Wordfence Security – Firewall & Malware Scan - Version 3.8.6

Version Description

  • Fixed issue that caused scheduled scans to run even if disabled.
  • Fixed display bug when signin fails.
Download this release

Release Info

Developer mmaunder
Plugin Icon 128x128 Wordfence Security – Firewall & Malware Scan
Version 3.8.6
Comparing to
See all releases

Code changes from version 3.8.5 to 3.8.6

Files changed (3) hide show
  1. lib/wordfenceClass.php +9 -2
  2. readme.txt +7 -1
  3. wordfence.php +2 -2
lib/wordfenceClass.php CHANGED
@@ -628,7 +628,7 @@ class wordfence {
628
  }
629
  }
630
  if(is_wp_error($authResult) && ($authResult->get_error_code() == 'invalid_username' || $authResult->get_error_code() == 'incorrect_password') && wfConfig::get('loginSec_maskLoginErrors')){
631
- return new WP_Error( 'incorrect_password', sprintf( __( '<strong>ERROR</strong>: The username or password you entered is incorrect. <a href="%2$s" title="Password Lost and Found">Lost your password</a>?' ), $username, wp_lostpassword_url() ) );
632
  }
633
  return $authResult;
634
  }
@@ -849,6 +849,12 @@ class wordfence {
849
  return ($nextTime ? date('l jS \of F Y H:i:s A', $nextTime + (3600 * get_option('gmt_offset'))) : '');
850
  }
851
  public static function wordfenceStartScheduledScan(){
 
 
 
 
 
 
852
  //This prevents scheduled scans from piling up on low traffic blogs and all being run at once.
853
  //Only one scheduled scan runs within a given 60 min window. Won't run if another scan has run within 30 mins.
854
  $lastScanStart = wfConfig::get('lastScheduledScanStart', 0);
@@ -1788,7 +1794,8 @@ class wordfence {
1788
  self::getLog()->addStatus($level, $type, $msg);
1789
  }
1790
  }
1791
- public static function profileUpdateAction($userID, $newDat){
 
1792
  if(wfConfig::get('other_pwStrengthOnUpdate')){
1793
  $oldDat = get_userdata($userID);
1794
  if($newDat->user_pass != $oldDat->user_pass){
628
  }
629
  }
630
  if(is_wp_error($authResult) && ($authResult->get_error_code() == 'invalid_username' || $authResult->get_error_code() == 'incorrect_password') && wfConfig::get('loginSec_maskLoginErrors')){
631
+ return new WP_Error( 'incorrect_password', sprintf( __( '<strong>ERROR</strong>: The username or password you entered is incorrect. <a href="%2$s" title="Password Lost and Found">Lost your password</a>?' ), $_POST['log'], wp_lostpassword_url() ) );
632
  }
633
  return $authResult;
634
  }
849
  return ($nextTime ? date('l jS \of F Y H:i:s A', $nextTime + (3600 * get_option('gmt_offset'))) : '');
850
  }
851
  public static function wordfenceStartScheduledScan(){
852
+
853
+ //If scheduled scans are not enabled in the global config option, then don't run a scheduled scan.
854
+ if(wfConfig::get('scheduledScansEnabled') != '1'){
855
+ return;
856
+ }
857
+
858
  //This prevents scheduled scans from piling up on low traffic blogs and all being run at once.
859
  //Only one scheduled scan runs within a given 60 min window. Won't run if another scan has run within 30 mins.
860
  $lastScanStart = wfConfig::get('lastScheduledScanStart', 0);
1794
  self::getLog()->addStatus($level, $type, $msg);
1795
  }
1796
  }
1797
+ public static function profileUpdateAction($userID, $newDat = false){
1798
+ if(! $newDat){ return; }
1799
  if(wfConfig::get('other_pwStrengthOnUpdate')){
1800
  $oldDat = get_userdata($userID);
1801
  if($newDat->user_pass != $oldDat->user_pass){
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: mmaunder
3
  Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security
4
  Requires at least: 3.3.1
5
  Tested up to: 3.6.1
6
- Stable tag: 3.8.5
7
 
8
  Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
9
 
@@ -20,6 +20,7 @@ Wordfence Security is now Multi-Site compatible and includes Cellphone Sign-in w
20
  Wordfence Security:
21
 
22
  * Sign-in using your password and your cellphone to vastly improve login security. This is called Two Factor Authentication and is used by banks, government agencies and military world-wide for highest security authentication.
 
