Version Description
- Fix: Fixed issue that caused certain Wordfence login functions to not work. Was a PHP 5.4 vs older version incompatability issue.
- Updated GeoIP location database to new version for country blocking.
- Fix: Resolved issue that caused the Issues that Wordfence found to not be displayed in some cases.
- Updated to WordPress 3.8 Compatability.
Download this release
Release Info
| Developer | mmaunder |
| Plugin |  Wordfence Security – Firewall & Malware Scan |
| Version | 3.8.9 |
| Comparing to | |
| See all releases | |
Code changes from version 3.8.8 to 3.8.9
- js/admin.js +5 -1
- lib/GeoIP.dat +0 -0
- lib/wordfenceClass.php +30 -2
- readme.txt +8 -2
- wordfence.php +2 -2
js/admin.js
CHANGED
|
@@ -512,7 +512,11 @@ window['wordfenceAdmin'] = {
|
|
| 512 |
},
|
| 513 |
displayIssues: function(res, callback){
|
| 514 |
var self = this;
|
| 515 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
| 516 |
jQuery('.wfIssuesContainer').hide();
|
| 517 |
for(issueStatus in res.issuesLists){
|
| 518 |
var containerID = 'wfIssues_dataTable_' + issueStatus;
|
| 512 |
},
|
| 513 |
displayIssues: function(res, callback){
|
| 514 |
var self = this;
|
| 515 |
+
try {
|
| 516 |
+
res.summary['lastScanCompleted'] = res['lastScanCompleted'];
|
| 517 |
+
} catch(err){
|
| 518 |
+
res.summary['lastScanCompleted'] = 'Never';
|
| 519 |
+
}
|
| 520 |
jQuery('.wfIssuesContainer').hide();
|
| 521 |
for(issueStatus in res.issuesLists){
|
| 522 |
var containerID = 'wfIssues_dataTable_' + issueStatus;
|
lib/GeoIP.dat
CHANGED
|
Binary file
|
lib/wordfenceClass.php
CHANGED
|
@@ -260,7 +260,11 @@ class wordfence {
|
|
| 260 |
add_action('init', 'wordfence::initAction');
|
| 261 |
add_action('template_redirect', 'wordfence::templateRedir');
|
| 262 |
add_action('shutdown', 'wordfence::shutdownAction');
|
| 263 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
| 264 |
add_action('login_init','wordfence::loginInitAction');
|
| 265 |
add_action('wp_login','wordfence::loginAction');
|
| 266 |
add_action('wp_logout','wordfence::logoutAction');
|
|
@@ -642,7 +646,7 @@ class wordfence {
|
|
| 642 |
require('wfLockedOut.php');
|
| 643 |
}
|
| 644 |
}
|
| 645 |
-
public static function
|
| 646 |
if(self::isLockedOut(wfUtils::getIP())){
|
| 647 |
require('wfLockedOut.php');
|
| 648 |
}
|
|
@@ -665,6 +669,30 @@ class wordfence {
|
|
| 665 |
self::getLog()->logLogin('loginFailInvalidUsername', 1, $username);
|
| 666 |
}
|
| 667 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 668 |
public static function getWPFileContent($file, $cType, $cName, $cVersion){
|
| 669 |
if($cType == 'plugin'){
|
| 670 |
if(preg_match('#^/?wp-content/plugins/[^/]+/#', $file)){
|
| 260 |
add_action('init', 'wordfence::initAction');
|
| 261 |
add_action('template_redirect', 'wordfence::templateRedir');
|
| 262 |
add_action('shutdown', 'wordfence::shutdownAction');
|
| 263 |
+
if(version_compare(PHP_VERSION, '5.4.0') >= 0){
|
| 264 |
+
add_action('wp_authenticate','wordfence::authActionNew', 1, 2);
|
| 265 |
+
} else {
|
| 266 |
+
add_action('wp_authenticate','wordfence::authActionOld', 1, 2);
|
| 267 |
+
}
|
| 268 |
add_action('login_init','wordfence::loginInitAction');
|
| 269 |
add_action('wp_login','wordfence::loginAction');
|
| 270 |
add_action('wp_logout','wordfence::logoutAction');
|
| 646 |
require('wfLockedOut.php');
|
| 647 |
}
|
| 648 |
}
|
| 649 |
+
public static function authActionNew($username, &$passwd){ //As of php 5.4 we must denote passing by ref in the function definition, not the function call (as WordPress core does, which is a bug in WordPress).
|
| 650 |
if(self::isLockedOut(wfUtils::getIP())){
|
| 651 |
require('wfLockedOut.php');
|
| 652 |
}
|
| 669 |
self::getLog()->logLogin('loginFailInvalidUsername', 1, $username);
|
| 670 |
}
|
| 671 |
}
|
| 672 |
+
public static function authActionOld($username, $passwd){ //Code is identical to Newer function above except passing by ref ampersand. Some versions of PHP are throwing an error if we include the ampersand in PHP prior to 5.4.
