
1326
 
1327
+ #: src/settings-hardening.php:106
1328
  msgid ""
1329
+ "A WAF is a protection layer for your web site, blocking all sort of attacks (brute force attempts, DDoS, SQL injections, "
1330
+ "etc) and helping it remain malware and blacklist free. This test checks if your site is using Sucuri Firewall to protect "
1331
+ "your site."
 
1332
  msgstr ""
1333
 
1334
+ #: src/settings-hardening.php:110 src/settings-hardening.php:256 src/settings-hardening.php:315
1335
+ #: src/settings-hardening.php:384 src/settings-hardening.php:416 src/settings-hardening.php:456
1336
+ #: src/settings-hardening.php:549
 
1337
  msgid "Apply Hardening"
1338
  msgstr ""
1339
 
1340
+ #: src/settings-hardening.php:114 src/settings-hardening.php:167 src/settings-hardening.php:248
1341
+ #: src/settings-hardening.php:252 src/settings-hardening.php:307 src/settings-hardening.php:311
1342
+ #: src/settings-hardening.php:376 src/settings-hardening.php:380 src/settings-hardening.php:419
1343
+ #: src/settings-hardening.php:452 src/settings-hardening.php:545
 
 
1344
  msgid "Revert Hardening"
1345
  msgstr ""
1346
 
1347
+ #: src/settings-hardening.php:139
1348
  msgid "Check Updates Now"
1349
  msgstr ""
1350
 
1351
+ #: src/settings-hardening.php:140
1352
  msgid "Verify WordPress Version"
1353
  msgstr ""
1354
 
1355
+ #: src/settings-hardening.php:141
1356
  msgid ""
1357
+ "Why keep your site updated? WordPress is an open-source project which means that with every update the details of the "
1358
+ "changes made to the source code are made public, if there were security fixes then someone with malicious intent can use "
1359
+ "this information to attack any site that has not been upgraded."
 
 
1360
  msgstr ""
1361
 
1362
+ #: src/settings-hardening.php:145
1363
  msgid "WordPress Update Available"
1364
  msgstr ""
1365
 
1366
+ #: src/settings-hardening.php:165
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1367
  msgid "Remove WordPress Version"
1368
  msgstr ""
1369
 
1370
+ #: src/settings-hardening.php:169
1371
  msgid ""
1372
+ "It checks if your WordPress version is being leaked to the public via a HTML meta-tag. Many web vulnerability scanners use "
1373
+ "this to determine which version of the code is running in your website. They use this to find disclosed vulnerabilities "
1374
+ "associated to this version number. A vulnerability scanner can still guess which version of WordPress is installed by "
1375
+ "comparing the checksum of some static files."
 
 
1376
  msgstr ""
1377
 
1378
+ #: src/settings-hardening.php:189
1379
  msgid ""
1380
+ "Read the official WordPress guidelines to learn how to restrict access to PHP files in sensitive directories - <a href="
1381
+ "\"https://codex.wordpress.org/Nginx#Global_restrictions_file\" target=\"_blank\" rel=\"noopener\">Nginx Global "
1382
+ "Restrictions For WordPress</a>"
 
1383
  msgstr ""
1384
 
1385
+ #: src/settings-hardening.php:193
1386
  msgid "Block of Certain PHP Files"
1387
  msgstr ""
1388
 
1389
+ #: src/settings-hardening.php:196
1390
  msgid "Check Hardening"
1391
  msgstr ""
1392
 
1393
+ #: src/settings-hardening.php:197 src/settings-hardening.php:243 src/settings-hardening.php:302
1394
+ #: src/settings-hardening.php:371
1395
  msgid ""
1396
+ "Block the execution of PHP files in sensitive directories. Be careful while applying this hardening option as there are "
1397
+ "many plugins and theme which rely on the ability to execute PHP files in the content directory to generate images or save "
1398
+ "temporary data. Use the \"Whitelist PHP Files\" tool to add exceptions to individual files."
 
 
1399
  msgstr ""
1400
 
1401
+ #: src/settings-hardening.php:224 src/settings-hardening.php:225
1402
  msgid "Hardening applied to the uploads directory"
1403
  msgstr ""
1404
 
1405
+ #: src/settings-hardening.php:227 src/settings-hardening.php:286 src/settings-hardening.php:353
 
1406
  msgid "Error hardening directory, check the permissions."
1407
  msgstr ""
1408
 
1409
+ #: src/settings-hardening.php:235 src/settings-hardening.php:236
1410
  msgid "Hardening reverted in the uploads directory"
1411
  msgstr ""
1412
 
1413
+ #: src/settings-hardening.php:238 src/settings-hardening.php:297 src/settings-hardening.php:366
 
1414
  msgid "Access file is not writable, check the permissions."
1415
  msgstr ""
1416
 
1417
+ #: src/settings-hardening.php:242
1418
  msgid "Block PHP Files in Uploads Directory"
1419
  msgstr ""
1420
 
1421
+ #: src/settings-hardening.php:283 src/settings-hardening.php:284
1422
  msgid "Hardening applied to the content directory"
1423
  msgstr ""
1424
 
1425
+ #: src/settings-hardening.php:294 src/settings-hardening.php:295
1426
  msgid "Hardening reverted in the content directory"
1427
  msgstr ""
1428
 
1429
+ #: src/settings-hardening.php:301
1430
  msgid "Block PHP Files in WP-CONTENT Directory"
1431
  msgstr ""
1432
 
1433
+ #: src/settings-hardening.php:347 src/settings-hardening.php:348
1434
  msgid "Hardening applied to the library directory"
1435
  msgstr ""
1436
 
1437
+ #: src/settings-hardening.php:363 src/settings-hardening.php:364
1438
  msgid "Hardening reverted in the library directory"
1439
  msgstr ""
1440
 
1441
+ #: src/settings-hardening.php:370
1442
  msgid "Block PHP Files in WP-INCLUDES Directory"
1443
  msgstr ""
1444
 
1445
+ #: src/settings-hardening.php:403
1446
  #, php-format
1447
  msgid "Cannot delete <code>%s/readme.html</code>"
1448
  msgstr ""
1449
 
1450
+ #: src/settings-hardening.php:405 src/settings-hardening.php:406
1451
  msgid "Hardening applied to the <code>readme.html</code> file"
1452
  msgstr ""
1453
 
1454
+ #: src/settings-hardening.php:410
1455
  msgid "Information Leakage"
1456
  msgstr ""
1457
 
1458
+ #: src/settings-hardening.php:411
1459
  msgid ""
1460
+ "Checks if the WordPress README file still exists in the website. The information in this file can be used by malicious "
1461
+ "users to pin-point which disclosed vulnerabilities are associated to the website. Be aware that WordPress recreates this "
1462
+ "file automatically with every update."
 
1463
  msgstr ""
1464
 
1465
+ #: src/settings-hardening.php:446
1466
  msgid "Default Admin Account"
1467
  msgstr ""
1468
 
1469
+ #: src/settings-hardening.php:447
1470
  msgid ""
1471
+ "Check if the primary user account still uses the name \"admin\". This allows malicious users to easily identify which "
1472
+ "account has the highest privileges to target an attack."
 
1473
  msgstr ""
1474
 
1475
+ #: src/settings-hardening.php:476 src/settings-hardening.php:507 src/settings-posthack.php:63
 
1476
  msgid "WordPress configuration file was not found."
1477
  msgstr ""
1478
 
1479
+ #: src/settings-hardening.php:478 src/settings-hardening.php:509 src/settings-posthack.php:76
 
1480
  msgid "WordPress configuration file is not writable."
1481
  msgstr ""
1482
 
1483
+ #: src/settings-hardening.php:498 src/settings-hardening.php:499
1484
  msgid "Hardening applied to the plugin and theme editor"
1485
  msgstr ""
1486
 
1487
+ #: src/settings-hardening.php:527
1488
  msgid ""
1489
+ "File Editor was not disabled using this tool. You must scan your project for a constant defined as DISALLOW_FILE_EDIT, "
1490
+ "then either delete it or set its value to False. Any plugin/theme can disable the file editor, so it is impossible to "
1491
+ "determine the origin of the constant."
 
1492
  msgstr ""
1493
 
1494
+ #: src/settings-hardening.php:533 src/settings-hardening.php:534
1495
  msgid "Hardening reverted in the plugin and theme editor"
1496
  msgstr ""
1497
 
1498
+ #: src/settings-hardening.php:539
1499
  msgid "Plugin and Theme Editor"
1500
  msgstr ""
1501
 
1502
+ #: src/settings-hardening.php:540
1503
  msgid ""
1504
+ "Disables the theme and plugin editors to prevent unwanted modifications to the code. If you are having problems reverting "
1505
+ "this please open the wp-config.php file and delete the line with the constant DISALLOW_FILE_EDIT."
 
1506
  msgstr ""
1507
 
1508
+ #: src/settings-hardening.php:591
1509
  msgid "The file has been whitelisted from the hardening"
1510
  msgstr ""
1511
 
1512
+ #: src/settings-hardening.php:596
1513
  msgid "Specified folder is not hardened by this plugin"
1514
  msgstr ""
1515
 
1516
+ #: src/settings-hardening.php:610
1517
  msgid "Selected files have been removed"
1518
  msgstr ""
1519
 
1765
 
1766
  #: src/strings.php:51
1767
  msgid ""
1768
+ "The firewall logs every request involved in an attack and separates them from the legitimate requests. You can analyze the "
1769
+ "data from the latest entries in the logs using this tool and take action either enabling the advanced features of the IDS "
1770
+ "<em>(Intrusion Detection System)</em> from the <a href=\"https://waf.sucuri.net/?settings\" target=\"_blank\" rel="
1771
+ "\"noopener\">Firewall Dashboard</a> and/or blocking IP addresses and URL paths directly from the <a href=\"https://waf."
1772
+ "sucuri.net/?audit\" target=\"_blank\" rel=\"noopener\">Firewall Audit Trails</a> page."
 
 
 
1773
  msgstr ""
1774
 
1775
  #: src/strings.php:52
1776
  msgid "Non-blocked requests are hidden from the logs, this is intentional."
1777
  msgstr ""
1778
 
1779
+ #: src/strings.php:54 src/strings.php:75 src/strings.php:128 src/strings.php:215 src/strings.php:221 src/strings.php:228
1780
+ #: src/strings.php:236 src/strings.php:248 src/strings.php:255 src/strings.php:265 src/strings.php:272 src/strings.php:284
1781
+ #: src/strings.php:297 src/strings.php:337 src/strings.php:355 src/strings.php:365 src/strings.php:371 src/strings.php:377
1782
+ #: src/strings.php:416 src/strings.php:429 src/strings.php:453 src/strings.php:460 src/strings.php:525
 
 
 
 
1783
  msgid "Submit"
1784
  msgstr ""
1785
 
1786
+ #: src/strings.php:57 src/strings.php:202
1787
  msgid "Date/Time:"
1788
  msgstr ""
1789
 
1821
 
1822
  #: src/strings.php:69
1823
  msgid ""
1824
+ "The firewall offers multiple options to configure the cache level applied to your website. You can either enable the full "
1825
+ "cache which is the recommended setting, or you can set the cache level to minimal which will keep the pages static for a "
1826
+ "couple of minutes, or force the usage of the website headers <em>(only for advanced users)</em>, or in extreme cases where "
1827
+ "you do not need the cache you can simply disable it. Find more information about it in the <a href=\"https://kb.sucuri.net/"
1828
+ "firewall/Performance/caching-options\" target=\"_blank\" rel=\"noopener\">Sucuri Knowledge Base</a> website."
 
 
 
1829
  msgstr ""
1830
 
1831
  #: src/strings.php:70
1832
  msgid ""
1833
+ "Note that the firewall has <a href=\"https://kb.sucuri.net/firewall/Performance/cache-exceptions\" target=\"_blank\" rel="
1834
+ "\"noopener\">special caching rules</a> for Images, CSS, PDF, TXT, JavaScript, media files and a few more extensions that "
1835
+ "are stored on our <a href=\"https://en.wikipedia.org/wiki/Edge_device\" target=\"_blank\" rel=\"noopener\">edge</a>. The "
1836
+ "only way to flush the cache for these files is by clearing the firewall’s cache completely <em>(for the whole website)</"
1837
+ "em>. Due to our caching of JavaScript and CSS files, often, as is best practice, the use of versioning during development "
1838
+ "will ensure updates going live as expected. This is done by adding a query string such as <code>?ver=1.2.3</code> and "
1839
+ "incrementing on each update."
 
 
 
 
1840
  msgstr ""
1841
 
1842
  #: src/strings.php:71
1843
  msgid ""
1844
+ "A web cache (or HTTP cache) is an information technology for the temporary storage (caching) of web documents, such as "
1845
+ "HTML pages and images, to reduce bandwidth usage, server load, and perceived lag. A web cache system stores copies of "
1846
+ "documents passing through it; subsequent requests may be satisfied from the cache if certain conditions are met. A web "
1847
+ "cache system can refer either to an appliance, or to a computer program. &mdash; <a href=\"https://en.wikipedia.org/wiki/"
1848
+ "Web_cache\" target=\"_blank\" rel=\"noopener\">WikiPedia - Web Cache</a>"
 
 
 
1849
  msgstr ""
1850
 
1851
+ #: src/strings.php:74 src/strings.php:88 src/strings.php:172 src/strings.php:186 src/strings.php:258 src/strings.php:278
1852
+ #: src/strings.php:320 src/strings.php:331 src/strings.php:383
 
1853
  msgid "Delete"
1854
  msgstr ""
1855
 
1859
 
1860
  #: src/strings.php:78
1861
  msgid ""
1862
+ "This tool allows you to whitelist and blacklist one or more IP addresses from accessing your website. You can also "
1863
+ "configure the plugin to automatically blacklist any IP address involved in a password guessing brute-force attack. If a "
1864
+ "legitimate user fails to submit the correct credentials of their account they will have to log into the Firewall dashboard "
1865
+ "in order to delete their IP address from the blacklist, or try to login once again through a VPN."
 
