Wordfence Security – Firewall & Malware Scan - Version 3.8.9

Version Description

  • Fix: Fixed issue that caused certain Wordfence login functions to not work. Was a PHP 5.4 vs older version incompatability issue.
  • Updated GeoIP location database to new version for country blocking.
  • Fix: Resolved issue that caused the Issues that Wordfence found to not be displayed in some cases.
  • Updated to WordPress 3.8 Compatability.
Download this release

Release Info

Developer mmaunder
Plugin Icon 128x128 Wordfence Security – Firewall & Malware Scan
Version 3.8.9
Comparing to
See all releases

Code changes from version 3.8.8 to 3.8.9

Files changed (5) hide show
  1. js/admin.js +5 -1
  2. lib/GeoIP.dat +0 -0
  3. lib/wordfenceClass.php +30 -2
  4. readme.txt +8 -2
  5. wordfence.php +2 -2
js/admin.js CHANGED
@@ -512,7 +512,11 @@ window['wordfenceAdmin'] = {
512
},
513
displayIssues: function(res, callback){
514
var self = this;
515
- res.summary['lastScanCompleted'] = res['lastScanCompleted'];
516
jQuery('.wfIssuesContainer').hide();
517
for(issueStatus in res.issuesLists){
518
var containerID = 'wfIssues_dataTable_' + issueStatus;
512
},
513
displayIssues: function(res, callback){
514
var self = this;
515
+ try {
516
+ res.summary['lastScanCompleted'] = res['lastScanCompleted'];
517
+ } catch(err){
518
+ res.summary['lastScanCompleted'] = 'Never';
519
+ }
520
jQuery('.wfIssuesContainer').hide();
521
for(issueStatus in res.issuesLists){
522
var containerID = 'wfIssues_dataTable_' + issueStatus;
lib/GeoIP.dat CHANGED
Binary file
lib/wordfenceClass.php CHANGED
@@ -260,7 +260,11 @@ class wordfence {
260
add_action('init', 'wordfence::initAction');
261
add_action('template_redirect', 'wordfence::templateRedir');
262
add_action('shutdown', 'wordfence::shutdownAction');
263
- add_action('wp_authenticate','wordfence::authAction', 1, 2);
264
add_action('login_init','wordfence::loginInitAction');
265
add_action('wp_login','wordfence::loginAction');
266
add_action('wp_logout','wordfence::logoutAction');
@@ -642,7 +646,7 @@ class wordfence {
642
require('wfLockedOut.php');
643
}
644
}
645
- public static function authAction($username, &$passwd){ //As of php 5.4 we must denote passing by ref in the function definition, not the function call (as WordPress core does, which is a bug in WordPress).
646
if(self::isLockedOut(wfUtils::getIP())){
647
require('wfLockedOut.php');
648
}
@@ -665,6 +669,30 @@ class wordfence {
665
self::getLog()->logLogin('loginFailInvalidUsername', 1, $username);
666
}
667
}
668
public static function getWPFileContent($file, $cType, $cName, $cVersion){
669
if($cType == 'plugin'){
670
if(preg_match('#^/?wp-content/plugins/[^/]+/#', $file)){
260
add_action('init', 'wordfence::initAction');
261
add_action('template_redirect', 'wordfence::templateRedir');
262
add_action('shutdown', 'wordfence::shutdownAction');
263
+ if(version_compare(PHP_VERSION, '5.4.0') >= 0){
264
+ add_action('wp_authenticate','wordfence::authActionNew', 1, 2);
265
+ } else {
266
+ add_action('wp_authenticate','wordfence::authActionOld', 1, 2);
267
+ }
268
add_action('login_init','wordfence::loginInitAction');
269
add_action('wp_login','wordfence::loginAction');
270
add_action('wp_logout','wordfence::logoutAction');
646
require('wfLockedOut.php');
647
}
648
}
649
+ public static function authActionNew($username, &$passwd){ //As of php 5.4 we must denote passing by ref in the function definition, not the function call (as WordPress core does, which is a bug in WordPress).
650
if(self::isLockedOut(wfUtils::getIP())){
651
require('wfLockedOut.php');
