Wordfence Security – Firewall & Malware Scan - Version 1.2

Version Description

Download this release

Release Info

Developer mmaunder
Plugin Icon 128x128 Wordfence Security – Firewall & Malware Scan
Version 1.2
Comparing to
See all releases

Code changes from version 1.1 to 1.2

js/admin.js CHANGED
@@ -630,8 +630,8 @@ window['wordfenceAdmin'] = {
630
this.ajax('wordfence_saveConfig', qstr, function(res){
631
jQuery('.wfAjax24').hide();
632
if(res.ok){
633
- if(WFAD.reloadConfigPage){
634
- self.colorbox('400px', "Please reload this page", "You selected a config option that changes the Wordfence menu on the left. Click the button below to reload this page to update the menu.<br /><br /><center><input type='button' name='wfReload' value='Reload page' onclick='window.location.reload();' /></center>");
635
return;
636
} else {
637
self.pulse('.wfSavedMsg');
630
this.ajax('wordfence_saveConfig', qstr, function(res){
631
jQuery('.wfAjax24').hide();
632
if(res.ok){
633
+ if(res['reload'] == 'reload' || WFAD.reloadConfigPage){
634
+ self.colorbox('400px', "Please reload this page", "You selected a config option that requires a page reload. Click the button below to reload this page to update the menu.<br /><br /><center><input type='button' name='wfReload' value='Reload page' onclick='window.location.reload();' /></center>");
635
return;
636
} else {
637
self.pulse('.wfSavedMsg');
lib/dropAll.php ADDED
@@ -0,0 +1,8 @@
1
+ <?php
2
+ require_once('wfSchema.php');
3
+ if((! isset($_SERVER)) || isset($_SERVER['REQUEST_URI'])){ echo "Running under web interface. Exiting.\n"; exit(0); }
4
+ if(! (isset($argv[1]) && isset($argv[2]) && isset($argv[3]))){ echo "Usage: {$argv[0]} <DB username> <DB password> <DB name>\n"; exit(); } $s = new wfSchema('localhost', $argv[1], $argv[2], $argv[3]);
5
+
6
+ $s->dropAll();
7
+
8
+ ?>
lib/menu_config.php CHANGED
@@ -1,7 +1,7 @@
1
<div class="wrap wordfence">
2
<div class="wordfence-lock-icon wordfence-icon32"><br /></div><h2>Welcome to Wordfence</h2>
3
<table class="form-table">
4
- <tr><th><nobr>Enter your Wordfence license key:</nobr></th><td><input type="text" id="wordfenceKey" size="30" value="" />&nbsp;(<a href="http://wordfence.com/signup-step2/" target="_blank">click here to get a key</a>)</td></tr>
5
<tr><td colspan="2">
6
<table border="0" cellpadding="0" cellspacing="0"><tr><td>
7
<input type="button" name="submit" id="submit" class="button-primary" value="Save Changes and Activate Wordfence" onclick="wordfenceAdmin.activateWF(jQuery('#wordfenceKey').val()); return false;" />
1
<div class="wrap wordfence">
2
<div class="wordfence-lock-icon wordfence-icon32"><br /></div><h2>Welcome to Wordfence</h2>
3
<table class="form-table">
4
+ <tr><th><nobr>Enter your Wordfence API key:</nobr></th><td><input type="text" id="wordfenceKey" size="30" value="" />&nbsp;(<a href="http://wordfence.com/signup-step2/" target="_blank">click here to get a free API key</a>)</td></tr>
5
<tr><td colspan="2">
6
<table border="0" cellpadding="0" cellspacing="0"><tr><td>
7
<input type="button" name="submit" id="submit" class="button-primary" value="Save Changes and Activate Wordfence" onclick="wordfenceAdmin.activateWF(jQuery('#wordfenceKey').val()); return false;" />
lib/menu_options.php CHANGED
@@ -55,8 +55,16 @@ var WFSLevels = <?php echo json_encode(wfConfig::$securityLevels); ?>;
