Wordfence Security – Firewall & Malware Scan - Version 3.6.6

Version Description

  • Added option to change AJAX polling frequency
  • Fixed issue that caused whitelisted IP's to not be whitelisted.
  • Added code that prevents blocking of Wordfence's API server (or Wordfence will cease to function)
  • Added link at bottom of 'options' page to test connectivity to our API servers.
  • Include any CURL error numbers in error reporting.
  • Fixed issue that caused IP range blocking to not block access to login page.
  • Fixed issue that caused cache files to be flagged as malicious.
Download this release

Release Info

Developer mmaunder
Plugin Icon 128x128 Wordfence Security – Firewall & Malware Scan
Version 3.6.6
Comparing to
See all releases

Code changes from version 3.6.5 to 3.6.6

js/admin.js CHANGED
@@ -2,7 +2,6 @@ if(! window['wordfenceAdmin']){ //To compile for checking: java -jar /usr/local/
2
window['wordfenceAdmin'] = {
3
loading16: '<div class="wfLoading16"></div>',
4
loadingCount: 0,
5
- actUpdateInterval: 2000,
6
dbCheckTables: [],
7
dbCheckCount_ok: 0,
8
dbCheckCount_skipped: 0,
@@ -126,7 +125,7 @@ window['wordfenceAdmin'] = {
126
if(this.mode){ //We are in a Wordfence page
127
var self = this;
128
if(startTicker){
129
- this.liveInt = setInterval(function(){ self.updateTicker(); }, 2000);
130
}
131
jQuery(document).bind('cbox_closed', function(){ self.colorboxIsOpen = false; self.colorboxServiceQueue(); });
132
}
@@ -200,7 +199,7 @@ window['wordfenceAdmin'] = {
200
var self = this;
201
setInterval(function(){
202
self.updateActivityLog();
203
- }, this.actUpdateInterval);
204
},
205
updateActivityLog: function(){
206
if(this.activityLogUpdatePending){
@@ -214,7 +213,7 @@ window['wordfenceAdmin'] = {
214
215
},
216
doneUpdateActivityLog: function(res){
217
- this.actNextUpdateAt = (new Date()).getTime() + this.actUpdateInterval;
218
if(res.ok){
219
if(res.items.length > 0){
220
this.activityQueue.push.apply(this.activityQueue, res.items);
@@ -226,14 +225,12 @@ window['wordfenceAdmin'] = {
226
},
227
processActQueue: function(currentScanID){
228
if(this.activityQueue.length > 0){
229
-
230
this.addActItem(this.activityQueue.shift());
231
this.totalActAdded++;
232
if(this.totalActAdded > this.maxActivityLogItems){
233
jQuery('#consoleActivity div:first').remove();
234
this.totalActAdded--;
235
}
236
-
237
var timeTillNextUpdate = this.actNextUpdateAt - (new Date()).getTime();
238
var maxRate = 50 / 1000; //Rate per millisecond
239
var bulkTotal = 0;
@@ -1070,7 +1067,7 @@ window['wordfenceAdmin'] = {
1070
}
1071
}
1072
for(var k in WFSLevels[level].otherParams){
1073
- if(! /^(?:apiKey|securityLevel|alertEmails|liveTraf_ignoreUsers|liveTraf_ignoreIPs|liveTraf_ignoreUA|liveTraf_hitsMaxSize|maxMem|maxExecutionTime)#x2F;.test(k)){
1074
jQuery('#' + k).val(WFSLevels[level].otherParams[k]);
1075
}
1076
}
2
window['wordfenceAdmin'] = {
3
loading16: '<div class="wfLoading16"></div>',
4
loadingCount: 0,
5
dbCheckTables: [],
6
dbCheckCount_ok: 0,
7
dbCheckCount_skipped: 0,
125
if(this.mode){ //We are in a Wordfence page
126
var self = this;
127
if(startTicker){
128
+ this.liveInt = setInterval(function(){ self.updateTicker(); }, WordfenceAdminVars.actUpdateInterval);
129
}
130
jQuery(document).bind('cbox_closed', function(){ self.colorboxIsOpen = false; self.colorboxServiceQueue(); });
131
}
199
var self = this;
200
setInterval(function(){
201
self.updateActivityLog();
202
+ }, parseInt(WordfenceAdminVars.actUpdateInterval));
203
},
204
updateActivityLog: function(){
205
if(this.activityLogUpdatePending){
213
214
},
215
doneUpdateActivityLog: function(res){
216