652
}
669
self::getLog()->logLogin('loginFailInvalidUsername', 1, $username);
670
}
671
}
672
+ public static function authActionOld($username, $passwd){ //Code is identical to Newer function above except passing by ref ampersand. Some versions of PHP are throwing an error if we include the ampersand in PHP prior to 5.4.
673
+ if(self::isLockedOut(wfUtils::getIP())){
674
+ require('wfLockedOut.php');
675
+ }
676
+ if(! $username){ return; }
677
+ $userDat = get_user_by('login', $username);
678
+ $_POST['wordfence_userDat'] = $userDat;
679
+ if(preg_match(self::$passwordCodePattern, $passwd, $matches)){
680
+ $_POST['wordfence_authFactor'] = $matches[1];
681
+ $passwd = preg_replace('/^(.+)\s+(wf[a-z0-9]+)#x2F;i', '$1', $passwd);
682
+ $_POST['pwd'] = $passwd;
683
+ }
684
+
685
+ if($userDat){
686
+ require_once( ABSPATH . 'wp-includes/class-phpass.php');
687
+ $hasher = new PasswordHash(8, TRUE);
688
+ if(! $hasher->CheckPassword($_POST['pwd'], $userDat->user_pass)){
689
+ self::getLog()->logLogin('loginFailValidUsername', 1, $username);
690
+ }
691
+ } else {
692
+ self::getLog()->logLogin('loginFailInvalidUsername', 1, $username);
693
+ }
694
+ }
695
+
696
public static function getWPFileContent($file, $cType, $cName, $cVersion){
697
if($cType == 'plugin'){
698
if(preg_match('#^/?wp-content/plugins/[^/]+/#', $file)){
readme.txt CHANGED
@@ -2,8 +2,8 @@
2
Contributors: mmaunder
3
Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security
4
Requires at least: 3.3.1
5
- Tested up to: 3.7.1
6
- Stable tag: 3.8.8
7
8
Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
9
@@ -152,6 +152,12 @@ cause a security hole on your site.
152
153
== Changelog ==
154
155
= 3.8.8 =
156
* Fix: We now truncate the wfHoover table after scans to save disk space on servers with huge numbers of URLs in files.
157
* Fix: isStrongPasswd function was being called statically but not declared as static.
2
Contributors: mmaunder
3
Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security
4
Requires at least: 3.3.1
5
+ Tested up to: 3.8
6
+ Stable tag: 3.8.9
7
8
Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
9
152
153
== Changelog ==
154
155
+ = 3.8.9 =
156
+ * Fix: Fixed issue that caused certain Wordfence login functions to not work. Was a PHP 5.4 vs older version incompatability issue.
157
+ * Updated GeoIP location database to new version for country blocking.
158
+ * Fix: Resolved issue that caused the Issues that Wordfence found to not be displayed in some cases.
159
+ * Updated to WordPress 3.8 Compatability.
160
+
161
= 3.8.8 =
162
* Fix: We now truncate the wfHoover table after scans to save disk space on servers with huge numbers of URLs in files.
163
* Fix: isStrongPasswd function was being called statically but not declared as static.
wordfence.php CHANGED
@@ -4,10 +4,10 @@ Plugin Name: Wordfence Security
4
Plugin URI: http://www.wordfence.com/
5
Description: Wordfence Security - Anti-virus and Firewall security plugin for WordPress
6
Author: Mark Maunder
7
- Version: 3.8.8
8
Author URI: http://www.wordfence.com/
9
*/
10
- define('WORDFENCE_VERSION', '3.8.8');
11
if(get_option('wordfenceActivated') != 1){
12
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
13
}
4
Plugin URI: http://www.wordfence.com/
5
Description: Wordfence Security - Anti-virus and Firewall security plugin for WordPress
6
Author: Mark Maunder
7
+ Version: 3.8.9
8
Author URI: http://www.wordfence.com/
9
*/
10
+ define('WORDFENCE_VERSION', '3.8.9');
11
if(get_option('wordfenceActivated') != 1){
12
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
13
}