Wordfence Security – Firewall & Malware Scan - Version 3.1.0

Version Description

  • Changed the way we monitor disk space from % to warning on 20 megs and critical on 5 megs remaining. This deals with very large disks in a more rational way. (Thanks Yael M. and Ola A.)
  • We now deal with cases where the $_SERVER variable contains an array instead of string for IP address. It seems that some installations modify the value into an array. (Thanks S.S.)
  • The Wordfence DB connection now more reliably changes the mysql timeout for the session to prevent "mysql server has gone away" errors. (Thanks Peter A.)
Download this release

Release Info

Developer mmaunder
Plugin Icon 128x128 Wordfence Security – Firewall & Malware Scan
Version 3.1.0
Comparing to
See all releases

Code changes from version 3.0.9 to 3.1.0

lib/menu_scan.php CHANGED
@@ -233,7 +233,7 @@
233
  <h2>${shortMsg}</h2>
234
  <p>
235
  <table border="0" class="wfIssue" cellspacing="0" cellpadding="0">
236
- <tr><th>Space remaining:</th><td>${data.spaceLeft}%</td></tr>
237
  <tr><th>Severity:</th><td>{{if severity == '1'}}Critical{{else}}Warning{{/if}}</td></tr>
238
  <tr><th>Status</th><td>
239
  {{if status == 'new' }}New{{/if}}
233
  <h2>${shortMsg}</h2>
234
  <p>
235
  <table border="0" class="wfIssue" cellspacing="0" cellpadding="0">
236
+ <tr><th>Space remaining:</th><td>${data.spaceLeft}</td></tr>
237
  <tr><th>Severity:</th><td>{{if severity == '1'}}Critical{{else}}Warning{{/if}}</td></tr>
238
  <tr><th>Status</th><td>
239
  {{if status == 'new' }}New{{/if}}
lib/wfDB.php CHANGED
@@ -52,7 +52,8 @@ class wfDB {
52
  }
53
  $this->query("SET NAMES 'utf8'");
54
  $this->queryIgnoreError("SET GLOBAL max_allowed_packet=256*1024*1024");
55
- $this->queryIgnoreError("SET GLOBAL wait_timeout=28800");
 
56
  }
57
  }
58
  public function querySingleRec(){
52
  }
53
  $this->query("SET NAMES 'utf8'");
54
  $this->queryIgnoreError("SET GLOBAL max_allowed_packet=256*1024*1024");
55
+ //$this->queryIgnoreError("SET GLOBAL wait_timeout=28800");
56
+ $this->queryIgnoreError("SET @@wait_timeout=30800"); //Changing to session setting bc user may not have super privilege
57
  }
58
  }
59
  public function querySingleRec(){
lib/wfScanEngine.php CHANGED
@@ -694,18 +694,18 @@ class wfScanEngine {
694
  }
695
  $this->status(2, 'info', "Total disk space: " . sprintf('%.4f', ($total / 1024 / 1024 / 1024)) . "GB -- Free disk space: " . sprintf('%.4f', ($free / 1024 / 1024 / 1024)) . "GB");
696
  $level = false;
697
- $spaceLeft = sprintf('%.2f', ($free / $total * 100));
698
- $this->status(2, 'info', "The disk has $spaceLeft percent space available");
699
- if($spaceLeft < 1){
700
  $level = 1;
701
- } else if($spaceLeft < 1.5){
702
  $level = 2;
703
  } else {
704
  wordfence::statusEnd($this->statusIDX['diskSpace'], false);
705
  return;
706
  }
707
- if($this->addIssue('diskSpace', $level, 'diskSpace' . $level, 'diskSpace' . $level, "You have $spaceLeft" . "% disk space remaining", "You only have $spaceLeft" . "% of your disk space remaining. Please free up disk space or your website may stop serving requests.", array(
708
- 'spaceLeft' => $spaceLeft ))){
709
  wordfence::statusEnd($this->statusIDX['diskSpace'], true);
710
  } else {
711
  wordfence::statusEnd($this->statusIDX['diskSpace'], false);
694
  }
695
  $this->status(2, 'info', "Total disk space: " . sprintf('%.4f', ($total / 1024 / 1024 / 1024)) . "GB -- Free disk space: " . sprintf('%.4f', ($free / 1024 / 1024 / 1024)) . "GB");
696
  $level = false;
697
+ $freeMegs = sprintf('%.2f', $free / 1024 / 1024);
698
+ $this->status(2, 'info', "The disk has $freeMegs MB space available");
699
+ if($freeMegs < 5){
700
  $level = 1;
701
+ } else if($freeMegs < 20){
702
  $level = 2;
703
  } else {
704
  wordfence::statusEnd($this->statusIDX['diskSpace'], false);
705
  return;
706
  }
707
+ if($this->addIssue('diskSpace', $level, 'diskSpace' . $level, 'diskSpace' . $level, "You have $freeMegs" . "MB disk space remaining", "You only have $freeMegs" . " Megabytes of your disk space remaining. Please free up disk space or your website may stop serving requests.", array(
708
+ 'spaceLeft' => $freeMegs . "MB" ))){
709
  wordfence::statusEnd($this->statusIDX['diskSpace'], true);
710
  } else {
711
  wordfence::statusEnd($this->statusIDX['diskSpace'], false);
lib/wfUtils.php CHANGED
@@ -77,12 +77,15 @@ class wfUtils {
77
  $IP = 0;
78
  if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])){
79
  $IP = $_SERVER['HTTP_X_FORWARDED_FOR'];
 