+ this.actNextUpdateAt = (new Date()).getTime() + parseInt(WordfenceAdminVars.actUpdateInterval);
217
if(res.ok){
218
if(res.items.length > 0){
219
this.activityQueue.push.apply(this.activityQueue, res.items);
225
},
226
processActQueue: function(currentScanID){
227
if(this.activityQueue.length > 0){
228
this.addActItem(this.activityQueue.shift());
229
this.totalActAdded++;
230
if(this.totalActAdded > this.maxActivityLogItems){
231
jQuery('#consoleActivity div:first').remove();
232
this.totalActAdded--;
233
}
234
var timeTillNextUpdate = this.actNextUpdateAt - (new Date()).getTime();
235
var maxRate = 50 / 1000; //Rate per millisecond
236
var bulkTotal = 0;
1067
}
1068
}
1069
for(var k in WFSLevels[level].otherParams){
1070
+ if(! /^(?:apiKey|securityLevel|alertEmails|liveTraf_ignoreUsers|liveTraf_ignoreIPs|liveTraf_ignoreUA|liveTraf_hitsMaxSize|maxMem|maxExecutionTime|actUpdateInterval)#x2F;.test(k)){
1071
jQuery('#' + k).val(WFSLevels[level].otherParams[k]);
1072
}
1073
}
lib/conntest.php ADDED
@@ -0,0 +1,70 @@
1
+ <?php if(! wfUtils::isAdmin()){ exit(); } ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
2
+ <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
3
+ <head>
4
+ <title>Wordfence Connectivity Tester</title>
5
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
6
+ <body>
7
+ <h1>Wordfence connectivity tester</h1>
8
+ <br /><br />
9
+ DNS lookup for noc1.wordfence.com returns: <?php echo gethostbyname('noc1.wordfence.com'); ?><br /><br />
10
+ <?php
11
+ function testSocket($service_port){
12
+ echo "<b>STARTING SOCKET TEST TO PORT $service_port</b><br />\n";
13
+ error_reporting(E_ALL);
14
+ //$service_port = getservbyname('www', 'tcp');
15
+ $address = gethostbyname('noc1.wordfence.com');
16
+ $socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
17
+ if($socket === false){
18
+ echo "Could not create socket: " . socket_strerror(socket_last_error()) . "<br />\n";
19
+ } else {
20
+ echo "Socket created OK<br />\n";
21
+ }
22
+ echo "Attempting to connect to '$address' on port '$service_port'...";
23
+ $result = socket_connect($socket, $address, $service_port);
24
+ if($result === false){
25
+ echo "socket_connect() failed.\nReason: ($result) " . socket_strerror(socket_last_error($socket)) . "<br /><br />\n";
26
+ } else {
27
+ echo "Socket connected OK to port $service_port<br /><br />\n";
28
+ }
29
+ socket_close($socket);
30
+ }
31
+ testSocket(80);
32
+ testSocket(443);
33
+
34
+ ?>
35
+ <?php
36
+ $curlContent = "";
37
+ function curlWrite($h, $d){
38
+ global $curlContent;
39
+ $curlContent .= $d;
40
+ return strlen($d);
41
+ }
42
+ function doCurlTest($protocol){
43
+ echo "<br /><b>STARTING CURL $protocol CONNECTION TEST....</b><br />\n";
44
+ global $curlContent;
45
+ $curlContent = "";
46
+ $curl = curl_init($protocol . '://noc1.wordfence.com/');
47
+ curl_setopt ($curl, CURLOPT_TIMEOUT, 900);
48
+ curl_setopt ($curl, CURLOPT_USERAGENT, "Wordfence.com UA " . (defined('WORDFENCE_VERSION') ? WORDFENCE_VERSION : '[Unknown version]') );
49
+ curl_setopt ($curl, CURLOPT_RETURNTRANSFER, TRUE);
50
+ curl_setopt ($curl, CURLOPT_HEADER, 0);
51
+ curl_setopt ($curl, CURLOPT_SSL_VERIFYPEER, false);
52
+ curl_setopt ($curl, CURLOPT_SSL_VERIFYHOST, false);
53
+ curl_setopt ($curl, CURLOPT_WRITEFUNCTION, 'curlWrite');
54
+ $curlResult = curl_exec($curl);
55
+ $httpStatus = curl_getinfo($curl, CURLINFO_HTTP_CODE);
56
+ if(strpos($curlContent, 'Your site did not send an API key') !== false){
57
+ echo "Curl connectivity test passed.<br /><br />\n";
58
+ } else {
59
+ $curlErrorNo = curl_errno($curl);
60
+ $curlError = curl_error($curl);
61
+ echo "Curl connectivity test failed with response: <pre>$curlContent</pre>";
