Wordfence Security – Firewall & Malware Scan - Version 3.7.1

Version Description

  • Moved global firewall, login security and live traffic options to top of options page.
  • Made it clear that if you have firewall disabled, IP's won't be blocked, country blocking won't work and advanced blocking won't work with warnings on each page.
Download this release

Release Info

Developer mmaunder
Plugin Icon 128x128 Wordfence Security – Firewall & Malware Scan
Version 3.7.1
Comparing to
See all releases

Code changes from version 3.6.9 to 3.7.1

lib/menu_blockedIPs.php CHANGED
@@ -6,6 +6,7 @@
6
  <tr><td><h2>Wordfence Live Activity:</h2></td><td id="wfLiveStatus"></td></tr>
7
  </table>
8
  </div>
 
9
  <div class="wordfenceWrap" style="margin: 20px 20px 20px 30px;">
10
  <a href="#" onclick="WFAD.clearAllBlocked('blocked'); return false;">Clear all blocked IP addresses</a>&nbsp;&nbsp;|&nbsp;&nbsp;<a href="#" onclick="WFAD.clearAllBlocked('locked'); return false;">Clear all locked out IP addresses</a><br />
11
  You can manually (and permanently) block an IP by entering the address here: <input type="text" id="wfManualBlock" size="20" maxlength="40" value="" onkeydown="if(event.keyCode == 13){ WFAD.blockIPTwo(jQuery('#wfManualBlock').val(), 'Manual block by administrator', true); return false; }" />&nbsp;<input type="button" name="but1" value="Manually block IP" onclick="WFAD.blockIPTwo(jQuery('#wfManualBlock').val(), 'Manual block by administrator', true); return false;" />
6
  <tr><td><h2>Wordfence Live Activity:</h2></td><td id="wfLiveStatus"></td></tr>
7
  </table>
8
  </div>
9
+ <?php if(! wfConfig::get('firewallEnabled')){ ?><div style="color: #F00; font-weight: bold;">Firewall is disabled. You can enable it on the <a href="admin.php?page=WordfenceSecOpt">Wordfence Options page</a> at the top.</div><?php } ?>
10
  <div class="wordfenceWrap" style="margin: 20px 20px 20px 30px;">
11
  <a href="#" onclick="WFAD.clearAllBlocked('blocked'); return false;">Clear all blocked IP addresses</a>&nbsp;&nbsp;|&nbsp;&nbsp;<a href="#" onclick="WFAD.clearAllBlocked('locked'); return false;">Clear all locked out IP addresses</a><br />
12
  You can manually (and permanently) block an IP by entering the address here: <input type="text" id="wfManualBlock" size="20" maxlength="40" value="" onkeydown="if(event.keyCode == 13){ WFAD.blockIPTwo(jQuery('#wfManualBlock').val(), 'Manual block by administrator', true); return false; }" />&nbsp;<input type="button" name="but1" value="Manually block IP" onclick="WFAD.blockIPTwo(jQuery('#wfManualBlock').val(), 'Manual block by administrator', true); return false;" />
lib/menu_countryBlocking.php CHANGED
@@ -10,6 +10,7 @@ WFAD.countryMap = <?php echo json_encode($wfBulkCountries); ?>;
10
  <div class="wordfenceWrap" style="margin: 20px 20px 20px 30px;">
11
  <table class="wfConfigForm">
12
  <tr><td colspan="2"><h2>Country Blocking Options</h2></td></tr>
 
