Wordfence Security – Firewall & Malware Scan - Version 2.0.7

Version Description

  • Fixed CSS bug that changed plugins page layout in admin area
  • Added memory benchmark utility.
  • Added process runtime benchmark utility.
  • Added ability to scan in debug mode which accesses the scan app directly.
Download this release

Release Info

Developer mmaunder
Plugin Icon 128x128 Wordfence Security – Firewall & Malware Scan
Version 2.0.7
Comparing to
See all releases

Code changes from version 2.0.6 to 2.0.7

lib/IPTraf.php CHANGED
@@ -1,4 +1,4 @@
1
- <?php if(! wordfence::isAdmin()){ exit(); } ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
2
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
3
<head>
4
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
1
+ <?php if(! wfUtils::isAdmin()){ exit(); } ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
2
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
3
<head>
4
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
lib/menu_options.php CHANGED
@@ -208,6 +208,9 @@ var WFSLevels = <?php echo json_encode(wfConfig::$securityLevels); ?>;
208
<tr><th>Maximum memory Wordfence can use</th><td><input type="text" id="maxMem" name="maxMem" value="<?php $w->f('maxMem'); ?>" size="4" />Megabytes</td></tr>
209
<tr><th>Enable debugging mode</th><td><input type="checkbox" id="debugOn" class="wfConfigElem" name="debugOn" value="1" <?php $w->cb('debugOn'); ?> /></td></tr>
210
<tr><th colspan="2"><a href="/?_wfsf=sysinfo&nonce=<?php echo wp_create_nonce('wp-ajax'); ?>" target="_blank">Click to view your system's configuration in a new window</a></th></tr>
211
</table>
212
<p><table border="0" cellpadding="0" cellspacing="0"><tr><td><input type="button" id="button1" name="button1" class="button-primary" value="Save Changes" onclick="WFAD.saveConfig();" /></td><td style="height: 24px;"><div class="wfAjax24"></div><span class="wfSavedMsg">&nbsp;Your changes have been saved!</span></td></tr></table></p>
213
</div>
208
<tr><th>Maximum memory Wordfence can use</th><td><input type="text" id="maxMem" name="maxMem" value="<?php $w->f('maxMem'); ?>" size="4" />Megabytes</td></tr>
209
<tr><th>Enable debugging mode</th><td><input type="checkbox" id="debugOn" class="wfConfigElem" name="debugOn" value="1" <?php $w->cb('debugOn'); ?> /></td></tr>
210
<tr><th colspan="2"><a href="/?_wfsf=sysinfo&nonce=<?php echo wp_create_nonce('wp-ajax'); ?>" target="_blank">Click to view your system's configuration in a new window</a></th></tr>
211
+ <tr><th colspan="2"><a href="<?php echo wfUtils::getBaseURL(); ?>wfscan.php?debugMode=1&nonce=<?php echo wp_create_nonce('wp-ajax'); ?>" target="_blank">Start a scan in debug mode (advanced users only)</a></th></tr>
212
+ <tr><th colspan="2"><a href="/?_wfsf=testmem&nonce=<?php echo wp_create_nonce('wp-ajax'); ?>" target="_blank">Test your WordPress host's available memory</a></th></tr>
213
+ <tr><th colspan="2"><a href="/?_wfsf=testtime&nonce=<?php echo wp_create_nonce('wp-ajax'); ?>" target="_blank">Test your WordPress host's process running time (you may see a blank screen for up to 3 minutes)</a></th></tr>
214
</table>
215
<p><table border="0" cellpadding="0" cellspacing="0"><tr><td><input type="button" id="button1" name="button1" class="button-primary" value="Save Changes" onclick="WFAD.saveConfig();" /></td><td style="height: 24px;"><div class="wfAjax24"></div><span class="wfSavedMsg">&nbsp;Your changes have been saved!</span></td></tr></table></p>
216
</div>
lib/sysinfo.php CHANGED
