Version Description
- Fixed issue that caused cellphone sign-in to not work with PHP version 5.4 or greater.
- Fixed conflict with other plugins that also use the Whois PHP library.
- Fixed an unsanitized user-agent string.
- Added new malware signatures for string rot13 heuristics.
- Updated compatibility to 3.7.
Download this release
Release Info
| Developer | mmaunder |
| Plugin |  Wordfence Security – Firewall & Malware Scan |
| Version | 3.8.7 |
| Comparing to | |
| See all releases | |
Code changes from version 3.8.6 to 3.8.7
- lib/IPTraf.php +1 -1
- lib/wordfenceClass.php +4 -2
- readme.txt +9 -2
- wordfence.php +2 -2
lib/IPTraf.php
CHANGED
|
@@ -12,7 +12,7 @@
|
|
| 12 |
<tr><th>URL:</th><td><a href="<?php echo $v['URL']; ?>" target="_blank"><?php echo $v['URL']; ?></a></td></tr>
|
| 13 |
<tr><th>Type:</th><td><?php if($v['type'] == 'hit'){ echo 'Normal request'; } else if($v['type'] == '404'){ echo '<span style="color: #F00;">Page not found</span>'; } ?></td></tr>
|
| 14 |
<?php if($v['referer']){ ?><tr><th>Referrer:</th><td><a href="<?php echo $v['referer']; ?>" target="_blank"><?php echo $v['referer']; ?></a></td></tr><?php } ?>
|
| 15 |
-
<tr><th>Full Browser ID:</th><td><?php echo $v['UA']; ?></td></tr>
|
| 16 |
<?php if($v['user']){ ?>
|
| 17 |
<tr><th>User:</th><td><a href="<?php echo $v['user']['editLink']; ?>" target="_blank"><?php echo $v['user']['avatar'] . ' ' . $v['user']['display_name']; ?></a></td></tr>
|
| 18 |
<?php } ?>
|
| 12 |
<tr><th>URL:</th><td><a href="<?php echo $v['URL']; ?>" target="_blank"><?php echo $v['URL']; ?></a></td></tr>
|
| 13 |
<tr><th>Type:</th><td><?php if($v['type'] == 'hit'){ echo 'Normal request'; } else if($v['type'] == '404'){ echo '<span style="color: #F00;">Page not found</span>'; } ?></td></tr>
|
| 14 |
<?php if($v['referer']){ ?><tr><th>Referrer:</th><td><a href="<?php echo $v['referer']; ?>" target="_blank"><?php echo $v['referer']; ?></a></td></tr><?php } ?>
|
| 15 |
+
<tr><th>Full Browser ID:</th><td><?php echo esc_html($v['UA']); ?></td></tr>
|
| 16 |
<?php if($v['user']){ ?>
|
| 17 |
<tr><th>User:</th><td><a href="<?php echo $v['user']['editLink']; ?>" target="_blank"><?php echo $v['user']['avatar'] . ' ' . $v['user']['display_name']; ?></a></td></tr>
|
| 18 |
<?php } ?>
|
lib/wordfenceClass.php
CHANGED
|
@@ -642,7 +642,7 @@ class wordfence {
|
|
| 642 |
require('wfLockedOut.php');
|
| 643 |
}
|
| 644 |
}
|
| 645 |
-
public static function authAction($username,
|
| 646 |
if(self::isLockedOut(wfUtils::getIP())){
|
| 647 |
require('wfLockedOut.php');
|
| 648 |
}
|
|
@@ -1222,7 +1222,9 @@ class wordfence {
|
|
| 1222 |
return array('ok' => 1);
|
| 1223 |
}
|
| 1224 |
public static function ajax_whois_callback(){
|
| 1225 |
-
|
|
|
|
|
|
|
| 1226 |
$val = trim($_POST['val']);
|
| 1227 |
$val = preg_replace('/[^a-zA-Z0-9\.\-]+/', '', $val);
|
| 1228 |
$whois = new Whois();
|
| 642 |
require('wfLockedOut.php');
|
| 643 |
}
|
| 644 |
}
|
| 645 |
+
public static function authAction($username, &$passwd){ //As of php 5.4 we must denote passing by ref in the function definition, not the function call (as WordPress core does, which is a bug in WordPress).
