Wordfence Security – Firewall & Malware Scan - Version 3.8.8

Version Description

  • Fix: We now truncate the wfHoover table after scans to save disk space on servers with huge numbers of URLs in files.
  • Fix: isStrongPasswd function was being called statically but not declared as static.
  • Fix: Improved error reporting when we can't connect to Wordfence API servers.
  • Fix: Fixed code that was causing an error log warning when we read the requested URL.
  • Fix: Disable and clear cellphone sign-in if you downgrade to free from paid to prevent lockouts.
Download this release

Release Info

Developer mmaunder
Plugin Icon 128x128 Wordfence Security – Firewall & Malware Scan
Version 3.8.8
Comparing to
See all releases

Code changes from version 3.8.7 to 3.8.8

lib/wfAPI.php CHANGED
@@ -71,7 +71,7 @@ class wfAPI {
71
if($data === false){
72
$err = error_get_last();
73
if($err){
74
- throw new Exception("We received an error response when trying to contact the Wordfence scanning servers using PHP's file_get_contents function. The error was: " . $err);
75
} else {
76
throw new Exception("We received an empty response when trying to contact the Wordfence scanning servers using PHP's file_get_contents function.");
77
}
71
if($data === false){
72
$err = error_get_last();
73
if($err){
74
+ throw new Exception("We received an error response when trying to contact the Wordfence scanning servers using PHP's file_get_contents function. The error was: " . var_export($err, true));
75
} else {
76
throw new Exception("We received an empty response when trying to contact the Wordfence scanning servers using PHP's file_get_contents function.");
77
}
lib/wfScanEngine.php CHANGED
@@ -319,6 +319,7 @@ class wfScanEngine {
319
throw new Exception($this->hoover->errorMsg);
320
321
}
322
$haveIssues = false;
323
foreach($hooverResults as $idString => $hresults){
324
$arr = explode('-', $idString);
@@ -411,6 +412,7 @@ class wfScanEngine {
411
wordfence::statusEndErr();
412
throw new Exception($this->hoover->errorMsg);
413
}
414
$haveIssues = false;
415
foreach($hooverResults as $idString => $hresults){
416
$arr = explode('-', $idString);
@@ -474,6 +476,7 @@ class wfScanEngine {
474
if($h->errorMsg){
475
return false;
476
}
477
if(sizeof($hooverResults) > 0 && isset($hooverResults[1])){
478
$hresults = $hooverResults[1];
479
foreach($hresults as $result){
319
throw new Exception($this->hoover->errorMsg);
320
321
}
322
+ $this->hoover->cleanup();
323
$haveIssues = false;
324
foreach($hooverResults as $idString => $hresults){
325
$arr = explode('-', $idString);
412
wordfence::statusEndErr();
413
throw new Exception($this->hoover->errorMsg);
414
}
415
+ $this->hoover->cleanup();
416
$haveIssues = false;
417
foreach($hooverResults as $idString => $hresults){
418
$arr = explode('-', $idString);
476
if($h->errorMsg){
477
return false;
478
}
479
+ $h->cleanup();
480
if(sizeof($hooverResults) > 0 && isset($hooverResults[1])){
481
$hresults = $hooverResults[1];
482
foreach($hresults as $result){
lib/wfUtils.php CHANGED
@@ -175,7 +175,11 @@ class wfUtils {
175
} else {
176
$host = $_SERVER['SERVER_NAME'];
177
}
178
- return (@$_SERVER['HTTPS'] ? 'https' : 'http') . '://' . $host . $_SERVER['REQUEST_URI'];
179
}
180
181
public static function editUserLink($userID){
175
} else {
176
$host = $_SERVER['SERVER_NAME'];
177
}
178
+ $prefix = 'http';
179
+ if( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] ){
180
+ $prefix = 'https';
181
+ }
182
+ return $prefix . '://' . $host . $_SERVER['REQUEST_URI'];
183
}
184
185
public static function editUserLink($userID){
lib/wordfenceClass.php CHANGED
@@ -374,7 +374,7 @@ class wordfence {
374
}
375
return $errors;
376
}
377
- function isStrongPasswd($passwd, $username ) {
378
$strength = 0;
379
if(strlen( trim( $passwd ) ) < 5)
380
return false;
@@ -984,6 +984,8 @@ class wordfence {
984
if($keyData['ok'] && $keyData['apiKey']){
985
wfConfig::set('apiKey', $keyData['apiKey']);
986
wfConfig::set('isPaid', 0);
987
} else {
988