62
+ echo "<br />Curl HTTP status: $httpStatus<br />Curl error code: $curlErrorNo<br />Curl Error: $curlError<br /><br />\n";
63
+ }
64
+ }
65
+ doCurlTest('http');
66
+ doCurlTest('https');
67
+ ?>
68
+ </body>
69
+ </html>
70
+
lib/menu_options.php CHANGED
@@ -230,8 +230,10 @@ var WFSLevels = <?php echo json_encode(wfConfig::$securityLevels); ?>;
230
<tr><th>Participate in the Wordfence Security Network</th><td><input type="checkbox" id="other_WFNet" class="wfConfigElem" name="other_WFNet" value="1" <?php $w->cb('other_WFNet'); ?> /></td></tr>
231
<tr><th>Maximum memory Wordfence can use</th><td><input type="text" id="maxMem" name="maxMem" value="<?php $w->f('maxMem'); ?>" size="4" />Megabytes</td></tr>
232
<tr><th>Maximum execution time for each scan stage</th><td><input type="text" id="maxExecutionTime" name="maxExecutionTime" value="<?php $w->f('maxExecutionTime'); ?>" size="4" />Blank for default. Must be greater than 9.</td></tr>
233
<tr><th>Enable debugging mode (increases database load)</th><td><input type="checkbox" id="debugOn" class="wfConfigElem" name="debugOn" value="1" <?php $w->cb('debugOn'); ?> /></td></tr>
234
<tr><th>Delete Wordfence tables and data on deactivation?</th><td><input type="checkbox" id="deleteTablesOnDeact" class="wfConfigElem" name="deleteTablesOnDeact" value="1" <?php $w->cb('deleteTablesOnDeact'); ?> /></td></tr>
235
<tr><th colspan="2"><a href="<?php echo wfUtils::siteURLRelative(); ?>?_wfsf=sysinfo&nonce=<?php echo wp_create_nonce('wp-ajax'); ?>" target="_blank">Click to view your system's configuration in a new window</a></th></tr>
236
<tr><th colspan="2"><a href="<?php echo wfUtils::siteURLRelative(); ?>?_wfsf=testmem&nonce=<?php echo wp_create_nonce('wp-ajax'); ?>" target="_blank">Test your WordPress host's available memory</a></th></tr>
237
</table>
230
<tr><th>Participate in the Wordfence Security Network</th><td><input type="checkbox" id="other_WFNet" class="wfConfigElem" name="other_WFNet" value="1" <?php $w->cb('other_WFNet'); ?> /></td></tr>
231
<tr><th>Maximum memory Wordfence can use</th><td><input type="text" id="maxMem" name="maxMem" value="<?php $w->f('maxMem'); ?>" size="4" />Megabytes</td></tr>
232
<tr><th>Maximum execution time for each scan stage</th><td><input type="text" id="maxExecutionTime" name="maxExecutionTime" value="<?php $w->f('maxExecutionTime'); ?>" size="4" />Blank for default. Must be greater than 9.</td></tr>
233
+ <tr><th>Update interval in seconds (2 is default)</th><td><input type="text" id="actUpdateInterval" name="actUpdateInterval" value="<?php $w->f('actUpdateInterval'); ?>" size="4" />Set to 10 or more if you're seeing high server CPU usage.</td></tr>
234
<tr><th>Enable debugging mode (increases database load)</th><td><input type="checkbox" id="debugOn" class="wfConfigElem" name="debugOn" value="1" <?php $w->cb('debugOn'); ?> /></td></tr>
235
<tr><th>Delete Wordfence tables and data on deactivation?</th><td><input type="checkbox" id="deleteTablesOnDeact" class="wfConfigElem" name="deleteTablesOnDeact" value="1" <?php $w->cb('deleteTablesOnDeact'); ?> /></td></tr>
236
+ <tr><th colspan="2"><a href="<?php echo wfUtils::siteURLRelative(); ?>?_wfsf=conntest&nonce=<?php echo wp_create_nonce('wp-ajax'); ?>" target="_blank">Click to test connectivity to the Wordfence API servers</a></th></tr>
237
<tr><th colspan="2"><a href="<?php echo wfUtils::siteURLRelative(); ?>?_wfsf=sysinfo&nonce=<?php echo wp_create_nonce('wp-ajax'); ?>" target="_blank">Click to view your system's configuration in a new window</a></th></tr>
238
<tr><th colspan="2"><a href="<?php echo wfUtils::siteURLRelative(); ?>?_wfsf=testmem&nonce=<?php echo wp_create_nonce('wp-ajax'); ?>" target="_blank">Test your WordPress host's available memory</a></th></tr>