@@ -1,4 +1,4 @@
1
- <?php if(! wordfence::isAdmin()){ exit(); } ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
2
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
3
<head>
4
<title>Wordfence System Info</title>
1
+ <?php if(! wfUtils::isAdmin()){ exit(); } ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
2
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
3
<head>
4
<title>Wordfence System Info</title>
lib/viewFullActivityLog.php CHANGED
@@ -1,4 +1,4 @@
1
- <?php if(! wordfence::isAdmin()){ exit(); } ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
2
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
3
<head>
4
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
1
+ <?php if(! wfUtils::isAdmin()){ exit(); } ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
2
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
3
<head>
4
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
lib/wfUtils.php CHANGED
@@ -184,6 +184,18 @@ class wfUtils {
184
@ini_set('memory_limit', $maxMem . 'M');
185
}
186
}
187
}
188
189
184
@ini_set('memory_limit', $maxMem . 'M');
185
}
186
}
187
+ public static function isAdmin(){
188
+ if(is_multisite()){
189
+ if(current_user_can('manage_network')){
190
+ return true;
191
+ }
192
+ } else {
193
+ if(current_user_can('update_core')){
194
+ return true;
195
+ }
196
+ }
197
+ return false;
198
+ }
199
}
200
201
lib/wfViewResult.php CHANGED
@@ -1,4 +1,4 @@
1
- <?php if(! wordfence::isAdmin()){ exit(); } ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
2
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
3
<head>
4
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
1
+ <?php if(! wfUtils::isAdmin()){ exit(); } ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
2
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
3
<head>
4
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
lib/wordfenceClass.php CHANGED
@@ -12,6 +12,7 @@ require_once('wfLog.php');
12
require_once('wfConfig.php');
13
require_once('wfSchema.php');
14
class wordfence {
15
protected static $lastURLError = false;
16
protected static $curlContent = "";
17
protected static $curlDataWritten = 0;
@@ -234,7 +235,7 @@ class wordfence {
234
}
235
}
236
public static function ajaxReceiver(){
237
- if(! self::isAdmin()){
238
die(json_encode(array('errorMsg' => "You appear to have logged out or you are not an admin. Please sign-out and sign-in again.")));
239
}
240
$func = $_POST['action'];
@@ -962,10 +963,10 @@ class wordfence {
962
}
963
}
964
965
- if(! ($wfFunc == 'diff' || $wfFunc == 'view' || $wfFunc == 'sysinfo' || $wfFunc == 'IPTraf' || $wfFunc == 'viewActivityLog')){
966
return;
967
}
968
- if(! self::isAdmin()){
969
return;
970
}
971
@@ -984,9 +985,73 @@ class wordfence {
984
self::wfFunc_IPTraf();
985
} else if($wfFunc == 'viewActivityLog'){
986
self::wfFunc_viewActivityLog();
987
}
988
exit(0);
989
}
990
public static function wp_head(){
991
echo '<script type="text/javascript">var wfHTImg = new Image(); wfHTImg.src="' . wfUtils::getBaseURL() . 'visitor.php?hid=' . wfUtils::encrypt(self::$hitID) . '";</script>';
992
}
@@ -1092,27 +1157,30 @@ class wordfence {
1092
setcookie($cookieName, uniqid(), time() + 1800, '/');
1093
}
1094
public static function admin_init(){
1095
- if(! self::isAdmin()){ return; }
1096
-
1097
foreach(array('activate', 'scan', 'sendActivityLog', 'restoreFile', 'deleteFile', 'removeExclusion', 'activityLogUpdate', 'ticker', 'loadIssues', 'updateIssueStatus', 'deleteIssue', 'updateAllIssues', 'reverseLookup', 'unlockOutIP', 'unblockIP', 'blockIP', 'loadStaticPanel', 'saveConfig', 'clearAllBlocked') as $func){
