Wordfence Security – Firewall & Malware Scan - Version 3.8.6

Version Description

  • Fixed issue that caused scheduled scans to run even if disabled.
  • Fixed display bug when signin fails.
Download this release

Release Info

Developer mmaunder
Plugin Icon 128x128 Wordfence Security – Firewall & Malware Scan
Version 3.8.6
Comparing to
See all releases

Code changes from version 3.8.5 to 3.8.6

Files changed (3) hide show
  1. lib/wordfenceClass.php +9 -2
  2. readme.txt +7 -1
  3. wordfence.php +2 -2
lib/wordfenceClass.php CHANGED
@@ -628,7 +628,7 @@ class wordfence {
628
}
629
}
630
if(is_wp_error($authResult) && ($authResult->get_error_code() == 'invalid_username' || $authResult->get_error_code() == 'incorrect_password') && wfConfig::get('loginSec_maskLoginErrors')){
631
- return new WP_Error( 'incorrect_password', sprintf( __( '<strong>ERROR</strong>: The username or password you entered is incorrect. <a href="%2$s" title="Password Lost and Found">Lost your password</a>?' ), $username, wp_lostpassword_url() ) );
632
}
633
return $authResult;
634
}
@@ -849,6 +849,12 @@ class wordfence {
849
return ($nextTime ? date('l jS \of F Y H:i:s A', $nextTime + (3600 * get_option('gmt_offset'))) : '');
850
}
851
public static function wordfenceStartScheduledScan(){
852
//This prevents scheduled scans from piling up on low traffic blogs and all being run at once.
853
//Only one scheduled scan runs within a given 60 min window. Won't run if another scan has run within 30 mins.
854
$lastScanStart = wfConfig::get('lastScheduledScanStart', 0);
@@ -1788,7 +1794,8 @@ class wordfence {
1788
self::getLog()->addStatus($level, $type, $msg);
1789
}
1790
}
1791
- public static function profileUpdateAction($userID, $newDat){
1792
if(wfConfig::get('other_pwStrengthOnUpdate')){
1793
$oldDat = get_userdata($userID);
1794
if($newDat->user_pass != $oldDat->user_pass){
628
}
629
}
630
if(is_wp_error($authResult) && ($authResult->get_error_code() == 'invalid_username' || $authResult->get_error_code() == 'incorrect_password') && wfConfig::get('loginSec_maskLoginErrors')){
631
+ return new WP_Error( 'incorrect_password', sprintf( __( '<strong>ERROR</strong>: The username or password you entered is incorrect. <a href="%2$s" title="Password Lost and Found">Lost your password</a>?' ), $_POST['log'], wp_lostpassword_url() ) );
632
}
633
return $authResult;
634
}
849
return ($nextTime ? date('l jS \of F Y H:i:s A', $nextTime + (3600 * get_option('gmt_offset'))) : '');
850
}
851
public static function wordfenceStartScheduledScan(){
852
+
853
+ //If scheduled scans are not enabled in the global config option, then don't run a scheduled scan.
854
+ if(wfConfig::get('scheduledScansEnabled') != '1'){
855
+ return;
856
+ }
857
+
858
//This prevents scheduled scans from piling up on low traffic blogs and all being run at once.
859
//Only one scheduled scan runs within a given 60 min window. Won't run if another scan has run within 30 mins.
860
$lastScanStart = wfConfig::get('lastScheduledScanStart', 0);
1794
self::getLog()->addStatus($level, $type, $msg);
1795
}
1796
}
1797
+ public static function profileUpdateAction($userID, $newDat = false){
1798
+ if(! $newDat){ return; }
1799
if(wfConfig::get('other_pwStrengthOnUpdate')){
1800
$oldDat = get_userdata($userID);
1801
if($newDat->user_pass != $oldDat->user_pass){
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: mmaunder
3
Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security
4
Requires at least: 3.3.1
5
Tested up to: 3.6.1
6
- Stable tag: 3.8.5
7
8
Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
9
@@ -20,6 +20,7 @@ Wordfence Security is now Multi-Site compatible and includes Cellphone Sign-in w
20
Wordfence Security:
21
22
* Sign-in using your password and your cellphone to vastly improve login security. This is called Two Factor Authentication and is used by banks, government agencies and military world-wide for highest security authentication.