239
</table>
lib/pageTitle.php CHANGED
@@ -1,13 +1,15 @@
1
- <?php if(! wfConfig::get('isPaid')){ ?>
2
<table border="0">
3
<tr>
4
<td style="padding-right: 50px;">
5
<div class="wordfence-lock-icon wordfence-icon32"><br /></div><h2 id="wfHeading"><?php echo $pageTitle; ?></h2>
6
</td><td style="width: 450px; padding-top: 10px;">
7
- You're using the Free version of Wordfence which you can support by visiting <a href="http://www.bluehost.com/track/wordfence/wfplghead" target="_blank">Bluehost.com</a>. We recommend <a href="http://www.bluehost.com/track/wordfence/wfplghead" target="_blank">Bluehost for WordPress hosting</a> and use them for our own WordPress websites. &nbsp;&nbsp;&nbsp;<a href="http://www.bluehost.com/track/wordfence/wfplghead" target="_blank">&raquo;Visit Bluehost now&raquo;</a>
8
</td>
9
<td style="width: 120px; padding-top: 10px;">
10
- <a href="http://www.bluehost.com/track/wordfence/wfplghead" target="_blank" class="bluehostBanner bluehostBanner<?php echo rand(1,5); ?>"></a>
11
</td>
12
</tr>
13
</table>
1
+ <?php if(! wfConfig::get('isPaid')){
2
+ $affURL = 'http://www.bluehost.com/track/wordfence/wfplghd2?page=/wordpress';
3
+ ?>
4
<table border="0">
5
<tr>
6
<td style="padding-right: 50px;">
7
<div class="wordfence-lock-icon wordfence-icon32"><br /></div><h2 id="wfHeading"><?php echo $pageTitle; ?></h2>
8
</td><td style="width: 450px; padding-top: 10px;">
9
+ You're using the Free version of Wordfence which you can support by visiting <a href="<?php echo $affURL; ?>" target="_blank">Bluehost.com</a>. We recommend <a href="<?php echo $affURL; ?>" target="_blank">Bluehost for WordPress hosting</a> and use them for our own WordPress websites. &nbsp;&nbsp;&nbsp;<a href="<?php echo $affURL; ?>" target="_blank">&raquo;Visit Bluehost now&raquo;</a>
10
</td>
11
<td style="width: 120px; padding-top: 10px;">
12
+ <a href="<?php echo $affURL; ?>" target="_blank" class="bluehostBanner bluehostBanner<?php echo rand(1,5); ?>"></a>
13
</td>
14
</tr>
15
</table>
lib/wfAPI.php CHANGED
@@ -62,7 +62,7 @@ class wfAPI {
62
} else {
63
$cerror = curl_error($curl);
64
curl_close($curl);
65
- throw new Exception("We received an error response when trying to contact the Wordfence scanning servers. The HTTP status code was [$httpStatus]" . ($cerror ? (' and the error from CURL was ' . $cerror) : ''));
66
}
67
} else {
68
$data = $this->fileGet($url, $postParams);
62
} else {
63
$cerror = curl_error($curl);
64
curl_close($curl);
65
+ throw new Exception("We received an error response when trying to contact the Wordfence scanning servers. The HTTP status code was [$httpStatus] and the curl error number was [" . $this->lastCurlErrorNo . "] " . ($cerror ? (' and the error from CURL was: ' . $cerror) : ''));
66
}
67
} else {
68
$data = $this->fileGet($url, $postParams);
lib/wfConfig.php CHANGED
@@ -49,7 +49,7 @@ class wfConfig {
49
),
50
"otherParams" => array(
51
'securityLevel' => '0',
52
- "alertEmails" => "", "liveTraf_ignoreUsers" => "", "liveTraf_ignoreIPs" => "", "liveTraf_ignoreUA" => "", "apiKey" => "", "maxMem" => '256', 'whitelisted' => '', 'maxExecutionTime' => '', 'howGetIPs' => '',
53
"neverBlockBG" => "neverBlockVerified",
54
"loginSec_countFailMins" => "5",
55
"loginSec_lockoutMins" => "5",
@@ -113,7 +113,7 @@ class wfConfig {
113
),
114
"otherParams" => array(
115
'securityLevel' => '1',
116
- "alertEmails" => "", "liveTraf_ignoreUsers" => "", "liveTraf_ignoreIPs" => "", "liveTraf_ignoreUA" => "", "apiKey" => "", "maxMem" => '256', 'whitelisted' => '', 'maxExecutionTime' => '', 'howGetIPs' => '',
