Version Description
- Fix: We now truncate the wfHoover table after scans to save disk space on servers with huge numbers of URLs in files.
- Fix: isStrongPasswd function was being called statically but not declared as static.
- Fix: Improved error reporting when we can't connect to Wordfence API servers.
- Fix: Fixed code that was causing an error log warning when we read the requested URL.
- Fix: Disable and clear cellphone sign-in if you downgrade to free from paid to prevent lockouts.
Download this release
Release Info
| Developer | mmaunder |
| Plugin |  Wordfence Security – Firewall & Malware Scan |
| Version | 3.8.8 |
| Comparing to | |
| See all releases | |
Code changes from version 3.8.7 to 3.8.8
- lib/wfAPI.php +1 -1
- lib/wfScanEngine.php +3 -0
- lib/wfUtils.php +5 -1
- lib/wordfenceClass.php +3 -1
- lib/wordfenceScanner.php +1 -0
- lib/wordfenceURLHoover.php +3 -0
- readme.txt +9 -2
- wordfence.php +2 -2
lib/wfAPI.php
CHANGED
|
@@ -71,7 +71,7 @@ class wfAPI {
|
|
| 71 |
if($data === false){
|
| 72 |
$err = error_get_last();
|
| 73 |
if($err){
|
| 74 |
-
throw new Exception("We received an error response when trying to contact the Wordfence scanning servers using PHP's file_get_contents function. The error was: " . $err);
|
| 75 |
} else {
|
| 76 |
throw new Exception("We received an empty response when trying to contact the Wordfence scanning servers using PHP's file_get_contents function.");
|
| 77 |
}
|
| 71 |
if($data === false){
|
| 72 |
$err = error_get_last();
|
| 73 |
if($err){
|
| 74 |
+
throw new Exception("We received an error response when trying to contact the Wordfence scanning servers using PHP's file_get_contents function. The error was: " . var_export($err, true));
|
| 75 |
} else {
|
| 76 |
throw new Exception("We received an empty response when trying to contact the Wordfence scanning servers using PHP's file_get_contents function.");
|
| 77 |
}
|
lib/wfScanEngine.php
CHANGED
|
@@ -319,6 +319,7 @@ class wfScanEngine {
|
|
| 319 |
throw new Exception($this->hoover->errorMsg);
|
| 320 |
|
| 321 |
}
|
|
|
|
| 322 |
$haveIssues = false;
|
| 323 |
foreach($hooverResults as $idString => $hresults){
|
| 324 |
$arr = explode('-', $idString);
|
|
@@ -411,6 +412,7 @@ class wfScanEngine {
|
|
| 411 |
wordfence::statusEndErr();
|
| 412 |
throw new Exception($this->hoover->errorMsg);
|
| 413 |
}
|
|
|
|
| 414 |
$haveIssues = false;
|
| 415 |
foreach($hooverResults as $idString => $hresults){
|
| 416 |
$arr = explode('-', $idString);
|
|
@@ -474,6 +476,7 @@ class wfScanEngine {
|
|
| 474 |
if($h->errorMsg){
|
| 475 |
return false;
|
| 476 |
}
|
|
|
|
| 477 |
if(sizeof($hooverResults) > 0 && isset($hooverResults[1])){
|
| 478 |
$hresults = $hooverResults[1];
|
| 479 |
foreach($hresults as $result){
|
| 319 |
throw new Exception($this->hoover->errorMsg);
|
| 320 |
|
| 321 |
}
|
| 322 |
+
$this->hoover->cleanup();
|
| 323 |
$haveIssues = false;
|
| 324 |
foreach($hooverResults as $idString => $hresults){
|
| 325 |
$arr = explode('-', $idString);
|
| 412 |
wordfence::statusEndErr();
|
| 413 |
throw new Exception($this->hoover->errorMsg);
|
| 414 |
}
|
| 415 |
+
$this->hoover->cleanup();
|
| 416 |
$haveIssues = false;
|
| 417 |
foreach($hooverResults as $idString => $hresults){
|
| 418 |
$arr = explode('-', $idString);
|
| 476 |
if($h->errorMsg){
|
| 477 |
return false;
|
| 478 |
}
|
| 479 |
+
$h->cleanup();
|
| 480 |
if(sizeof($hooverResults) > 0 && isset($hooverResults[1])){
|
| 481 |