55
<tr><td colspan="2"><h2>Scans to include</h2></td></tr>
56
<tr><th class="wfConfigEnable">Enable automatic scheduled scans</th><td><input type="checkbox" id="scheduledScansEnabled" class="wfConfigElem" name="scheduledScansEnabled" value="1" <?php $w->cb('scheduledScansEnabled'); ?> /></td></tr>
57
<tr><th>Scan core files against repository versions for changes</th><td><input type="checkbox" id="scansEnabled_core" class="wfConfigElem" name="scansEnabled_core" value="1" <?php $w->cb('scansEnabled_core'); ?>/></td></tr>
58
<tr><th>Scan theme files against repository versions for changes</th><td><input type="checkbox" id="scansEnabled_themes" class="wfConfigElem" name="scansEnabled_themes" value="1" <?php $w->cb('scansEnabled_themes'); ?>/></td></tr>
59
<tr><th>Scan plugin files against repository versions for changes</th><td><input type="checkbox" id="scansEnabled_plugins" class="wfConfigElem" name="scansEnabled_plugins" value="1" <?php $w->cb('scansEnabled_plugins'); ?>/></td></tr>
60
<tr><th>Scan for signatures of known malicious files</th><td><input type="checkbox" id="scansEnabled_malware" class="wfConfigElem" name="scansEnabled_malware" value="1" <?php $w->cb('scansEnabled_malware'); ?>/></td></tr>
61
<tr><th>Scan file contents for backdoors, trojans and suspicious code</th><td><input type="checkbox" id="scansEnabled_fileContents" class="wfConfigElem" name="scansEnabled_fileContents" value="1" <?php $w->cb('scansEnabled_fileContents'); ?>/></td></tr>
62
<tr><th>Scan posts for known dangerous URLs and suspicious content</th><td><input type="checkbox" id="scansEnabled_posts" class="wfConfigElem" name="scansEnabled_posts" value="1" <?php $w->cb('scansEnabled_posts'); ?>/></td></tr>
55
<tr><td colspan="2"><h2>Scans to include</h2></td></tr>
56
<tr><th class="wfConfigEnable">Enable automatic scheduled scans</th><td><input type="checkbox" id="scheduledScansEnabled" class="wfConfigElem" name="scheduledScansEnabled" value="1" <?php $w->cb('scheduledScansEnabled'); ?> /></td></tr>
57
<tr><th>Scan core files against repository versions for changes</th><td><input type="checkbox" id="scansEnabled_core" class="wfConfigElem" name="scansEnabled_core" value="1" <?php $w->cb('scansEnabled_core'); ?>/></td></tr>
58
+
59
+ <?php if(wfConfig::get('isPaid') == 'paid'){ ?>
60
<tr><th>Scan theme files against repository versions for changes</th><td><input type="checkbox" id="scansEnabled_themes" class="wfConfigElem" name="scansEnabled_themes" value="1" <?php $w->cb('scansEnabled_themes'); ?>/></td></tr>
61
<tr><th>Scan plugin files against repository versions for changes</th><td><input type="checkbox" id="scansEnabled_plugins" class="wfConfigElem" name="scansEnabled_plugins" value="1" <?php $w->cb('scansEnabled_plugins'); ?>/></td></tr>
62
+ <?php } else { ?>
63
+ <tr><th style="color: #F00; padding-top: 10px;">Only available to Premium Members:</th><td></td></tr>
64
+ <tr><th style="color: #999;">Scan theme files against repository versions for changes</th><td><input type="checkbox" id="scansEnabled_themes" class="wfConfigElem" name="scansEnabled_themes" value="1" DISABLED /></td></tr>
65
+ <tr><th style="color: #999;">Scan plugin files against repository versions for changes</th><td><input type="checkbox" id="scansEnabled_plugins" class="wfConfigElem" name="scansEnabled_plugins" value="1" DISABLED /></td></tr>