 
 
1866
  msgstr ""
1867
 
1868
  #: src/strings.php:79
1879
 
1880
  #: src/strings.php:85
1881
  msgid ""
1882
+ "A powerful Web Application Firewall and <b>Intrusion Detection System</b> for any WordPress user and many other platforms. "
1883
+ "This page will help you to configure and monitor your site through the <b>Sucuri Firewall</b>. Once enabled, our firewall "
1884
+ "will act as a shield, protecting your site from attacks and preventing malware infections and reinfections. It will block "
1885
+ "SQL injection attempts, brute force attacks, XSS, RFI, backdoors and many other threats against your site."
 
 
 
1886
  msgstr ""
1887
 
1888
  #: src/strings.php:86
1889
  msgid ""
1890
+ "Add your <a href=\"https://waf.sucuri.net/?settings&panel=api\" target=\"_blank\" rel=\"noopener\">Firewall API key</a> in "
1891
+ "the form below to start communicating with the firewall API service."
 
1892
  msgstr ""
1893
 
1894
  #: src/strings.php:87
1899
  msgid "Save"
1900
  msgstr ""
1901
 
1902
+ #: src/strings.php:90 src/strings.php:387 src/strings.php:395 src/strings.php:425 src/strings.php:436 src/strings.php:447
 
1903
  msgid "Name"
1904
  msgstr ""
1905
 
1906
+ #: src/strings.php:91 src/strings.php:437
1907
  msgid "Value"
1908
  msgstr ""
1909
 
1910
  #: src/strings.php:92
1911
  msgid ""
1912
+ "<em>[1]</em> More information about the <a href=\"https://sucuri.net/website-firewall/\" target=\"_blank\" rel=\"noopener"
1913
+ "\">Sucuri Firewall</a>, features and pricing.<br><em>[2]</em> Instructions and videos in the official <a href=\"https://kb."
1914
+ "sucuri.net/firewall\" target=\"_blank\" rel=\"noopener\">Knowledge Base</a> site.<br><em>[3]</em> <a href=\"https://login."
1915
+ "sucuri.net/signup2/create?CloudProxy\" target=\"_blank\" rel=\"noopener\">Sign up</a> for a new account and start "
1916
+ "protecting your site."
 
 
1917
  msgstr ""
1918
 
1919
  #: src/strings.php:97
1927
  #: src/strings.php:102 src/strings.php:113 src/strings.php:142
1928
  #, php-format
1929
  msgid ""
1930
+ "We inspect your WordPress installation and look for modifications on the core files as provided by WordPress.org. Files "
1931
+ "located in the root directory, wp-admin and wp-includes will be compared against the files distributed with v%%SUCURI."
1932
+ "WordPressVersion%%; all files with inconsistencies will be listed here. Any changes might indicate a hack."
 
 
1933
  msgstr ""
1934
 
1935
  #: src/strings.php:103
1938
 
1939
  #: src/strings.php:104
1940
  msgid ""
1941
+ "We have not identified additional files, deleted files, or relevant changes to the core files in your WordPress "
1942
+ "installation. If you are experiencing other malware issues, please use a <a href=\"https://sucuri.net/website-security/"
1943
+ "malware-removal\" target=\"_blank\" rel=\"noopener\">Server Side Scanner</a>."
 
 
1944
  msgstr ""
1945
 
1946
  #: src/strings.php:105 src/strings.php:116
1949
 
1950
  #: src/strings.php:109
1951
  msgid ""
1952
+ "Lines with a <b>minus</b> sign as the prefix <em>(here in red)</em> show the original code. Lines with a <b>plus</b> sign "
1953
+ "as the prefix <em>(here in green)</em> show the modified code. You can read more about the DIFF format from the WikiPedia "
1954
+ "article about the <a target=\"_blank\" href=\"https://en.wikipedia.org/wiki/Diff_utility\" rel=\"noopener\">Unix Diff "
1955
+ "Utility</a>."
 
1956
  msgstr ""
1957
 
1958
  #: src/strings.php:114
1961
 
1962
  #: src/strings.php:115 src/strings.php:132
1963
  msgid ""
1964
+ "We identified that some of your WordPress core files were modified. That might indicate a hack or a broken file on your "
1965
+ "installation. If you are experiencing other malware issues, please use a <a href=\"https://sucuri.net/website-security/"
1966
+ "malware-removal\" target=\"_blank\" rel=\"noopener\">Server Side Scanner</a>."
 
 
1967
  msgstr ""
1968
 
1969
  #: src/strings.php:117 src/strings.php:133
1973
 
1974
  #: src/strings.php:118
1975
  msgid ""
1976
+ "The Unix Diff Utility is enabled. You can click the files in the table to see the differences detected by the scanner. If "
1977
+ "you consider the differences to be harmless you can mark the file as fixed, otherwise it is advised to restore the "
1978
+ "original content immediately."
 
1979
  msgstr ""
1980
 
1981
+ #: src/strings.php:119 src/strings.php:226 src/strings.php:239 src/strings.php:256 src/strings.php:273 src/strings.php:326
1982
+ #: src/strings.php:378 src/strings.php:411 src/strings.php:424 src/strings.php:446 src/strings.php:461 src/strings.php:469
 
 
1983
  msgid "Select All"
1984
  msgstr ""
1985
 
1986
+ #: src/strings.php:120 src/strings.php:135 src/strings.php:328
1987
  msgid "File Size"
1988
  msgstr ""
1989
 
1991
  msgid "Modified At"
1992
  msgstr ""
1993
 
1994
+ #: src/strings.php:122 src/strings.php:137 src/strings.php:327 src/strings.php:379 src/strings.php:462 src/strings.php:472
 
1995
  msgid "File Path"
1996
  msgstr ""
1997
 
1998
+ #: src/strings.php:123 src/strings.php:336 src/strings.php:354 src/strings.php:438
 
1999
  msgid "I understand that this operation cannot be reverted."
2000
  msgstr ""
2001
 
2002
+ #: src/strings.php:124 src/strings.php:452
2003
  msgid "Action:"
2004
  msgstr ""
2005
 
2017
 
2018
  #: src/strings.php:129 src/strings.php:138
2019
  msgid ""
2020
+ "Marking one or more files as fixed will force the plugin to ignore them during the next scan, very useful when you find "
2021
+ "false positives. Additionally you can restore the original content of the core files that appear as modified or deleted, "
2022
+ "this will tell the plugin to download a copy of the original files from the official WordPress repository. Deleting a file "
2023
+ "is an irreversible action, be careful."
 
 
2024
  msgstr ""
2025
 
2026
+ #: src/strings.php:134 src/strings.php:329 src/strings.php:428 src/strings.php:435 src/strings.php:463
 
2027
  msgid "Status"
2028
  msgstr ""
2029
 
2039
  msgid "Logged-in Users"
2040
  msgstr ""
2041
 
2042
+ #: src/strings.php:149
2043
+ msgid "Failed Logins"
2044
  msgstr ""
2045
 
2046
  #: src/strings.php:152
2048
  msgstr ""
2049
 
2050
  #: src/strings.php:153
2051
+ msgid "Here you can see a list of all the successful logins of accounts with admin privileges."
 
 
2052
  msgstr ""
2053
 
2054
  #: src/strings.php:155
2059
  msgid "Newest To Oldest"
2060
  msgstr ""
2061
 
2062
+ #: src/strings.php:161 src/strings.php:170 src/strings.php:182
2063
  msgid "Date/Time"
2064
  msgstr ""
2065
 
2066
+ #: src/strings.php:162 src/strings.php:175 src/strings.php:198
2067
  msgid "Edit"
2068
  msgstr ""
2069
 
2080
  msgstr ""
2081
 
2082
  #: src/strings.php:178
2083
+ msgid "Failed logins"
2084
+ msgstr ""
2085
+
2086
+ #: src/strings.php:179
2087
  #, php-format
2088
  msgid ""
2089
+ "This information will be used to determine if your site is being victim of <a href=\"https://kb.sucuri.net/definitions/"
2090
+ "attacks/brute-force/password-guessing\" target=\"_blank\" rel=\"noopener\">Password Guessing Brute Force Attacks</a>. "
2091
+ "These logs will be accumulated and the plugin will send a report via email if there are more than <code>%%SUCURI."
2092
+ "FailedLogins.MaxFailedLogins%%</code> failed login attempts during the same hour, you can change this number from <a href="
2093
+ "\"%%SUCURI.URL.Settings%%#alerts\">here</a>. <b>NOTE:</b> Some <em>\"Two-Factor Authentication\"</em> plugins do not "
2094
+ "follow the same rules that WordPress have to report failed login attempts, so you may not see all the attempts in this "
2095
+ "panel if you have one of these plugins installed."
 
 
 
 
2096
  msgstr ""
2097
 
2098
+ #: src/strings.php:183
2099
  msgid "Web Browser"
2100
  msgstr ""
2101
 
2102
+ #: src/strings.php:185
2103
  msgid "Block"
2104
  msgstr ""
2105
 
2106
+ #: src/strings.php:189
2107
  msgid "Logged-in Users}"
2108
  msgstr ""
2109
 
2110
+ #: src/strings.php:190
2111
  msgid "Here you can see a list of the users that are currently logged-in."
2112
  msgstr ""
2113
 
2114
+ #: src/strings.php:191
2115
  msgid "ID"
2116
  msgstr ""
2117
 
2118
+ #: src/strings.php:193
2119
  msgid "Last Activity"
2120
  msgstr ""
2121
 
2122
+ #: src/strings.php:194 src/strings.php:414
2123
  msgid "Registered"
2124
  msgstr ""
2125
 
2126
+ #: src/strings.php:199 src/strings.php:208 src/strings.php:345
2127
  msgid "Website:"
2128
  msgstr ""
2129
 
2130
+ #: src/strings.php:200 src/strings.php:270
2131
  msgid "IP Address:"
2132
  msgstr ""
2133
 
2134
+ #: src/strings.php:201
2135
  msgid "Reverse IP:"
2136
  msgstr ""
2137
 
2138
+ #: src/strings.php:203
2139
  msgid "Message:"
2140
  msgstr ""
2141
 
2142
+ #: src/strings.php:206
2143
  msgid ""
2144
+ "An API key is required to activate some additional tools available in this plugin. The keys are free and you can virtually "
2145
+ "generate an unlimited number of them as long as the domain name and email address are unique. The key is used to "
2146
+ "authenticate the HTTP requests sent by the plugin to an API service managed by Sucuri Inc."
 
 
2147
  msgstr ""
2148
 
2149
+ #: src/strings.php:207
2150
  msgid ""
2151
+ "If you experience issues generating the API key you can request one by sending the domain name and email address that you "
2152
+ "want to use to <a href=\"mailto:info@sucuri.net\">info@sucuri.net</a>. Note that generating a key for a website that is "
2153
+ "not facing the Internet is not possible because the API service needs to validate that the domain name exists."
 
 
2154
  msgstr ""
2155
 
2156
+ #: src/strings.php:209 src/strings.php:253
2157
  msgid "E-mail:"
2158
  msgstr ""
2159
 
2160
+ #: src/strings.php:210
2161
  msgid "DNS Lookups"
2162
  msgstr ""
2163
 
2164
+ #: src/strings.php:211
2165
  msgid ""
2166
+ "Check the box if your website is behind a known firewall service, this guarantees that the IP address of your visitors "
2167
+ "will be detected correctly for the security logs. You can change this later from the settings."
 
2168
  msgstr ""
2169
 
2170
+ #: src/strings.php:212
2171
  msgid "Enable DNS Lookups On Startup"
2172
  msgstr ""
2173
 
2174
+ #: src/strings.php:213
2175
+ msgid "I agree to the <a target=\"_blank\" href=\"https://sucuri.net/terms\">Terms of Service</a>."
 
 
2176
  msgstr ""
2177
 
2178
+ #: src/strings.php:214
2179
+ msgid "I have read and understand the <a target=\"_blank\" href=\"https://sucuri.net/privacy\">Privacy Policy</a>."
 
 
2180
  msgstr ""
2181
 
2182
+ #: src/strings.php:218
2183
  msgid "Password Guessing Brute Force Attacks"
2184
  msgstr ""
2185
 
2186
+ #: src/strings.php:219
2187
  msgid ""
2188
+ "<a href=\"https://kb.sucuri.net/definitions/attacks/brute-force/password-guessing\" target=\"_blank\" rel=\"noopener"
2189
+ "\">Password guessing brute force attacks</a> are very common against web sites and web servers. They are one of the most "
2190
+ "common vectors used to compromise web sites. The process is very simple and the attackers basically try multiple "
2191
+ "combinations of usernames and passwords until they find one that works. Once they get in, they can compromise the web site "
2192
+ "with malware, spam , phishing or anything else they want."
 