80
  }
81
  if((! preg_match('/(\d+)\.(\d+)\.(\d+)\.(\d+)/', $IP)) && isset($_SERVER['HTTP_X_REAL_IP'])){
82
  $IP = $_SERVER['HTTP_X_REAL_IP'];
 
83
  }
84
  if((! preg_match('/(\d+)\.(\d+)\.(\d+)\.(\d+)/', $IP)) && isset($_SERVER['REMOTE_ADDR'])){
85
  $IP = $_SERVER['REMOTE_ADDR'];
 
86
  }
87
  if(preg_match('/,/', $IP)){
88
  $parts = explode(',', $IP); //Some users have "unknown,100.100.100.100" for example so we take the first thing that looks like an IP.
77
  $IP = 0;
78
  if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])){
79
  $IP = $_SERVER['HTTP_X_FORWARDED_FOR'];
80
+ if(is_array($IP) && isset($IP[0])){ $IP = $IP[0]; } //It seems that some hosts may modify _SERVER vars into arrays.
81
  }
82
  if((! preg_match('/(\d+)\.(\d+)\.(\d+)\.(\d+)/', $IP)) && isset($_SERVER['HTTP_X_REAL_IP'])){
83
  $IP = $_SERVER['HTTP_X_REAL_IP'];
84
+ if(is_array($IP) && isset($IP[0])){ $IP = $IP[0]; } //It seems that some hosts may modify _SERVER vars into arrays.
85
  }
86
  if((! preg_match('/(\d+)\.(\d+)\.(\d+)\.(\d+)/', $IP)) && isset($_SERVER['REMOTE_ADDR'])){
87
  $IP = $_SERVER['REMOTE_ADDR'];
88
+ if(is_array($IP) && isset($IP[0])){ $IP = $IP[0]; } //It seems that some hosts may modify _SERVER vars into arrays.
89
  }
90
  if(preg_match('/,/', $IP)){
91
  $parts = explode(',', $IP); //Some users have "unknown,100.100.100.100" for example so we take the first thing that looks like an IP.
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: mmaunder
3
  Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure
4
  Requires at least: 3.3.1
5
  Tested up to: 3.4.1
6
- Stable tag: 3.0.9
7
 
8
  Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
9
 
@@ -152,6 +152,11 @@ or a theme, because often these have been updated to fix a security hole.
152
  5. If you're technically minded, this is the under-the-hood view of Wordfence options where you can fine-tune your security settings.
153
 
154
  == Changelog ==
 
 
 
 
 
155
  = 3.0.9 =
156
  * Fixed problem where scan process can't get admin ID.
157
  * Fixed issue that caused permanent IP's to not be permanent.
3
  Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure
4
  Requires at least: 3.3.1
5
  Tested up to: 3.4.1
6
+ Stable tag: 3.1.0
7
 
8
  Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
9
 
152
  5. If you're technically minded, this is the under-the-hood view of Wordfence options where you can fine-tune your security settings.
153
 
154
  == Changelog ==
155
+ = 3.1.0 =
156
+ * Changed the way we monitor disk space from % to warning on 20 megs and critical on 5 megs remaining. This deals with very large disks in a more rational way. (Thanks Yael M. and Ola A.)
157
+ * We now deal with cases where the $_SERVER variable contains an array instead of string for IP address. It seems that some installations modify the value into an array. (Thanks S.S.)
158
+ * The Wordfence DB connection now more reliably changes the mysql timeout for the session to prevent "mysql server has gone away" errors. (Thanks Peter A.)
159
+
160
  = 3.0.9 =
161
  * Fixed problem where scan process can't get admin ID.
162
  * Fixed issue that caused permanent IP's to not be permanent.
wordfence.php CHANGED
@@ -4,10 +4,10 @@ Plugin Name: Wordfence Security
4
  Plugin URI: http://wordfence.com/
5
  Description: Wordfence Security - Anti-virus and Firewall security plugin for WordPress
6
  Author: Mark Maunder
7
- Version: 3.0.9
8
  Author URI: http://wordfence.com/
9
  */
10
- define('WORDFENCE_VERSION', '3.0.9');
11
  if(! defined('WORDFENCE_VERSIONONLY_MODE')){
12
  if((int) @ini_get('memory_limit') < 64){
13
  @ini_set('memory_limit', '64M'); //Some hosts have ini set at as little as 32 megs. 64 is the min sane amount of memory.
4
  Plugin URI: http://wordfence.com/
5
  Description: Wordfence Security - Anti-virus and Firewall security plugin for WordPress
6
  Author: Mark Maunder
7
+ Version: 3.1.0
8
  Author URI: http://wordfence.com/
9
  */
10
+ define('WORDFENCE_VERSION', '3.1.0');
11
  if(! defined('WORDFENCE_VERSIONONLY_MODE')){
12
  if((int) @ini_get('memory_limit') < 64){
13
  @ini_set('memory_limit', '64M'); //Some hosts have ini set at as little as 32 megs. 64 is the min sane amount of memory.