66
+ <tr><td colspan="2">&nbsp;</td></tr>
67
+ <?php } ?>
68
<tr><th>Scan for signatures of known malicious files</th><td><input type="checkbox" id="scansEnabled_malware" class="wfConfigElem" name="scansEnabled_malware" value="1" <?php $w->cb('scansEnabled_malware'); ?>/></td></tr>
69
<tr><th>Scan file contents for backdoors, trojans and suspicious code</th><td><input type="checkbox" id="scansEnabled_fileContents" class="wfConfigElem" name="scansEnabled_fileContents" value="1" <?php $w->cb('scansEnabled_fileContents'); ?>/></td></tr>
70
<tr><th>Scan posts for known dangerous URLs and suspicious content</th><td><input type="checkbox" id="scansEnabled_posts" class="wfConfigElem" name="scansEnabled_posts" value="1" <?php $w->cb('scansEnabled_posts'); ?>/></td></tr>
lib/wfConfig.php CHANGED
@@ -79,7 +79,7 @@ class wfConfig {
79
"scheduledScansEnabled" => true,
80
"scansEnabled_core" => true,
81
"scansEnabled_themes" => false,
82
- "scansEnabled_plugins" => true,
83
"scansEnabled_malware" => true,
84
"scansEnabled_fileContents" => true,
85
"scansEnabled_posts" => true,
@@ -139,7 +139,7 @@ class wfConfig {
139
"scheduledScansEnabled" => true,
140
"scansEnabled_core" => true,
141
"scansEnabled_themes" => false,
142
- "scansEnabled_plugins" => true,
143
"scansEnabled_malware" => true,
144
"scansEnabled_fileContents" => true,
145
"scansEnabled_posts" => true,
@@ -198,8 +198,8 @@ class wfConfig {
198
"liveTraf_ignorePublishers" => true,
199
"scheduledScansEnabled" => true,
200
"scansEnabled_core" => true,
201
- "scansEnabled_themes" => true,
202
- "scansEnabled_plugins" => true,
203
"scansEnabled_malware" => true,
204
"scansEnabled_fileContents" => true,
205
"scansEnabled_posts" => true,
@@ -258,8 +258,8 @@ class wfConfig {
258
"liveTraf_ignorePublishers" => true,
259
"scheduledScansEnabled" => true,
260
"scansEnabled_core" => true,
261
- "scansEnabled_themes" => true,
262
- "scansEnabled_plugins" => true,
263
"scansEnabled_malware" => true,
264
"scansEnabled_fileContents" => true,
265
"scansEnabled_posts" => true,
@@ -317,6 +317,9 @@ class wfConfig {
317
}
318
}
319
self::set('encKey', substr(wfUtils::bigRandomHex(),0 ,16) );
320
}
321
public static function parseOptions(){
322
$ret = array();
79
"scheduledScansEnabled" => true,
80
"scansEnabled_core" => true,
81
"scansEnabled_themes" => false,
82
+ "scansEnabled_plugins" => false,
83
"scansEnabled_malware" => true,
84
"scansEnabled_fileContents" => true,
85
"scansEnabled_posts" => true,
139
"scheduledScansEnabled" => true,
140
"scansEnabled_core" => true,
141
"scansEnabled_themes" => false,
142
+ "scansEnabled_plugins" => false,
143
"scansEnabled_malware" => true,
144
"scansEnabled_fileContents" => true,
145
"scansEnabled_posts" => true,
198
"liveTraf_ignorePublishers" => true,
199
"scheduledScansEnabled" => true,
200
"scansEnabled_core" => true,
201
+ "scansEnabled_themes" => false,
202
+ "scansEnabled_plugins" => false,
203
"scansEnabled_malware" => true,
204
"scansEnabled_fileContents" => true,
205
"scansEnabled_posts" => true,
258
"liveTraf_ignorePublishers" => true,
259
"scheduledScansEnabled" => true,
260
"scansEnabled_core" => true,
261
+ "scansEnabled_themes" => false,
262
+ "scansEnabled_plugins" => false,
263
"scansEnabled_malware" => true,
264
"scansEnabled_fileContents" => true,
265
"scansEnabled_posts" => true,