 
 
2193
  msgstr ""
2194
 
2195
+ #: src/strings.php:220
2196
  msgid "Consider Brute-Force Attack After:"
2197
  msgstr ""
2198
 
2199
+ #: src/strings.php:224
2200
  msgid "Security Alerts"
2201
  msgstr ""
2202
 
2203
+ #: src/strings.php:225
2204
  msgid ""
2205
+ "You have installed a plugin or theme that is not fully compatible with our plugin, some of the security alerts (like the "
2206
+ "successful and failed logins) will not be sent to you. To prevent an infinite loop while detecting these changes in the "
2207
+ "website and sending the email alerts via a custom SMTP plugin, we have decided to stop any attempt to send the emails to "
2208
+ "prevent fatal errors."
 
 
2209
  msgstr ""
2210
 
2211
+ #: src/strings.php:227
2212
  msgid "Event"
2213
  msgstr ""
2214
 
2215
+ #: src/strings.php:231
2216
  msgid "Post-Type Alerts"
2217
  msgstr ""
2218
 
2219
+ #: src/strings.php:232
2220
  msgid ""
2221
+ "It seems that you disabled the email alerts for <b>new site content</b>, this panel is intended to provide a way to ignore "
2222
+ "specific events in your site and with that the alerts reported to your email. Since you have deactivated the <b>new site "
2223
+ "content</b> alerts, this panel will be disabled too."
 
 
2224
  msgstr ""
2225
 
2226
+ #: src/strings.php:233
2227
  msgid ""
2228
+ "This is a list of registered <a href=\"https://codex.wordpress.org/Post_Types\" target=\"_blank\" rel=\"noopener\">Post "
2229
+ "Types</a>. You will receive an email alert when a custom page or post associated to any of these types is created or "
2230
+ "updated. If you don’t want to receive one or more of these alerts, feel free to uncheck the boxes in the table below. If "
2231
+ "you are receiving alerts for post types that are not listed in this table, it may be because there is an add-on that that "
2232
+ "is generating a custom post-type on runtime, you will have to find out by yourself what is the unique ID of that post-type "
2233
+ "and type it in the form below. The plugin will do its best to ignore these alerts as long as the unique ID is valid."
 
 
 
 
2234
  msgstr ""
2235
 
2236
+ #: src/strings.php:234
2237
  msgid "Stop Alerts For This Post-Type:"
2238
  msgstr ""
2239
 
2240
+ #: src/strings.php:235
2241
  msgid "e.g. unique_post_type_id"
2242
  msgstr ""
2243
 
2244
+ #: src/strings.php:237
2245
  msgid "Show Post-Types Table"
2246
  msgstr ""
2247
 
2248
+ #: src/strings.php:238
2249
  msgid "Hide Post-Types Table"
2250
  msgstr ""
2251
 
2252
+ #: src/strings.php:240
2253
  msgid "Post Type"
2254
  msgstr ""
2255
 
2256
+ #: src/strings.php:241
2257
  msgid "Post Type ID"
2258
  msgstr ""
2259
 
2260
+ #: src/strings.php:242
2261
  msgid "Ignored At (optional)"
2262
  msgstr ""
2263
 
2264
+ #: src/strings.php:245
2265
  msgid "Alerts Per Hour"
2266
  msgstr ""
2267
 
2268
+ #: src/strings.php:246
2269
  msgid ""
2270
+ "Configure the maximum number of email alerts per hour. If the number is exceeded and the plugin detects more events during "
2271
+ "the same hour, it will still log the events into the audit logs but will not send the email alerts. Be careful with this "
2272
+ "as you will miss important information."
 
2273
  msgstr ""
2274
 
2275
+ #: src/strings.php:247
2276
  msgid "Maximum Alerts Per Hour:"
2277
  msgstr ""
2278
 
2279
+ #: src/strings.php:251
2280
  msgid "Alerts Recipient"
2281
  msgstr ""
2282
 
2283
+ #: src/strings.php:252
2284
  msgid ""
2285
+ "By default, the plugin will send the email alerts to the primary admin account, the same account created during the "
2286
+ "installation of WordPress in your web server. You can add more people to the list, they will receive a copy of the same "
2287
+ "security alerts."
 
2288
  msgstr ""
2289
 
2290
+ #: src/strings.php:254
2291
  msgid "e.g. user@example.com"
2292
  msgstr ""
2293
 
2294
+ #: src/strings.php:257 src/strings.php:413
2295
  msgid "E-mail"
2296
  msgstr ""
2297
 
2298
+ #: src/strings.php:259
2299
  msgid "Test Alerts"
2300
  msgstr ""
2301
 
2302
+ #: src/strings.php:262
2303
  msgid "Alert Subject"
2304
  msgstr ""
2305
 
2306
+ #: src/strings.php:263
2307
  msgid ""
2308
+ "Format of the subject for the email alerts, by default the plugin will use the website name and the event identifier that "
2309
+ "is being reported, you can use this panel to include the IP address of the user that triggered the event and some "
2310
+ "additional data. You can create filters in your email client creating a custom email subject using the pseudo-tags shown "
2311
+ "below."
 
2312
  msgstr ""
2313
 
2314
+ #: src/strings.php:264
2315
  msgid "Custom Format"
2316
  msgstr ""
2317
 
2318
+ #: src/strings.php:268
2319
  msgid "Trusted IP Addresses"
2320
  msgstr ""
2321
 
2322
+ #: src/strings.php:269
2323
  msgid ""
2324
+ "If you are working in a LAN <em>(Local Area Network)</em> you may want to include the IP addresses of all the nodes in the "
2325
+ "subnet, this will force the plugin to stop sending email alerts about actions executed from trusted IP addresses. Use the "
2326
+ "CIDR <em>(Classless Inter Domain Routing)</em> format to specify ranges of IP addresses <em>(only 8, 16, and 24)</em>."
 
 
2327
  msgstr ""
2328
 
2329
+ #: src/strings.php:271
2330
  msgid "e.g. 182.120.56.0/24"
2331
  msgstr ""
2332
 
2333
+ #: src/strings.php:275
2334
  msgid "CIDR Format"
2335
  msgstr ""
2336
 
2337
+ #: src/strings.php:276
2338
  msgid "IP Added At"
2339
  msgstr ""
2340
 
2341
+ #: src/strings.php:281
2342
  msgid ""
2343
+ "If this operation was successful you will receive a message in the email used during the registration of the API key "
2344
+ "<em>(usually the email of the main admin user)</em>. This message contains the key in plain text, copy and paste the key "
2345
+ "in the form field below. The plugin will verify the authenticity of the key sending an initial HTTP request to the API "
2346
+ "service, if this fails the key will be removed automatically and you will have to start the process all over again."
 
 
 
2347
  msgstr ""
2348
 
2349
+ #: src/strings.php:282
2350
  msgid ""
2351
+ "There are cases where this operation may fail, an example would be when the email address is not associated with the "
2352
+ "domain anymore, this happens when the base URL changes <em>(from www to none or viceversa)</em>. If you are having issues "
2353
+ "recovering the key please send an email explaining the situation to <a href=\"mailto:info@sucuri.net\">info@sucuri.net</a>"
 
 
2354
  msgstr ""
2355
 
2356
+ #: src/strings.php:283 src/strings.php:321
2357
  msgid "API Key:"
2358
  msgstr ""
2359
 
2360
+ #: src/strings.php:287
2361
  msgid ""
2362
+ "Congratulations! The rest of the features available in the plugin have been enabled. This product is designed to "
2363
+ "supplement existing security products. It’s not a silver bullet for your security needs, but it’ll give you greater "
 
2364
  "security awareness and better posture, all with the intent of reducing risk."
2365
  msgstr ""
2366
 
2367
+ #: src/strings.php:288
2368
  msgid ""
2369
+ "Your website has been granted a new API key and it was associated to the email address that you chose during the "
2370
+ "registration process. You can use the same email to recover the key if you happen to lose it sometime. We encourage you to "
2371
+ "check the rest of the settings page and configure the plugin to your own needs."
 
 
2372
  msgstr ""
2373
 
2374
+ #: src/strings.php:293 src/strings.php:295
2375
  msgid "WordPress Checksums API"
2376
  msgstr ""
2377
 
2378
+ #: src/strings.php:294
2379
  msgid ""
2380
+ "The WordPress integrity tool uses a remote API service maintained by the WordPress organization to determine which files "
2381
+ "in the installation were added, removed or modified. The API returns a list of files with their respective checksums, this "
2382
+ "information guarantees that the installation is not corrupt. You can, however, point the integrity tool to a GitHub "
2383
+ "repository in case that you are using a custom version of WordPress like the <a href=\"https://github.com/WordPress/"
2384
+ "WordPress\" target=\"_blank\" rel=\"noopener\">development version of the code</a>."
 
 
 
2385
  msgstr ""
2386
 
2387
+ #: src/strings.php:296
2388
  msgid "e.g. URL — or — user/repo"
2389
  msgstr ""
2390
 
2391
+ #: src/strings.php:300
2392
  msgid "API Communication via Proxy"
2393
  msgstr ""
2394
 
2395
+ #: src/strings.php:301
2396
  msgid ""
2397
+ "All the HTTP requests used to communicate with the API service are being sent using the WordPress built-in functions, so "
2398
+ "(almost) all its official features are inherited, this is useful if you need to pass these HTTP requests through a proxy. "
2399
+ "According to the <a href=\"https://developer.wordpress.org/reference/classes/wp_http_proxy/\" target=\"_blank\" rel="
2400
+ "\"noopener\">official documentation</a> you have to add some constants to the main configuration file: <em>WP_PROXY_HOST, "
2401
+ "WP_PROXY_PORT, WP_PROXY_USERNAME, WP_PROXY_PASSWORD</em>."
 
 
 
2402
  msgstr ""
2403
 
2404
+ #: src/strings.php:302
2405
  msgid "HTTP Proxy Hostname"
2406
  msgstr ""
2407
 
2408
+ #: src/strings.php:303
2409
  msgid "HTTP Proxy Port num"
2410
  msgstr ""
2411
 
2412
+ #: src/strings.php:304
2413
  msgid "HTTP Proxy Username"
2414
  msgstr ""
2415
 
2416
+ #: src/strings.php:305
2417
  msgid "HTTP Proxy Password"
2418
  msgstr ""
2419
 
2420
+ #: src/strings.php:308 src/strings.php:498
2421
  msgid "API Service Communication"
2422
  msgstr ""
2423
 
2424
+ #: src/strings.php:309
2425
  msgid ""
2426
+ "Once the API key is generate the plugin will communicate with a remote API service that will act as a safe data storage "
2427
+ "for the audit logs generated when the website triggers certain events that the plugin monitors. If the website is hacked "
2428
+ "the attacker will not have access to these logs and that way you can investigate what was modified <em>(for malware "
2429
+ "infaction)</em> and/or how the malicious person was able to gain access to the website."
 
 
2430
  msgstr ""
2431
 
2432
+ #: src/strings.php:310
2433
  #, php-format
2434
  msgid ""
2435
+ "Disabling the API service communication will stop the event monitoring, consider to enable the <a href=\"%%SUCURI.URL."
2436
+ "Settings%%#general\">Log Exporter</a> to keep the monitoring working while the HTTP requests are ignored, otherwise an "
2437
+ "attacker may execute an action that will not be registered in the security logs and you will not have a way to investigate "
 
 
2438
  "the attack in the future."
2439
  msgstr ""
2440
 
2441
+ #: src/strings.php:311
2442
  msgid ""
2443
+ "<strong>Are you a developer?</strong> You may be interested in our API. Feel free to use the URL shown below to access the "
2444
+ "latest 50 entries in your security log, change the value for the parameter <code>l=N</code> if you need more. Be aware "
2445
+ "that the API doesn’t provides an offset parameter, so if you have the intention to query specific sections of the log you "
2446
+ "will need to wrap the HTTP request around your own cache mechanism. We <strong>DO NOT</strong> take feature requests for "
2447
+ "the API, this is a semi-private service tailored for the specific needs of the plugin and not intended to be used by 3rd-"
2448
+ "party apps, we may change the behavior of each API endpoint without previous notice, use it at your own risk."
 
 
 
 
2449
  msgstr ""
2450
 
2451
+ #: src/strings.php:314
2452
  msgid "API Key"
2453
  msgstr ""
2454
 
2455
+ #: src/strings.php:315
2456
  msgid ""
2457
+ "An API key is required to prevent attackers from deleting audit logs that can help you investigate and recover after a "
2458
+ "hack, and allows the plugin to display statistics. By generating an API key, you agree that Sucuri will collect and store "
2459
+ "anonymous data about your website. We take your privacy seriously."
 
 
2460
  msgstr ""
2461
 
2462
+ #: src/strings.php:316
2463
  #, php-format
2464
  msgid ""
2465
+ "Your domain <code>%%SUCURI.CleanDomain%%</code> does not seems to have a DNS <code>A</code> record so it will be "
2466
+ "considered as <em>invalid</em> by the API interface when you request the generation of a new key. Adding <code>www</code> "
2467
+ "at the beginning of the domain name may fix this issue. If you do not understand what is this then send an email to our "
2468
+ "support team requesting the key."
 
 
2469
  msgstr ""
2470
 
2471
+ #: src/strings.php:317
2472
  msgid "Recover Via E-mail"
2473
  msgstr ""
2474
 
2475
+ #: src/strings.php:318
2476
  msgid "Manual Activation"
2477
  msgstr ""
2478
 
2479
+ #: src/strings.php:319
2480
  msgid ""
2481
+ "If you do not have access to the administrator email, you can reinstall the plugin. The API key is generated using an "
2482
+ "administrator email and the domain of the website. Click the \"Manual Activation\" button if you already have a valid API "
2483
+ "key to authenticate this website with the remote API web service."
 
