Version Description
- Fixed CSS bug that changed plugins page layout in admin area
- Added memory benchmark utility.
- Added process runtime benchmark utility.
- Added ability to scan in debug mode which accesses the scan app directly.
Download this release
Release Info
Developer | mmaunder |
Plugin | Wordfence Security – Firewall & Malware Scan |
Version | 2.0.7 |
Comparing to | |
See all releases |
Code changes from version 2.0.6 to 2.0.7
- lib/IPTraf.php +1 -1
- lib/menu_options.php +3 -0
- lib/sysinfo.php +1 -1
- lib/viewFullActivityLog.php +1 -1
- lib/wfUtils.php +12 -0
- lib/wfViewResult.php +1 -1
- lib/wordfenceClass.php +94 -34
- readme.txt +7 -1
- wfscan.php +36 -21
- wordfence.php +2 -2
lib/IPTraf.php
CHANGED
@@ -1,4 +1,4 @@
|
|
1 |
-
<?php if(!
|
2 |
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
|
3 |
<head>
|
4 |
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
|
1 |
+
<?php if(! wfUtils::isAdmin()){ exit(); } ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
2 |
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
|
3 |
<head>
|
4 |
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
|
lib/menu_options.php
CHANGED
@@ -208,6 +208,9 @@ var WFSLevels = <?php echo json_encode(wfConfig::$securityLevels); ?>;
|
|
208 |
<tr><th>Maximum memory Wordfence can use</th><td><input type="text" id="maxMem" name="maxMem" value="<?php $w->f('maxMem'); ?>" size="4" />Megabytes</td></tr>
|
209 |
<tr><th>Enable debugging mode</th><td><input type="checkbox" id="debugOn" class="wfConfigElem" name="debugOn" value="1" <?php $w->cb('debugOn'); ?> /></td></tr>
|
210 |
<tr><th colspan="2"><a href="/?_wfsf=sysinfo&nonce=<?php echo wp_create_nonce('wp-ajax'); ?>" target="_blank">Click to view your system's configuration in a new window</a></th></tr>
|
|
|
|
|
|
|
211 |
</table>
|
212 |
<p><table border="0" cellpadding="0" cellspacing="0"><tr><td><input type="button" id="button1" name="button1" class="button-primary" value="Save Changes" onclick="WFAD.saveConfig();" /></td><td style="height: 24px;"><div class="wfAjax24"></div><span class="wfSavedMsg"> Your changes have been saved!</span></td></tr></table></p>
|
213 |
</div>
|
208 |
<tr><th>Maximum memory Wordfence can use</th><td><input type="text" id="maxMem" name="maxMem" value="<?php $w->f('maxMem'); ?>" size="4" />Megabytes</td></tr>
|
209 |
<tr><th>Enable debugging mode</th><td><input type="checkbox" id="debugOn" class="wfConfigElem" name="debugOn" value="1" <?php $w->cb('debugOn'); ?> /></td></tr>
|
210 |
<tr><th colspan="2"><a href="/?_wfsf=sysinfo&nonce=<?php echo wp_create_nonce('wp-ajax'); ?>" target="_blank">Click to view your system's configuration in a new window</a></th></tr>
|
211 |
+
<tr><th colspan="2"><a href="<?php echo wfUtils::getBaseURL(); ?>wfscan.php?debugMode=1&nonce=<?php echo wp_create_nonce('wp-ajax'); ?>" target="_blank">Start a scan in debug mode (advanced users only)</a></th></tr>
|
212 |
+
<tr><th colspan="2"><a href="/?_wfsf=testmem&nonce=<?php echo wp_create_nonce('wp-ajax'); ?>" target="_blank">Test your WordPress host's available memory</a></th></tr>
|
213 |
+
<tr><th colspan="2"><a href="/?_wfsf=testtime&nonce=<?php echo wp_create_nonce('wp-ajax'); ?>" target="_blank">Test your WordPress host's process running time (you may see a blank screen for up to 3 minutes)</a></th></tr>
|
214 |
</table>
|
215 |
<p><table border="0" cellpadding="0" cellspacing="0"><tr><td><input type="button" id="button1" name="button1" class="button-primary" value="Save Changes" onclick="WFAD.saveConfig();" /></td><td style="height: 24px;"><div class="wfAjax24"></div><span class="wfSavedMsg"> Your changes have been saved!</span></td></tr></table></p>
|
216 |
</div>
|
lib/sysinfo.php
CHANGED
@@ -1,4 +1,4 @@
|
|
1 |
-
<?php if(!
