Wordfence Security – Firewall &amp; Malware Scan

Version Description

Paid feature: Remote site vulnerability and infection scanning.

Release Info

Developer	mmaunder
Plugin	Wordfence Security – Firewall & Malware Scan
Version	3.2.6
Comparing to
See all releases

Code changes from version 3.2.5 to 3.2.6

Files changed (7) hide show

lib/menu_options.php +5 -0
lib/menu_scan.php +68 -0
lib/wfConfig.php +5 -0
lib/wfScanEngine.php +27 -1
lib/wordfenceConstants.php +1 -1
readme.txt +4 -1
wordfence.php +2 -2

lib/menu_options.php CHANGED Viewed

	@@ -70,6 +70,11 @@ var WFSLevels = <?php echo json_encode(wfConfig::$securityLevels); ?>;
70	<div class="wfMarker" id="wfMarkerScansToInclude"></div>
71	<h3 class="wfConfigHeading">Scans to include</h3></td></tr>
72	<tr><th class="wfConfigEnable">Enable automatic scheduled scans</th><td><input type="checkbox" id="scheduledScansEnabled" class="wfConfigElem" name="scheduledScansEnabled" value="1" <?php $w->cb('scheduledScansEnabled'); ?> /></td></tr>





73	<tr><th>Scan core files against repository versions for changes</th><td><input type="checkbox" id="scansEnabled_core" class="wfConfigElem" name="scansEnabled_core" value="1" <?php $w->cb('scansEnabled_core'); ?>/></td></tr>
74
75	<tr><th>Scan theme files against repository versions for changes</th><td><input type="checkbox" id="scansEnabled_themes" class="wfConfigElem" name="scansEnabled_themes" value="1" <?php $w->cb('scansEnabled_themes'); ?>/></td></tr>


70	<div class="wfMarker" id="wfMarkerScansToInclude"></div>
71	<h3 class="wfConfigHeading">Scans to include</h3></td></tr>
72	<tr><th class="wfConfigEnable">Enable automatic scheduled scans</th><td><input type="checkbox" id="scheduledScansEnabled" class="wfConfigElem" name="scheduledScansEnabled" value="1" <?php $w->cb('scheduledScansEnabled'); ?> /></td></tr>
73	+ <?php if(wfConfig::get('isPaid')){ ?>
74	+ <tr><th>Scan public facing site for vulnerabilities?</th><td><input type="checkbox" id="scansEnabled_public" class="wfConfigElem" name="scansEnabled_public" value="1" <?php $w->cb('scansEnabled_public'); ?></td></tr>
75	+ <?php } else { ?>
76	+ <tr><th style="color: #F00;">Scan public facing site for vulnerabilities? (<a href="https://www.wordfence.com/choose-a-wordfence-membership-type/?s2-ssl=yes" target="_blank">Paid members only</a>)</th><td><input type="checkbox" id="scansEnabled_public" class="wfConfigElem" name="scansEnabled_public" value="1" DISABLED ?></td></tr>
77	+ <?php } ?>
78	<tr><th>Scan core files against repository versions for changes</th><td><input type="checkbox" id="scansEnabled_core" class="wfConfigElem" name="scansEnabled_core" value="1" <?php $w->cb('scansEnabled_core'); ?>/></td></tr>
79
80	<tr><th>Scan theme files against repository versions for changes</th><td><input type="checkbox" id="scansEnabled_themes" class="wfConfigElem" name="scansEnabled_themes" value="1" <?php $w->cb('scansEnabled_themes'); ?>/></td></tr>

lib/menu_scan.php CHANGED Viewed

@@ -503,6 +503,74 @@
             </div>
             </div>
             </script>
             <script type="text/x-jquery-template" id="wfNoScanYetTmpl">
             <div>
             	<table class="wfSummaryParent" cellpadding="0" cellspacing="0">