2484
  msgstr ""
2485
 
2486
+ #: src/strings.php:324
2487
  msgid "Data Storage"
2488
  msgstr ""
2489
 
2490
+ #: src/strings.php:325
2491
  msgid ""
2492
+ "This is the directory where the plugin will store the security logs, the list of files marked as fixed in the core "
2493
+ "integrity tool, the cache for the malware scanner and 3rd-party plugin metadata. The plugin requires write permissions in "
2494
+ "this directory as well as the files contained in it. If you prefer to keep these files in a non-public directory <em>(one "
2495
+ "level up the document root)</em> please define a constant in the <em>\"wp-config.php\"</em> file named <em>"
2496
+ "\"SUCURI_DATA_STORAGE\"</em> with the absolute path to the new directory."
 
 
 
2497
  msgstr ""
2498
 
2499
+ #: src/strings.php:334
2500
  msgid "Import &amp; Export Settings"
2501
  msgstr ""
2502
 
2503
+ #: src/strings.php:335
2504
  msgid ""
2505
+ "Copy the JSON-encoded data from the box below, go to your other websites and click the <em>\"Import\"</em> button in the "
2506
+ "settings page. The plugin will start using the same settings from this website. Notice that some options are omitted as "
2507
+ "they contain values specific to this website. To import the settings from another website into this one, replace the JSON-"
2508
+ "encoded data in the box below with the JSON-encoded data exported from the other website, then click the button <em>"
2509
+ "\"Import\"</em>. Notice that some options will not be imported to reduce the security risk of writing arbitrary data into "
2510
+ "the disk."
 
 
 
2511
  msgstr ""
2512
 
2513
+ #: src/strings.php:340
2514
  msgid "IP Address Discoverer"
2515
  msgstr ""
2516
 
2517
+ #: src/strings.php:341
2518
  msgid ""
2519
+ "IP address discoverer will use DNS lookups to automatically detect if the website is behind the <a href=\"https://sucuri."
2520
+ "net/website-firewall/\" target=\"_blank\" rel=\"noopener\">Sucuri Firewall</a>, in which case it will modify the global "
2521
+ "server variable <em>Remote-Addr</em> to set the real IP of the website’s visitors. This check runs on every WordPress init "
2522
+ "action and that is why it may slow down your website as some hosting providers rely on slow DNS servers which makes the "
2523
+ "operation take more time than it should."
 
 
2524
  msgstr ""
2525
 
2526
+ #: src/strings.php:342
2527
  msgid "HTTP Header:"
2528
  msgstr ""
2529
 
2530
+ #: src/strings.php:343
2531
  msgid "Proceed"
2532
  msgstr ""
2533
 
2534
+ #: src/strings.php:344
2535
  msgid "Sucuri Firewall"
2536
  msgstr ""
2537
 
2538
+ #: src/strings.php:346
2539
  msgid "Top Level Domain:"
2540
  msgstr ""
2541
 
2542
+ #: src/strings.php:347
2543
  msgid "Hostname:"
2544
  msgstr ""
2545
 
2546
+ #: src/strings.php:348
2547
  msgid "IP Address (Hostname):"
2548
  msgstr ""
2549
 
2550
+ #: src/strings.php:349
2551
  msgid "IP Address (Username):"
2552
  msgstr ""
2553
 
2554
+ #: src/strings.php:352
2555
  msgid "Reset Security Logs, Hardening and Settings"
2556
  msgstr ""
2557
 
2558
+ #: src/strings.php:353
2559
  msgid ""
2560
+ "This action will trigger the deactivation / uninstallation process of the plugin. All local security logs, hardening and "
2561
+ "settings will be deleted. Notice that the security logs stored in the API service will not be deleted, this is to prevent "
2562
+ "tampering from a malicious user. You can request a new API key if you want to start from scratch."
 
 
2563
  msgstr ""
2564
 
2565
+ #: src/strings.php:358
2566
  msgid "Reverse Proxy"
2567
  msgstr ""
2568
 
2569
+ #: src/strings.php:359
2570
  msgid ""
2571
+ "The event monitor uses the API address of the origin of the request to track the actions. The plugin uses two methods to "
2572
+ "retrieve this: the main method uses the global server variable <em>Remote-Addr</em> available in most modern web servers, "
2573
+ "and an alternative method uses custom HTTP headers <em>(which are unsafe by default)</em>. You should not worry about this "
2574
+ "option unless you know what a reverse proxy is. Services like the <a href=\"https://sucuri.net/website-firewall/\" target="
2575
+ "\"_blank\" rel=\"noopener\">Sucuri Firewall</a> &mdash; once active &mdash; force the network traffic to pass through them "
2576
+ "to filter any security threat that may affect the original server. A side effect of this is that the real IP address is no "
2577
+ "longer available in the global server variable <em>Remote-Addr</em> but in a custom HTTP header with a name provided by "
2578
+ "the service."
 
 
 
 
2579
  msgstr ""
2580
 
2581
+ #: src/strings.php:362
2582
  msgid "Log Exporter"
2583
  msgstr ""
2584
 
2585
+ #: src/strings.php:363
2586
  msgid ""
2587
+ "This option allows you to export the WordPress audit logs to a local log file that can be read by a SIEM or any log "
2588
+ "analysis software <em>(we recommend OSSEC)</em>. That will give visibility from within WordPress to complement your log "
2589
+ "monitoring infrastructure. <b>NOTE:</b> Do not use a publicly accessible file, you must use a file at least one level up "
2590
+ "the document root to prevent leaks of information."
 
 
2591
  msgstr ""
2592
 
2593
+ #: src/strings.php:364 src/strings.php:376
2594
  msgid "File Path:"
2595
  msgstr ""
2596
 
2597
+ #: src/strings.php:368
2598
  msgid "Timezone Override"
2599
  msgstr ""
2600
 
2601
+ #: src/strings.php:369
2602
  msgid ""
2603
+ "This option defines the timezone that will be used through out the entire plugin to print the dates and times whenever is "
2604
+ "necessary. This option also affects the date and time of the logs visible in the audit logs panel which is data that comes "
2605
+ "from a remote server configured to use Eastern Daylight Time (EDT). WordPress offers an option in the general settings "
2606
+ "page to allow you to configure the timezone for the entire website, however, if you are experiencing problems with the "
2607
+ "time in the audit logs, this option will help you fix them."
 
 
 
2608
  msgstr ""
2609
 
2610
+ #: src/strings.php:370
2611
  msgid "Timezone:"
2612
  msgstr ""
2613
 
2614
+ #: src/strings.php:374
2615
  msgid "Whitelist Blocked PHP Files"
2616
  msgstr ""
2617
 
2618
+ #: src/strings.php:375
2619
  msgid ""
2620
+ "After you apply the hardening in either the includes, content, and/or uploads directories, the plugin will add a rule in "
2621
+ "the access control file to deny access to any PHP file located in these folders. This is a good precaution in case an "
2622
+ "attacker is able to upload a shell script. With a few exceptions the <em>\"index.php\"</em> file is the only one that "
2623
+ "should be publicly accessible, however many theme/plugin developers decide to use these folders to process some "
2624
+ "operations. In this case applying the hardening <strong>may break</strong> their functionality."
 
 
 
2625
  msgstr ""
2626
 
2627
+ #: src/strings.php:380
2628
  msgid "Directory"
2629
  msgstr ""
2630
 
2631
+ #: src/strings.php:381
2632
  msgid "Pattern"
2633
  msgstr ""
2634
 
2635
+ #: src/strings.php:386 src/strings.php:394
2636
  msgid ""
2637
+ "WordPress has a big user base in the public Internet, which brings interest to attackers to find vulnerabilities in the "
2638
+ "code, 3rd-party extensions, and themes that other companies develop. You should keep every piece of code installed in your "
2639
+ "website updated to prevent attacks as soon as disclosed vulnerabilities are patched."
 
 
2640
  msgstr ""
2641
 
2642
+ #: src/strings.php:388 src/strings.php:396 src/strings.php:426
2643
  msgid "Version"
2644
  msgstr ""
2645
 
2646
+ #: src/strings.php:389 src/strings.php:397
2647
  msgid "Update"
2648
  msgstr ""
2649
 
2650
+ #: src/strings.php:390 src/strings.php:398
2651
  msgid "Tested With"
2652
  msgstr ""
2653
 
2654
+ #: src/strings.php:393
2655
  msgid "Available Plugin and Theme Updates"
2656
  msgstr ""
2657
 
2658
+ #: src/strings.php:402
2659
  msgid "Download"
2660
  msgstr ""
2661
 
2662
+ #: src/strings.php:405
2663
  msgid ""
2664
+ "WordPress has generated a new (random) password for your account <b>%%SUCURI.ResetPassword.UserName%%</b> at <a target="
2665
+ "\"_blank\" href=\"http://%%SUCURI.ResetPassword.Website%%\" rel=\"noopener\">%%SUCURI.ResetPassword.Website%%</a>. The "
2666
+ "change has been requested by one of the admins in this website for security reasons. Your new password is &mdash; <span "
2667
+ "style=\"font-family:Menlo, Monaco, monospace, serif;font-weight:700\">%%%SUCURI.ResetPassword.Password%%%</span> &mdash; "
2668
+ "please change it as soon as possible."
 
 
2669
  msgstr ""
2670
 
2671
+ #: src/strings.php:408
2672
  msgid "Reset User Password"
2673
  msgstr ""
2674
 
2675
+ #: src/strings.php:410
2676
  msgid ""
2677
+ "You can generate a new random password for the user accounts that you select from the list. An email with the new password "
2678
+ "will be sent to the email address of each chosen user. If you choose to change the password of your own user, then your "
2679
+ "current session will expire immediately. You will need to log back into the admin panel with the new password that will be "
2680
+ "sent to your email."
 
 
2681
  msgstr ""
2682
 
2683
+ #: src/strings.php:415
2684
  msgid "Roles"
2685
  msgstr ""
2686
 
2687
+ #: src/strings.php:419
2688
  msgid "Reset Installed Plugins"
2689
  msgstr ""
2690
 
2691
+ #: src/strings.php:421
2692
  msgid ""
2693
+ "In case you suspect having an infection in your site, or after you got rid of a malicious code, it’s recommended to "
2694
+ "reinstall all the plugins installed in your site, including the ones you are not using. Notice that premium plugins will "
2695
+ "not be automatically reinstalled to prevent backward compatibility issues and problems with licenses."
 
 
2696
  msgstr ""
2697
 
2698
+ #: src/strings.php:422
2699
  #, php-format
2700
  msgid ""
2701
+ "The information shown here is cached for %%SUCURI.ResetPlugin.CacheLifeTime%% seconds. This is necessary to reduce the "
2702
+ "quantity of HTTP requests sent to the WordPress servers and the bandwidth of your site. Currently there is no option to "
2703
+ "recreate this cache."
 
2704
  msgstr ""
2705
 
2706
+ #: src/strings.php:423
2707
  msgid ""
2708
+ "<b>WARNING!</b> This procedure can break your website. The reset will not affect the database nor the settings of each "
2709
+ "plugin, but depending on how they were written the reset action might break them. Be sure to create a backup of the "
2710
+ "plugins directory before the execution of this tool."
 
2711
  msgstr ""
2712
 
2713
+ #: src/strings.php:427
2714
  msgid "Type"
2715
  msgstr ""
2716
 
2717
+ #: src/strings.php:432
2718
  msgid "Update Secret Keys"
2719
  msgstr ""
2720
 
2721
+ #: src/strings.php:433
2722
  msgid ""
2723
+ "The secret or security keys are a list of constants added to your site to ensure better encryption of information stored "
2724
+ "in the user’s cookies. A secret key makes your site harder to hack by adding random elements to the password. You do not "
2725
+ "have to remember the keys, just write a random, complicated, and long string in the <code>wp-config.php</code> file. You "
2726
+ "can change these keys at any point in time. Changing them will invalidate all existing cookies, forcing all logged in "
2727
+ "users to login again."
 
 
2728
  msgstr ""
2729
 
2730
+ #: src/strings.php:434
2731
  msgid "Your current session will expire once the form is submitted."
2732
  msgstr ""
2733
 
2734
+ #: src/strings.php:439
2735
  msgid "Generate New Security Keys"
2736
  msgstr ""
2737
 
2738
+ #: src/strings.php:442
2739
  msgid "Scheduled Tasks"
2740
  msgstr ""
2741
 
2742
+ #: src/strings.php:443
2743
  msgid ""
2744
+ "The plugin scans your entire website looking for changes which are later reported via the API in the audit logs page. By "
2745
+ "default the scanner runs daily but you can change the frequency to meet your requirements. Notice that scanning your "
2746
+ "project files too frequently may affect the performance of your website. Be sure to have enough server resources before "
2747
+ "changing this option. The memory limit and maximum execution time are two of the PHP options that your server will set to "
2748
+ "stop your website from consuming too much resources."
 