13
  <tr><th>What to do when we block someone:</th><td>
14
  <select id="wfBlockAction">
15
  <option value="block"<?php if(wfConfig::get('cbl_action') == 'block'){ echo ' selected'; } ?>>Show the standard Wordfence blocked message</option>
10
  <div class="wordfenceWrap" style="margin: 20px 20px 20px 30px;">
11
  <table class="wfConfigForm">
12
  <tr><td colspan="2"><h2>Country Blocking Options</h2></td></tr>
13
+ <?php if(! wfConfig::get('firewallEnabled')){ ?><tr><td colspan="2"><div style="color: #F00; font-weight: bold;">Firewall is disabled. You can enable it on the <a href="admin.php?page=WordfenceSecOpt">Wordfence Options page</a> at the top.</div></td></tr><?php } ?>
14
  <tr><th>What to do when we block someone:</th><td>
15
  <select id="wfBlockAction">
16
  <option value="block"<?php if(wfConfig::get('cbl_action') == 'block'){ echo ' selected'; } ?>>Show the standard Wordfence blocked message</option>
lib/menu_options.php CHANGED
@@ -16,6 +16,15 @@ var WFSLevels = <?php echo json_encode(wfConfig::$securityLevels); ?>;
16
  <form id="wfConfigForm">
17
  <table class="wfConfigForm">
18
  <tr><td colspan="2"><h2>Basic Options</h2></td></tr>
 
 
 
 
 
 
 
 
 