317
}
318
}
319
self::set('encKey', substr(wfUtils::bigRandomHex(),0 ,16) );
320
+ if(! self::get('isPaid', false)){
321
+ self::set('isPaid', 'free');
322
+ }
323
}
324
public static function parseOptions(){
325
$ret = array();
lib/wfUtils.php CHANGED
@@ -63,12 +63,10 @@ class wfUtils {
63
return sprintf("%u", ip2long($ip));
64
}
65
public static function getBaseURL(){
66
- //return WP_PLUGIN_URL . '/' . str_replace(basename( __FILE__), "", plugin_basename(__FILE__));
67
- $plug = preg_replace('/^.*\/([^\/]+)\/lib\/[^\/]+\.php#x2F;', '$1', __FILE__);
68
- return WP_PLUGIN_URL . '/' . $plug . '/';
69
}
70
public static function getPluginBaseDir(){
71
- return realpath(dirname(__FILE__) . '/../../') . '/';
72
}
73
public static function getIP(){
74
$ip = 0;
63
return sprintf("%u", ip2long($ip));
64
}
65
public static function getBaseURL(){
66
+ return plugins_url() . '/wordfence/';
67
}
68
public static function getPluginBaseDir(){
69
+ return ABSPATH . 'wp-content/plugins/';
70
}
71
public static function getIP(){
72
$ip = 0;
lib/wordfenceClass.php CHANGED
@@ -418,7 +418,21 @@ class wordfence {
418
if(sizeof($validIPs) > 0){
419
$opts['liveTraf_ignoreIPs'] = implode(',', $validIPs);
420
}
421
-
422
if(preg_match('/[a-zA-Z0-9\d]+/', $opts['liveTraf_ignoreUA'])){
423
$opts['liveTraf_ignoreUA'] = trim($opts['liveTraf_ignoreUA']);
424
} else {
@@ -435,8 +449,12 @@ class wordfence {
435
}
436
437
//Clears next scan if scans are disabled. Schedules next scan if enabled.
438
- self::scheduleNextScan();
439
- return array('ok' => 1);
440
}
441
public static function ajax_clearAllBlocked_callback(){
442
$op = $_POST['op'];
@@ -652,10 +670,12 @@ class wordfence {
652
wfConfig::set('apiKey', '');
653
return array("errorMsg" => $api->errorMsg );
654
}
655
- if($result['ok']){
656
return array("ok" => 1);
657
}
658
- return array("errorAlert" => "An unknown error occured trying to activate Wordfence. Please try again in a few minutes." );
659
}
660
public static function ajax_scan_callback(){
661
self::startScan();
@@ -1001,6 +1021,9 @@ class wordfence {
1001
global $wp_version;
1002
$api = new wfAPI(wfConfig::get('apiKey'), $wp_version);
1003
$result = $api->call('get_next_scan_time', array(), array());
1004
$secsToGo = 3600 * 6; //In case we can't contact the API, schedule next scan 6 hours from now.
1005
if(is_array($result) && $result['secsToGo'] > 1){
1006
$secsToGo = $result['secsToGo'];
418
if(sizeof($validIPs) > 0){
419
$opts['liveTraf_ignoreIPs'] = implode(',', $validIPs);
420
}
421
+ $reload = '';
422
+ if($opts['apiKey'] != wfConfig::get('apiKey')){
423
+ $api = new wfAPI($opts['apiKey'], $wp_version);
424
+ $res = $api->call('check_api_key', array(), array());
425
+ if($res['ok'] && $res['isPaid']){
426
+ wfConfig::set('apiKey', $opts['apiKey']);
427
+ $reload = 'reload';
428
+ wfConfig::set('isPaid', $res['isPaid']);
429
+ } else if($res['errorMsg']){
430
+ return array('errorMsg' => $res['errorMsg']);
431
+ } else {
432
+ return array('errorMsg' => "We could not change your API key. Please try again in a few minutes.");
433
+ }
434
+ }
435
+
436
if(preg_match('/[a-zA-Z0-9\d]+/', $opts['liveTraf_ignoreUA'])){
437
$opts['liveTraf_ignoreUA'] = trim($opts['liveTraf_ignoreUA']);
438
} else {
449
}
450
451
//Clears next scan if scans are disabled. Schedules next scan if enabled.