|
2 |
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
|
3 |
<head>
|
4 |
<title>Wordfence System Info</title>
|
1 |
+
<?php if(! wfUtils::isAdmin()){ exit(); } ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
2 |
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
|
3 |
<head>
|
4 |
<title>Wordfence System Info</title>
|
lib/viewFullActivityLog.php
CHANGED
@@ -1,4 +1,4 @@
|
|
1 |
-
<?php if(!
|
2 |
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
|
3 |
<head>
|
4 |
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
|
1 |
+
<?php if(! wfUtils::isAdmin()){ exit(); } ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
2 |
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
|
3 |
<head>
|
4 |
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
|
lib/wfUtils.php
CHANGED
@@ -184,6 +184,18 @@ class wfUtils {
|
|
184 |
@ini_set('memory_limit', $maxMem . 'M');
|
185 |
}
|
186 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
187 |
}
|
188 |
|
189 |
|
184 |
@ini_set('memory_limit', $maxMem . 'M');
|
185 |
}
|
186 |
}
|
187 |
+
public static function isAdmin(){
|
188 |
+
if(is_multisite()){
|
189 |
+
if(current_user_can('manage_network')){
|
190 |
+
return true;
|
191 |
+
}
|
192 |
+
} else {
|
193 |
+
if(current_user_can('update_core')){
|
194 |
+
return true;
|
195 |
+
}
|
196 |
+
}
|
197 |
+
return false;
|
198 |
+
}
|
199 |
}
|
200 |
|
201 |
|
lib/wfViewResult.php
CHANGED
@@ -1,4 +1,4 @@
|
|
1 |
-
<?php if(!
|
2 |
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
|
3 |
<head>
|
4 |
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
|
1 |
+
<?php if(! wfUtils::isAdmin()){ exit(); } ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
2 |
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
|
3 |
<head>
|
4 |
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
|
lib/wordfenceClass.php
CHANGED
@@ -12,6 +12,7 @@ require_once('wfLog.php');
|
|
12 |
require_once('wfConfig.php');
|
13 |
require_once('wfSchema.php');
|
14 |
class wordfence {
|
|
|
15 |
protected static $lastURLError = false;
|
16 |
protected static $curlContent = "";
|
17 |
protected static $curlDataWritten = 0;
|
@@ -234,7 +235,7 @@ class wordfence {
|
|
234 |
}
|
235 |
}
|
236 |
public static function ajaxReceiver(){
|
237 |
-
if(!
|
238 |
die(json_encode(array('errorMsg' => "You appear to have logged out or you are not an admin. Please sign-out and sign-in again.")));
|
239 |
}
|
240 |
$func = $_POST['action'];
|
@@ -962,10 +963,10 @@ class wordfence {
|
|
962 |
}
|
963 |
}
|
964 |
|
965 |
-
if(! ($wfFunc == 'diff' || $wfFunc == 'view' || $wfFunc == 'sysinfo' || $wfFunc == 'IPTraf' || $wfFunc == 'viewActivityLog')){
|
966 |
return;
|
967 |
}
|
968 |
-
if(!