1098
add_action('wp_ajax_wordfence_' . $func, 'wordfence::ajaxReceiver');
1099
}
1100
- wp_enqueue_style('wordfence-main-style', WP_PLUGIN_URL . '/wordfence/css/main.css', '', WORDFENCE_VERSION);
1101
- wp_enqueue_style('wordfence-colorbox-style', WP_PLUGIN_URL . '/wordfence/css/colorbox.css', '', WORDFENCE_VERSION);
1102
- wp_enqueue_style('wordfence-dttable-style', WP_PLUGIN_URL . '/wordfence/css/dt_table.css', '', WORDFENCE_VERSION);
1103
1104
- wp_enqueue_script('json2');
1105
- wp_enqueue_script('jquery.tmpl', wfUtils::getBaseURL() . 'js/jquery.tmpl.min.js', array('jquery'), WORDFENCE_VERSION);
1106
- wp_enqueue_script('jquery.colorbox', wfUtils::getBaseURL() . 'js/jquery.colorbox-min.js', array('jquery'), WORDFENCE_VERSION);
1107
- wp_enqueue_script('jquery.dataTables', wfUtils::getBaseURL() . 'js/jquery.dataTables.min.js', array('jquery'), WORDFENCE_VERSION);
1108
- //wp_enqueue_script('jquery.tools', wfUtils::getBaseURL() . 'js/jquery.tools.min.js', array('jquery'));
1109
- wp_enqueue_script('wordfenceAdminjs', wfUtils::getBaseURL() . 'js/admin.js', array('jquery'), WORDFENCE_VERSION);
1110
- wp_localize_script('wordfenceAdminjs', 'WordfenceAdminVars', array(
1111
- 'ajaxURL' => admin_url('admin-ajax.php'),
1112
- 'firstNonce' => wp_create_nonce('wp-ajax'),
1113
- 'siteBaseURL' => wfUtils::getSiteBaseURL(),
1114
- 'debugOn' => wfConfig::get('debugOn', 0)
1115
- ));
1116
1117
}
1118
public static function configure_warning(){
@@ -1126,7 +1194,7 @@ class wordfence {
1126
}
1127
}
1128
public static function admin_menus(){
1129
- if(! self::isAdmin()){ return; }
1130
if(! wfConfig::get('alertEmails')){
1131
if(wfUtils::isAdminPageMU()){
1132
add_action('network_admin_notices', 'wordfence::configure_warning');
@@ -1157,21 +1225,13 @@ class wordfence {
1157
public static function menu_scan(){
1158
require 'menu_scan.php';
1159
}
1160
- public static function isAdmin(){
1161
- if(is_multisite()){
1162
- if(current_user_can('manage_network')){
1163
- return true;
1164
- }
1165
- } else {
1166
- if(current_user_can('update_core')){
1167
- return true;
1168
- }
1169
- }
1170
- return false;
1171
- }
1172
public static function status($level /* 1 has highest visibility */, $type /* info|error */, $msg){
1173
if($type != 'info' && $type != 'error'){ error_log("Invalid status type: $type"); return; }
1174
- self::getLog()->addStatus($level, $type, $msg);
1175
}
1176
public static function profileUpdateAction($userID, $newDat){
1177
if(wfConfig::get('other_pwStrengthOnUpdate')){
12
require_once('wfConfig.php');
13
require_once('wfSchema.php');
14
class wordfence {
15
+ public static $printStatus = false;
16
protected static $lastURLError = false;
17
protected static $curlContent = "";
18
protected static $curlDataWritten = 0;
235
}
236
}
237
public static function ajaxReceiver(){
238
+ if(! wfUtils::isAdmin()){
239
die(json_encode(array('errorMsg' => "You appear to have logged out or you are not an admin. Please sign-out and sign-in again.")));
240
}
241
$func = $_POST['action'];
963
}
964
}
965
966
+ if(! ($wfFunc == 'diff' || $wfFunc == 'view' || $wfFunc == 'sysinfo' || $wfFunc == 'IPTraf' || $wfFunc == 'viewActivityLog' || $wfFunc == 'testmem' || $wfFunc == 'testtime')){
967
return;
968
}
969
+ if(! wfUtils::isAdmin()){
970
return;
971
}
972
985
self::wfFunc_IPTraf();
986
} else if($wfFunc == 'viewActivityLog'){
987