$hresults = $hooverResults[1];
|
| 482 |
foreach($hresults as $result){
|
lib/wfUtils.php
CHANGED
|
@@ -175,7 +175,11 @@ class wfUtils {
|
|
| 175 |
} else {
|
| 176 |
$host = $_SERVER['SERVER_NAME'];
|
| 177 |
}
|
| 178 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
| 179 |
}
|
| 180 |
|
| 181 |
public static function editUserLink($userID){
|
| 175 |
} else {
|
| 176 |
$host = $_SERVER['SERVER_NAME'];
|
| 177 |
}
|
| 178 |
+
$prefix = 'http';
|
| 179 |
+
if( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] ){
|
| 180 |
+
$prefix = 'https';
|
| 181 |
+
}
|
| 182 |
+
return $prefix . '://' . $host . $_SERVER['REQUEST_URI'];
|
| 183 |
}
|
| 184 |
|
| 185 |
public static function editUserLink($userID){
|
lib/wordfenceClass.php
CHANGED
|
@@ -374,7 +374,7 @@ class wordfence {
|
|
| 374 |
}
|
| 375 |
return $errors;
|
| 376 |
}
|
| 377 |
-
function isStrongPasswd($passwd, $username ) {
|
| 378 |
$strength = 0;
|
| 379 |
if(strlen( trim( $passwd ) ) < 5)
|
| 380 |
return false;
|
|
@@ -984,6 +984,8 @@ class wordfence {
|
|
| 984 |
if($keyData['ok'] && $keyData['apiKey']){
|
| 985 |
wfConfig::set('apiKey', $keyData['apiKey']);
|
| 986 |
wfConfig::set('isPaid', 0);
|
|
|
|
|
|
|
| 987 |
} else {
|
| 988 |
throw new Exception("Could not understand the response we received from the Wordfence servers when applying for a free API key.");
|
| 989 |
}
|
| 374 |
}
|
| 375 |
return $errors;
|
| 376 |
}
|
| 377 |
+
public static function isStrongPasswd($passwd, $username ) {
|
| 378 |
$strength = 0;
|
| 379 |
if(strlen( trim( $passwd ) ) < 5)
|
| 380 |
return false;
|
| 984 |
if($keyData['ok'] && $keyData['apiKey']){
|
| 985 |
wfConfig::set('apiKey', $keyData['apiKey']);
|
| 986 |
wfConfig::set('isPaid', 0);
|
| 987 |
+
//When downgrading we must disable all two factor authentication because it can lock an admin out if we don't.
|
| 988 |
+
wfConfig::set_ser('twoFactorUsers', array());
|
| 989 |
} else {
|
| 990 |
throw new Exception("Could not understand the response we received from the Wordfence servers when applying for a free API key.");
|
| 991 |
}
|
lib/wordfenceScanner.php
CHANGED
|
@@ -212,6 +212,7 @@ class wordfenceScanner {
|
|
| 212 |
$this->errorMsg = $this->urlHoover->errorMsg;
|
| 213 |
return false;
|
| 214 |
}
|
|
|
|
| 215 |
foreach($hooverResults as $file => $hresults){
|
| 216 |
foreach($hresults as $result){
|
| 217 |
if($result['badList'] == 'goog-malware-shavar'){
|
| 212 |
$this->errorMsg = $this->urlHoover->errorMsg;
|
| 213 |
return false;
|
| 214 |
}
|
| 215 |
+
$this->urlHoover->cleanup();
|
| 216 |
foreach($hooverResults as $file => $hresults){
|
| 217 |
foreach($hresults as $result){
|
| 218 |
if($result['badList'] == 'goog-malware-shavar'){
|
lib/wordfenceURLHoover.php
CHANGED
|
@@ -41,6 +41,9 @@ class wordfenceURLHoover {
|
|
| 41 |
}
|
| 42 |
$this->db->truncate($this->table);
|
| 43 |
}
|
|
|
|
|
|
|
|
|
|
| 44 |
public function hoover($id, $data){
|
| 45 |
if(strpos($data, '.') === false){
|
| 46 |
return;
|
| 41 |
}
|
| 42 |
$this->db->truncate($this->table);
|
| 43 |
}
|
| 44 |
+
public function cleanup(){
|
| 45 |
+
$this->db->truncate($this->table);
|
| 46 |
+
}
|
| 47 |
public function hoover($id, $data){
|
| 48 |
if(strpos($data, '.') === false){
|
| 49 |
return;
|
readme.txt
CHANGED
|
@@ -2,8 +2,8 @@
|
|
| 2 |
Contributors: mmaunder
|
| 3 |
Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security
|
| 4 |
Requires at least: 3.3.1
|
| 5 |
-
Tested up to: 3.7
|
| 6 |
-
Stable tag: 3.8.