|
969 |
return;
|
970 |
}
|
971 |
|
@@ -984,9 +985,73 @@ class wordfence {
|
|
984 |
self::wfFunc_IPTraf();
|
985 |
} else if($wfFunc == 'viewActivityLog'){
|
986 |
self::wfFunc_viewActivityLog();
|
|
|
|
|
|
|
|
|
987 |
}
|
988 |
exit(0);
|
989 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
990 |
public static function wp_head(){
|
991 |
echo '<script type="text/javascript">var wfHTImg = new Image(); wfHTImg.src="' . wfUtils::getBaseURL() . 'visitor.php?hid=' . wfUtils::encrypt(self::$hitID) . '";</script>';
|
992 |
}
|
@@ -1092,27 +1157,30 @@ class wordfence {
|
|
1092 |
setcookie($cookieName, uniqid(), time() + 1800, '/');
|
1093 |
}
|
1094 |
public static function admin_init(){
|
1095 |
-
if(!
|
1096 |
-
|
1097 |
foreach(array('activate', 'scan', 'sendActivityLog', 'restoreFile', 'deleteFile', 'removeExclusion', 'activityLogUpdate', 'ticker', 'loadIssues', 'updateIssueStatus', 'deleteIssue', 'updateAllIssues', 'reverseLookup', 'unlockOutIP', 'unblockIP', 'blockIP', 'loadStaticPanel', 'saveConfig', 'clearAllBlocked') as $func){
|
1098 |
add_action('wp_ajax_wordfence_' . $func, 'wordfence::ajaxReceiver');
|
1099 |
}
|
1100 |
-
wp_enqueue_style('wordfence-main-style', WP_PLUGIN_URL . '/wordfence/css/main.css', '', WORDFENCE_VERSION);
|
1101 |
-
wp_enqueue_style('wordfence-colorbox-style', WP_PLUGIN_URL . '/wordfence/css/colorbox.css', '', WORDFENCE_VERSION);
|
1102 |
-
wp_enqueue_style('wordfence-dttable-style', WP_PLUGIN_URL . '/wordfence/css/dt_table.css', '', WORDFENCE_VERSION);
|
1103 |
|
1104 |
-
|
1105 |
-
|
1106 |
-
|
1107 |
-
|
1108 |
-
|
1109 |
-
|
1110 |
-
|
1111 |
-
'
|
1112 |
-
'
|
1113 |
-
'
|
1114 |
-
'
|
1115 |
-
));
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1116 |
|
1117 |
}
|
1118 |
public static function configure_warning(){
|
@@ -1126,7 +1194,7 @@ class wordfence {
|
|
1126 |
}
|
1127 |
}
|
1128 |
public static function admin_menus(){
|
1129 |
-
if(!
|
1130 |
if(! wfConfig::get('alertEmails')){
|
1131 |
if(wfUtils::isAdminPageMU()){
|
1132 |
add_action('network_admin_notices', 'wordfence::configure_warning');
|
@@ -1157,21 +1225,13 @@ class wordfence {
|
|
1157 |
public static function menu_scan(){
|
1158 |
require 'menu_scan.php';
|
1159 |
}
|
1160 |
-
public static function isAdmin(){
|
1161 |
-
if(is_multisite()){
|
1162 |
-
if(current_user_can('manage_network')){
|
1163 |
-
return true;
|
1164 |
-
}
|
1165 |
-
} else {
|
1166 |
-
if(current_user_can('update_core')){
|
1167 |
-
return true;
|
1168 |
-
}
|
1169 |
-
}
|
1170 |
-
return false;
|
1171 |
-
}
|
1172 |
public static function status($level /* 1 has highest visibility */, $type /* info|error */, $msg){
|
1173 |
if($type != 'info' && $type != 'error'){ error_log("Invalid status type: $type"); return; }
|
1174 |
-
self
|
|
|
|
|
|
|
|
|
1175 |
}
|
1176 |
public static function profileUpdateAction($userID, $newDat){
|
1177 |
if(wfConfig::get('other_pwStrengthOnUpdate')){
|
12 |
require_once('wfConfig.php');
|
13 |
require_once('wfSchema.php');
|
14 |
class wordfence {
