Wordfence Security – Firewall & Malware Scan - Version 3.5.1

Version Description

  • Fixed issue with twentyten, twentyeleven, twentytwelve themes showing up as modified in 3.5.
  • Fixed issue with wpdb->prepare throwing warnings. WordPress changed their code and we have now caught up.
  • Fixed issue of files containing "silence is golden" showing up as being changed with no executable content.
Download this release

Release Info

Developer mmaunder
Plugin Icon 128x128 Wordfence Security – Firewall & Malware Scan
Version 3.5.1
Comparing to
See all releases

Code changes from version 3.4.5 to 3.5.1

lib/wfIssues.php CHANGED
@@ -217,16 +217,16 @@ class wfIssues {
217
private function updateSummaryItems(){
218
global $wpdb;
219
$dat = array();
220
- $users = $wpdb->get_col($wpdb->prepare("SELECT $wpdb->users.ID FROM $wpdb->users"));
221
$dat['totalUsers'] = sizeof($users);
222
- $res1 = $wpdb->get_col($wpdb->prepare("SELECT count(*) as cnt FROM $wpdb->posts where post_type='page' and post_status NOT IN ('auto-draft')")); $dat['totalPages'] = $res1['0'];
223
- $res1 = $wpdb->get_col($wpdb->prepare("SELECT count(*) as cnt FROM $wpdb->posts where post_type='post' and post_status NOT IN ('auto-draft')")); $dat['totalPosts'] = $res1['0'];
224
- $res1 = $wpdb->get_col($wpdb->prepare("SELECT count(*) as cnt FROM $wpdb->comments")); $dat['totalComments'] = $res1['0'];
225
- $res1 = $wpdb->get_col($wpdb->prepare("SELECT count(*) as cnt FROM $wpdb->term_taxonomy where taxonomy='category'")); $dat['totalCategories'] = $res1['0'];
226
- $res1 = $wpdb->get_col($wpdb->prepare("show tables")); $dat['totalTables'] = sizeof($res1);
227
$totalRows = 0;
228
foreach($res1 as $table){
229
- $res2 = $wpdb->get_col($wpdb->prepare("select count(*) from $table"));
230
if(isset($res2[0]) ){
231
$totalRows += $res2[0];
232
}
217
private function updateSummaryItems(){
218
global $wpdb;
219
$dat = array();
220
+ $users = $wpdb->get_col("SELECT $wpdb->users.ID FROM $wpdb->users");
221
$dat['totalUsers'] = sizeof($users);
222
+ $res1 = $wpdb->get_col("SELECT count(*) as cnt FROM $wpdb->posts where post_type='page' and post_status NOT IN ('auto-draft')"); $dat['totalPages'] = $res1['0'];
223
+ $res1 = $wpdb->get_col("SELECT count(*) as cnt FROM $wpdb->posts where post_type='post' and post_status NOT IN ('auto-draft')"); $dat['totalPosts'] = $res1['0'];
224
+ $res1 = $wpdb->get_col("SELECT count(*) as cnt FROM $wpdb->comments"); $dat['totalComments'] = $res1['0'];
225
+ $res1 = $wpdb->get_col("SELECT count(*) as cnt FROM $wpdb->term_taxonomy where taxonomy='category'"); $dat['totalCategories'] = $res1['0'];
226
+ $res1 = $wpdb->get_col("show tables"); $dat['totalTables'] = sizeof($res1);
227
$totalRows = 0;
228
foreach($res1 as $table){
229
+ $res2 = $wpdb->get_col("select count(*) from $table");
230
if(isset($res2[0]) ){
231
$totalRows += $res2[0];
232
}
lib/wordfenceConstants.php CHANGED
@@ -1,5 +1,5 @@
1
<?php
2
- define('WORDFENCE_API_VERSION', '2.4');
3
define('WORDFENCE_API_URL_SEC', 'https://noc1.wordfence.com/');
4
define('WORDFENCE_API_URL_NONSEC', 'http://noc1.wordfence.com/');
5
define('WORDFENCE_MAX_SCAN_TIME', 86400); //Increased this from 10 mins to 1 day because very big scans run for a long time. Users can use kill.
1
<?php
2
+ define('WORDFENCE_API_VERSION', '2.5');
3
define('WORDFENCE_API_URL_SEC', 'https://noc1.wordfence.com/');
4
define('WORDFENCE_API_URL_NONSEC', 'http://noc1.wordfence.com/');
5
define('WORDFENCE_MAX_SCAN_TIME', 86400); //Increased this from 10 mins to 1 day because very big scans run for a long time. Users can use kill.
lib/wordfenceHash.php CHANGED
@@ -226,22 +226,27 @@ class wordfenceHash {
226
$knownFile = 1;
227
} else {
228