503	</div>
504	</div>
505	</script>
506	+ <script type="text/x-jquery-template" id="issueTmpl_pubBadURLs">
507	+ <div>
508	+ <div class="wfIssue">
509	+ <h2>${shortMsg}</h2>
510	+ <p>
511	+ <table border="0" class="wfIssue" cellspacing="0" cellpadding="0">
512	+ <tr><th>Severity:</th><td>{{if severity == '1'}}Critical{{else}}Warning{{/if}}</td></tr>
513	+ <tr><th>Status</th><td>
514	+ {{if status == 'new' }}New{{/if}}
515	+ {{if status == 'ignoreC' }}These bad URLs will be ignored until they change.{{/if}}
516	+ {{if status == 'ignoreP' }}These bad URLs will be permanently ignored.{{/if}}
517	+ </td></tr>
518	+ </table>
519	+ </p>
520	+ <p>
521	+ {{html longMsg}}
522	+ </p>
523	+ <div class="wfIssueOptions">
524	+ {{if status == 'new'}}
525	+ <strong>Resolve:</strong>
526	+ <a href="#" onclick="WFAD.updateIssueStatus('${id}', 'delete'); return false;">I have fixed this issue</a>
527	+ <a href="#" onclick="WFAD.updateIssueStatus('${id}', 'ignoreC'); return false;">Ignore these URLs until they change.</a>
528	+ <a href="#" onclick="WFAD.updateIssueStatus('${id}', 'ignoreP'); return false;">Ignore these URLs permanently</a>
529	+ {{/if}}
530	+ {{if status == 'ignoreP' \|\| status == 'ignoreC'}}
531	+ <a href="#" onclick="WFAD.updateIssueStatus('${id}', 'delete'); return false;">Stop ignoring this issue</a>
532	+ {{/if}}
533	+ </div>
534	+ </div>
535	+ </div>
536	+ </script>
537	+
538	+
539	+ <script type="text/x-jquery-template" id="issueTmpl_pubDomainRedir">
540	+ <div>
541	+ <div class="wfIssue">
542	+ <h2>${shortMsg}</h2>
543	+ <p>
544	+ <table border="0" class="wfIssue" cellspacing="0" cellpadding="0">
545	+ <tr><th>Severity:</th><td>{{if severity == '1'}}Critical{{else}}Warning{{/if}}</td></tr>
546	+ <tr><th>Status</th><td>
547	+ {{if status == 'new' }}New{{/if}}
548	+ {{if status == 'ignoreC' }}This redirect will be ignored until it changes.{{/if}}
549	+ {{if status == 'ignoreP' }}This redirect is permanently ignored.{{/if}}
550	+ </td></tr>
551	+ </table>
552	+ </p>
553	+ <p>
554	+ {{html longMsg}}
555	+ </p>
556	+ <div class="wfIssueOptions">
557	+ {{if status == 'new'}}
558	+ <strong>Resolve:</strong>
559	+ <a href="#" onclick="WFAD.updateIssueStatus('${id}', 'delete'); return false;">I have fixed this issue</a>
560	+ <a href="#" onclick="WFAD.updateIssueStatus('${id}', 'ignoreC'); return false;">Ignore this redirect until it changes</a>
561	+ <a href="#" onclick="WFAD.updateIssueStatus('${id}', 'ignoreP'); return false;">Ignore any redirect like this permanently</a>
562	+ {{/if}}
563	+ {{if status == 'ignoreP' \|\| status == 'ignoreC'}}
564	+ <a href="#" onclick="WFAD.updateIssueStatus('${id}', 'delete'); return false;">Stop ignoring this issue</a>
565	+ {{/if}}
566	+ </div>
567	+ </div>
568	+ </div>
569	+ </script>
570	+
571	+
572	+
573	+
574	<script type="text/x-jquery-template" id="wfNoScanYetTmpl">
575	<div>
576	<table class="wfSummaryParent" cellpadding="0" cellspacing="0">

lib/wfConfig.php CHANGED Viewed

	@@ -19,6 +19,7 @@ class wfConfig {
19	"liveTrafficEnabled" => true,
20	"liveTraf_ignorePublishers" => true,
21	"scheduledScansEnabled" => false,