|
15 |
+
public static $printStatus = false;
|
16 |
protected static $lastURLError = false;
|
17 |
protected static $curlContent = "";
|
18 |
protected static $curlDataWritten = 0;
|
235 |
}
|
236 |
}
|
237 |
public static function ajaxReceiver(){
|
238 |
+
if(! wfUtils::isAdmin()){
|
239 |
die(json_encode(array('errorMsg' => "You appear to have logged out or you are not an admin. Please sign-out and sign-in again.")));
|
240 |
}
|
241 |
$func = $_POST['action'];
|
963 |
}
|
964 |
}
|
965 |
|
966 |
+
if(! ($wfFunc == 'diff' || $wfFunc == 'view' || $wfFunc == 'sysinfo' || $wfFunc == 'IPTraf' || $wfFunc == 'viewActivityLog' || $wfFunc == 'testmem' || $wfFunc == 'testtime')){
|
967 |
return;
|
968 |
}
|
969 |
+
if(! wfUtils::isAdmin()){
|
970 |
return;
|
971 |
}
|
972 |
|
985 |
self::wfFunc_IPTraf();
|
986 |
} else if($wfFunc == 'viewActivityLog'){
|
987 |
self::wfFunc_viewActivityLog();
|
988 |
+
} else if($wfFunc == 'testmem'){
|
989 |
+
self::wfFunc_testmem();
|
990 |
+
} else if($wfFunc == 'testtime'){
|
991 |
+
self::wfFunc_testtime();
|
992 |
}
|
993 |
exit(0);
|
994 |
}
|
995 |
+
public static function memtest_error_handler($errno, $errstr, $errfile, $errline){
|
996 |
+
echo "Error received: $errstr\n";
|
997 |
+
}
|
998 |
+
private static function wfFunc_testtime(){
|
999 |
+
header('Content-Type: text/plain');
|
1000 |
+
ini_set('max_execution_time', 1800); //30 mins
|
1001 |
+
@error_reporting(E_ALL);
|
1002 |
+
@ini_set('display_errors','On');
|
1003 |
+
set_error_handler('wordfence::memtest_error_handler', E_ALL);
|
1004 |
+
|
1005 |
+
echo "Wordfence process duration benchmarking utility version " . WORDFENCE_VERSION . ".\n";
|
1006 |
+
echo "This utility tests how long your WordPress host allows a process to run.\n\n--Starting test--\n";
|
1007 |
+
echo "Starting timed test. This will take at least three minutes. Seconds elapsed are printed below.\nAn error after this line is not unusual. Read it and the elapsed seconds to determine max process running time on your host.\n";
|
1008 |
+
for($i = 1; $i <= 180; $i++){
|
1009 |
+
echo "\n$i:";
|
1010 |
+
for($j = 0; $j < 1000; $j++){
|
1011 |
+
echo '.';
|
1012 |
+
}
|
1013 |
+
flush();
|
1014 |
+
sleep(1);
|
1015 |
+
}
|
1016 |
+
echo "\n--Test complete.--\n\nCongratulations, your web host allows your PHP processes to run at least 3 minutes.\n";
|
1017 |
+
exit();
|
1018 |
+
}
|
1019 |
+
private static function wfFunc_testmem(){
|
1020 |
+
header('Content-Type: text/plain');
|
1021 |
+
@error_reporting(E_ALL);
|
1022 |
+
@ini_set('display_errors','On');
|
1023 |
+
set_error_handler('wordfence::memtest_error_handler', E_ALL);
|
1024 |
+
|
1025 |
+
echo "Wordfence Memory benchmarking utility version " . WORDFENCE_VERSION . ".\n";
|
1026 |
+
echo "This utility tests if your WordPress host respects the maximum memory configured\nin their php.ini file, or if they are using other methods to limit your access to memory.\n\n--Starting test--\n";
|
1027 |
+
echo "Current maximum memory configured in php.ini: " . ini_get('memory_limit') . "\n";