 
 
2749
  msgstr ""
2750
 
2751
+ #: src/strings.php:444
2752
  msgid ""
2753
+ "The scanner uses the <a href=\"http://php.net/manual/en/class.splfileobject.php\" target=\"_blank\" rel=\"noopener\">PHP "
2754
+ "SPL library</a> and the <a target=\"_blank\" href=\"http://php.net/manual/en/class.filesystemiterator.php\" rel=\"noopener"
2755
+ "\">Filesystem Iterator</a> class to scan the directory tree where your website is located in the server. This library is "
2756
+ "only available on PHP 5 >= 5.3.0 &mdash; OR &mdash; PHP 7; if you have an older version of PHP the plugin will not work as "
2757
+ "expected. Please ask your hosting provider to advise you on this matter."
 
 
 
2758
  msgstr ""
2759
 
2760
+ #: src/strings.php:445
2761
  msgid ""
2762
+ "Scheduled tasks are rules registered in your database by a plugin, theme, or the base system itself; they are used to "
2763
+ "automatically execute actions defined in the code every certain amount of time. A good use of these rules is to generate "
2764
+ "backup files of your site, execute a security scanner, or remove unused elements like drafts. <b>Note:</b> Scheduled tasks "
2765
+ "can be re-installed by any plugin/theme automatically."
 
 
2766
  msgstr ""
2767
 
2768
+ #: src/strings.php:448
2769
  msgid "Schedule"
2770
  msgstr ""
2771
 
2772
+ #: src/strings.php:449
2773
  msgid "Next Due"
2774
  msgstr ""
2775
 
2776
+ #: src/strings.php:450
2777
  msgid "Arguments"
2778
  msgstr ""
2779
 
2780
+ #: src/strings.php:456
2781
  msgid "Ignore Files And Folders During The Scans"
2782
  msgstr ""
2783
 
2784
+ #: src/strings.php:457
2785
  msgid ""
2786
+ "Use this tool to select the files and/or folders that are too heavy for the scanner to process. These are usually folders "
2787
+ "with images, media files like videos and audios, backups and &mdash; in general &mdash; anything that is not code-related. "
2788
+ "Ignoring these files or folders will reduce the memory consumption of the PHP script."
 
 
2789
  msgstr ""
2790
 
2791
+ #: src/strings.php:458
2792
  msgid "Ignore a file or directory:"
2793
  msgstr ""
2794
 
2795
+ #: src/strings.php:459
2796
  msgid "e.g. /private/directory/"
2797
  msgstr ""
2798
 
2799
+ #: src/strings.php:464
2800
  msgid "Unignore Selected Directories"
2801
  msgstr ""
2802
 
2803
+ #: src/strings.php:467
2804
  msgid "WordPress Integrity (False Positives)"
2805
  msgstr ""
2806
 
2807
+ #: src/strings.php:468
2808
  msgid ""
2809
+ "Since the scanner doesn’t read the files during the execution of the integrity check, it is possible to find false "
2810
+ "positives. Files listed here have been marked as false positives and will be ignored by the scanner in subsequent scans."
 
 
2811
  msgstr ""
2812
 
2813
+ #: src/strings.php:470
2814
  msgid "Reason"
2815
  msgstr ""
2816
 
2817
+ #: src/strings.php:471
2818
  msgid "Ignored At"
2819
  msgstr ""
2820
 
2821
+ #: src/strings.php:474
2822
  msgid "Stop Ignoring the Selected Files"
2823
  msgstr ""
2824
 
2825
+ #: src/strings.php:478
2826
  msgid ""
2827
+ "If your server allows the execution of system commands, you can configure the plugin to use the <a href=\"https://en."
2828
+ "wikipedia.org/wiki/Diff_utility\" target=\"_blank\" rel=\"noopener\">Unix Diff Utility</a> to compare the actual content "
2829
+ "of the file installed in the website and the original file provided by WordPress. This will show the differences between "
2830
+ "both files and then you can act upon the information provided."
 
 
2831
  msgstr ""
2832
 
2833
+ #: src/strings.php:482
2834
  msgid "Environment Variables"
2835
  msgstr ""
2836
 
2837
+ #: src/strings.php:485
2838
  msgid "Access File Integrity"
2839
  msgstr ""
2840
 
2841
+ #: src/strings.php:486
2842
  msgid ""
2843
+ "The <code>.htaccess</code> file is a distributed configuration file, and is how the Apache web server handles "
2844
+ "configuration changes on a per-directory basis. WordPress uses this file to manipulate how Apache serves files from its "
2845
+ "root directory and subdirectories thereof; most notably, it modifies this file to be able to handle pretty permalinks."
 
 
2846
  msgstr ""
2847
 
2848
+ #: src/strings.php:487
2849
  msgid "Htaccess file found in"
2850
  msgstr ""
2851
 
2852
+ #: src/strings.php:488
2853
+ msgid "Your website has no <code>.htaccess</code> file or it was not found in the default location."
 
 
2854
  msgstr ""
2855
 
2856
+ #: src/strings.php:489
2857
+ msgid "Your web server does not support .htaccess files."
2858
+ msgstr ""
2859
+
2860
+ #: src/strings.php:490
2861
  msgid ""
2862
+ "The main <code>.htaccess</code> file in your site has the standard rules for a WordPress installation. You can customize "
2863
+ "it to improve the performance and change the behaviour of the redirections for pages and posts in your site. To get more "
2864
+ "information visit the official documentation at <a target=\"_blank\" rel=\"noopener\" href=\"https://codex.wordpress.org/"
2865
+ "Using_Permalinks#Creating_and_editing_.28.htaccess.29\"> Codex WordPress - Creating and editing (.htaccess)</a>"
 
 
 
2866
  msgstr ""
2867
 
2868
+ #: src/strings.php:491
2869
  msgid "Codex WordPress HTAccess"
2870
  msgstr ""
2871
 
2872
+ #: src/strings.php:493
2873
  msgid "General Settings"
2874
  msgstr ""
2875
 
2876
+ #: src/strings.php:494
2877
  msgid "Scanner"
2878
  msgstr ""
2879
 
2880
+ #: src/strings.php:495
2881
  msgid "Hardening"
2882
  msgstr ""
2883
 
2884
+ #: src/strings.php:496
2885
  msgid "Post-Hack"
2886
  msgstr ""
2887
 
2888
+ #: src/strings.php:497
2889
  msgid "Alerts"
2890
  msgstr ""
2891
 
2892
+ #: src/strings.php:499
2893
  msgid "Website Info"
2894
  msgstr ""
2895
 
2896
+ #: src/strings.php:500
2897
  msgid "Hardening Options"
2898
  msgstr ""
2899
 
2900
+ #: src/strings.php:503
2901
  #, php-format
2902
  msgid "This information will be updated %%SUCURI.SiteCheck.Lifetime%%"
2903
  msgstr ""
2904
 
2905
+ #: src/strings.php:504
2906
  msgid "Refresh Malware Scan"
2907
  msgstr ""
2908
 
2909
+ #: src/strings.php:507
2910
  msgid "No malicious JavaScript"
2911
  msgstr ""
2912
 
2913
+ #: src/strings.php:508
2914
  msgid "No malicious iFrames"
2915
  msgstr ""
2916
 
2917
+ #: src/strings.php:509
2918
  msgid "No suspicious redirections"
2919
  msgstr ""
2920
 
2921
+ #: src/strings.php:510
2922
  msgid "No blackhat SEO spam"
2923
  msgstr ""
2924
 
2925
+ #: src/strings.php:511
2926
  msgid "No anomaly detection"
2927
  msgstr ""
2928
 
2929
+ #: src/strings.php:512
2930
  msgid ""
2931
+ "Some types of problems cannot be detected by this scanner. If this scanner did not detect any issue and you still suspect "
2932
+ "a problem exists, you can <a href=\"https://sucuri.net/website-security-platform/signup\" target=\"_blank\" rel=\"noopener"
2933
+ "\">sign up with Sucuri</a> for a complete and in-depth scan + cleanup (not included in the free checks)."
 
 
2934
  msgstr ""
2935
 
2936
+ #: src/strings.php:515
2937
  msgid "Hover to see the Payload"
2938
  msgstr ""
2939
 
2940
+ #: src/strings.php:518
2941
  msgid "Recommendations"
2942
  msgstr ""
2943
 
2944
+ #: src/strings.php:521 src/strings.php:523
2945
  msgid "Malware Scan Target"
2946
  msgstr ""
2947
 
2948
+ #: src/strings.php:522
2949
  msgid ""
2950
+ "The remote malware scanner provided by the plugin is powered by <a href=\"https://sitecheck.sucuri.net/\" target=\"_blank"
2951
+ "\" rel=\"noopener\">Sucuri SiteCheck</a>, a service that takes a publicly accessible URL and scans it for malicious code. "
2952
+ "If your website is not visible to the Internet, for example, if it is hosted in a local development environment or a "
2953
+ "restricted network, the scanner will not be able to work on it. Additionally, if the website was installed in a non-"
2954
+ "standard directory the scanner will report a \"404 Not Found\" error. You can use this option to change the URL that will "
 
 
 
2955
  "be scanned."
2956
  msgstr ""
2957
 
2958
+ #: src/strings.php:524
2959
  msgid "Malware Scan Target:"
2960
  msgstr ""
2961
 
2962
+ #: src/strings.php:528
2963
  msgid "WordPress Security Recommendations"
2964
  msgstr ""
2965
 
2967
  msgid "Invalid template type"
2968
  msgstr ""
2969
 
2970
+ #: src/wordpress-recommendations.lib.php:63
2971
+ msgid "Implement an SSL Certificate"
2972
+ msgstr ""
2973
+
2974
+ #: src/wordpress-recommendations.lib.php:63
2975
+ msgid ""
2976
+ "SSL certificates help protect the integrity of the data in transit between the host (web server or firewall) and the "
2977
+ "client (web browser)."
2978
+ msgstr ""
2979
+
2980
+ #: src/wordpress-recommendations.lib.php:75
2981
  msgid "Upgrade PHP to a supported version"
2982
  msgstr ""
2983
 
2984
+ #: src/wordpress-recommendations.lib.php:75
2985
+ msgid ""
2986
+ "The PHP version you are using no longer receives security support and could be exposed to unpatched security "
2987
+ "vulnerabilities."
2988
+ msgstr ""
2989
+
2990
+ #: src/wordpress-recommendations.lib.php:88
2991
+ msgid "Missing WordPress Salt & Security Keys"
2992
+ msgstr ""
2993
+
2994
+ #: src/wordpress-recommendations.lib.php:88
2995
+ msgid ""
2996
+ "Consider using WordPress Salt & Security Keys to add an extra layer of protection to the session cookies and credentials."
2997
+ msgstr ""
2998
+
2999
+ #: src/wordpress-recommendations.lib.php:95
3000
+ msgid "WordPress Salt & Security Keys should be updated"
3001
+ msgstr ""
3002
+
3003
+ #: src/wordpress-recommendations.lib.php:95
3004
+ msgid ""
3005
+ "Updating WordPress Salt & Security Keys after a compromise and on a regular basis, at least once a year, reduces the risks "
3006
+ "of session hijacking."
3007
+ msgstr ""
3008
+
3009
+ #: src/wordpress-recommendations.lib.php:108
3010
+ msgid "Admin/Administrator username still exists"
3011
+ msgstr ""
3012
+
3013
+ #: src/wordpress-recommendations.lib.php:108
3014
+ msgid ""
3015
+ "Using a unique username and removing the default admin/administrator account make it more difficult for attackers to brute "
3016
+ "force your WordPress."
3017
+ msgstr ""
3018
+
3019
+ #: src/wordpress-recommendations.lib.php:121
3020
+ msgid "Use super admin account only when needed"
3021
+ msgstr ""
3022
+
3023
+ #: src/wordpress-recommendations.lib.php:121
3024
+ msgid "Create an Editor account instead of always using the super-admin to reduce the damage in case of session hijacking."
3025
+ msgstr ""
3026
+
3027
+ #: src/wordpress-recommendations.lib.php:149
3028
+ msgid "Unable to detect a popular 2FA plugin"
3029
+ msgstr ""
3030
+
3031
+ #: src/wordpress-recommendations.lib.php:149
3032
+ msgid "Do you have another 2FA solution in place? If not, it's recommended that you add a 2FA plugin to protect your website."
3033
+ msgstr ""
3034
+
3035
+ #: src/wordpress-recommendations.lib.php:167
3036
+ msgid "Remove unwanted/unused extensions"
3037
+ msgstr ""
3038
+
3039
+ #: src/wordpress-recommendations.lib.php:167
3040
+ msgid "Keeping unwanted themes and plugins increases the chance of a compromise, even if they are disabled."
3041
+ msgstr ""
3042
+
3043
+ #: src/wordpress-recommendations.lib.php:179
3044
+ msgid "Decrease the number of plugins"
3045
+ msgstr ""
3046
+
3047
+ #: src/wordpress-recommendations.lib.php:179
3048
+ msgid "The greater the number of plugins installed, the greater the risk of infection and performance issues."
3049
+ msgstr ""
3050
+
3051
+ #: src/wordpress-recommendations.lib.php:195
3052
+ msgid "Unable to detect a popular backup plugin"
3053
+ msgstr ""
3054
+
3055
+ #: src/wordpress-recommendations.lib.php:195
3056
+ msgid "Do you have another backup solution in place? If not, it\'s recommended that you add a backup plugin "
3057
+ "to recover your website when needed."
3058
+ msgstr ""
3059
+
3060
+ #: src/wordpress-recommendations.lib.php:207
3061
+ msgid "Disable file editing"
3062
+ msgstr ""
3063
+
3064
+ #: src/wordpress-recommendations.lib.php:207
3065
+ msgid "Using \"DISALLOW_FILE_EDIT\" helps prevent an attacker from changing your files through WordPress backend."
3066
+ msgstr ""
3067
+
3068
+ #: src/wordpress-recommendations.lib.php:219
3069
+ msgid "Disable WordPress debug mode"
3070
+ msgstr ""
3071
+
3072
+ #: src/wordpress-recommendations.lib.php:219
3073
+ msgid ""
3074
+ "When \"WP_DEBUG\" is set to true, it will cause all PHP errors, notices and warnings to be displayed which can expose "
3075
+ "sensitive information."
3076
+ msgstr ""
3077
+
3078
+ #: src/wordpress-recommendations.lib.php:236
3079
+ msgid "Prevent PHP direct execution on sensitive directories"
3080
+ msgstr ""
3081
+
3082
+ #: src/wordpress-recommendations.lib.php:236
3083
+ msgid ""
3084
+ "Directories such as \"wp-content\" and \"wp-includes\" are generally not intended to be accessed by any user, consider "
3085
+ "hardening them via Sucuri Security -> Settings -> Hardening."
3086
  msgstr ""
3087
 