if($this->coreEnabled){
229
- $this->haveIssues['core'] = true;
230
- $this->engine->addIssue(
231
- 'file',
232
- 1,
233
- 'coreModified' . $file . $md5,
234
- 'coreModified' . $file,
235
- 'WordPress core file modified: ' . $file,
236
- "This WordPress core file has been modified and differs from the original file distributed with this version of WordPress.",
237
- array(
238
- 'file' => $file,
239
- 'cType' => 'core',
240
- 'canDiff' => true,
241
- 'canFix' => true,
242
- 'canDelete' => false
243
- )
244
- );
245
}
246
}
247
} else if(isset($this->knownFiles['plugins'][$file])){
226
$knownFile = 1;
227
} else {
228
if($this->coreEnabled){
229
+ $localFile = ABSPATH . '/' . preg_replace('/^[\.\/]+/', '', $file);
230
+ $fileContents = @file_get_contents($localFile);
231
+ if($fileContents && (! preg_match('/<\?' . 'php[\r\n\s\t]*\/\/[\r\n\s\t]*Silence is golden\.[\r\n\s\t]*(?:\?>)?[\r\n\s\t]*#x2F;s', $fileContents))){
232
+
233
+ $this->haveIssues['core'] = true;
234
+ $this->engine->addIssue(
235
+ 'file',
236
+ 1,
237
+ 'coreModified' . $file . $md5,
238
+ 'coreModified' . $file,
239
+ 'WordPress core file modified: ' . $file,
240
+ "This WordPress core file has been modified and differs from the original file distributed with this version of WordPress.",
241
+ array(
242
+ 'file' => $file,
243
+ 'cType' => 'core',
244
+ 'canDiff' => true,
245
+ 'canFix' => true,
246
+ 'canDelete' => false
247
+ )
248
+ );
249
+ }
250
}
251
}
252
} else if(isset($this->knownFiles['plugins'][$file])){
readme.txt CHANGED
@@ -2,8 +2,8 @@
2
Contributors: mmaunder
3
Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure
4
Requires at least: 3.3.1
5
- Tested up to: 3.4.2
6
- Stable tag: 3.4.5
7
8
Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
9
@@ -154,6 +154,11 @@ or a theme, because often these have been updated to fix a security hole.
154
155
== Changelog ==
156
157
= 3.4.5 =
158
* Fixed security issue of being able to list wordfence's own virtual dir on some server configurations.
159
* Fixed issue of WF using deprecated function which caused warnings or errors on install.
2
Contributors: mmaunder
3
Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure
4
Requires at least: 3.3.1
5
+ Tested up to: 3.5
6
+ Stable tag: 3.5.1
7
8
Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
9
154
155
== Changelog ==
156
157
+ = 3.5.1 =
158
+ * Fixed issue with twentyten, twentyeleven, twentytwelve themes showing up as modified in 3.5.
159
+ * Fixed issue with wpdb->prepare throwing warnings. WordPress changed their code and we have now caught up.
160
+ * Fixed issue of files containing "silence is golden" showing up as being changed with no executable content.
161
+
162
= 3.4.5 =
163
* Fixed security issue of being able to list wordfence's own virtual dir on some server configurations.
164
* Fixed issue of WF using deprecated function which caused warnings or errors on install.
wordfence.php CHANGED
@@ -4,10 +4,10 @@ Plugin Name: Wordfence Security
4
Plugin URI: http://wordfence.com/
5
Description: Wordfence Security - Anti-virus and Firewall security plugin for WordPress
6
Author: Mark Maunder
7
- Version: 3.4.5
8
Author URI: http://wordfence.com/
9
*/
10
- define('WORDFENCE_VERSION', '3.4.5');
11
if(get_option('wordfenceActivated') != 1){
12
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
13
}
4
Plugin URI: http://wordfence.com/
5
Description: Wordfence Security - Anti-virus and Firewall security plugin for WordPress
6
Author: Mark Maunder
7
+ Version: 3.5.1
8
Author URI: http://wordfence.com/
9
*/
10
+ define('WORDFENCE_VERSION', '3.5.1');
11
if(get_option('wordfenceActivated') != 1){
12
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
13
}