|
1028 |
+
echo "Current memory usage: " . sprintf('%.2f', memory_get_usage(true) / (1024 * 1024)) . "M\n";
|
1029 |
+
echo "Setting max memory to 90M.\n";
|
1030 |
+
ini_set('memory_limit', '90M');
|
1031 |
+
echo "Starting memory benchmark. Seeing an error after this line is not unusual. Read the error carefully\nto determine how much memory your host allows. We have requested 90 megabytes.\n";
|
1032 |
+
if(memory_get_usage(true) < 1){
|
1033 |
+
echo "Exiting test because memory_get_usage() returned a negative number\n";
|
1034 |
+
}
|
1035 |
+
if(memory_get_usage(true) > (1024 * 1024 * 1024)){
|
1036 |
+
echo "Exiting because current memory usage is greater than a gigabyte.\n";
|
1037 |
+
}
|
1038 |
+
$arr = array();
|
1039 |
+
//256 bytes
|
1040 |
+
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ012345678900000000000000000000000000000000000000000000000000000000000000000000000000000000000000011111111111111111222222222222222222233333333333333334444444444444444444444444555555555555666666666666666666";
|
1041 |
+
$finalUsage = '0';
|
1042 |
+
while(true){
|
1043 |
+
if(memory_get_usage(true) > 80 * 1024 * 1024){
|
1044 |
+
$finalUsage = sprintf('%.2f', (memory_get_usage(true) / 1024 / 1024));
|
1045 |
+
echo "Completing test after benchmarking up to " . $finalUsage . " megabytes.\n";
|
1046 |
+
break;
|
1047 |
+
}
|
1048 |
+
for($i = 0; $i < 1024; $i++){ //Roughly 1 megabyte if it's 256K and actual array size is 4x data size
|
1049 |
+
$arr[] = $chars;
|
1050 |
+
}
|
1051 |
+
}
|
1052 |
+
echo "--Test complete.--\n\nCongratulations, your web host allows you to use at least $finalUsage megabytes of memory for each PHP process hosting your WordPress site.\n";
|
1053 |
+
exit();
|
1054 |
+
}
|
1055 |
public static function wp_head(){
|
1056 |
echo '<script type="text/javascript">var wfHTImg = new Image(); wfHTImg.src="' . wfUtils::getBaseURL() . 'visitor.php?hid=' . wfUtils::encrypt(self::$hitID) . '";</script>';
|
1057 |
}
|
1157 |
setcookie($cookieName, uniqid(), time() + 1800, '/');
|
1158 |
}
|
1159 |
public static function admin_init(){
|
1160 |
+
if(! wfUtils::isAdmin()){ return; }
|
|
|
1161 |
foreach(array('activate', 'scan', 'sendActivityLog', 'restoreFile', 'deleteFile', 'removeExclusion', 'activityLogUpdate', 'ticker', 'loadIssues', 'updateIssueStatus', 'deleteIssue', 'updateAllIssues', 'reverseLookup', 'unlockOutIP', 'unblockIP', 'blockIP', 'loadStaticPanel', 'saveConfig', 'clearAllBlocked') as $func){
|
1162 |
add_action('wp_ajax_wordfence_' . $func, 'wordfence::ajaxReceiver');
|
1163 |
}
|
|
|
|
|
|
|
1164 |
|
1165 |
+
if(preg_match('/^Wordfence/', $_GET['page'])){
|
1166 |
+
|
1167 |
+
wp_enqueue_style('wordfence-main-style', WP_PLUGIN_URL . '/wordfence/css/main.css', '', WORDFENCE_VERSION);
|
1168 |
+
wp_enqueue_style('wordfence-colorbox-style', WP_PLUGIN_URL . '/wordfence/css/colorbox.css', '', WORDFENCE_VERSION);
|
1169 |
+
wp_enqueue_style('wordfence-dttable-style', WP_PLUGIN_URL . '/wordfence/css/dt_table.css', '', WORDFENCE_VERSION);