22	"scansEnabled_core" => false,
23	"scansEnabled_themes" => false,
24	"scansEnabled_plugins" => false,
	@@ -81,6 +82,7 @@ class wfConfig {
81	"liveTrafficEnabled" => true,
82	"liveTraf_ignorePublishers" => true,
83	"scheduledScansEnabled" => true,

84	"scansEnabled_core" => true,
85	"scansEnabled_themes" => false,
86	"scansEnabled_plugins" => false,
	@@ -143,6 +145,7 @@ class wfConfig {
143	"liveTrafficEnabled" => true,
144	"liveTraf_ignorePublishers" => true,
145	"scheduledScansEnabled" => true,

146	"scansEnabled_core" => true,
147	"scansEnabled_themes" => false,
148	"scansEnabled_plugins" => false,
	@@ -205,6 +208,7 @@ class wfConfig {
205	"liveTrafficEnabled" => true,
206	"liveTraf_ignorePublishers" => true,
207	"scheduledScansEnabled" => true,

208	"scansEnabled_core" => true,
209	"scansEnabled_themes" => false,
210	"scansEnabled_plugins" => false,
	@@ -267,6 +271,7 @@ class wfConfig {
267	"liveTrafficEnabled" => true,
268	"liveTraf_ignorePublishers" => true,
269	"scheduledScansEnabled" => true,

270	"scansEnabled_core" => true,
271	"scansEnabled_themes" => false,
272	"scansEnabled_plugins" => false,


19	"liveTrafficEnabled" => true,
20	"liveTraf_ignorePublishers" => true,
21	"scheduledScansEnabled" => false,
22	+ "scansEnabled_public" => false,
23	"scansEnabled_core" => false,
24	"scansEnabled_themes" => false,
25	"scansEnabled_plugins" => false,

82	"liveTrafficEnabled" => true,
83	"liveTraf_ignorePublishers" => true,
84	"scheduledScansEnabled" => true,
85	+ "scansEnabled_public" => false,
86	"scansEnabled_core" => true,
87	"scansEnabled_themes" => false,
88	"scansEnabled_plugins" => false,

145	"liveTrafficEnabled" => true,
146	"liveTraf_ignorePublishers" => true,
147	"scheduledScansEnabled" => true,
148	+ "scansEnabled_public" => false,
149	"scansEnabled_core" => true,
150	"scansEnabled_themes" => false,
151	"scansEnabled_plugins" => false,

208	"liveTrafficEnabled" => true,
209	"liveTraf_ignorePublishers" => true,
210	"scheduledScansEnabled" => true,
211	+ "scansEnabled_public" => false,
212	"scansEnabled_core" => true,
213	"scansEnabled_themes" => false,
214	"scansEnabled_plugins" => false,

271	"liveTrafficEnabled" => true,
272	"liveTraf_ignorePublishers" => true,
273	"scheduledScansEnabled" => true,
274	+ "scansEnabled_public" => false,
275	"scansEnabled_core" => true,
276	"scansEnabled_themes" => false,
277	"scansEnabled_plugins" => false,

lib/wfScanEngine.php CHANGED Viewed

	@@ -25,6 +25,7 @@ class wfScanEngine {
25	private $malwareScanEnabled = false;
26	private $pluginScanEnabled = false;
27	private $coreScanEnabled = false;