|
| 673 |
+
if(self::isLockedOut(wfUtils::getIP())){
|
| 674 |
+
require('wfLockedOut.php');
|
| 675 |
+
}
|
| 676 |
+
if(! $username){ return; }
|
| 677 |
+
$userDat = get_user_by('login', $username);
|
| 678 |
+
$_POST['wordfence_userDat'] = $userDat;
|
| 679 |
+
if(preg_match(self::$passwordCodePattern, $passwd, $matches)){
|
| 680 |
+
$_POST['wordfence_authFactor'] = $matches[1];
|
| 681 |
+
$passwd = preg_replace('/^(.+)\s+(wf[a-z0-9]+)$/i', '$1', $passwd);
|
| 682 |
+
$_POST['pwd'] = $passwd;
|
| 683 |
+
}
|
| 684 |
+
|
| 685 |
+
if($userDat){
|
| 686 |
+
require_once( ABSPATH . 'wp-includes/class-phpass.php');
|
| 687 |
+
$hasher = new PasswordHash(8, TRUE);
|
| 688 |
+
if(! $hasher->CheckPassword($_POST['pwd'], $userDat->user_pass)){
|
| 689 |
+
self::getLog()->logLogin('loginFailValidUsername', 1, $username);
|
| 690 |
+
}
|
| 691 |
+
} else {
|
| 692 |
+
self::getLog()->logLogin('loginFailInvalidUsername', 1, $username);
|
| 693 |
+
}
|
| 694 |
+
}
|
| 695 |
+
|
| 696 |
public static function getWPFileContent($file, $cType, $cName, $cVersion){
|
| 697 |
if($cType == 'plugin'){
|
| 698 |
if(preg_match('#^/?wp-content/plugins/[^/]+/#', $file)){
|
readme.txt
CHANGED
|
@@ -2,8 +2,8 @@
|
|
| 2 |
Contributors: mmaunder
|
| 3 |
Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security
|
| 4 |
Requires at least: 3.3.1
|
| 5 |
-
Tested up to: 3.
|
| 6 |
-
Stable tag: 3.8.
|
| 7 |
|
| 8 |
Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
|
| 9 |
|
|
@@ -152,6 +152,12 @@ cause a security hole on your site.
|
|
| 152 |
|
| 153 |
== Changelog ==
|
| 154 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 155 |
= 3.8.8 =
|
| 156 |
* Fix: We now truncate the wfHoover table after scans to save disk space on servers with huge numbers of URLs in files.
|
| 157 |
* Fix: isStrongPasswd function was being called statically but not declared as static.
|
| 2 |
Contributors: mmaunder
|
| 3 |
Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security
|
| 4 |
Requires at least: 3.3.1
|
| 5 |
+
Tested up to: 3.8
|
| 6 |
+
Stable tag: 3.8.9
|
| 7 |
|
| 8 |
Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
|
| 9 |
|
| 152 |
|
| 153 |
== Changelog ==
|
| 154 |
|
| 155 |
+
= 3.8.9 =
|
| 156 |
+
* Fix: Fixed issue that caused certain Wordfence login functions to not work. Was a PHP 5.4 vs older version incompatability issue.
|
| 157 |
+
* Updated GeoIP location database to new version for country blocking.
|
| 158 |
+
* Fix: Resolved issue that caused the Issues that Wordfence found to not be displayed in some cases.
|
| 159 |
+
* Updated to WordPress 3.8 Compatability.
|
| 160 |
+
|
| 161 |
= 3.8.8 =
|
| 162 |
* Fix: We now truncate the wfHoover table after scans to save disk space on servers with huge numbers of URLs in files.
|
| 163 |
* Fix: isStrongPasswd function was being called statically but not declared as static.
|
wordfence.php
CHANGED
|
@@ -4,10 +4,10 @@ Plugin Name: Wordfence Security
|
|
| 4 |
Plugin URI: http://www.wordfence.com/
|
| 5 |
Description: Wordfence Security - Anti-virus and Firewall security plugin for WordPress
|
| 6 |
Author: Mark Maunder
|
| 7 |
-
Version: 3.8.
|
| 8 |
Author URI: http://www.wordfence.com/
|
| 9 |
*/
|
| 10 |
-
define('WORDFENCE_VERSION', '3.8.
|
| 11 |
if(get_option('wordfenceActivated') != 1){
|
| 12 |
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
|
| 13 |
}
|
| 4 |
Plugin URI: http://www.wordfence.com/
|
| 5 |
Description: Wordfence Security - Anti-virus and Firewall security plugin for WordPress
|
| 6 |
Author: Mark Maunder
|
| 7 |
+
Version: 3.8.9
|
| 8 |
Author URI: http://www.wordfence.com/
|
| 9 |
*/
|
| 10 |
+
define('WORDFENCE_VERSION', '3.8.9');
|
| 11 |
if(get_option('wordfenceActivated') != 1){
|
| 12 |
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
|
| 13 |
}
|