|
1170 |
+
|
1171 |
+
wp_enqueue_script('json2');
|
1172 |
+
wp_enqueue_script('jquery.tmpl', wfUtils::getBaseURL() . 'js/jquery.tmpl.min.js', array('jquery'), WORDFENCE_VERSION);
|
1173 |
+
wp_enqueue_script('jquery.colorbox', wfUtils::getBaseURL() . 'js/jquery.colorbox-min.js', array('jquery'), WORDFENCE_VERSION);
|
1174 |
+
wp_enqueue_script('jquery.dataTables', wfUtils::getBaseURL() . 'js/jquery.dataTables.min.js', array('jquery'), WORDFENCE_VERSION);
|
1175 |
+
//wp_enqueue_script('jquery.tools', wfUtils::getBaseURL() . 'js/jquery.tools.min.js', array('jquery'));
|
1176 |
+
wp_enqueue_script('wordfenceAdminjs', wfUtils::getBaseURL() . 'js/admin.js', array('jquery'), WORDFENCE_VERSION);
|
1177 |
+
wp_localize_script('wordfenceAdminjs', 'WordfenceAdminVars', array(
|
1178 |
+
'ajaxURL' => admin_url('admin-ajax.php'),
|
1179 |
+
'firstNonce' => wp_create_nonce('wp-ajax'),
|
1180 |
+
'siteBaseURL' => wfUtils::getSiteBaseURL(),
|
1181 |
+
'debugOn' => wfConfig::get('debugOn', 0)
|
1182 |
+
));
|
1183 |
+
}
|
1184 |
|
1185 |
}
|
1186 |
public static function configure_warning(){
|
1194 |
}
|
1195 |
}
|
1196 |
public static function admin_menus(){
|
1197 |
+
if(! wfUtils::isAdmin()){ return; }
|
1198 |
if(! wfConfig::get('alertEmails')){
|
1199 |
if(wfUtils::isAdminPageMU()){
|
1200 |
add_action('network_admin_notices', 'wordfence::configure_warning');
|
1225 |
public static function menu_scan(){
|
1226 |
require 'menu_scan.php';
|
1227 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1228 |
public static function status($level /* 1 has highest visibility */, $type /* info|error */, $msg){
|
1229 |
if($type != 'info' && $type != 'error'){ error_log("Invalid status type: $type"); return; }
|
1230 |
+
if(self::$printStatus){
|
1231 |
+
echo "STATUS: $level : $type : $msg\n";
|
1232 |
+
} else {
|
1233 |
+
self::getLog()->addStatus($level, $type, $msg);
|
1234 |
+
}
|
1235 |
}
|
1236 |
public static function profileUpdateAction($userID, $newDat){
|
1237 |
if(wfConfig::get('other_pwStrengthOnUpdate')){
|
readme.txt
CHANGED
@@ -3,7 +3,7 @@ Contributors: mmaunder
|
|
3 |
Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure
|
4 |
Requires at least: 3.3.1
|
5 |
Tested up to: 3.3.2
|
6 |
-
Stable tag: 2.0.
|
7 |
|
8 |
Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
|
9 |
|
@@ -152,6 +152,12 @@ or a theme, because often these have been updated to fix a security hole.
|
|
152 |
5. If you're technically minded, this is the under-the-hood view of Wordfence options where you can fine-tune your security settings.
|
153 |
|
154 |
== Changelog ==
|
|
|
|
|
|
|
|
|
|
|
|
|
155 |
= 2.0.6 =
|
156 |
* Added IP whitelisting including ability to whitelist ranges that are excluded from firewall and login security measures.
|
157 |
* RFC1918 private networks and loopback address is automatically whitelisted to prevent firewall or login security blocking internal routers and proxy servers, internal firewalls and internal users.