19
  <tr><th>Where to email alerts:</th><td><input type="text" id="alertEmails" name="alertEmails" value="<?php $w->f('alertEmails'); ?>" size="50" />&nbsp;<span class="wfTipText">Separate multiple emails with commas</span></td></tr>
20
  <tr><th>Your Wordfence API Key:</th><td><input type="text" id="apiKey" name="apiKey" value="<?php $w->f('apiKey'); ?>" size="50" />
21
  </td></tr>
@@ -75,7 +84,6 @@ var WFSLevels = <?php echo json_encode(wfConfig::$securityLevels); ?>;
75
  <div class="wfMarker" id="wfMarkerLiveTrafficOptions"></div>
76
  <h3 class="wfConfigHeading">Live Traffic View</h3>
77
  </td></tr>
78
- <tr><th class="wfConfigEnable">Enable Live Traffic View</th><td><input type="checkbox" id="liveTrafficEnabled" class="wfConfigElem" name="liveTrafficEnabled" value="1" <?php $w->cb('liveTrafficEnabled'); ?> onclick="WFAD.reloadConfigPage = true; return true;" /></td></tr>
79
  <tr><th>Don't log signed-in users with publishing access:</th><td><input type="checkbox" id="liveTraf_ignorePublishers" name="liveTraf_ignorePublishers" value="1" <?php $w->cb('liveTraf_ignorePublishers'); ?> /></td></tr>
80
  <tr><th>List of comma separated usernames to ignore:</th><td><input type="text" name="liveTraf_ignoreUsers" id="liveTraf_ignoreUsers" value="<?php echo $w->getHTML('liveTraf_ignoreUsers'); ?>" /></td></tr>
81
  <tr><th>List of comma separated IP addresses to ignore:</th><td><input type="text" name="liveTraf_ignoreIPs" id="liveTraf_ignoreIPs" value="<?php echo $w->getHTML('liveTraf_ignoreIPs'); ?>" /></td></tr>
@@ -83,7 +91,6 @@ var WFSLevels = <?php echo json_encode(wfConfig::$securityLevels); ?>;
83
  <tr><td colspan="2">
84
  <div class="wfMarker" id="wfMarkerScansToInclude"></div>
85
  <h3 class="wfConfigHeading">Scans to include</h3></td></tr>
86
- <tr><th class="wfConfigEnable">Enable automatic scheduled scans</th><td><input type="checkbox" id="scheduledScansEnabled" class="wfConfigElem" name="scheduledScansEnabled" value="1" <?php $w->cb('scheduledScansEnabled'); ?> /></td></tr>
87
  <?php if(wfConfig::get('isPaid')){ ?>
88
  <tr><th>Scan public facing site for vulnerabilities?</th><td><input type="checkbox" id="scansEnabled_public" class="wfConfigElem" name="scansEnabled_public" value="1" <?php $w->cb('scansEnabled_public'); ?></td></tr>
89
  <?php } else { ?>
@@ -107,8 +114,6 @@ var WFSLevels = <?php echo json_encode(wfConfig::$securityLevels); ?>;
107
  <div class="wfMarker" id="wfMarkerFirewallRules"></div>
108
  <h3 class="wfConfigHeading">Firewall Rules</h3>
109
  </td></tr>
110
-
111
- <tr><th class="wfConfigEnable">Enable firewall rules</th><td><input type="checkbox" id="firewallEnabled" class="wfConfigElem" name="firewallEnabled" value="1" <?php $w->cb('firewallEnabled'); ?> /></td></tr>
112
  <tr><th>Immediately block fake Google crawlers:</th><td><input type="checkbox" id="blockFakeBots" class="wfConfigElem" name="blockFakeBots" value="1" <?php $w->cb('blockFakeBots'); ?>/></td></tr>
113
  <tr><th>How should we treat Google's crawlers</th><td>
114
  <select id="neverBlockBG" class="wfConfigElem" name="neverBlockBG">
@@ -142,7 +147,6 @@ var WFSLevels = <?php echo json_encode(wfConfig::$securityLevels); ?>;
142
  <div class="wfMarker" id="wfMarkerLoginSecurity"></div>
143
  <h3 class="wfConfigHeading">Login Security Options</h3>
144
  </td></tr>
145
- <tr><th class="wfConfigEnable">Enable login security</th><td><input type="checkbox" id="loginSecurityEnabled" class="wfConfigElem" name="loginSecurityEnabled" value="1" <?php $w->cb('loginSecurityEnabled'); ?> /></td></tr>
146
  <tr><th>Lock out after how many login failures</th><td>
147
  <select id="loginSec_maxFailures" class="wfConfigElem" name="loginSec_maxFailures">
148
  <option value="1"<?php $w->sel('loginSec_maxFailures', '1'); ?>>1</option>
16
  <form id="wfConfigForm">
17
  <table class="wfConfigForm">
18
  <tr><td colspan="2"><h2>Basic Options</h2></td></tr>
19
+ <tr><th class="wfConfigEnable">Enable firewall </th><td><input type="checkbox" id="firewallEnabled" class="wfConfigElem" name="firewallEnabled" value="1" <?php $w->cb('firewallEnabled'); ?> />&nbsp;<span style="color: #F00;">NOTE:</span> This checkbox enables ALL firewall functions including IP, country and advanced blocking and the "Firewall Rules" below.</td></tr>
20
+ <tr><td colspan="2">&nbsp;</td></tr>
21
+ <tr><th class="wfConfigEnable">Enable login security</th><td><input type="checkbox" id="loginSecurityEnabled" class="wfConfigElem" name="loginSecurityEnabled" value="1" <?php $w->cb('loginSecurityEnabled'); ?> />&nbsp;This option enables all "Login Security" options. You can modify individual options further down this page.</td></tr>
22
+ <tr><td colspan="2">&nbsp;</td></tr>
23
+ <tr><th class="wfConfigEnable">Enable Live Traffic View</th><td><input type="checkbox" id="liveTrafficEnabled" class="wfConfigElem" name="liveTrafficEnabled" value="1" <?php $w->cb('liveTrafficEnabled'); ?> onclick="WFAD.reloadConfigPage = true; return true;" />&nbsp;This option enables live traffic logging.</td></tr>
24
+ <tr><td colspan="2">&nbsp;</td></tr>
25
+ <tr><th class="wfConfigEnable">Enable automatic scheduled scans</th><td><input type="checkbox" id="scheduledScansEnabled" class="wfConfigElem" name="scheduledScansEnabled" value="1" <?php $w->cb('scheduledScansEnabled'); ?> />&nbsp;Regular scans ensure your site stays secure.</td></tr>
26
+ <tr><td colspan="2">&nbsp;</td></tr>
27
+
28
  <tr><th>Where to email alerts:</th><td><input type="text" id="alertEmails" name="alertEmails" value="<?php $w->f('alertEmails'); ?>" size="50" />&nbsp;<span class="wfTipText">Separate multiple emails with commas</span></td></tr>
29
  <tr><th>Your Wordfence API Key:</th><td><input type="text" id="apiKey" name="apiKey" value="<?php $w->f('apiKey'); ?>" size="50" />
30
  </td></tr>
84
  <div class="wfMarker" id="wfMarkerLiveTrafficOptions"></div>
85
  <h3 class="wfConfigHeading">Live Traffic View</h3>
86
  </td></tr>
 