452
+ $err = self::scheduleNextScan();
453
+ if($err){
454
+ return array('errorMsg' => $err);
455
+ } else {
456
+ return array('ok' => 1, 'reload' => $reload );
457
+ }
458
}
459
public static function ajax_clearAllBlocked_callback(){
460
$op = $_POST['op'];
670
wfConfig::set('apiKey', '');
671
return array("errorMsg" => $api->errorMsg );
672
}
673
+ if($result['ok'] && $result['isPaid']){
674
+ wfConfig::set('isPaid', $result['isPaid']);
675
return array("ok" => 1);
676
+ } else {
677
+ return array('errorAlert' => "An unknown error occured trying to activate Wordfence. Please try again in a few minutes." );
678
}
679
}
680
public static function ajax_scan_callback(){
681
self::startScan();
1021
global $wp_version;
1022
$api = new wfAPI(wfConfig::get('apiKey'), $wp_version);
1023
$result = $api->call('get_next_scan_time', array(), array());
1024
+ if($result['errorMsg']){
1025
+ return $result['errorMsg'];
1026
+ }
1027
$secsToGo = 3600 * 6; //In case we can't contact the API, schedule next scan 6 hours from now.
1028
if(is_array($result) && $result['secsToGo'] > 1){
1029
$secsToGo = $result['secsToGo'];
readme.txt CHANGED
@@ -3,17 +3,21 @@ Contributors: mmaunder
3
Tags: anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence
4
Requires at least: 3.3.1
5
Tested up to: 3.3.1
6
- Stable tag: 1.1
7
8
Wordfence is an enterprise firewall and anti-virus plugin for WordPress.
9
10
== Description ==
11
12
- Wordfence is an enterprise firewall and anti-virus plugin for WordPress websites.
13
14
Wordfence:
15
16
- * Scans core files, themes and plugins against repository versions.
17
* See how files have changed. Optionally repair changed files.
18
* Scans for signatures of over 44,000 known malware variants.
19
* Continuously scans for known dangerous malware and phishing URL's in all your comments, posts and files.
3
Tags: anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence
4
Requires at least: 3.3.1
5
Tested up to: 3.3.1
6
+ Stable tag: 1.2
7
8
Wordfence is an enterprise firewall and anti-virus plugin for WordPress.
9
10
== Description ==
11
12
+ Wordfence is a free enterprise class firewall and anti-virus plugin for WordPress websites.
13
+
14
+ Wordfence is 100% free. You need to sign up on Wordfence.com to get a free API key.
15
+ We also offer a Premium API key that adds additional scanning capabilities. See below for details.
16
17
Wordfence:
18
19
+ * Scans core files against repository versions to check their integrity.
20
+ * Premium API key also scans themes and plugins against repository versions. This is currently the only difference between free and premium API keys.
21
* See how files have changed. Optionally repair changed files.
22
* Scans for signatures of over 44,000 known malware variants.
23
* Continuously scans for known dangerous malware and phishing URL's in all your comments, posts and files.
wfscan.php CHANGED
@@ -2,7 +2,12 @@
2
ignore_user_abort(true);
3
if ( !defined('ABSPATH') ) {
4
/** Set up WordPress environment */
5
- require_once('../../../wp-load.php');
6
}
7
require_once('lib/wordfenceConstants.php');
8
require_once('lib/wfScanEngine.php');
2
ignore_user_abort(true);
3
if ( !defined('ABSPATH') ) {
4
/** Set up WordPress environment */
5
+ if($_SERVER['SCRIPT_FILENAME']){
6
+ $dir = preg_replace('/[^\/]+\/[^\/]+\/[^\/]+\/wfscan\.php#x2F;', '', $_SERVER['SCRIPT_FILENAME']);
7
+ require_once($dir . 'wp-load.php');
8
+ } else {
9
+ require_once('../../../wp-load.php');
10
+ }
11
}
12
require_once('lib/wordfenceConstants.php');
13
require_once('lib/wfScanEngine.php');
wordfence.php CHANGED
@@ -4,7 +4,7 @@ Plugin Name: Wordfence
4
Plugin URI: http://wordfence.com/
5
Description: Anti-virus and Firewall for WordPress
6
Author: Mark Maunder
7
- Version: 1.1
8
Author URI: http://wordfence.com/
9
*/
10
require_once('lib/wordfenceConstants.php');
4
Plugin URI: http://wordfence.com/
5
Description: Anti-virus and Firewall for WordPress
6
Author: Mark Maunder
7
+ Version: 1.2
8
Author URI: http://wordfence.com/
9
*/
10
require_once('lib/wordfenceConstants.php');