117
"neverBlockBG" => "neverBlockVerified",
118
"loginSec_countFailMins" => "5",
119
"loginSec_lockoutMins" => "5",
@@ -177,7 +177,7 @@ class wfConfig {
177
),
178
"otherParams" => array(
179
'securityLevel' => '2',
180
- "alertEmails" => "", "liveTraf_ignoreUsers" => "", "liveTraf_ignoreIPs" => "", "liveTraf_ignoreUA" => "", "apiKey" => "", "maxMem" => '256', 'whitelisted' => '', 'maxExecutionTime' => '', 'howGetIPs' => '',
181
"neverBlockBG" => "neverBlockVerified",
182
"loginSec_countFailMins" => "240",
183
"loginSec_lockoutMins" => "240",
@@ -241,7 +241,7 @@ class wfConfig {
241
),
242
"otherParams" => array(
243
'securityLevel' => '3',
244
- "alertEmails" => "", "liveTraf_ignoreUsers" => "", "liveTraf_ignoreIPs" => "", "liveTraf_ignoreUA" => "", "apiKey" => "", "maxMem" => '256', 'whitelisted' => '', 'maxExecutionTime' => '', 'howGetIPs' => '',
245
"neverBlockBG" => "neverBlockVerified",
246
"loginSec_countFailMins" => "1440",
247
"loginSec_lockoutMins" => "1440",
@@ -305,7 +305,7 @@ class wfConfig {
305
),
306
"otherParams" => array(
307
'securityLevel' => '4',
308
- "alertEmails" => "", "liveTraf_ignoreUsers" => "", "liveTraf_ignoreIPs" => "", "liveTraf_ignoreUA" => "", "apiKey" => "", "maxMem" => '256', 'whitelisted' => '', 'maxExecutionTime' => '', 'howGetIPs' => '',
309
"neverBlockBG" => "neverBlockVerified",
310
"loginSec_countFailMins" => "1440",
311
"loginSec_lockoutMins" => "1440",
49
),
50
"otherParams" => array(
51
'securityLevel' => '0',
52
+ "alertEmails" => "", "liveTraf_ignoreUsers" => "", "liveTraf_ignoreIPs" => "", "liveTraf_ignoreUA" => "", "apiKey" => "", "maxMem" => '256', 'whitelisted' => '', 'maxExecutionTime' => '', 'howGetIPs' => '', 'actUpdateInterval' => '',
53
"neverBlockBG" => "neverBlockVerified",
54
"loginSec_countFailMins" => "5",
55
"loginSec_lockoutMins" => "5",
113
),
114
"otherParams" => array(
115
'securityLevel' => '1',
116
+ "alertEmails" => "", "liveTraf_ignoreUsers" => "", "liveTraf_ignoreIPs" => "", "liveTraf_ignoreUA" => "", "apiKey" => "", "maxMem" => '256', 'whitelisted' => '', 'maxExecutionTime' => '', 'howGetIPs' => '', 'actUpdateInterval' => '',
117
"neverBlockBG" => "neverBlockVerified",
118
"loginSec_countFailMins" => "5",
119
"loginSec_lockoutMins" => "5",
177
),
178
"otherParams" => array(
179
'securityLevel' => '2',
180
+ "alertEmails" => "", "liveTraf_ignoreUsers" => "", "liveTraf_ignoreIPs" => "", "liveTraf_ignoreUA" => "", "apiKey" => "", "maxMem" => '256', 'whitelisted' => '', 'maxExecutionTime' => '', 'howGetIPs' => '', 'actUpdateInterval' => '',
181
"neverBlockBG" => "neverBlockVerified",
182
"loginSec_countFailMins" => "240",
183
"loginSec_lockoutMins" => "240",
241
),
242
"otherParams" => array(
243
'securityLevel' => '3',
244
+ "alertEmails" => "", "liveTraf_ignoreUsers" => "", "liveTraf_ignoreIPs" => "", "liveTraf_ignoreUA" => "", "apiKey" => "", "maxMem" => '256', 'whitelisted' => '', 'maxExecutionTime' => '', 'howGetIPs' => '', 'actUpdateInterval' => '',
245
"neverBlockBG" => "neverBlockVerified",
246
"loginSec_countFailMins" => "1440",
247
"loginSec_lockoutMins" => "1440",
305
),
306
"otherParams" => array(
307
'securityLevel' => '4',
308
+ "alertEmails" => "", "liveTraf_ignoreUsers" => "", "liveTraf_ignoreIPs" => "", "liveTraf_ignoreUA" => "", "apiKey" => "", "maxMem" => '256', 'whitelisted' => '', 'maxExecutionTime' => '', 'howGetIPs' => '', 'actUpdateInterval' => '',
309
"neverBlockBG" => "neverBlockVerified",
310
"loginSec_countFailMins" => "1440",
311
"loginSec_lockoutMins" => "1440",
lib/wfLog.php CHANGED
@@ -55,9 +55,9 @@ class wfLog {
55
//Moved the following block into the "is fw enabled section" for optimization.