self::wfFunc_viewActivityLog();
988
+ } else if($wfFunc == 'testmem'){
989
+ self::wfFunc_testmem();
990
+ } else if($wfFunc == 'testtime'){
991
+ self::wfFunc_testtime();
992
}
993
exit(0);
994
}
995
+ public static function memtest_error_handler($errno, $errstr, $errfile, $errline){
996
+ echo "Error received: $errstr\n";
997
+ }
998
+ private static function wfFunc_testtime(){
999
+ header('Content-Type: text/plain');
1000
+ ini_set('max_execution_time', 1800); //30 mins
1001
+ @error_reporting(E_ALL);
1002
+ @ini_set('display_errors','On');
1003
+ set_error_handler('wordfence::memtest_error_handler', E_ALL);
1004
+
1005
+ echo "Wordfence process duration benchmarking utility version " . WORDFENCE_VERSION . ".\n";
1006
+ echo "This utility tests how long your WordPress host allows a process to run.\n\n--Starting test--\n";
1007
+ echo "Starting timed test. This will take at least three minutes. Seconds elapsed are printed below.\nAn error after this line is not unusual. Read it and the elapsed seconds to determine max process running time on your host.\n";
1008
+ for($i = 1; $i <= 180; $i++){
1009
+ echo "\n$i:";
1010
+ for($j = 0; $j < 1000; $j++){
1011
+ echo '.';
1012
+ }
1013
+ flush();
1014
+ sleep(1);
1015
+ }
1016
+ echo "\n--Test complete.--\n\nCongratulations, your web host allows your PHP processes to run at least 3 minutes.\n";
1017
+ exit();
1018
+ }
1019
+ private static function wfFunc_testmem(){
1020
+ header('Content-Type: text/plain');
1021
+ @error_reporting(E_ALL);
1022
+ @ini_set('display_errors','On');
1023
+ set_error_handler('wordfence::memtest_error_handler', E_ALL);
1024
+
1025
+ echo "Wordfence Memory benchmarking utility version " . WORDFENCE_VERSION . ".\n";
1026
+ echo "This utility tests if your WordPress host respects the maximum memory configured\nin their php.ini file, or if they are using other methods to limit your access to memory.\n\n--Starting test--\n";
1027
+ echo "Current maximum memory configured in php.ini: " . ini_get('memory_limit') . "\n";
1028
+ echo "Current memory usage: " . sprintf('%.2f', memory_get_usage(true) / (1024 * 1024)) . "M\n";
1029
+ echo "Setting max memory to 90M.\n";
1030
+ ini_set('memory_limit', '90M');
1031
+ echo "Starting memory benchmark. Seeing an error after this line is not unusual. Read the error carefully\nto determine how much memory your host allows. We have requested 90 megabytes.\n";
1032
+ if(memory_get_usage(true) < 1){
1033
+ echo "Exiting test because memory_get_usage() returned a negative number\n";
1034
+ }
1035
+ if(memory_get_usage(true) > (1024 * 1024 * 1024)){
1036
+ echo "Exiting because current memory usage is greater than a gigabyte.\n";
1037
+ }
1038
+ $arr = array();
1039
+ //256 bytes
1040
+ $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ012345678900000000000000000000000000000000000000000000000000000000000000000000000000000000000000011111111111111111222222222222222222233333333333333334444444444444444444444444555555555555666666666666666666";
1041
+ $finalUsage = '0';
1042
+ while(true){
1043
+ if(memory_get_usage(true) > 80 * 1024 * 1024){
1044
+ $finalUsage = sprintf('%.2f', (memory_get_usage(true) / 1024 / 1024));
1045
+ echo "Completing test after benchmarking up to " . $finalUsage . " megabytes.\n";
1046
+ break;
1047
+ }
1048
+ for($i = 0; $i < 1024; $i++){ //Roughly 1 megabyte if it's 256K and actual array size is 4x data size
1049
+ $arr[] = $chars;
1050
+ }
1051
+ }
1052