3088
+ #: src/wordpress-recommendations.lib.php:249
3089
  msgid ""
3090
+ "Your WordPress install is following <a href=\"https://sucuri.net/guides/wordpress-security\" target=\"_blank\" rel="
3091
+ "\"noopener\">the security best practices</a>."
3092
  msgstr ""
3093
 
3094
+ #: sucuri.php:317
3095
  msgid "Sucuri plugin has been uninstalled"
3096
  msgstr ""
3097
 
3105
 
3106
  #. Description of the plugin/theme
3107
  msgid ""
3108
+ "The <a href=\"https://sucuri.net/\" target=\"_blank\">Sucuri</a> plugin provides the website owner the best Activity "
3109
+ "Auditing, SiteCheck Remote Malware Scanning, Effective Security Hardening and Post-Hack features. SiteCheck will check for "
3110
+ "malware, spam, blacklisting and other security issues like .htaccess redirects, hidden eval code, etc. The best thing "
3111
+ "about it is it's completely free."
 
 
3112
  msgstr ""
3113
 
3114
  #. Author of the plugin/theme
readme.txt CHANGED
@@ -3,8 +3,8 @@ Contributors: dd@sucuri.net
3
  Donate Link: https://sucuri.net/
4
  Tags: malware, security, firewall, scan, spam, virus, sucuri, protection, blacklist, detection, hardening, file integrity
5
  Requires at least: 3.6
6
- Tested up to: 5.2
7
- Stable tag: 1.8.21
8
 
9
  The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.
10
 
@@ -190,6 +190,21 @@ This version adds an option to refresh the malware scan results on demand, as we
190
 
191
  == Changelog ==
192
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
193
  = 1.8.21 =
194
  * Add WordPress Security Recommendations section in the dashboard
195
  * Add PHP version check
3
  Donate Link: https://sucuri.net/
4
  Tags: malware, security, firewall, scan, spam, virus, sucuri, protection, blacklist, detection, hardening, file integrity
5
  Requires at least: 3.6
6
+ Tested up to: 5.2.3
7
+ Stable tag: 1.8.22
8
 
9
  The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.
10
 
190
 
191
  == Changelog ==
192
 
193
+ = 1.8.22 =
194
+ * Add "SSL existence check" to WordPress Security Recommendations
195
+ * Add "Salt & Security Keys existence check" to WordPress Security Recommendations
196
+ * Add "Salt & Security Keys age check" to WordPress Security Recommendations
197
+ * Add "Admin account check" to WordPress Security Recommendations
198
+ * Add "Single super-admin check" to WordPress Security Recommendations
199
+ * Add "Too many plugins check" to WordPress Security Recommendations
200
+ * Add "File editing check" to WordPress Security Recommendations
201
+ * Add "WordPress debug check" to WordPress Security Recommendations
202
+ * Add "Basic hardening check" to WordPress Security Recommendations
203
+ * Add a delete button on Last Logins sections
204
+ * Add register of logs removal on Audit Logs
205
+ * Fix display of Access File Integrity on NGINX/IIS servers
206
+ * Remove PHP version check from hardening page
207
+
208
  = 1.8.21 =
209
  * Add WordPress Security Recommendations section in the dashboard
210
  * Add PHP version check
src/event.lib.php CHANGED
@@ -722,4 +722,49 @@ class SucuriScanEvent extends SucuriScan
722
 
723
  return $resp;
724
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
725
  }
722
 
723
  return $resp;
724
  }
725
+
726
+ /**
727
+ * Clear last logins or failed login logs.
728
+ *
729
+ * This can also be done via Sucuri Security -> Settings -> Data Storage,
730
+ * however to improve the user experience, a button on Last Logins and on
731
+ * Failed logins sections was added and it triggers the removal of
732
+ * sucuri/sucuri-lastlogins.php and sucuri/sucuri-failedlogins.php.
733
+ *
734
+ * @param string $filename Name of the file to be deleted.
735
+ *
736
+ * @return HTML Message with the delete action outcome.
737
+ */
738
+ public static function clearLastLogs($filename)
739
+ {
740
+ // Get the complete path of the file.
741
+ $filepath = SucuriScan::dataStorePath($filename);
742
+
743
+ // Do not proceed if not possible.
744
+ if (!is_writable(dirname($filepath)) || is_dir($filepath)) {
745
+ return SucuriScanInterface::error(
746
+ sprintf(
747
+ __('%s cannot be deleted.', 'sucuri-scanner'),
748
+ $filename
749
+ )
750
+ );
751
+ }
752
+
753
+ // Delete $filepath.
754
+ @unlink($filepath);
755
+
756
+ // Register on audit logs and return result.
757
+ SucuriScanEvent::reportInfoEvent(
758
+ sprintf(
759
+ __('%s was deleted.', 'sucuri-scanner'),
760
+ $filename
761
+ )
762
+ );
763
+ return SucuriScanInterface::info(
764
+ sprintf(
765
+ __('%s was deleted.', 'sucuri-scanner'),
766
+ $filename
767
+ )
768
+ );
769
+ }
770
  }
src/lastlogins-failed.php CHANGED
@@ -45,6 +45,11 @@ function sucuriscan_failed_logins_panel()
45
  $page_offset = ($page_number - 1) * $max_per_page;
46
  $page_limit = ($page_offset + $max_per_page);
47
 
 
 
 
 
 
48
  $max_failed_logins = SucuriScanOption::getOption(':maximum_failed_logins');
49
  $notify_bruteforce_attack = SucuriScanOption::getOption(':notify_bruteforce_attack');
50
  $failed_logins = sucuriscan_get_all_failed_logins($page_offset, $max_per_page);
45
  $page_offset = ($page_number - 1) * $max_per_page;
46
  $page_limit = ($page_offset + $max_per_page);
47
 
48
+ // Clear failed login logins when delete button is pressed.
49
+ if (SucuriScanInterface::checkNonce() && SucuriScanRequest::post(':delete_failedlogins')) {
50
+ SucuriScanEvent::clearLastLogs('sucuri-failedlogins.php');
51
+ }
52
+
53
  $max_failed_logins = SucuriScanOption::getOption(':maximum_failed_logins');
54
  $notify_bruteforce_attack = SucuriScanOption::getOption(':notify_bruteforce_attack');
55
  $failed_logins = sucuriscan_get_all_failed_logins($page_offset, $max_per_page);
src/lastlogins.php CHANGED
@@ -119,6 +119,11 @@ function sucuriscan_lastlogins_all()
119
  'UserList.NoItemsVisibility' => 'visible',
120
  );
121
 
 
 
 
 
 
122
  if (!sucuriscan_lastlogins_datastore_is_writable()) {
123
  $fpath = SucuriScan::escape(sucuriscan_lastlogins_datastore_filepath());
124
  SucuriScanInterface::error(sprintf(__('Last-logins data file is not writable: <code>%s</code>', 'sucuri-scanner'), $fpath));
119
  'UserList.NoItemsVisibility' => 'visible',
120
  );
121
 
122
+ // Clear last login logins when delete button is pressed.
123
+ if (SucuriScanInterface::checkNonce() && SucuriScanRequest::post(':delete_lastlogins')) {
124
+ SucuriScanEvent::clearLastLogs('sucuri-lastlogins.php');
125
+ }
126
+
127
  if (!sucuriscan_lastlogins_datastore_is_writable()) {
128
  $fpath = SucuriScan::escape(sucuriscan_lastlogins_datastore_filepath());
129
  SucuriScanInterface::error(sprintf(__('Last-logins data file is not writable: <code>%s</code>', 'sucuri-scanner'), $fpath));
src/pagehandler.php CHANGED
@@ -52,7 +52,7 @@ function sucuriscan_page()
52
  $params['SiteCheck.Recommendations'] = '<div id="sucuriscan-recommendations"></div>';
53
 
54
  /* load data for the WordPress best practices section */
55
- $params['WordPress.Recommendations'] = SucuriWordPressRecomendations::pageWordPressRecommendations();
56
 
57
  if (SucuriScanRequest::get(':sitecheck_refresh') !== false) {
58
  $params['SiteCheck.Refresh'] = 'true';
@@ -147,7 +147,6 @@ function sucuriscan_settings_page()
147
  /* settings - hardening */
148
  $params['Settings.Hardening.Firewall'] = SucuriScanHardeningPage::firewall();
149
  $params['Settings.Hardening.WPVersion'] = SucuriScanHardeningPage::wpversion();
150
- $params['Settings.Hardening.PHPVersion'] = SucuriScanHardeningPage::phpversion();
151
  $params['Settings.Hardening.RemoveGenerator'] = SucuriScanHardeningPage::wpgenerator();
152
  $params['Settings.Hardening.NginxPHPFPM'] = SucuriScanHardeningPage::nginxphp();
153
  $params['Settings.Hardening.WPUploads'] = SucuriScanHardeningPage::wpuploads();
52
  $params['SiteCheck.Recommendations'] = '<div id="sucuriscan-recommendations"></div>';
53
 
54
  /* load data for the WordPress best practices section */
55
+ $params['WordPress.Recommendations'] = SucuriWordPressRecommendations::pageWordPressRecommendations();
56
 
57
  if (SucuriScanRequest::get(':sitecheck_refresh') !== false) {
58
  $params['SiteCheck.Refresh'] = 'true';
147
  /* settings - hardening */
148
  $params['Settings.Hardening.Firewall'] = SucuriScanHardeningPage::firewall();
149
  $params['Settings.Hardening.WPVersion'] = SucuriScanHardeningPage::wpversion();
 
150
  $params['Settings.Hardening.RemoveGenerator'] = SucuriScanHardeningPage::wpgenerator();
151
  $params['Settings.Hardening.NginxPHPFPM'] = SucuriScanHardeningPage::nginxphp();
152
  $params['Settings.Hardening.WPUploads'] = SucuriScanHardeningPage::wpuploads();
src/settings-general.php CHANGED
@@ -206,9 +206,17 @@ function sucuriscan_settings_general_datastorage($nonce)
206
  }
207
  }
208
 
 
 
 
 
 
 
 
 
209
  SucuriScanInterface::info(
210
  sprintf(
211
- __('%d out of %d files has been deleted', 'sucuri-scanner'),
212
  $deleted,
213
  count($filenames)
214
  )
206
  }
207
  }
208
 
209
+ // Register on audit logs and return result.
210
+ SucuriScanEvent::reportInfoEvent(
211
+ sprintf(
212
+ __('%s were deleted.', 'sucuri-scanner'),
213
+ implode(', ', $filenames)
214
+ )
215
+ );
216
+
217
  SucuriScanInterface::info(
218
  sprintf(
219
+ __('%d out of %d files have been deleted.', 'sucuri-scanner'),
220
  $deleted,
221
  count($filenames)
222
  )
src/settings-hardening.php CHANGED
@@ -151,49 +151,6 @@ class SucuriScanHardeningPage extends SucuriScan
151
  return self::drawSection($params);
152
  }
153
 
154
- /**
155
- * Checks if the server is using a modern PHP version.
156
- *
157
- * Each release branch of PHP is fully supported for two years from its
158
- * initial stable release. During this period, bugs and security issues that
159
- * have been reported are fixed and are released in regular point releases.
160
- * After this two year period of active support, each branch is then
161
- * supported for an additional year for critical security issues only.
162
- * Releases during this period are made on an as-needed basis: there may be
163
- * multiple point releases, or none, depending on the number of reports.
164
- * Once the three years of support are completed, the branch reaches its end
165
- * of life and is no longer supported.
166
- *
167
- * @see http://php.net/supported-versions.php
168
- *
169
- * @return HTML with the information about this hardening option.
170
- */
171
- public static function phpversion()
172
- {
173
- $params = array();
174
-
175
- if (self::processRequest(__FUNCTION__)) {
176
- SucuriScanInterface::error(
177
- __('Ask your hosting provider to install an updated version of PHP - <a href="http://php.net/supported-versions.php" target="_blank" rel="noopener">List of PHP Supported Versions</a>', 'sucuri-scanner')
178
- );
179
- }
180
-
181
- $params['Hardening.FieldName'] = __FUNCTION__;
182
- $params['Hardening.Title'] = __('Verify PHP Version', 'sucuri-scanner');
183
- $params['Hardening.Description'] = sprintf(__('PHP %s is installed.', 'sucuri-scanner'), PHP_VERSION);
184
-
185
- if (intval(version_compare(PHP_VERSION, '7.1.0') >= 0)) {
186
- $params['Hardening.Status'] = 1;
187
- $params['Hardening.FieldAttrs'] = 'disabled';
188
- $params['Hardening.FieldText'] = __('Revert Hardening', 'sucuri-scanner');
189
- } else {
190
- $params['Hardening.Status'] = 0;
191
- $params['Hardening.FieldText'] = __('Apply Hardening', 'sucuri-scanner');
192
- }
193
-
194
- return self::drawSection($params);
195
- }
196
-
197
  /**
198
  * Notify the state of the hardening for the removal of the Generator tag in
199
  * HTML code printed by WordPress to show the current version number of the
151
  return self::drawSection($params);
152
  }
153
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
154
  /**
155
  * Notify the state of the hardening for the removal of the Generator tag in
156
  * HTML code printed by WordPress to show the current version number of the
src/settings-webinfo.php CHANGED
@@ -117,17 +117,22 @@ function sucuriscan_settings_webinfo_details()
117
  */
118
  function sucuriscan_settings_webinfo_htaccess()
119
  {
 