56
$IP = wfUtils::getIP();
57
$IPnum = wfUtils::inet_aton($IP);
58
- // if($this->isWhitelisted($IP)){
59
- // return;
60
- // }
61
if($type == '404'){
62
$table = $this->scanTable;
63
} else if($type == 'hit'){
@@ -70,48 +70,7 @@ class wfLog {
70
$hitsPerMinute = $this->getDB()->querySingle("select @wfcurrenthits");
71
//end block moved into "is fw enabled" section
72
73
- //New range and UA pattern blocking:
74
- $r1 = $this->getDB()->querySelect("select id, blockType, blockString from " . $this->ipRangesTable);
75
- foreach($r1 as $blockRec){
76
- if($blockRec['blockType'] == 'IU'){
77
- $ipRangeBlocked = false;
78
- $uaPatternBlocked = false;
79
-
80
- $bDat = explode('|', $blockRec['blockString']);
81
- $ipRange = $bDat[0];
82
- $uaPattern = $bDat[1];
83
- if($ipRange){
84
- $ips = explode('-', $ipRange);
85
- if($IPnum >= $ips[0] && $IPnum <= $ips[1]){
86
- $ipRangeBlocked = true;
87
- }
88
- }
89
- if($uaPattern){
90
- if(wfUtils::isUABlocked($uaPattern)){
91
- $uaPatternBlocked = true;
92
- }
93
- }
94
- $rangeBlockReason = false;
95
- if($uaPattern && $ipRange){
96
- if($uaPatternBlocked && $ipRangeBlocked){
97
- $rangeBlockReason = "Advanced pattern blocking in effect.";
98
- }
99
- } else if($uaPattern){
100
- if($uaPatternBlocked){
101
- $rangeBlockReason = "Advanced pattern blocking in effect.";
102
- }
103
- } else if($ipRange){
104
- if($ipRangeBlocked){
105
- $rangeBlockReason = "Advanced pattern blocking in effect.";
106
- }
107
- }
108
- if($rangeBlockReason){
109
- $this->getDB()->queryWrite("update " . $this->ipRangesTable . " set totalBlocked = totalBlocked + 1, lastBlocked = unix_timestamp() where id=%d", $blockRec['id']);
110
- $this->do503(3600, $rangeBlockReason);
111
- }
112
- }
113
- }
114
- //End range/UA blocking
115
116
if(wfConfig::get('blockFakeBots')){
117
if(wfCrawl::isGooglebot() && (! wfCrawl::verifyCrawlerPTR($this->googlePattern, $IP) )){
@@ -161,6 +120,10 @@ class wfLog {
161
}
162
}
163
public function isWhitelisted($IP){
164
//We now whitelist all RFC1918 IP addresses and loopback
165
if(strpos($IP, '127.') === 0 || strpos($IP, '10.') === 0 || strpos($IP, '192.168.') === 0 || strpos($IP, '172.') === 0){
166
if(strpos($IP, '172.') === 0){
@@ -555,6 +518,50 @@ class wfLog {
555
return $this->db;
556
}
557
public function firewallBadIPs(){
558
$blockedCountries = wfConfig::get('cbl_countries', false);
559
$bareRequestURI = wfUtils::extractBareURI($_SERVER['REQUEST_URI']);
560
$bareBypassRedirURI = wfUtils::extractBareURI(wfConfig::get('cbl_bypassRedirURL', ''));
55
//Moved the following block into the "is fw enabled section" for optimization.