throw new Exception("Could not understand the response we received from the Wordfence servers when applying for a free API key.");
989
}
374
}
375
return $errors;
376
}
377
+ public static function isStrongPasswd($passwd, $username ) {
378
$strength = 0;
379
if(strlen( trim( $passwd ) ) < 5)
380
return false;
984
if($keyData['ok'] && $keyData['apiKey']){
985
wfConfig::set('apiKey', $keyData['apiKey']);
986
wfConfig::set('isPaid', 0);
987
+ //When downgrading we must disable all two factor authentication because it can lock an admin out if we don't.
988
+ wfConfig::set_ser('twoFactorUsers', array());
989
} else {
990
throw new Exception("Could not understand the response we received from the Wordfence servers when applying for a free API key.");
991
}
lib/wordfenceScanner.php CHANGED
@@ -212,6 +212,7 @@ class wordfenceScanner {
212
$this->errorMsg = $this->urlHoover->errorMsg;
213
return false;
214
}
215
foreach($hooverResults as $file => $hresults){
216
foreach($hresults as $result){
217
if($result['badList'] == 'goog-malware-shavar'){
212
$this->errorMsg = $this->urlHoover->errorMsg;
213
return false;
214
}
215
+ $this->urlHoover->cleanup();
216
foreach($hooverResults as $file => $hresults){
217
foreach($hresults as $result){
218
if($result['badList'] == 'goog-malware-shavar'){
lib/wordfenceURLHoover.php CHANGED
@@ -41,6 +41,9 @@ class wordfenceURLHoover {
41
}
42
$this->db->truncate($this->table);
43
}
44
public function hoover($id, $data){
45
if(strpos($data, '.') === false){
46
return;
41
}
42
$this->db->truncate($this->table);
43
}
44
+ public function cleanup(){
45
+ $this->db->truncate($this->table);
46
+ }
47
public function hoover($id, $data){
48
if(strpos($data, '.') === false){
49
return;
readme.txt CHANGED
@@ -2,8 +2,8 @@
2
Contributors: mmaunder
3
Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security
4
Requires at least: 3.3.1
5
- Tested up to: 3.7
6
- Stable tag: 3.8.7
7
8
Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
9
@@ -152,6 +152,13 @@ cause a security hole on your site.
152
153
== Changelog ==
154
155
= 3.8.7 =
156
* Fixed issue that caused cellphone sign-in to not work with PHP version 5.4 or greater.
157
* Fixed conflict with other plugins that also use the Whois PHP library.
2
Contributors: mmaunder
3
Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security
4
Requires at least: 3.3.1
5
+ Tested up to: 3.7.1
6
+ Stable tag: 3.8.8
7
8
Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
9
152
153
== Changelog ==
154
155
+ = 3.8.8 =
156
+ * Fix: We now truncate the wfHoover table after scans to save disk space on servers with huge numbers of URLs in files.
157
+ * Fix: isStrongPasswd function was being called statically but not declared as static.
158
+ * Fix: Improved error reporting when we can't connect to Wordfence API servers.
159
+ * Fix: Fixed code that was causing an error log warning when we read the requested URL.
160
+ * Fix: Disable and clear cellphone sign-in if you downgrade to free from paid to prevent lockouts.
161
+
162
= 3.8.7 =
163
* Fixed issue that caused cellphone sign-in to not work with PHP version 5.4 or greater.
164
* Fixed conflict with other plugins that also use the Whois PHP library.
wordfence.php CHANGED
@@ -4,10 +4,10 @@ Plugin Name: Wordfence Security
4
Plugin URI: http://www.wordfence.com/
5
Description: Wordfence Security - Anti-virus and Firewall security plugin for WordPress
6
Author: Mark Maunder
7
- Version: 3.8.7
8
Author URI: http://www.wordfence.com/
9
*/
10
- define('WORDFENCE_VERSION', '3.8.7');
11
if(get_option('wordfenceActivated') != 1){
12
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
13
}
4
Plugin URI: http://www.wordfence.com/
5
Description: Wordfence Security - Anti-virus and Firewall security plugin for WordPress
6
Author: Mark Maunder
7
+ Version: 3.8.8
8
Author URI: http://www.wordfence.com/
9
*/
10
+ define('WORDFENCE_VERSION', '3.8.8');
11
if(get_option('wordfenceActivated') != 1){
12
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
13
}