|
| 7 |
|
| 8 |
Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
|
| 9 |
|
|
@@ -152,6 +152,13 @@ cause a security hole on your site.
|
|
| 152 |
|
| 153 |
== Changelog ==
|
| 154 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 155 |
= 3.8.7 =
|
| 156 |
* Fixed issue that caused cellphone sign-in to not work with PHP version 5.4 or greater.
|
| 157 |
* Fixed conflict with other plugins that also use the Whois PHP library.
|
| 2 |
Contributors: mmaunder
|
| 3 |
Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security
|
| 4 |
Requires at least: 3.3.1
|
| 5 |
+
Tested up to: 3.7.1
|
| 6 |
+
Stable tag: 3.8.8
|
| 7 |
|
| 8 |
Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
|
| 9 |
|
| 152 |
|
| 153 |
== Changelog ==
|
| 154 |
|
| 155 |
+
= 3.8.8 =
|
| 156 |
+
* Fix: We now truncate the wfHoover table after scans to save disk space on servers with huge numbers of URLs in files.
|
| 157 |
+
* Fix: isStrongPasswd function was being called statically but not declared as static.
|
| 158 |
+
* Fix: Improved error reporting when we can't connect to Wordfence API servers.
|
| 159 |
+
* Fix: Fixed code that was causing an error log warning when we read the requested URL.
|
| 160 |
+
* Fix: Disable and clear cellphone sign-in if you downgrade to free from paid to prevent lockouts.
|
| 161 |
+
|
| 162 |
= 3.8.7 =
|
| 163 |
* Fixed issue that caused cellphone sign-in to not work with PHP version 5.4 or greater.
|
| 164 |
* Fixed conflict with other plugins that also use the Whois PHP library.
|
wordfence.php
CHANGED
|
@@ -4,10 +4,10 @@ Plugin Name: Wordfence Security
|
|
| 4 |
Plugin URI: http://www.wordfence.com/
|
| 5 |
Description: Wordfence Security - Anti-virus and Firewall security plugin for WordPress
|
| 6 |
Author: Mark Maunder
|
| 7 |
-
Version: 3.8.
|
| 8 |
Author URI: http://www.wordfence.com/
|
| 9 |
*/
|
| 10 |
-
define('WORDFENCE_VERSION', '3.8.
|
| 11 |
if(get_option('wordfenceActivated') != 1){
|
| 12 |
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
|
| 13 |
}
|
| 4 |
Plugin URI: http://www.wordfence.com/
|
| 5 |
Description: Wordfence Security - Anti-virus and Firewall security plugin for WordPress
|
| 6 |
Author: Mark Maunder
|
| 7 |
+
Version: 3.8.8
|
| 8 |
Author URI: http://www.wordfence.com/
|
| 9 |
*/
|
| 10 |
+
define('WORDFENCE_VERSION', '3.8.8');
|
| 11 |
if(get_option('wordfenceActivated') != 1){
|
| 12 |
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
|
| 13 |
}
|