87
  <tr><th>Don't log signed-in users with publishing access:</th><td><input type="checkbox" id="liveTraf_ignorePublishers" name="liveTraf_ignorePublishers" value="1" <?php $w->cb('liveTraf_ignorePublishers'); ?> /></td></tr>
88
  <tr><th>List of comma separated usernames to ignore:</th><td><input type="text" name="liveTraf_ignoreUsers" id="liveTraf_ignoreUsers" value="<?php echo $w->getHTML('liveTraf_ignoreUsers'); ?>" /></td></tr>
89
  <tr><th>List of comma separated IP addresses to ignore:</th><td><input type="text" name="liveTraf_ignoreIPs" id="liveTraf_ignoreIPs" value="<?php echo $w->getHTML('liveTraf_ignoreIPs'); ?>" /></td></tr>
91
  <tr><td colspan="2">
92
  <div class="wfMarker" id="wfMarkerScansToInclude"></div>
93
  <h3 class="wfConfigHeading">Scans to include</h3></td></tr>
 
94
  <?php if(wfConfig::get('isPaid')){ ?>
95
  <tr><th>Scan public facing site for vulnerabilities?</th><td><input type="checkbox" id="scansEnabled_public" class="wfConfigElem" name="scansEnabled_public" value="1" <?php $w->cb('scansEnabled_public'); ?></td></tr>
96
  <?php } else { ?>
114
  <div class="wfMarker" id="wfMarkerFirewallRules"></div>
115
  <h3 class="wfConfigHeading">Firewall Rules</h3>
116
  </td></tr>
 
 
117
  <tr><th>Immediately block fake Google crawlers:</th><td><input type="checkbox" id="blockFakeBots" class="wfConfigElem" name="blockFakeBots" value="1" <?php $w->cb('blockFakeBots'); ?>/></td></tr>
118
  <tr><th>How should we treat Google's crawlers</th><td>
119
  <select id="neverBlockBG" class="wfConfigElem" name="neverBlockBG">
147
  <div class="wfMarker" id="wfMarkerLoginSecurity"></div>
148
  <h3 class="wfConfigHeading">Login Security Options</h3>
149
  </td></tr>
 
150
  <tr><th>Lock out after how many login failures</th><td>
151
  <select id="loginSec_maxFailures" class="wfConfigElem" name="loginSec_maxFailures">
152
  <option value="1"<?php $w->sel('loginSec_maxFailures', '1'); ?>>1</option>
lib/menu_rangeBlocking.php CHANGED
@@ -4,6 +4,7 @@
4
  <div class="wordfenceWrap" style="margin: 20px 20px 20px 30px;">
5
  <p>
6
  <div style="width: 600px; margin-bottom: 15px;">
 