|
| 646 |
if(self::isLockedOut(wfUtils::getIP())){
|
| 647 |
require('wfLockedOut.php');
|
| 648 |
}
|
| 1222 |
return array('ok' => 1);
|
| 1223 |
}
|
| 1224 |
public static function ajax_whois_callback(){
|
| 1225 |
+
if( ! class_exists( 'Whois' )){
|
| 1226 |
+
require_once('whois/whois.main.php');
|
| 1227 |
+
}
|
| 1228 |
$val = trim($_POST['val']);
|
| 1229 |
$val = preg_replace('/[^a-zA-Z0-9\.\-]+/', '', $val);
|
| 1230 |
$whois = new Whois();
|
readme.txt
CHANGED
|
@@ -2,8 +2,8 @@
|
|
| 2 |
Contributors: mmaunder
|
| 3 |
Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security
|
| 4 |
Requires at least: 3.3.1
|
| 5 |
-
Tested up to: 3.
|
| 6 |
-
Stable tag: 3.8.
|
| 7 |
|
| 8 |
Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
|
| 9 |
|
|
@@ -152,6 +152,13 @@ cause a security hole on your site.
|
|
| 152 |
|
| 153 |
== Changelog ==
|
| 154 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 155 |
= 3.8.6 =
|
| 156 |
* Fixed issue that caused scheduled scans to run even if disabled.
|
| 157 |
* Fixed display bug when signin fails.
|
| 2 |
Contributors: mmaunder
|
| 3 |
Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security
|
| 4 |
Requires at least: 3.3.1
|
| 5 |
+
Tested up to: 3.7
|
| 6 |
+
Stable tag: 3.8.7
|
| 7 |
|
| 8 |
Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
|
| 9 |
|
| 152 |
|
| 153 |
== Changelog ==
|
| 154 |
|
| 155 |
+
= 3.8.7 =
|
| 156 |
+
* Fixed issue that caused cellphone sign-in to not work with PHP version 5.4 or greater.
|
| 157 |
+
* Fixed conflict with other plugins that also use the Whois PHP library.
|
| 158 |
+
* Fixed an unsanitized user-agent string.
|
| 159 |
+
* Added new malware signatures for string rot13 heuristics.
|
| 160 |
+
* Updated compatibility to 3.7.
|
| 161 |
+
|
| 162 |
= 3.8.6 =
|
| 163 |
* Fixed issue that caused scheduled scans to run even if disabled.
|
| 164 |
* Fixed display bug when signin fails.
|
wordfence.php
CHANGED
|
@@ -4,10 +4,10 @@ Plugin Name: Wordfence Security
|
|
| 4 |
Plugin URI: http://www.wordfence.com/
|
| 5 |
Description: Wordfence Security - Anti-virus and Firewall security plugin for WordPress
|
| 6 |
Author: Mark Maunder
|
| 7 |
-
Version: 3.8.
|
| 8 |
Author URI: http://www.wordfence.com/
|
| 9 |
*/
|
| 10 |
-
define('WORDFENCE_VERSION', '3.8.
|
| 11 |
if(get_option('wordfenceActivated') != 1){
|
| 12 |
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
|
| 13 |
}
|
| 4 |
Plugin URI: http://www.wordfence.com/
|
| 5 |
Description: Wordfence Security - Anti-virus and Firewall security plugin for WordPress
|
| 6 |
Author: Mark Maunder
|
| 7 |
+
Version: 3.8.7
|
| 8 |
Author URI: http://www.wordfence.com/
|
| 9 |
*/
|
| 10 |
+
define('WORDFENCE_VERSION', '3.8.7');
|
| 11 |
if(get_option('wordfenceActivated') != 1){
|
| 12 |
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
|
| 13 |
}
|