+ echo "--Test complete.--\n\nCongratulations, your web host allows you to use at least $finalUsage megabytes of memory for each PHP process hosting your WordPress site.\n";
1053
+ exit();
1054
+ }
1055
public static function wp_head(){
1056
echo '<script type="text/javascript">var wfHTImg = new Image(); wfHTImg.src="' . wfUtils::getBaseURL() . 'visitor.php?hid=' . wfUtils::encrypt(self::$hitID) . '";</script>';
1057
}
1157
setcookie($cookieName, uniqid(), time() + 1800, '/');
1158
}
1159
public static function admin_init(){
1160
+ if(! wfUtils::isAdmin()){ return; }
1161
foreach(array('activate', 'scan', 'sendActivityLog', 'restoreFile', 'deleteFile', 'removeExclusion', 'activityLogUpdate', 'ticker', 'loadIssues', 'updateIssueStatus', 'deleteIssue', 'updateAllIssues', 'reverseLookup', 'unlockOutIP', 'unblockIP', 'blockIP', 'loadStaticPanel', 'saveConfig', 'clearAllBlocked') as $func){
1162
add_action('wp_ajax_wordfence_' . $func, 'wordfence::ajaxReceiver');
1163
}
1164
1165
+ if(preg_match('/^Wordfence/', $_GET['page'])){
1166
+
1167
+ wp_enqueue_style('wordfence-main-style', WP_PLUGIN_URL . '/wordfence/css/main.css', '', WORDFENCE_VERSION);
1168
+ wp_enqueue_style('wordfence-colorbox-style', WP_PLUGIN_URL . '/wordfence/css/colorbox.css', '', WORDFENCE_VERSION);
1169
+ wp_enqueue_style('wordfence-dttable-style', WP_PLUGIN_URL . '/wordfence/css/dt_table.css', '', WORDFENCE_VERSION);
1170
+
1171
+ wp_enqueue_script('json2');
1172
+ wp_enqueue_script('jquery.tmpl', wfUtils::getBaseURL() . 'js/jquery.tmpl.min.js', array('jquery'), WORDFENCE_VERSION);
1173
+ wp_enqueue_script('jquery.colorbox', wfUtils::getBaseURL() . 'js/jquery.colorbox-min.js', array('jquery'), WORDFENCE_VERSION);
1174
+ wp_enqueue_script('jquery.dataTables', wfUtils::getBaseURL() . 'js/jquery.dataTables.min.js', array('jquery'), WORDFENCE_VERSION);
1175
+ //wp_enqueue_script('jquery.tools', wfUtils::getBaseURL() . 'js/jquery.tools.min.js', array('jquery'));
1176
+ wp_enqueue_script('wordfenceAdminjs', wfUtils::getBaseURL() . 'js/admin.js', array('jquery'), WORDFENCE_VERSION);
1177
+ wp_localize_script('wordfenceAdminjs', 'WordfenceAdminVars', array(
1178
+ 'ajaxURL' => admin_url('admin-ajax.php'),
1179
+ 'firstNonce' => wp_create_nonce('wp-ajax'),
1180
+ 'siteBaseURL' => wfUtils::getSiteBaseURL(),
1181
+ 'debugOn' => wfConfig::get('debugOn', 0)
1182
+ ));
1183
+ }
1184
1185
}
1186
public static function configure_warning(){
1194
}
1195
}
1196
public static function admin_menus(){
1197
+ if(! wfUtils::isAdmin()){ return; }
1198
if(! wfConfig::get('alertEmails')){
1199
if(wfUtils::isAdminPageMU()){
1200
add_action('network_admin_notices', 'wordfence::configure_warning');
1225
public static function menu_scan(){
1226
require 'menu_scan.php';
1227
}
1228
public static function status($level /* 1 has highest visibility */, $type /* info|error */, $msg){
1229
if($type != 'info' && $type != 'error'){ error_log("Invalid status type: $type"); return; }
1230
+ if(self::$printStatus){
1231
+ echo "STATUS: $level : $type : $msg\n";
1232
+ } else {
1233
+ self::getLog()->addStatus($level, $type, $msg);
1234
+ }
1235
}
1236
public static function profileUpdateAction($userID, $newDat){
1237
if(wfConfig::get('other_pwStrengthOnUpdate')){
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: mmaunder
3
Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure
4
Requires at least: 3.3.1
5
Tested up to: 3.3.2
6
- Stable tag: 2.0.6
7
8
Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
9
@@ -152,6 +152,12 @@ or a theme, because often these have been updated to fix a security hole.