120
  $htaccess = SucuriScan::getHtaccessPath();
121
  $params = array(
122
  'HTAccess.Content' => '',
123
  'HTAccess.TextareaVisible' => 'hidden',
124
  'HTAccess.StandardVisible' => 'hidden',
125
  'HTAccess.NotFoundVisible' => 'hidden',
 
126
  'HTAccess.FoundVisible' => 'hidden',
127
  'HTAccess.Fpath' => 'unknown',
128
  );
129
 
130
- if ($htaccess) {
 
 
 
131
  $rules = SucuriScanFileInfo::fileContent($htaccess);
132
 
133
  $params['HTAccess.TextareaVisible'] = 'visible';
117
  */
118
  function sucuriscan_settings_webinfo_htaccess()
119
  {
120
+
121
  $htaccess = SucuriScan::getHtaccessPath();
122
  $params = array(
123
  'HTAccess.Content' => '',
124
  'HTAccess.TextareaVisible' => 'hidden',
125
  'HTAccess.StandardVisible' => 'hidden',
126
  'HTAccess.NotFoundVisible' => 'hidden',
127
+ 'HTAccess.NotApache' => 'hidden',
128
  'HTAccess.FoundVisible' => 'hidden',
129
  'HTAccess.Fpath' => 'unknown',
130
  );
131
 
132
+ // If it's not Apache, do not based the analysis on htaccess file.
133
+ if (SucuriScan::isNginxServer() || SucuriScan::isIISServer()) {
134
+ $params['HTAccess.NotApache'] = 'visible';
135
+ } elseif ($htaccess) {
136
  $rules = SucuriScanFileInfo::fileContent($htaccess);
137
 
138
  $params['HTAccess.TextareaVisible'] = 'visible';
src/sitecheck.lib.php CHANGED
@@ -353,53 +353,31 @@ class SucuriScanSiteCheck extends SucuriScanAPI
353
  */
354
  public static function recommendations()
355
  {
356
- $params = array();
357
  $data = self::scanAndCollectData();
358
- $sechead = array(
359
- 'x-content-type-options' => 'X-Content-Type-Options Header',
360
- 'x-frame-options' => 'X-Frame-Options Security Header',
361
- 'x-xss-protection' => 'X-XSS-Protection Security Header',
362
- );
363
 
 
364
  $params['Recommendations.Content'] = '';
365
- $params['Recommendations.Color'] = 'green';
366
-
367
- if (isset($data['RECOMMENDATIONS'])) {
368
- foreach ($data['RECOMMENDATIONS'] as $recommendation) {
369
- if (count($recommendation) < 3) {
370
- continue;
371
- }
372
-
373
- if (stripos($recommendation[0], 'x-content-type')) {
374
- unset($sechead['x-content-type-options']);
375
- }
376
 
377
- if (stripos($recommendation[0], 'x-frame-options')) {
378
- unset($sechead['x-frame-options']);
379
- }
380
-
381
- if (stripos($recommendation[0], 'x-xss-protection')) {
382
- unset($sechead['x-xss-protection']);
383
- }
384
-
385
- $params['Recommendations.Color'] = 'blue';
386
- $params['Recommendations.Content'] .= SucuriScanTemplate::getSnippet(
387
- 'sitecheck-recommendations',
388
- array(
389
- 'Recommendations.Title' => $recommendation[0],
390
- 'Recommendations.Value' => $recommendation[1],
391
- 'Recommendations.URL' => $recommendation[2],
392
- )
393
- );
394
  }
395
- }
396
 
397
- foreach ($sechead as $header => $message) {
398
- $params['Recommendations.Content'] .=
399
- '<li class="sucuriscan-sitecheck-list-INFO">'
400
- . $message . '</li>';
 
 
 
 
401
  }
402
-
403
  return SucuriScanTemplate::getSection('sitecheck-recommendations', $params);
404
  }
405
 
353
  */
354
  public static function recommendations()
355
  {
 
356
  $data = self::scanAndCollectData();
357
+
358
+ if (!isset($data['RECOMMENDATIONS'])) {
359
+ return;
360
+ }
 
361
 
362
+ $params = array();
363
  $params['Recommendations.Content'] = '';
364
+ $params['Recommendations.Color'] = 'blue';
 
 
 
 
 
 
 
 
 
 
365
 
366
+ foreach ($data['RECOMMENDATIONS'] as $recommendation) {
367
+ if (count($recommendation) < 3) {
368
+ continue;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
369
  }
 
370
 
371
+ $params['Recommendations.Content'] .= SucuriScanTemplate::getSnippet(
372
+ 'sitecheck-recommendations',
373
+ array(
374
+ 'Recommendations.Title' => $recommendation[0],
375
+ 'Recommendations.Value' => $recommendation[1],
376
+ 'Recommendations.URL' => $recommendation[2],
377
+ )
378
+ );
379
  }
380
+
381
  return SucuriScanTemplate::getSection('sitecheck-recommendations', $params);
382
  }
383
 
src/strings.php CHANGED
@@ -146,7 +146,7 @@ __('Loading...', 'sucuri-scanner');
146
  __('All Users', 'sucuri-scanner');
147
  __('Admins', 'sucuri-scanner');
148
  __('Logged-in Users', 'sucuri-scanner');
149
- __('Failed logins', 'sucuri-scanner');
150
 
151
  // lastlogins-admins.html.tpl
152
  __('Successful Logins (admins)', 'sucuri-scanner');
@@ -169,6 +169,7 @@ __('IP Address', 'sucuri-scanner');
169
  __('Hostname', 'sucuri-scanner');
170
  __('Date/Time', 'sucuri-scanner');
171
  __('no data available', 'sucuri-scanner');
 
172
 
173
  // lastlogins-all.snippet.tpl
174
  __('Edit', 'sucuri-scanner');
@@ -182,6 +183,7 @@ __('Date/Time', 'sucuri-scanner');
182
  __('Web Browser', 'sucuri-scanner');
183
  __('no data available', 'sucuri-scanner');
184
  __('Block', 'sucuri-scanner');
 
185
 
186
  // lastlogins-loggedin.html.tpl
187
  __('Logged-in Users}', 'sucuri-scanner');
@@ -484,6 +486,7 @@ __('Access File Integrity', 'sucuri-scanner');
484
  __('The <code>.htaccess</code> file is a distributed configuration file, and is how the Apache web server handles configuration changes on a per-directory basis. WordPress uses this file to manipulate how Apache serves files from its root directory and subdirectories thereof; most notably, it modifies this file to be able to handle pretty permalinks.', 'sucuri-scanner');
485
  __('Htaccess file found in', 'sucuri-scanner');
486
  __('Your website has no <code>.htaccess</code> file or it was not found in the default location.', 'sucuri-scanner');
 
487
  __('The main <code>.htaccess</code> file in your site has the standard rules for a WordPress installation. You can customize it to improve the performance and change the behaviour of the redirections for pages and posts in your site. To get more information visit the official documentation at <a target="_blank" rel="noopener" href="https://codex.wordpress.org/Using_Permalinks#Creating_and_editing_.28.htaccess.29"> Codex WordPress - Creating and editing (.htaccess)</a>', 'sucuri-scanner');
488
  __('Codex WordPress HTAccess', 'sucuri-scanner');
489
 
146
  __('All Users', 'sucuri-scanner');
147
  __('Admins', 'sucuri-scanner');
148
  __('Logged-in Users', 'sucuri-scanner');
149
+ __('Failed Logins', 'sucuri-scanner');
150
 
151
  // lastlogins-admins.html.tpl
152
  __('Successful Logins (admins)', 'sucuri-scanner');
169
  __('Hostname', 'sucuri-scanner');
170
  __('Date/Time', 'sucuri-scanner');
171
  __('no data available', 'sucuri-scanner');
172
+ __('Delete', 'sucuri-scanner');
173
 
174
  // lastlogins-all.snippet.tpl
175
  __('Edit', 'sucuri-scanner');
183
  __('Web Browser', 'sucuri-scanner');
184
  __('no data available', 'sucuri-scanner');
185
  __('Block', 'sucuri-scanner');
186
+ __('Delete', 'sucuri-scanner');
187
 
188
  // lastlogins-loggedin.html.tpl
189
  __('Logged-in Users}', 'sucuri-scanner');
486
  __('The <code>.htaccess</code> file is a distributed configuration file, and is how the Apache web server handles configuration changes on a per-directory basis. WordPress uses this file to manipulate how Apache serves files from its root directory and subdirectories thereof; most notably, it modifies this file to be able to handle pretty permalinks.', 'sucuri-scanner');
487
  __('Htaccess file found in', 'sucuri-scanner');
488
  __('Your website has no <code>.htaccess</code> file or it was not found in the default location.', 'sucuri-scanner');
489
+ __('Your web server does not support .htaccess files.', 'sucuri-scanner');
490
  __('The main <code>.htaccess</code> file in your site has the standard rules for a WordPress installation. You can customize it to improve the performance and change the behaviour of the redirections for pages and posts in your site. To get more information visit the official documentation at <a target="_blank" rel="noopener" href="https://codex.wordpress.org/Using_Permalinks#Creating_and_editing_.28.htaccess.29"> Codex WordPress - Creating and editing (.htaccess)</a>', 'sucuri-scanner');
491
  __('Codex WordPress HTAccess', 'sucuri-scanner');
492
 
src/wordpress-recommendations.lib.php CHANGED
@@ -6,14 +6,13 @@
6
  * PHP version 5
7
  *
8
  * @category Library
9
- * @package Sucuri
10
- * @subpackage SucuriScanner
11
  * @author Northon Torga <northon.torga@sucuri.net>
12
  * @copyright 2010-2019 Sucuri Inc.
13
  * @license https://www.gnu.org/licenses/gpl-2.0.txt GPL2
14
- * @link https://wordpress.org/plugins/sucuri-scanner
 
15
  */
16
-
17
  if (!defined('SUCURISCAN_INIT') || SUCURISCAN_INIT !== true) {
18
  if (!headers_sent()) {
19
  /* Report invalid access if possible. */
@@ -26,70 +25,221 @@ if (!defined('SUCURISCAN_INIT') || SUCURISCAN_INIT !== true) {
26
  * Make sure the WordPress install follows security best practices.
27
  *
28
  * @category Library
29
- * @package Sucuri
30
- * @subpackage SucuriScanner
31
  * @author Northon Torga <northon.torga@sucuri.net>
32
  * @copyright 2010-2019 Sucuri Inc.
33
  * @license https://www.gnu.org/licenses/gpl-2.0.txt GPL2
34
- * @link https://wordpress.org/plugins/sucuri-scanner
35
- * @see https://sitecheck.sucuri.net/
 
36
  */
37
- class SucuriWordPressRecomendations
38
  {
39
-
40
  /**
41
  * Generates the HTML section for the WordPress recommendations section.
42
  *
43
- * @return string HTML code to render the recommendations section.
44
  */
45
  public static function pageWordPressRecommendations()
46
  {
47
-
48
  $params = array();
49
- $recommendations = array();
50
  $params['WordPress.Recommendations.Content'] = '';
51
 
52
- /**
53
- * BEGIN security checks.
54
- *
55
- * Each check must register a second array inside $recommendations,
56
- * containing the title and description of the recommendation.
57
  */
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
58
 
59
- // Check if php version needs to be upgraded.
60
- if (version_compare(phpversion(), '7.1', '<')) {
61
- $recommendations['PHPVersionCheck'] = array(
62
- __('Upgrade PHP to a supported version', 'sucuri-scanner') =>
63
- __('The PHP version you are using no longer receives security support and could be exposed to unpatched security vulnerabilities.', 'sucuri-scanner')
64
- );
 
 
 
65
  }
66
 
67
- /**
68
- * BEGIN delivery of results.
69
- *
70
- * When recommendations array is empty, delivery an "all is good" message,
71
- * otherwise display each item that needs fixing individually.
72
  */
73
- if (count($recommendations) == 0) {
 
 
74
 
75
- $params['WordPress.Recommendations.Color'] = 'green';
76
- $params['WordPress.Recommendations.Content'] = __('Your WordPress install is following <a href="https://sucuri.net/guides/wordpress-security" target="_blank" rel="noopener">the security best practices</a>.', 'sucuri-scanner');
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
77
  } else {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
78
 
79
- /* set title to blue as not all recommendations have been fullfilled */
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
80
  $params['WordPress.Recommendations.Color'] = 'blue';
 