|
3 |
Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure
|
4 |
Requires at least: 3.3.1
|
5 |
Tested up to: 3.3.2
|
6 |
+
Stable tag: 2.0.7
|
7 |
|
8 |
Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
|
9 |
|
152 |
5. If you're technically minded, this is the under-the-hood view of Wordfence options where you can fine-tune your security settings.
|
153 |
|
154 |
== Changelog ==
|
155 |
+
= 2.0.7 =
|
156 |
+
* Fixed CSS bug that changed plugins page layout in admin area
|
157 |
+
* Added memory benchmark utility.
|
158 |
+
* Added process runtime benchmark utility.
|
159 |
+
* Added ability to scan in debug mode which accesses the scan app directly.
|
160 |
+
|
161 |
= 2.0.6 =
|
162 |
* Added IP whitelisting including ability to whitelist ranges that are excluded from firewall and login security measures.
|
163 |
* RFC1918 private networks and loopback address is automatically whitelisted to prevent firewall or login security blocking internal routers and proxy servers, internal firewalls and internal users.
|
wfscan.php
CHANGED
@@ -20,36 +20,49 @@ require_once('lib/wordfenceConstants.php');
|
|
20 |
require_once('lib/wfScanEngine.php');
|
21 |
|
22 |
class wfScan {
|
|
|
23 |
public static function wfScanMain(){
|
24 |
$db = new wfDB();
|
25 |
if($db->errorMsg){
|
26 |
self::errorExit("Could not connect to database to start scan: " . $db->errorMsg);
|
27 |
}
|
28 |
-
wordfence::status(4, 'info', "Scan engine received request.");
|
29 |
if(! wordfence::wfSchemaExists()){
|
30 |
self::errorExit("Looks like the Wordfence database tables have been deleted. You can fix this by de-activating and re-activating the Wordfence plugin from your Plugins menu.");
|
31 |
}
|
32 |
-
|
33 |
-
|
34 |
-
|
35 |
-
|
36 |
-
|
37 |
-
|
38 |
-
|
39 |
-
self
|
40 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
41 |
|
42 |
-
|
43 |
-
|
44 |
-
|
45 |
-
|
46 |
-
|
47 |
-
|
48 |
-
|
49 |
-
|
|
|
|
|
|
|
50 |
}
|
51 |
-
|
52 |
-
wfConfig::set('currentCronKey', '');
|
53 |
ini_set('max_execution_time', 1800); //30 mins
|
54 |
wordfence::status(4, 'info', "Becoming admin for scan");
|
55 |
self::becomeAdmin();
|
@@ -65,7 +78,9 @@ class wfScan {
|
|
65 |
wordfence::status(4, 'info', "Setting up error handling environment");
|
66 |
set_error_handler('wfScan::error_handler', E_ALL);
|
67 |
register_shutdown_function('wfScan::shutdown');
|
68 |
-
|
|
|
|
|
69 |
@error_reporting(E_ALL);
|
70 |
@ini_set('display_errors','On');
|
71 |
wordfence::status(4, 'info', "Setting up scanRunning and starting scan");
|
20 |
require_once('lib/wfScanEngine.php');
|
21 |
|
22 |
class wfScan {
|
23 |
+
public static $debugMode = false;
|
24 |
public static function wfScanMain(){
|
25 |
$db = new wfDB();
|
26 |
if($db->errorMsg){
|
27 |
self::errorExit("Could not connect to database to start scan: " . $db->errorMsg);
|
28 |
}
|
|
|
29 |
if(! wordfence::wfSchemaExists()){
|
30 |
self::errorExit("Looks like the Wordfence database tables have been deleted. You can fix this by de-activating and re-activating the Wordfence plugin from your Plugins menu.");
|
31 |
}
|
32 |
+
if(wfUtils::isAdmin() && $_GET['debugMode'] == '1'){
