Version Description
- Removed use of nonces and purely using 30 minute key for unlocking emails.
- Fixed bug that caused admin emails to not get emailed when requesting unlocking email.
- Fixed minor issue with undefined array in issues loop.
Download this release
Release Info
| Developer | mmaunder |
| Plugin |  Wordfence Security – Firewall & Malware Scan |
| Version | 1.5.6 |
| Comparing to | |
| See all releases | |
Code changes from version 1.5.5 to 1.5.6
- lib/wfIssues.php +3 -0
- lib/wfUnlockMsg.php +1 -1
- lib/wordfenceClass.php +4 -11
- readme.txt +6 -1
- wordfence.php +1 -1
lib/wfIssues.php
CHANGED
|
@@ -76,6 +76,9 @@ class wfIssues {
|
|
| 76 |
if($level == 2 && $this->totalCriticalIssues < 1 && $this->totalWarningIssues < 1){ return; }
|
| 77 |
if($level == 1 && $this->totalCriticalIssues < 1){ return; }
|
| 78 |
$emailedIssues = wfConfig::get_ser('emailedIssuesList', array());
|
|
|
|
|
|
|
|
|
|
| 79 |
$finalIssues = array();
|
| 80 |
foreach($this->newIssues as $newIssue){
|
| 81 |
$alreadyEmailed = false;
|
| 76 |
if($level == 2 && $this->totalCriticalIssues < 1 && $this->totalWarningIssues < 1){ return; }
|
| 77 |
if($level == 1 && $this->totalCriticalIssues < 1){ return; }
|
| 78 |
$emailedIssues = wfConfig::get_ser('emailedIssuesList', array());
|
| 79 |
+
if(! is_array($emailedIssues)){
|
| 80 |
+
$emailedIssues = array();
|
| 81 |
+
}
|
| 82 |
$finalIssues = array();
|
| 83 |
foreach($this->newIssues as $newIssue){
|
| 84 |
$alreadyEmailed = false;
|
lib/wfUnlockMsg.php
CHANGED
|
@@ -1,6 +1,6 @@
|
|
| 1 |
If you are a site administrator and have been accidentally locked out, please enter your email in the box below and click "Send". If the email address you enter belongs to a known site administrator or someone set to receive Wordfence alerts, we will send you an email to help you regain access.
|
| 2 |
<br /><br />
|
| 3 |
-
<form method="POST" action="<?php echo wfUtils::getSiteBaseURL(); ?>?_wfsf=unlockEmail
|
| 4 |
<input type="text" size="50" name="email" value="" maxlength="255" /> <input type="submit" name="s" value="Send me an unlock email" />
|
| 5 |
</form>
|
| 6 |
<br /><br />
|
| 1 |
If you are a site administrator and have been accidentally locked out, please enter your email in the box below and click "Send". If the email address you enter belongs to a known site administrator or someone set to receive Wordfence alerts, we will send you an email to help you regain access.
|
| 2 |
<br /><br />
|
| 3 |
+
<form method="POST" action="<?php echo wfUtils::getSiteBaseURL(); ?>?_wfsf=unlockEmail">
|
| 4 |
<input type="text" size="50" name="email" value="" maxlength="255" /> <input type="submit" name="s" value="Send me an unlock email" />
|
| 5 |
</form>
|
| 6 |
<br /><br />
|
lib/wordfenceClass.php
CHANGED
|
@@ -245,17 +245,14 @@ class wordfence {
|
|
| 245 |
public static function veryFirstAction(){
|
| 246 |
$wfFunc = $_GET['_wfsf'];
|
| 247 |
if($wfFunc == 'unlockEmail'){
|
| 248 |
-
if(! wp_verify_nonce($_GET['nonce'], 'wp-ajax')){
|
| 249 |
-
echo "Security token verification failed.";
|
| 250 |
-
exit();
|
| 251 |
-
}
|
| 252 |
$email = trim($_POST['email']);
|
| 253 |
global $wpdb;
|
| 254 |
$ws = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users");
|
| 255 |
$users = array();
|
| 256 |
foreach($ws as $user){
|
| 257 |
-
|
| 258 |
-
|
|
|
|
| 259 |
$found = true;
|
| 260 |
break;
|
| 261 |
}
|
|
@@ -276,7 +273,7 @@ class wordfence {
|
|
| 276 |
$content = wfUtils::tmpl('email_unlockRequest.php', array(
|
| 277 |
'siteName' => get_bloginfo('name', 'raw'),
|
| 278 |
'siteURL' => wfUtils::getSiteBaseURL(),
|
| 279 |
-
'unlockHref' => wfUtils::getSiteBaseURL() . '?_wfsf=unlockAccess&
|
| 280 |
'key' => $key,
|
| 281 |
'IP' => $IP
|
| 282 |
));
|
|
@@ -285,10 +282,6 @@ class wordfence {
|
|
| 285 |
echo "<html><body><h1>Your request was received</h1><p>We received a request to email \"$email\" instructions to unlock their access. If that is the email address of a site administrator or someone on the Wordfence alert list, then they have been emailed instructions on how to regain access to this sytem. The instructions we sent will expire 30 minutes from now.</body></html>";
|
| 286 |
exit();
|
| 287 |
} else if($wfFunc == 'unlockAccess'){
|
| 288 |
-
if(! wp_verify_nonce($_GET['nonce'], 'wp-unlock')){
|
| 289 |
-
echo "Security token verification failed.";
|
| 290 |
-
exit();
|