152
5. If you're technically minded, this is the under-the-hood view of Wordfence options where you can fine-tune your security settings.
153
154
== Changelog ==
155
= 2.0.6 =
156
* Added IP whitelisting including ability to whitelist ranges that are excluded from firewall and login security measures.
157
* RFC1918 private networks and loopback address is automatically whitelisted to prevent firewall or login security blocking internal routers and proxy servers, internal firewalls and internal users.
3
Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure
4
Requires at least: 3.3.1
5
Tested up to: 3.3.2
6
+ Stable tag: 2.0.7
7
8
Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
9
152
5. If you're technically minded, this is the under-the-hood view of Wordfence options where you can fine-tune your security settings.
153
154
== Changelog ==
155
+ = 2.0.7 =
156
+ * Fixed CSS bug that changed plugins page layout in admin area
157
+ * Added memory benchmark utility.
158
+ * Added process runtime benchmark utility.
159
+ * Added ability to scan in debug mode which accesses the scan app directly.
160
+
161
= 2.0.6 =
162
* Added IP whitelisting including ability to whitelist ranges that are excluded from firewall and login security measures.
163
* RFC1918 private networks and loopback address is automatically whitelisted to prevent firewall or login security blocking internal routers and proxy servers, internal firewalls and internal users.
wfscan.php CHANGED
@@ -20,36 +20,49 @@ require_once('lib/wordfenceConstants.php');
20
require_once('lib/wfScanEngine.php');
21
22
class wfScan {
23
public static function wfScanMain(){
24
$db = new wfDB();
25
if($db->errorMsg){
26
self::errorExit("Could not connect to database to start scan: " . $db->errorMsg);
27
}
28
- wordfence::status(4, 'info', "Scan engine received request.");
29
if(! wordfence::wfSchemaExists()){
30
self::errorExit("Looks like the Wordfence database tables have been deleted. You can fix this by de-activating and re-activating the Wordfence plugin from your Plugins menu.");
31
}
32
- wordfence::status(4, 'info', "Checking cronkey header");
33
- if(! $_SERVER['HTTP_X_WORDFENCE_CRONKEY']){
34
- self::errorExit("The Wordfence scanner did not receive the x_wordfence_cronkey secure header.");
35
- }
36
- wordfence::status(4, 'info', "Fetching stored cronkey for comparison.");
37
- $currentCronKey = wfConfig::get('currentCronKey', false);
38
- if(! $currentCronKey){
39
- self::errorExit("Wordfence could not find a saved cron key to start the scan.");
40
- }
41
42
- wordfence::status(4, 'info', "Exploding stored cronkey");
43
- $savedKey = explode(',',$currentCronKey);
44
- if(time() - $savedKey[0] > 60){
45
- self::errorExit("The key used to start a scan has expired.");
46
- } //keys only last 60 seconds and are used within milliseconds of creation
47
- wordfence::status(4, 'info', "Checking saved cronkey against cronkey header");
48
- if($savedKey[1] != $_SERVER['HTTP_X_WORDFENCE_CRONKEY']){
49
- self::errorExit("Wordfence could not start a scan because the cron key does not match the saved key.");
50
}
51
- wordfence::status(4, 'info', "Deleting stored cronkey");
52
- wfConfig::set('currentCronKey', '');
53
ini_set('max_execution_time', 1800); //30 mins
54
wordfence::status(4, 'info', "Becoming admin for scan");
55
self::becomeAdmin();
@@ -65,7 +78,9 @@ class wfScan {
65
wordfence::status(4, 'info', "Setting up error handling environment");
66
set_error_handler('wfScan::error_handler', E_ALL);
67
register_shutdown_function('wfScan::shutdown');
68