7
  This page lets you block visitors who are from a range of IP addresses or are using a certain web browser or browser pattern.
8
  You can also block a certain web browser that is visiting your site from a certain range of IP addresses. This can be useful when
9
  blocking someone pretending to be Google and using a specific Internet Service Provider or Web Host.<br /><br />
4
  <div class="wordfenceWrap" style="margin: 20px 20px 20px 30px;">
5
  <p>
6
  <div style="width: 600px; margin-bottom: 15px;">
7
+ <?php if(! wfConfig::get('firewallEnabled')){ ?><div style="color: #F00; font-weight: bold;">Firewall is disabled. You can enable it on the <a href="admin.php?page=WordfenceSecOpt">Wordfence Options page</a> at the top.</div><br /><?php } ?>
8
  This page lets you block visitors who are from a range of IP addresses or are using a certain web browser or browser pattern.
9
  You can also block a certain web browser that is visiting your site from a certain range of IP addresses. This can be useful when
10
  blocking someone pretending to be Google and using a specific Internet Service Provider or Web Host.<br /><br />
lib/wfConfig.php CHANGED
@@ -97,7 +97,7 @@ class wfConfig {
97
  "scansEnabled_options" => true,
98
  "scansEnabled_dns" => true,
99
  "scansEnabled_oldVersions" => true,
100
- "firewallEnabled" => false,
101
  "blockFakeBots" => false,
102
  "autoBlockScanners" => true,
103
  "loginSecurityEnabled" => true,
@@ -162,7 +162,7 @@ class wfConfig {
162
  "scansEnabled_options" => true,
163
  "scansEnabled_dns" => true,
164
  "scansEnabled_oldVersions" => true,
165
- "firewallEnabled" => false,
166
  "blockFakeBots" => false,
167
  "autoBlockScanners" => true,
168
  "loginSecurityEnabled" => true,
97
  "scansEnabled_options" => true,
98
  "scansEnabled_dns" => true,
99
  "scansEnabled_oldVersions" => true,
100
+ "firewallEnabled" => true,
101
  "blockFakeBots" => false,
102
  "autoBlockScanners" => true,
103
  "loginSecurityEnabled" => true,
162
  "scansEnabled_options" => true,
163
  "scansEnabled_dns" => true,
164
  "scansEnabled_oldVersions" => true,
165
+ "firewallEnabled" => true,
166
  "blockFakeBots" => false,
167
  "autoBlockScanners" => true,
168
  "loginSecurityEnabled" => true,
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: mmaunder
3
  Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure
4
  Requires at least: 3.3.1
5
  Tested up to: 3.5.1
6
- Stable tag: 3.6.9
7
 
8
  Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
9
 
@@ -155,6 +155,10 @@ or a theme, because often these have been updated to fix a security hole.
155
 
156
  == Changelog ==
157
 
 
 
 
 
158
  = 3.6.9 =
159
  * Fixed JS error that occurs occasionally when users are viewing activity log in real-time.
160
  * New Feature: Prevent users registering 'admin' username if it doesn't exist. Recommended if you've deleted 'admin'. Enable on 'options' page.
3
  Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure
4
  Requires at least: 3.3.1
5
  Tested up to: 3.5.1
6
+ Stable tag: 3.7.1
7
 
8
  Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
9
 
155
 
156
  == Changelog ==
157
 
158
+ = 3.7.1 =
159
+ * Moved global firewall, login security and live traffic options to top of options page.
160
+ * Made it clear that if you have firewall disabled, IP's won't be blocked, country blocking won't work and advanced blocking won't work with warnings on each page.
161
+
162
  = 3.6.9 =
163
  * Fixed JS error that occurs occasionally when users are viewing activity log in real-time.
164
  * New Feature: Prevent users registering 'admin' username if it doesn't exist. Recommended if you've deleted 'admin'. Enable on 'options' page.
wordfence.php CHANGED
@@ -4,10 +4,10 @@ Plugin Name: Wordfence Security
4
  Plugin URI: http://www.wordfence.com/
5
  Description: Wordfence Security - Anti-virus and Firewall security plugin for WordPress
6
  Author: Mark Maunder
7
- Version: 3.6.9
8
  Author URI: http://www.wordfence.com/
9
  */
10
- define('WORDFENCE_VERSION', '3.6.9');
11
  if(get_option('wordfenceActivated') != 1){
12
  add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
13
  }
4
  Plugin URI: http://www.wordfence.com/
5
  Description: Wordfence Security - Anti-virus and Firewall security plugin for WordPress
6
  Author: Mark Maunder
7
+ Version: 3.7.1
8
  Author URI: http://www.wordfence.com/
9
  */
10
+ define('WORDFENCE_VERSION', '3.7.1');
11
  if(get_option('wordfenceActivated') != 1){
12
  add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
13
  }