Version Description
- Changed the way we monitor disk space from % to warning on 20 megs and critical on 5 megs remaining. This deals with very large disks in a more rational way. (Thanks Yael M. and Ola A.)
- We now deal with cases where the $_SERVER variable contains an array instead of string for IP address. It seems that some installations modify the value into an array. (Thanks S.S.)
- The Wordfence DB connection now more reliably changes the mysql timeout for the session to prevent "mysql server has gone away" errors. (Thanks Peter A.)
Download this release
Release Info
| Developer | mmaunder |
| Plugin |  Wordfence Security – Firewall & Malware Scan |
| Version | 3.1.0 |
| Comparing to | |
| See all releases | |
Code changes from version 3.0.9 to 3.1.0
- lib/menu_scan.php +1 -1
- lib/wfDB.php +2 -1
- lib/wfScanEngine.php +6 -6
- lib/wfUtils.php +3 -0
- readme.txt +6 -1
- wordfence.php +2 -2
lib/menu_scan.php
CHANGED
|
@@ -233,7 +233,7 @@
|
|
| 233 |
<h2>${shortMsg}</h2>
|
| 234 |
<p>
|
| 235 |
<table border="0" class="wfIssue" cellspacing="0" cellpadding="0">
|
| 236 |
-
<tr><th>Space remaining:</th><td>${data.spaceLeft}
|
| 237 |
<tr><th>Severity:</th><td>{{if severity == '1'}}Critical{{else}}Warning{{/if}}</td></tr>
|
| 238 |
<tr><th>Status</th><td>
|
| 239 |
{{if status == 'new' }}New{{/if}}
|
| 233 |
<h2>${shortMsg}</h2>
|
| 234 |
<p>
|
| 235 |
<table border="0" class="wfIssue" cellspacing="0" cellpadding="0">
|
| 236 |
+
<tr><th>Space remaining:</th><td>${data.spaceLeft}</td></tr>
|
| 237 |
<tr><th>Severity:</th><td>{{if severity == '1'}}Critical{{else}}Warning{{/if}}</td></tr>
|
| 238 |
<tr><th>Status</th><td>
|
| 239 |
{{if status == 'new' }}New{{/if}}
|
lib/wfDB.php
CHANGED
|
@@ -52,7 +52,8 @@ class wfDB {
|
|
| 52 |
}
|
| 53 |
$this->query("SET NAMES 'utf8'");
|
| 54 |
$this->queryIgnoreError("SET GLOBAL max_allowed_packet=256*1024*1024");
|
| 55 |
-
|
|
|
|
| 56 |
}
|
| 57 |
}
|
| 58 |
public function querySingleRec(){
|
| 52 |
}
|
| 53 |
$this->query("SET NAMES 'utf8'");
|
| 54 |
$this->queryIgnoreError("SET GLOBAL max_allowed_packet=256*1024*1024");
|
| 55 |
+
//$this->queryIgnoreError("SET GLOBAL wait_timeout=28800");
|
| 56 |
+
$this->queryIgnoreError("SET @@wait_timeout=30800"); //Changing to session setting bc user may not have super privilege
|
| 57 |
}
|
| 58 |
}
|
| 59 |
public function querySingleRec(){
|
lib/wfScanEngine.php
CHANGED
|
@@ -694,18 +694,18 @@ class wfScanEngine {
|
|
| 694 |
}
|
| 695 |
$this->status(2, 'info', "Total disk space: " . sprintf('%.4f', ($total / 1024 / 1024 / 1024)) . "GB -- Free disk space: " . sprintf('%.4f', ($free / 1024 / 1024 / 1024)) . "GB");
|
| 696 |
$level = false;
|
| 697 |
-
$
|
| 698 |
-
$this->status(2, 'info', "The disk has $
|
| 699 |
-
if($
|
| 700 |
$level = 1;
|
| 701 |
-
} else if($
|
| 702 |
$level = 2;
|
| 703 |
} else {
|
| 704 |
wordfence::statusEnd($this->statusIDX['diskSpace'], false);
|
| 705 |
return;
|
| 706 |
}
|
| 707 |
-