28	private $themeScanEnabled = false;
29	private $unknownFiles = "";
30	private $fileContentsResults = false;
	@@ -41,7 +42,7 @@ class wfScanEngine {
41	private $userPasswdQueue = "";
42	private $passwdHasIssues = false;
43	public function __sleep(){ //Same order here as above for properties that are included in serialization
44	- return array('hasher', 'hashes', 'jobList', 'i', 'wp_version', 'apiKey', 'startTime', 'scanStep', 'maxExecTime', 'malwareScanEnabled', 'pluginScanEnabled', 'coreScanEnabled', 'themeScanEnabled', 'unknownFiles', 'fileContentsResults', 'scanner', 'scanQueue', 'hoover', 'scanData', 'statusIDX', 'userPasswdQueue', 'passwdHasIssues');
45	}
46	public function __construct(){
47	$this->startTime = time();
	@@ -53,6 +54,7 @@ class wfScanEngine {
53	$this->api = new wfAPI($this->apiKey, $this->wp_version);
54	include('wfDict.php'); //$dictWords
55	$this->dictWords = $dictWords;

56	foreach(array('init', 'main', 'finish') as $op){ $this->jobList[] = 'knownFiles_' . $op; };
57	foreach(array('fileContents', 'posts', 'comments', 'passwds', 'dns', 'diskSpace', 'oldVersions') as $scanType){
58	if(wfConfig::get('scansEnabled_' . $scanType)){
	@@ -127,6 +129,30 @@ class wfScanEngine {
127	public function getCurrentJob(){
128	return $this->jobList[0];
129	}
























130	private function scan_knownFiles_init(){
131	$this->status(1, 'info', "Contacting Wordfence to initiate scan");
132	$this->api->call('log_scan', array(), array());


25	private $malwareScanEnabled = false;
26	private $pluginScanEnabled = false;
27	private $coreScanEnabled = false;
28	+ private $publicScanEnabled = false;
29	private $themeScanEnabled = false;
30	private $unknownFiles = "";
31	private $fileContentsResults = false;

42	private $userPasswdQueue = "";
43	private $passwdHasIssues = false;
44	public function __sleep(){ //Same order here as above for properties that are included in serialization
45	+ return array('hasher', 'hashes', 'jobList', 'i', 'wp_version', 'apiKey', 'startTime', 'scanStep', 'maxExecTime', 'publicScanEnabled', 'malwareScanEnabled', 'pluginScanEnabled', 'coreScanEnabled', 'themeScanEnabled', 'unknownFiles', 'fileContentsResults', 'scanner', 'scanQueue', 'hoover', 'scanData', 'statusIDX', 'userPasswdQueue', 'passwdHasIssues');
46	}
47	public function __construct(){
48	$this->startTime = time();

54	$this->api = new wfAPI($this->apiKey, $this->wp_version);
55	include('wfDict.php'); //$dictWords
56	$this->dictWords = $dictWords;
57	+ $this->jobList[] = 'publicSite';
58	foreach(array('init', 'main', 'finish') as $op){ $this->jobList[] = 'knownFiles_' . $op; };
59	foreach(array('fileContents', 'posts', 'comments', 'passwds', 'dns', 'diskSpace', 'oldVersions') as $scanType){
60	if(wfConfig::get('scansEnabled_' . $scanType)){

129	public function getCurrentJob(){
130	return $this->jobList[0];
131	}
132	+ private function scan_publicSite(){
133	+ if(wfConfig::get('isPaid')){
134	+ if(wfConfig::get('scansEnabled_public')){
135	+ $this->publicScanEnabled = true;
136	+ $this->statusIDX['public'] = wordfence::statusStart("Doing Remote Scan of public site for problems");
137	+ $result = $this->api->call('scan_public_site', array(), array(
138	+ 'siteURL' => site_url()
139	+ ));
140	+ $haveIssues = false;
141	+ if($result['haveIssues'] && is_array($result['issues']) ){
142	+ foreach($result['issues'] as $issue){
143	+ $this->addIssue($issue['type'], $issue['level'], $issue['ignoreP'], $issue['ignoreC'], $issue['shortMsg'], $issue['longMsg'], $issue['data']);
144	+ $haveIssues = true;
145	+ }
146	+ }
147	+ wordfence::statusEnd($this->statusIDX['public'], $haveIssues);
148	+ } else {
149	+ wordfence::statusDisabled("Skipping remote scan of public site for problems");
150	+ }
151	+ } else {
152	+ wordfence::statusPaidOnly("Remote scan of public facing site only available to paid members");
153	+ sleep(2); //enough time to read the message before it scrolls off.
154	+ }
155	+ }
156	private function scan_knownFiles_init(){
157	$this->status(1, 'info', "Contacting Wordfence to initiate scan");
158	$this->api->call('log_scan', array(), array());