56
$IP = wfUtils::getIP();
57
$IPnum = wfUtils::inet_aton($IP);
58
+ if($this->isWhitelisted($IP)){
59
+ return;
60
+ }
61
if($type == '404'){
62
$table = $this->scanTable;
63
} else if($type == 'hit'){
70
$hitsPerMinute = $this->getDB()->querySingle("select @wfcurrenthits");
71
//end block moved into "is fw enabled" section
72
73
+ //Range blocking was here. Moved to wordfenceClass::veryFirstAction
74
75
if(wfConfig::get('blockFakeBots')){
76
if(wfCrawl::isGooglebot() && (! wfCrawl::verifyCrawlerPTR($this->googlePattern, $IP) )){
120
}
121
}
122
public function isWhitelisted($IP){
123
+ $IPnum = wfUtils::inet_aton($IP);
124
+ if($IPnum > 1160651777 && $IPnum < 1160651808){ //IP is in Wordfence's IP block which would prevent our scanning server manually kicking off scans that are stuck
125
+ return true;
126
+ }
127
//We now whitelist all RFC1918 IP addresses and loopback
128
if(strpos($IP, '127.') === 0 || strpos($IP, '10.') === 0 || strpos($IP, '192.168.') === 0 || strpos($IP, '172.') === 0){
129
if(strpos($IP, '172.') === 0){
518
return $this->db;
519
}
520
public function firewallBadIPs(){
521
+
522
+ //New range and UA pattern blocking:
523
+ $r1 = $this->getDB()->querySelect("select id, blockType, blockString from " . $this->ipRangesTable);
524
+ foreach($r1 as $blockRec){
525
+ if($blockRec['blockType'] == 'IU'){
526
+ $ipRangeBlocked = false;
527
+ $uaPatternBlocked = false;
528
+
529
+ $bDat = explode('|', $blockRec['blockString']);
530
+ $ipRange = $bDat[0];
531
+ $uaPattern = $bDat[1];
532
+ if($ipRange){
533
+ $ips = explode('-', $ipRange);
534
+ if($IPnum >= $ips[0] && $IPnum <= $ips[1]){
535
+ $ipRangeBlocked = true;
536
+ }
537
+ }
538
+ if($uaPattern){
539
+ if(wfUtils::isUABlocked($uaPattern)){
540
+ $uaPatternBlocked = true;
541
+ }
542
+ }
543
+ $rangeBlockReason = false;
544
+ if($uaPattern && $ipRange){
545
+ if($uaPatternBlocked && $ipRangeBlocked){
546
+ $rangeBlockReason = "Advanced pattern blocking in effect.";
547
+ }
548
+ } else if($uaPattern){
549
+ if($uaPatternBlocked){
550
+ $rangeBlockReason = "Advanced pattern blocking in effect.";
551
+ }
552
+ } else if($ipRange){
553
+ if($ipRangeBlocked){
554
+ $rangeBlockReason = "Advanced pattern blocking in effect.";
555
+ }
556
+ }
557
+ if($rangeBlockReason){
558
+ $this->getDB()->queryWrite("update " . $this->ipRangesTable . " set totalBlocked = totalBlocked + 1, lastBlocked = unix_timestamp() where id=%d", $blockRec['id']);
559
+ $this->do503(3600, $rangeBlockReason);
560
+ }
561
+ }
562
+ }
563
+ //End range/UA blocking
564
+
565
$blockedCountries = wfConfig::get('cbl_countries', false);
566
$bareRequestURI = wfUtils::extractBareURI($_SERVER['REQUEST_URI']);
567
$bareBypassRedirURI = wfUtils::extractBareURI(wfConfig::get('cbl_bypassRedirURL', ''));
lib/wordfenceClass.php CHANGED
@@ -466,8 +466,10 @@ class wordfence {
466
}
467
}
468
469
- $wfLog = self::getLog();
470
- $wfLog->firewallBadIPs();
471
}
472
public static function loginAction($username){
473
if(sizeof($_POST) < 1){ return; } //only execute if login form is posted
@@ -1181,7 +1183,7 @@ class wordfence {
1181
}
1182
}
1183
1184
- if(! ($wfFunc == 'diff' || $wfFunc == 'view' || $wfFunc == 'sysinfo' || $wfFunc == 'unknownFiles' || $wfFunc == 'IPTraf' || $wfFunc == 'viewActivityLog' || $wfFunc == 'testmem' || $wfFunc == 'testtime')){
1185
return;
1186
}
1187
if(! wfUtils::isAdmin()){
@@ -1199,6 +1201,8 @@ class wordfence {
1199
self::wfFunc_view();
1200
} else if($wfFunc == 'sysinfo'){
1201
require('sysinfo.php');
1202
} else if($wfFunc == 'unknownFiles'){
1203
require('unknownFiles.php');
1204
} else if($wfFunc == 'IPTraf'){
@@ -1410,11 +1414,18 @@ class wordfence {
1410
1411
}
1412
private static function setupAdminVars(){
1413
wp_localize_script('wordfenceAdminjs', 'WordfenceAdminVars', array(
1414
'ajaxURL' => admin_url('admin-ajax.php'),
1415
'firstNonce' => wp_create_nonce('wp-ajax'),
1416
'siteBaseURL' => wfUtils::getSiteBaseURL(),