if($this->addIssue('diskSpace', $level, 'diskSpace' . $level, 'diskSpace' . $level, "You have $
|
| 708 |
-
'spaceLeft' => $
|
| 709 |
wordfence::statusEnd($this->statusIDX['diskSpace'], true);
|
| 710 |
} else {
|
| 711 |
wordfence::statusEnd($this->statusIDX['diskSpace'], false);
|
| 694 |
}
|
| 695 |
$this->status(2, 'info', "Total disk space: " . sprintf('%.4f', ($total / 1024 / 1024 / 1024)) . "GB -- Free disk space: " . sprintf('%.4f', ($free / 1024 / 1024 / 1024)) . "GB");
|
| 696 |
$level = false;
|
| 697 |
+
$freeMegs = sprintf('%.2f', $free / 1024 / 1024);
|
| 698 |
+
$this->status(2, 'info', "The disk has $freeMegs MB space available");
|
| 699 |
+
if($freeMegs < 5){
|
| 700 |
$level = 1;
|
| 701 |
+
} else if($freeMegs < 20){
|
| 702 |
$level = 2;
|
| 703 |
} else {
|
| 704 |
wordfence::statusEnd($this->statusIDX['diskSpace'], false);
|
| 705 |
return;
|
| 706 |
}
|
| 707 |
+
if($this->addIssue('diskSpace', $level, 'diskSpace' . $level, 'diskSpace' . $level, "You have $freeMegs" . "MB disk space remaining", "You only have $freeMegs" . " Megabytes of your disk space remaining. Please free up disk space or your website may stop serving requests.", array(
|
| 708 |
+
'spaceLeft' => $freeMegs . "MB" ))){
|
| 709 |
wordfence::statusEnd($this->statusIDX['diskSpace'], true);
|
| 710 |
} else {
|
| 711 |
wordfence::statusEnd($this->statusIDX['diskSpace'], false);
|
lib/wfUtils.php
CHANGED
|
@@ -77,12 +77,15 @@ class wfUtils {
|
|
| 77 |
$IP = 0;
|
| 78 |
if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])){
|
| 79 |
$IP = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
|
|
|
| 80 |
}
|
| 81 |
if((! preg_match('/(\d+)\.(\d+)\.(\d+)\.(\d+)/', $IP)) && isset($_SERVER['HTTP_X_REAL_IP'])){
|
| 82 |
$IP = $_SERVER['HTTP_X_REAL_IP'];
|
|
|
|
| 83 |
}
|
| 84 |
if((! preg_match('/(\d+)\.(\d+)\.(\d+)\.(\d+)/', $IP)) && isset($_SERVER['REMOTE_ADDR'])){
|
| 85 |
$IP = $_SERVER['REMOTE_ADDR'];
|
|
|
|
| 86 |
}
|
| 87 |
if(preg_match('/,/', $IP)){
|
| 88 |
$parts = explode(',', $IP); //Some users have "unknown,100.100.100.100" for example so we take the first thing that looks like an IP.
|
| 77 |
$IP = 0;
|
| 78 |
if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])){
|
| 79 |
$IP = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
| 80 |
+
if(is_array($IP) && isset($IP[0])){ $IP = $IP[0]; } //It seems that some hosts may modify _SERVER vars into arrays.
|
| 81 |
}
|
| 82 |
if((! preg_match('/(\d+)\.(\d+)\.(\d+)\.(\d+)/', $IP)) && isset($_SERVER['HTTP_X_REAL_IP'])){
|
| 83 |
$IP = $_SERVER['HTTP_X_REAL_IP'];
|
| 84 |
+
if(is_array($IP) && isset($IP[0])){ $IP = $IP[0]; } //It seems that some hosts may modify _SERVER vars into arrays.
|
| 85 |
}
|
| 86 |
if((! preg_match('/(\d+)\.(\d+)\.(\d+)\.(\d+)/', $IP)) && isset($_SERVER['REMOTE_ADDR'])){
|
| 87 |
$IP = $_SERVER['REMOTE_ADDR'];
|
| 88 |
+
if(is_array($IP) && isset($IP[0])){ $IP = $IP[0]; } //It seems that some hosts may modify _SERVER vars into arrays.