81
 
82
- /* delivery the recommendations using the getSnippet function */
83
  $recommendation = array_keys($recommendations);
84
  foreach ($recommendation as $checkid) {
85
-
86
  foreach ($recommendations[$checkid] as $title => $description) {
87
-
88
  $params['WordPress.Recommendations.Content'] .= SucuriScanTemplate::getSnippet(
89
  'wordpress-recommendations',
90
  array(
91
  'WordPress.Recommendations.Title' => $title,
92
- 'WordPress.Recommendations.Value' => $description
93
  )
94
  );
95
  }
6
  * PHP version 5
7
  *
8
  * @category Library
9
+ *
 
10
  * @author Northon Torga <northon.torga@sucuri.net>
11
  * @copyright 2010-2019 Sucuri Inc.
12
  * @license https://www.gnu.org/licenses/gpl-2.0.txt GPL2
13
+ *
14
+ * @see https://wordpress.org/plugins/sucuri-scanner
15
  */
 
16
  if (!defined('SUCURISCAN_INIT') || SUCURISCAN_INIT !== true) {
17
  if (!headers_sent()) {
18
  /* Report invalid access if possible. */
25
  * Make sure the WordPress install follows security best practices.
26
  *
27
  * @category Library
28
+ *
 
29
  * @author Northon Torga <northon.torga@sucuri.net>
30
  * @copyright 2010-2019 Sucuri Inc.
31
  * @license https://www.gnu.org/licenses/gpl-2.0.txt GPL2
32
+ *
33
+ * @see https://wordpress.org/plugins/sucuri-scanner
34
+ * @see https://sucuri.net/guides/wordpress-security/
35
  */
36
+ class SucuriWordPressRecommendations
37
  {
 
38
  /**
39
  * Generates the HTML section for the WordPress recommendations section.
40
  *
41
+ * @return string HTML code to render the recommendations section
42
  */
43
  public static function pageWordPressRecommendations()
44
  {
 
45
  $params = array();
 
46
  $params['WordPress.Recommendations.Content'] = '';
47
 
48
+ /*
49
+ * Register all possible recommendations.
 
 
 
50
  */
51
+ // phpcs:disable Generic.Files.LineLength
52
+ $recommendations = array(
53
+ 'noSSL' => array(
54
+ __('Implement an SSL Certificate', 'sucuri-scanner') => __('SSL certificates help protect the integrity of the data in transit between the host (web server or firewall) and the client (web browser).', 'sucuri-scanner'),
55
+ ),
56
+ 'PHPVersionCheck' => array(
57
+ __('Upgrade PHP to a supported version', 'sucuri-scanner') => __('The PHP version you are using no longer receives security support and could be exposed to unpatched security vulnerabilities.', 'sucuri-scanner'),
58
+ ),
59
+ 'wpSaltExistenceChecker' => array(
60
+ __('Missing WordPress Salt & Security Keys', 'sucuri-scanner') => __('Consider using WordPress Salt & Security Keys to add an extra layer of protection to the session cookies and credentials.', 'sucuri-scanner'),
61
+ ),
62
+ 'wpSaltAgeDiscriminator' => array(
63
+ __('WordPress Salt & Security Keys should be updated', 'sucuri-scanner') => __('Updating WordPress Salt & Security Keys after a compromise and on a regular basis, at least once a year, reduces the risks of session hijacking.', 'sucuri-scanner'),
64
+ ),
65
+ 'adminBadUsername' => array(
66
+ __('Admin/Administrator username still exists', 'sucuri-scanner') => __('Using a unique username and removing the default admin/administrator account make it more difficult for attackers to brute force your WordPress.', 'sucuri-scanner'),
67
+ ),
68
+ 'lonelySuperAdmin' => array(
69
+ __('Use super admin account only when needed', 'sucuri-scanner') => __('Create an Editor account instead of always using the super-admin to reduce the damage in case of session hijacking.', 'sucuri-scanner'),
70
+ ),
71
+ 'forgottenExtension' => array(
72
+ __('Remove unwanted/unused extensions', 'sucuri-scanner') => __('Keeping unwanted themes and plugins increases the chance of a compromise, even if they are disabled.', 'sucuri-scanner'),
73
+ ),
74
+ 'tooMuchPlugins' => array(
75
+ __('Decrease the number of plugins', 'sucuri-scanner') => __('The greater the number of plugins installed, the greater the risk of infection and performance issues.', 'sucuri-scanner'),
76
+ ),
77
+ 'fileEditStillEnabled' => array(
78
+ __('Disable file editing', 'sucuri-scanner') => __('Using "DISALLOW_FILE_EDIT" helps prevent an attacker from changing your files through WordPress backend.', 'sucuri-scanner'),
79
+ ),
80
+ 'wpDebugOnline' => array(
81
+ __('Disable WordPress debug mode', 'sucuri-scanner') => __('When "WP_DEBUG" is set to true, it will cause all PHP errors, notices and warnings to be displayed which can expose sensitive information.', 'sucuri-scanner'),
82
+ ),
83
+ 'notHardened' => array(
84
+ __('Prevent PHP direct execution on sensitive directories', 'sucuri-scanner') => __('Directories such as "wp-content" and "wp-includes" are generally not intended to be accessed by any user, consider hardening them via Sucuri Security -> Settings -> Hardening.', 'sucuri-scanner'),
85
+ ),
86
+ );
87
+ // phpcs:enable
88
 
89
+ /*
90
+ * Remove recommendations accordingly.
91
+ */
92
+ /*
93
+ * Check if a SSL cert is being used.
94
+ * @see https://blog.sucuri.net/2019/03/how-to-add-ssl-move-wordpress-from-http-to-https.html
95
+ */
96
+ if (is_ssl()) {
97
+ unset($recommendations['noSSL']);
98
  }
99
 
100
+ /*
101
+ * Check PHP version.
102
+ * @see https://www.php.net/supported-versions.php
 
 
103
  */
104
+ if (version_compare(phpversion(), '7.2', '>')) {
105
+ unset($recommendations['PHPVersionCheck']);
106
+ }
107
 
108
+ /*
109
+ * Check if WordPress Salt & Security Keys are set and were updated on the last 12 months.
110
+ * @see https://wordpress.org/support/article/editing-wp-config-php/#security-keys
111
+ * @see https://sucuri.net/guides/wordpress-security/#harrec
112
+ */
113
+ if (defined('AUTH_KEY') && defined('AUTH_SALT')) {
114
+ unset($recommendations['wpSaltExistenceChecker']);
115
+ }
116
+ if (file_exists(ABSPATH.'/wp-config.php') &&
117
+ (filemtime(ABSPATH.'/wp-config.php') > strtotime('-12 months'))) {
118
+ unset($recommendations['wpSaltAgeDiscriminator']);
119
+ }
120
+
121
+ /*
122
+ * Check for standard administrator/admin account.
123
+ * @see https://sucuri.net/guides/wordpress-security/#uac
124
+ */
125
+ $usersWithAdminLogin = array();
126
+ $adminUsernames = array('admin', 'administrator');
127
+
128
+ if (version_compare(SucuriScan::siteVersion(), '4.7', '>=')) {
129
+ $usersWithAdminLogin = get_users(array(
130
+ 'role' => 'administrator',
131
+ 'login__in' => $adminUsernames,
132
+ ));
133
  } else {
134
+ $allUsers = get_users(array(
135
+ 'role' => 'administrator',
136
+ 'fields' => array('user_login'),
137
+ ));
138
+
139
+ foreach($allUsers as $user) {
140
+ if (in_array($user->user_login, $adminUsernames)) {
141
+ $usersWithAdminLogin[] = $user->user_login;
142
+ }
143
+ }
144
+ }
145
+
146
+ if (empty($usersWithAdminLogin)) {
147
+ unset($recommendations['adminBadUsername']);
148
+ }
149
 
150
+ /*
151
+ * Check if super-admin isn't being used for day-to-day operations.
152
+ * @see https://sucuri.net/guides/wordpress-security/#uac
153
+ */
154
+ $wpUsersCount = count_users();
155
+ if ($wpUsersCount['total_users'] !== 1) {
156
+ unset($recommendations['lonelySuperAdmin']);
157
+ }
158
+
159
+ /*
160
+ * Check for unwanted extensions.
161
+ * @see https://sucuri.net/guides/wordpress-security/#apt
162
+ *
163
+ * NOTE: $wpPluginsInstalledName, $wpPluginsActivatedName, $wpPluginsDeactivatedName
164
+ * are created by this feature.
165
+ */
166
+ $wpPluginsInstalled = get_plugins();
167
+ $wpPluginsActivatedName = array();
168
+ $wpPluginsDeactivatedName = array();
169
+ foreach ($wpPluginsInstalled as $pluginPath => $pluginDetails) {
170
+ $wpPluginsInstalledName[] = $pluginDetails['Name'];
171
+ if (is_plugin_active($pluginPath)) {
172
+ $wpPluginsActivatedName[] = $pluginDetails['Name'];
173
+ } else {
174
+ $wpPluginsDeactivatedName[] = $pluginDetails['Name'];
175
+ }
176
+ }
177
+
178
+ // phpcs:disable Generic.Files.LineLength
179
+ if ((count(wp_get_themes()) < 2 || count($wpPluginsDeactivatedName) < 1) || is_multisite()) {
180
+ unset($recommendations['forgottenExtension']);
181
+ }
182
+ // phpcs:enable
183
+
184
+ /*
185
+ * Check for too much plugins.
186
+ * @see https://sucuri.net/guides/wordpress-security/#apt
187
+ */
188
+ if (count($wpPluginsInstalled) < 50 || is_multisite()) {
189
+ unset($recommendations['tooMuchPlugins']);
190
+ }
191
+
192
+ /*
193
+ * Check if File Editing was disabled.
194
+ * @see https://sucuri.net/guides/wordpress-security/#appconf
195
+ */
196
+ if (defined('DISALLOW_FILE_EDIT') && true === DISALLOW_FILE_EDIT) {
197
+ unset($recommendations['fileEditStillEnabled']);
198
+ }
199
+
200
+ /*
201
+ * Check if WordPress Debug Mode isn't set.
202
+ * @see https://wordpress.org/support/article/debugging-in-wordpress/
203
+ */
204
+ if (!defined('WP_DEBUG') || defined('WP_DEBUG') && false === WP_DEBUG) {
205
+ unset($recommendations['wpDebugOnline']);
206
+ }
207
+
208
+ /*
209
+ * Check if Hardening was applied if possible.
210
+ * @see https://sucuri.net/guides/wordpress-security/#harrec
211
+ */
212
+ // phpcs:disable Generic.Files.LineLength
213
+ if (SucuriScan::isNginxServer() || SucuriScan::isIISServer() || SucuriScan::isBehindFirewall() || (SucuriScanHardening::isHardened(WP_CONTENT_DIR) && SucuriScanHardening::isHardened(ABSPATH.'/wp-includes'))) {
214
+ unset($recommendations['notHardened']);
215
+ }
216
+ // phpcs:enable
217
+
218
+ /*
219
+ * DELIVERY RESULTS
220
+ *
221
+ * Delivery an "all is good" message, unless recommendations array has values,
222
+ * in which case the plugin must display the items that need fixing.
223
+ */
224
+ $params['WordPress.Recommendations.Color'] = 'green';
225
+ // phpcs:disable Generic.Files.LineLength
226
+ $params['WordPress.Recommendations.Content'] = __('Your WordPress install is following <a href="https://sucuri.net/guides/wordpress-security" target="_blank" rel="noopener">the security best practices</a>.', 'sucuri-scanner');
227
+ // phpcs:enable
228
+
229
+ if (count($recommendations) !== 0) {
230
+ /* Set title to blue as not there is still recommendations to be followed. */
231
  $params['WordPress.Recommendations.Color'] = 'blue';
232
+ $params['WordPress.Recommendations.Content'] = null;
233
 
234
+ /* Delivery the recommendations using the getSnippet function. */
235
  $recommendation = array_keys($recommendations);
236
  foreach ($recommendation as $checkid) {
 
237
  foreach ($recommendations[$checkid] as $title => $description) {
 
238
  $params['WordPress.Recommendations.Content'] .= SucuriScanTemplate::getSnippet(
239
  'wordpress-recommendations',
240
  array(
241
  'WordPress.Recommendations.Title' => $title,
242
+ 'WordPress.Recommendations.Value' => $description,
243
  )
244
  );
245
  }
sucuri.php CHANGED
@@ -8,7 +8,7 @@
8
  * Author: Sucuri Inc.
9
  * Text Domain: sucuri-scanner
10
  * Domain Path: /lang
11
- * Version: 1.8.21
12
  *
13
  * PHP version 5
14
  *
@@ -85,7 +85,7 @@ define('SUCURISCAN', 'sucuriscan');
85
  /**
86
  * Current version of the plugin's code.
87
  */
88
- define('SUCURISCAN_VERSION', '1.8.21');
89
 
90
  /**
91
  * Defines the human readable name of the plugin.
8
  * Author: Sucuri Inc.
9
  * Text Domain: sucuri-scanner
10
  * Domain Path: /lang
11
+ * Version: 1.8.22
12
  *
13
  * PHP version 5
14
  *
85
  /**
86
  * Current version of the plugin's code.
87
  */
88
+ define('SUCURISCAN_VERSION', '1.8.22');
89
 
90
  /**
91
  * Defines the human readable name of the plugin.