23
  * Enforce strong passwords among your administrators, publishers and users. Improve login security.
24
  * Scans core files, themes and plugins against WordPress.org repository versions to check their integrity. Verify security of your source.
25
  * Includes a firewall to block common security threats like fake Googlebots, malicious scans from hackers and botnets.
@@ -81,6 +82,7 @@ To install Wordfence Security on WordPress Multi-Site installations (support is
81
  * Wordfence Security scans check all your files, comments and posts for URL's in Google's Safe Browsing list. We are the only plugin to offer this very important security enhancement.
82
  * Wordfence Security scans do not consume large amounts of your precious bandwidth because all security scans happen on your web server which makes them very fast.
83
  * Wordfence Security fully supports WordPress Multi-Site which means you can security scan every blog in your Multi-Site installation with one click.
 
84
 
85
  = Does Wordfence Security support Multi-Site installations? =
86
 
@@ -150,6 +152,10 @@ cause a security hole on your site.
150
 
151
  == Changelog ==
152
 
 
 
 
 
153
  = 3.8.5 =
154
  * Fixed issue that caused Human traffic to not be logged in Wordfence Security live traffic view.
155
 
3
  Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security
4
  Requires at least: 3.3.1
5
  Tested up to: 3.6.1
6
+ Stable tag: 3.8.6
7
 
8
  Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
9
 
20
  Wordfence Security:
21
 
22
  * Sign-in using your password and your cellphone to vastly improve login security. This is called Two Factor Authentication and is used by banks, government agencies and military world-wide for highest security authentication.
23
+ * Includes two-factor authentication, also referred to as cellphone sign-in.
24
  * Enforce strong passwords among your administrators, publishers and users. Improve login security.
25
  * Scans core files, themes and plugins against WordPress.org repository versions to check their integrity. Verify security of your source.
26
  * Includes a firewall to block common security threats like fake Googlebots, malicious scans from hackers and botnets.
82
  * Wordfence Security scans check all your files, comments and posts for URL's in Google's Safe Browsing list. We are the only plugin to offer this very important security enhancement.
83
  * Wordfence Security scans do not consume large amounts of your precious bandwidth because all security scans happen on your web server which makes them very fast.
84
  * Wordfence Security fully supports WordPress Multi-Site which means you can security scan every blog in your Multi-Site installation with one click.
85
+ * Wordfence Security includes Two-Factor authentication, the most secure way to stop brute force attackers in their tracks.
86
 
87
  = Does Wordfence Security support Multi-Site installations? =
88
 
152
 
153
  == Changelog ==
154
 
155
+ = 3.8.6 =
156
+ * Fixed issue that caused scheduled scans to run even if disabled.
157
+ * Fixed display bug when signin fails.
158
+
159
  = 3.8.5 =
160
  * Fixed issue that caused Human traffic to not be logged in Wordfence Security live traffic view.
161
 
wordfence.php CHANGED
@@ -4,10 +4,10 @@ Plugin Name: Wordfence Security
4
  Plugin URI: http://www.wordfence.com/
5
  Description: Wordfence Security - Anti-virus and Firewall security plugin for WordPress
6
  Author: Mark Maunder
7
- Version: 3.8.5
8
  Author URI: http://www.wordfence.com/
9
  */
10
- define('WORDFENCE_VERSION', '3.8.5');
11
  if(get_option('wordfenceActivated') != 1){
12
  add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
13
  }
4
  Plugin URI: http://www.wordfence.com/
5
  Description: Wordfence Security - Anti-virus and Firewall security plugin for WordPress
6
  Author: Mark Maunder
7
+ Version: 3.8.6
8
  Author URI: http://www.wordfence.com/
9
  */
10
+ define('WORDFENCE_VERSION', '3.8.6');
11
  if(get_option('wordfenceActivated') != 1){
12
  add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
13
  }