23
* Enforce strong passwords among your administrators, publishers and users. Improve login security.
24
* Scans core files, themes and plugins against WordPress.org repository versions to check their integrity. Verify security of your source.
25
* Includes a firewall to block common security threats like fake Googlebots, malicious scans from hackers and botnets.
@@ -81,6 +82,7 @@ To install Wordfence Security on WordPress Multi-Site installations (support is
81
* Wordfence Security scans check all your files, comments and posts for URL's in Google's Safe Browsing list. We are the only plugin to offer this very important security enhancement.
82
* Wordfence Security scans do not consume large amounts of your precious bandwidth because all security scans happen on your web server which makes them very fast.
83
* Wordfence Security fully supports WordPress Multi-Site which means you can security scan every blog in your Multi-Site installation with one click.
84
85
= Does Wordfence Security support Multi-Site installations? =
86
@@ -150,6 +152,10 @@ cause a security hole on your site.
150
151
== Changelog ==
152
153
= 3.8.5 =
154
* Fixed issue that caused Human traffic to not be logged in Wordfence Security live traffic view.
155
3
Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security
4
Requires at least: 3.3.1
5
Tested up to: 3.6.1
6
+ Stable tag: 3.8.6
7
8
Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
9
20
Wordfence Security:
21
22
* Sign-in using your password and your cellphone to vastly improve login security. This is called Two Factor Authentication and is used by banks, government agencies and military world-wide for highest security authentication.
23
+ * Includes two-factor authentication, also referred to as cellphone sign-in.
24
* Enforce strong passwords among your administrators, publishers and users. Improve login security.
25
* Scans core files, themes and plugins against WordPress.org repository versions to check their integrity. Verify security of your source.
26
* Includes a firewall to block common security threats like fake Googlebots, malicious scans from hackers and botnets.
82
* Wordfence Security scans check all your files, comments and posts for URL's in Google's Safe Browsing list. We are the only plugin to offer this very important security enhancement.
83
* Wordfence Security scans do not consume large amounts of your precious bandwidth because all security scans happen on your web server which makes them very fast.
84
* Wordfence Security fully supports WordPress Multi-Site which means you can security scan every blog in your Multi-Site installation with one click.
85
+ * Wordfence Security includes Two-Factor authentication, the most secure way to stop brute force attackers in their tracks.
86
87
= Does Wordfence Security support Multi-Site installations? =
88
152
153
== Changelog ==
154
155
+ = 3.8.6 =
156
+ * Fixed issue that caused scheduled scans to run even if disabled.
157
+ * Fixed display bug when signin fails.
158
+
159
= 3.8.5 =
160
* Fixed issue that caused Human traffic to not be logged in Wordfence Security live traffic view.
161
wordfence.php CHANGED
@@ -4,10 +4,10 @@ Plugin Name: Wordfence Security
4
Plugin URI: http://www.wordfence.com/
5
Description: Wordfence Security - Anti-virus and Firewall security plugin for WordPress
6
Author: Mark Maunder
7
- Version: 3.8.5
8
Author URI: http://www.wordfence.com/
9
*/
10
- define('WORDFENCE_VERSION', '3.8.5');
11
if(get_option('wordfenceActivated') != 1){
12
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
13
}
4
Plugin URI: http://www.wordfence.com/
5
Description: Wordfence Security - Anti-virus and Firewall security plugin for WordPress
6
Author: Mark Maunder
7
+ Version: 3.8.6
8
Author URI: http://www.wordfence.com/
9
*/
10
+ define('WORDFENCE_VERSION', '3.8.6');
11
if(get_option('wordfenceActivated') != 1){
12
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
13
}