|
| 89 |
}
|
| 90 |
if(preg_match('/,/', $IP)){
|
| 91 |
$parts = explode(',', $IP); //Some users have "unknown,100.100.100.100" for example so we take the first thing that looks like an IP.
|
readme.txt
CHANGED
|
@@ -3,7 +3,7 @@ Contributors: mmaunder
|
|
| 3 |
Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure
|
| 4 |
Requires at least: 3.3.1
|
| 5 |
Tested up to: 3.4.1
|
| 6 |
-
Stable tag: 3.0
|
| 7 |
|
| 8 |
Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
|
| 9 |
|
|
@@ -152,6 +152,11 @@ or a theme, because often these have been updated to fix a security hole.
|
|
| 152 |
5. If you're technically minded, this is the under-the-hood view of Wordfence options where you can fine-tune your security settings.
|
| 153 |
|
| 154 |
== Changelog ==
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 155 |
= 3.0.9 =
|
| 156 |
* Fixed problem where scan process can't get admin ID.
|
| 157 |
* Fixed issue that caused permanent IP's to not be permanent.
|
| 3 |
Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure
|
| 4 |
Requires at least: 3.3.1
|
| 5 |
Tested up to: 3.4.1
|
| 6 |
+
Stable tag: 3.1.0
|
| 7 |
|
| 8 |
Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
|
| 9 |
|
| 152 |
5. If you're technically minded, this is the under-the-hood view of Wordfence options where you can fine-tune your security settings.
|
| 153 |
|
| 154 |
== Changelog ==
|
| 155 |
+
= 3.1.0 =
|
| 156 |
+
* Changed the way we monitor disk space from % to warning on 20 megs and critical on 5 megs remaining. This deals with very large disks in a more rational way. (Thanks Yael M. and Ola A.)
|
| 157 |
+
* We now deal with cases where the $_SERVER variable contains an array instead of string for IP address. It seems that some installations modify the value into an array. (Thanks S.S.)
|
| 158 |
+
* The Wordfence DB connection now more reliably changes the mysql timeout for the session to prevent "mysql server has gone away" errors. (Thanks Peter A.)
|
| 159 |
+
|
| 160 |
= 3.0.9 =
|
| 161 |
* Fixed problem where scan process can't get admin ID.
|
| 162 |
* Fixed issue that caused permanent IP's to not be permanent.
|
wordfence.php
CHANGED
|
@@ -4,10 +4,10 @@ Plugin Name: Wordfence Security
|
|
| 4 |
Plugin URI: http://wordfence.com/
|
| 5 |
Description: Wordfence Security - Anti-virus and Firewall security plugin for WordPress
|
| 6 |
Author: Mark Maunder
|
| 7 |
-
Version: 3.0
|
| 8 |
Author URI: http://wordfence.com/
|
| 9 |
*/
|
| 10 |
-
define('WORDFENCE_VERSION', '3.0
|
| 11 |
if(! defined('WORDFENCE_VERSIONONLY_MODE')){
|
| 12 |
if((int) @ini_get('memory_limit') < 64){
|
| 13 |
@ini_set('memory_limit', '64M'); //Some hosts have ini set at as little as 32 megs. 64 is the min sane amount of memory.
|
| 4 |
Plugin URI: http://wordfence.com/
|
| 5 |
Description: Wordfence Security - Anti-virus and Firewall security plugin for WordPress
|
| 6 |
Author: Mark Maunder
|
| 7 |
+
Version: 3.1.0
|
| 8 |
Author URI: http://wordfence.com/
|
| 9 |
*/
|
| 10 |
+
define('WORDFENCE_VERSION', '3.1.0');
|
| 11 |
if(! defined('WORDFENCE_VERSIONONLY_MODE')){
|
| 12 |
if((int) @ini_get('memory_limit') < 64){
|
| 13 |
@ini_set('memory_limit', '64M'); //Some hosts have ini set at as little as 32 megs. 64 is the min sane amount of memory.
|