- ob_start('wfScan::obHandler');
69
@error_reporting(E_ALL);
70
@ini_set('display_errors','On');
71
wordfence::status(4, 'info', "Setting up scanRunning and starting scan");
20
require_once('lib/wfScanEngine.php');
21
22
class wfScan {
23
+ public static $debugMode = false;
24
public static function wfScanMain(){
25
$db = new wfDB();
26
if($db->errorMsg){
27
self::errorExit("Could not connect to database to start scan: " . $db->errorMsg);
28
}
29
if(! wordfence::wfSchemaExists()){
30
self::errorExit("Looks like the Wordfence database tables have been deleted. You can fix this by de-activating and re-activating the Wordfence plugin from your Plugins menu.");
31
}
32
+ if(wfUtils::isAdmin() && $_GET['debugMode'] == '1'){
33
+ header('Content-type: text/plain');
34
+ wordfence::status(1, 'info', "Running in debug mode and writing directly to browser.");
35
+ if(! wp_verify_nonce($_GET['nonce'], 'wp-ajax')){
36
+ echo("The security key (nonce) provided for this debug scan is invalid. Please close this window, refresh your options page and try again.");
37
+ exit();
38
+ }
39
+ self::$debugMode = true;
40
+ wordfence::$printStatus = true;
41
+ } else {
42
+ wordfence::status(4, 'info', "Scan engine received request.");
43
+ wordfence::status(4, 'info', "Checking cronkey header");
44
+ if(! $_SERVER['HTTP_X_WORDFENCE_CRONKEY']){
45
+ self::errorExit("The Wordfence scanner did not receive the x_wordfence_cronkey secure header.");
46
+ }
47
+ wordfence::status(4, 'info', "Fetching stored cronkey for comparison.");
48
+ $currentCronKey = wfConfig::get('currentCronKey', false);
49
+ if(! $currentCronKey){
50
+ self::errorExit("Wordfence could not find a saved cron key to start the scan.");
51
+ }
52
53
+ wordfence::status(4, 'info', "Exploding stored cronkey");
54
+ $savedKey = explode(',',$currentCronKey);
55
+ if(time() - $savedKey[0] > 60){
56
+ self::errorExit("The key used to start a scan has expired.");
57
+ } //keys only last 60 seconds and are used within milliseconds of creation
58
+ wordfence::status(4, 'info', "Checking saved cronkey against cronkey header");
59
+ if($savedKey[1] != $_SERVER['HTTP_X_WORDFENCE_CRONKEY']){
60
+ self::errorExit("Wordfence could not start a scan because the cron key does not match the saved key.");
61
+ }
62
+ wordfence::status(4, 'info', "Deleting stored cronkey");
63
+ wfConfig::set('currentCronKey', '');
64
}
65
+
66
ini_set('max_execution_time', 1800); //30 mins
67
wordfence::status(4, 'info', "Becoming admin for scan");
68
self::becomeAdmin();
78
wordfence::status(4, 'info', "Setting up error handling environment");
79
set_error_handler('wfScan::error_handler', E_ALL);
80
register_shutdown_function('wfScan::shutdown');
81
+ if(! self::$debugMode){
82
+ ob_start('wfScan::obHandler');
83
+ }
84
@error_reporting(E_ALL);
85
@ini_set('display_errors','On');
86
wordfence::status(4, 'info', "Setting up scanRunning and starting scan");
wordfence.php CHANGED
@@ -4,10 +4,10 @@ Plugin Name: Wordfence Security
4
Plugin URI: http://wordfence.com/
5
Description: Wordfence Security - Anti-virus and Firewall security plugin for WordPress
6
Author: Mark Maunder
7
- Version: 2.0.6
8
Author URI: http://wordfence.com/
9
*/
10
- define('WORDFENCE_VERSION', '2.0.6');
11
12
13
require_once('lib/wordfenceConstants.php');
4
Plugin URI: http://wordfence.com/
5
Description: Wordfence Security - Anti-virus and Firewall security plugin for WordPress
6
Author: Mark Maunder
7
+ Version: 2.0.7
8
Author URI: http://wordfence.com/
9
*/
10
+ define('WORDFENCE_VERSION', '2.0.7');
11
12
13
require_once('lib/wordfenceConstants.php');