| 291 |
-
}
|
| 292 |
if(! preg_match('/^\d+\.\d+\.\d+\.\d+$/', get_transient('wfunlock_' . $_GET['key']))){
|
| 293 |
echo "Invalid key provided for authentication.";
|
| 294 |
exit();
|
| 245 |
public static function veryFirstAction(){
|
| 246 |
$wfFunc = $_GET['_wfsf'];
|
| 247 |
if($wfFunc == 'unlockEmail'){
|
|
|
|
|
|
|
|
|
|
|
|
|
| 248 |
$email = trim($_POST['email']);
|
| 249 |
global $wpdb;
|
| 250 |
$ws = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users");
|
| 251 |
$users = array();
|
| 252 |
foreach($ws as $user){
|
| 253 |
+
$userDat = get_userdata($user->ID);
|
| 254 |
+
if($userDat->user_level > 7){
|
| 255 |
+
if($email == $userDat->user_email){
|
| 256 |
$found = true;
|
| 257 |
break;
|
| 258 |
}
|
| 273 |
$content = wfUtils::tmpl('email_unlockRequest.php', array(
|
| 274 |
'siteName' => get_bloginfo('name', 'raw'),
|
| 275 |
'siteURL' => wfUtils::getSiteBaseURL(),
|
| 276 |
+
'unlockHref' => wfUtils::getSiteBaseURL() . '?_wfsf=unlockAccess&key=' . $key,
|
| 277 |
'key' => $key,
|
| 278 |
'IP' => $IP
|
| 279 |
));
|
| 282 |
echo "<html><body><h1>Your request was received</h1><p>We received a request to email \"$email\" instructions to unlock their access. If that is the email address of a site administrator or someone on the Wordfence alert list, then they have been emailed instructions on how to regain access to this sytem. The instructions we sent will expire 30 minutes from now.</body></html>";
|
| 283 |
exit();
|
| 284 |
} else if($wfFunc == 'unlockAccess'){
|
|
|
|
|
|
|
|
|
|
|
|
|
| 285 |
if(! preg_match('/^\d+\.\d+\.\d+\.\d+$/', get_transient('wfunlock_' . $_GET['key']))){
|
| 286 |
echo "Invalid key provided for authentication.";
|
| 287 |
exit();
|
readme.txt
CHANGED
|
@@ -3,7 +3,7 @@ Contributors: mmaunder
|
|
| 3 |
Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure
|
| 4 |
Requires at least: 3.3.1
|
| 5 |
Tested up to: 3.3.2
|
| 6 |
-
Stable tag: 1.5.
|
| 7 |
|
| 8 |
Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
|
| 9 |
|
|
@@ -152,6 +152,11 @@ or a theme, because often these have been updated to fix a security hole.
|
|
| 152 |
5. If you're technically minded, this is the under-the-hood view of Wordfence options where you can fine-tune your security settings.
|
| 153 |
|
| 154 |
== Changelog ==
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 155 |
= 1.5.5 =
|
| 156 |
* Added ability for admin's to unlock login and unblock their IP addresses if they're accidentally locked out by the firewall or login security. Uses two security tokens to prevent abuse.
|
| 157 |
* Admins can now also disable firewall and login security from the unlock-me email, just in case of emergency.
|
| 3 |
Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure
|
| 4 |
Requires at least: 3.3.1
|
| 5 |
Tested up to: 3.3.2
|
| 6 |
+
Stable tag: 1.5.6
|
| 7 |
|
| 8 |
Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
|
| 9 |
|
| 152 |
5. If you're technically minded, this is the under-the-hood view of Wordfence options where you can fine-tune your security settings.
|
| 153 |
|
| 154 |
== Changelog ==
|
| 155 |
+
= 1.5.6 =
|
| 156 |
+
* Removed use of nonces and purely using 30 minute key for unlocking emails.
|
| 157 |
+
* Fixed bug that caused admin emails to not get emailed when requesting unlocking email.
|
| 158 |
+
* Fixed minor issue with undefined array in issues loop.
|
| 159 |
+
|
| 160 |
= 1.5.5 =
|
| 161 |
* Added ability for admin's to unlock login and unblock their IP addresses if they're accidentally locked out by the firewall or login security. Uses two security tokens to prevent abuse.
|
| 162 |
* Admins can now also disable firewall and login security from the unlock-me email, just in case of emergency.
|
wordfence.php
CHANGED
|
@@ -4,7 +4,7 @@ Plugin Name: Wordfence Security
|
|
| 4 |
Plugin URI: http://wordfence.com/
|
| 5 |
Description: Wordfence Security - Anti-virus and Firewall security plugin for WordPress
|
| 6 |
Author: Mark Maunder
|
| 7 |
-
Version: 1.5.
|
| 8 |
Author URI: http://wordfence.com/
|
| 9 |
*/
|
| 10 |
require_once('lib/wordfenceConstants.php');
|
| 4 |
Plugin URI: http://wordfence.com/
|
| 5 |
Description: Wordfence Security - Anti-virus and Firewall security plugin for WordPress
|
| 6 |
Author: Mark Maunder
|
| 7 |
+
Version: 1.5.6
|
| 8 |
Author URI: http://wordfence.com/
|
| 9 |
*/
|
| 10 |
require_once('lib/wordfenceConstants.php');
|