1417
'debugOn' => wfConfig::get('debugOn', 0),
1418
'tourClosed' => wfConfig::get('tourClosed', 0)
1419
));
1420
}
466
}
467
}
468
469
+ if(wfConfig::get('firewallEnabled')){
470
+ $wfLog = self::getLog();
471
+ $wfLog->firewallBadIPs();
472
+ }
473
}
474
public static function loginAction($username){
475
if(sizeof($_POST) < 1){ return; } //only execute if login form is posted
1183
}
1184
}
1185
1186
+ if(! ($wfFunc == 'diff' || $wfFunc == 'view' || $wfFunc == 'sysinfo' || $wfFunc == 'conntest' || $wfFunc == 'unknownFiles' || $wfFunc == 'IPTraf' || $wfFunc == 'viewActivityLog' || $wfFunc == 'testmem' || $wfFunc == 'testtime')){
1187
return;
1188
}
1189
if(! wfUtils::isAdmin()){
1201
self::wfFunc_view();
1202
} else if($wfFunc == 'sysinfo'){
1203
require('sysinfo.php');
1204
+ } else if($wfFunc == 'conntest'){
1205
+ require('conntest.php');
1206
} else if($wfFunc == 'unknownFiles'){
1207
require('unknownFiles.php');
1208
} else if($wfFunc == 'IPTraf'){
1414
1415
}
1416
private static function setupAdminVars(){
1417
+ $updateInt = wfConfig::get('actUpdateInterval', 2);
1418
+ if(! preg_match('/^\d+#x2F;', $updateInt)){
1419
+ $updateInt = 2;
1420
+ }
1421
+ $updateInt *= 1000;
1422
+
1423
wp_localize_script('wordfenceAdminjs', 'WordfenceAdminVars', array(
1424
'ajaxURL' => admin_url('admin-ajax.php'),
1425
'firstNonce' => wp_create_nonce('wp-ajax'),
1426
'siteBaseURL' => wfUtils::getSiteBaseURL(),
1427
'debugOn' => wfConfig::get('debugOn', 0),
1428
+ 'actUpdateInterval' => $updateInt,
1429
'tourClosed' => wfConfig::get('tourClosed', 0)
1430
));
1431
}
lib/wordfenceScanner.php CHANGED
@@ -136,6 +136,7 @@ class wordfenceScanner {
136
break;
137
138
}
139
$longestNospace = wfUtils::longestNospace($data);
140
if($longestNospace > 1000 && (strpos($data, $this->patterns['pat1']) !== false || preg_match('/preg_replace\([^\(]+\/[a-z]*e/', $data)) ){
141
$this->addResult(array(
@@ -154,6 +155,7 @@ class wordfenceScanner {
154
));
155
break;
156
}
157
if(preg_match($this->patterns['pat2'], $data)){
158
$this->addResult(array(
159
'type' => 'file',
136
break;
137
138
}
139
+ /*
140
$longestNospace = wfUtils::longestNospace($data);
141
if($longestNospace > 1000 && (strpos($data, $this->patterns['pat1']) !== false || preg_match('/preg_replace\([^\(]+\/[a-z]*e/', $data)) ){
142
$this->addResult(array(
155
));
156
break;
157
}
158
+ */
159
if(preg_match($this->patterns['pat2'], $data)){
160
$this->addResult(array(
161
'type' => 'file',
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: mmaunder
3
Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure
4
Requires at least: 3.3.1
5
Tested up to: 3.5.1
6
- Stable tag: 3.6.5
7
8
Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
9
@@ -155,6 +155,15 @@ or a theme, because often these have been updated to fix a security hole.
155
156
== Changelog ==
157
158
= 3.6.5 =
159
* Fixed Fatal error: func_get_args(): Can't be used as a function parameter.
160
* This bug affected users using PHP older than 5.3.0
3
Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure
4
Requires at least: 3.3.1
5
Tested up to: 3.5.1
6
+ Stable tag: 3.6.6
7
8
Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
9
155
156
== Changelog ==
157
158
+ = 3.6.6 =
159
+ * Added option to change AJAX polling frequency
160
+ * Fixed issue that caused whitelisted IP's to not be whitelisted.
161
+ * Added code that prevents blocking of Wordfence's API server (or Wordfence will cease to function)
162
+ * Added link at bottom of 'options' page to test connectivity to our API servers.
163
+ * Include any CURL error numbers in error reporting.
164
+ * Fixed issue that caused IP range blocking to not block access to login page.
165
+ * Fixed issue that caused cache files to be flagged as malicious.
166
+
167
= 3.6.5 =
168
* Fixed Fatal error: func_get_args(): Can't be used as a function parameter.
169
* This bug affected users using PHP older than 5.3.0