|
33 |
+
header('Content-type: text/plain');
|
34 |
+
wordfence::status(1, 'info', "Running in debug mode and writing directly to browser.");
|
35 |
+
if(! wp_verify_nonce($_GET['nonce'], 'wp-ajax')){
|
36 |
+
echo("The security key (nonce) provided for this debug scan is invalid. Please close this window, refresh your options page and try again.");
|
37 |
+
exit();
|
38 |
+
}
|
39 |
+
self::$debugMode = true;
|
40 |
+
wordfence::$printStatus = true;
|
41 |
+
} else {
|
42 |
+
wordfence::status(4, 'info', "Scan engine received request.");
|
43 |
+
wordfence::status(4, 'info', "Checking cronkey header");
|
44 |
+
if(! $_SERVER['HTTP_X_WORDFENCE_CRONKEY']){
|
45 |
+
self::errorExit("The Wordfence scanner did not receive the x_wordfence_cronkey secure header.");
|
46 |
+
}
|
47 |
+
wordfence::status(4, 'info', "Fetching stored cronkey for comparison.");
|
48 |
+
$currentCronKey = wfConfig::get('currentCronKey', false);
|
49 |
+
if(! $currentCronKey){
|
50 |
+
self::errorExit("Wordfence could not find a saved cron key to start the scan.");
|
51 |
+
}
|
52 |
|
53 |
+
wordfence::status(4, 'info', "Exploding stored cronkey");
|
54 |
+
$savedKey = explode(',',$currentCronKey);
|
55 |
+
if(time() - $savedKey[0] > 60){
|
56 |
+
self::errorExit("The key used to start a scan has expired.");
|
57 |
+
} //keys only last 60 seconds and are used within milliseconds of creation
|
58 |
+
wordfence::status(4, 'info', "Checking saved cronkey against cronkey header");
|
59 |
+
if($savedKey[1] != $_SERVER['HTTP_X_WORDFENCE_CRONKEY']){
|
60 |
+
self::errorExit("Wordfence could not start a scan because the cron key does not match the saved key.");
|
61 |
+
}
|
62 |
+
wordfence::status(4, 'info', "Deleting stored cronkey");
|
63 |
+
wfConfig::set('currentCronKey', '');
|
64 |
}
|
65 |
+
|
|
|
66 |
ini_set('max_execution_time', 1800); //30 mins
|
67 |
wordfence::status(4, 'info', "Becoming admin for scan");
|
68 |
self::becomeAdmin();
|
78 |
wordfence::status(4, 'info', "Setting up error handling environment");
|
79 |
set_error_handler('wfScan::error_handler', E_ALL);
|
80 |
register_shutdown_function('wfScan::shutdown');
|
81 |
+
if(! self::$debugMode){
|
82 |
+
ob_start('wfScan::obHandler');
|
83 |
+
}
|
84 |
@error_reporting(E_ALL);
|
85 |
@ini_set('display_errors','On');
|
86 |
wordfence::status(4, 'info', "Setting up scanRunning and starting scan");
|
wordfence.php
CHANGED
@@ -4,10 +4,10 @@ Plugin Name: Wordfence Security
|
|
4 |
Plugin URI: http://wordfence.com/
|
5 |
Description: Wordfence Security - Anti-virus and Firewall security plugin for WordPress
|
6 |
Author: Mark Maunder
|
7 |
-
Version: 2.0.
|
8 |
Author URI: http://wordfence.com/
|
9 |
*/
|
10 |
-
define('WORDFENCE_VERSION', '2.0.
|
11 |
|
12 |
|
13 |
require_once('lib/wordfenceConstants.php');
|
4 |
Plugin URI: http://wordfence.com/
|
5 |
Description: Wordfence Security - Anti-virus and Firewall security plugin for WordPress
|
6 |
Author: Mark Maunder
|
7 |
+
Version: 2.0.7
|
8 |
Author URI: http://wordfence.com/
|
9 |
*/
|
10 |
+
define('WORDFENCE_VERSION', '2.0.7');
|
11 |
|
12 |
|
13 |
require_once('lib/wordfenceConstants.php');
|