lib/wordfenceConstants.php CHANGED Viewed

	@@ -1,5 +1,5 @@
1	<?php
2	- define('WORDFENCE_API_VERSION', '2.2');
3	define('WORDFENCE_API_URL_SEC', 'https://noc1.wordfence.com/');
4	define('WORDFENCE_API_URL_NONSEC', 'http://noc1.wordfence.com/');
5	define('WORDFENCE_MAX_SCAN_TIME', 600);


1	<?php
2	+ define('WORDFENCE_API_VERSION', '2.3');
3	define('WORDFENCE_API_URL_SEC', 'https://noc1.wordfence.com/');
4	define('WORDFENCE_API_URL_NONSEC', 'http://noc1.wordfence.com/');
5	define('WORDFENCE_MAX_SCAN_TIME', 600);

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: mmaunder
3	Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure
4	Requires at least: 3.3.1
5	Tested up to: 3.4.1
6	- Stable tag: 3.2.5
7
8	Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
9
	@@ -153,6 +153,9 @@ or a theme, because often these have been updated to fix a security hole.
153	5. If you're technically minded, this is the under-the-hood view of Wordfence options where you can fine-tune your security settings.
154
155	== Changelog ==



156	= 3.2.5 =
157	* Moved all attack signatures out of the plugin to prevent Wordfence being detected as malicious in a false positive.
158


3	Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure
4	Requires at least: 3.3.1
5	Tested up to: 3.4.1
6	+ Stable tag: 3.2.6
7
8	Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
9

153	5. If you're technically minded, this is the under-the-hood view of Wordfence options where you can fine-tune your security settings.
154
155	== Changelog ==
156	+ = 3.2.6 =
157	+ * Paid feature: Remote site vulnerability and infection scanning.
158	+
159	= 3.2.5 =
160	* Moved all attack signatures out of the plugin to prevent Wordfence being detected as malicious in a false positive.
161

wordfence.php CHANGED Viewed

	@@ -4,10 +4,10 @@ Plugin Name: Wordfence Security
4	Plugin URI: http://wordfence.com/
5	Description: Wordfence Security - Anti-virus and Firewall security plugin for WordPress
6	Author: Mark Maunder
7	- Version: 3.2.5
8	Author URI: http://wordfence.com/
9	*/
10	- define('WORDFENCE_VERSION', '3.2.5');
11	if(! defined('WORDFENCE_VERSIONONLY_MODE')){
12	if((int) @ini_get('memory_limit') < 64){
13	@ini_set('memory_limit', '64M'); //Some hosts have ini set at as little as 32 megs. 64 is the min sane amount of memory.


4	Plugin URI: http://wordfence.com/
5	Description: Wordfence Security - Anti-virus and Firewall security plugin for WordPress
6	Author: Mark Maunder
7	+ Version: 3.2.6
8	Author URI: http://wordfence.com/
9	*/
10	+ define('WORDFENCE_VERSION', '3.2.6');
11	if(! defined('WORDFENCE_VERSIONONLY_MODE')){
12	if((int) @ini_get('memory_limit') < 64){
13	@ini_set('memory_limit', '64M'); //Some hosts have ini set at as little as 32 megs. 64 is the min sane amount of memory.

Wordfence Security – Firewall & Malware Scan - Version 3.2.6

Version Description

Release Info

Code changes from version 3.2.5 to 3.2.6