Wordfence Security – Firewall &amp; Malware Scan

Version Description

Fixed issue that caused Wordfence security to not log 404's.
Made 404's more visible on the live traffic page.
Fixed panel width that was too narrow for WP 3.8 on live traffic and issues pages.
Report hack attempts to Wordfence Security scanning server for DDoS protection.
Remind admin if security alert email is blank and tour is closed.
Updated links to new Wordfence Security support website at support.wordfence.com.
Made Wordfence Security paid-users-only message a little more user friendly.

Release Info

Developer	mmaunder
Plugin	Wordfence Security – Firewall & Malware Scan
Version	3.9.1
Comparing to
See all releases

Code changes from version 3.8.9 to 3.9.1

Files changed (17) hide show

css/main.css +9 -2
js/admin.js +2 -2
js/tourTip.js +49 -8
lib/GeoIP.dat +0 -0
lib/email_genericAlert.php +8 -0
lib/email_newIssues.php +9 -0
lib/menu_activity.php +3 -9
lib/menu_countryBlocking.php +9 -6
lib/menu_options.php +2 -2
lib/menu_scan.php +3 -3
lib/menu_scanSchedule.php +10 -9
lib/menu_twoFactor.php +10 -8
lib/wfConfig.php +15 -15
lib/wfIssues.php +1 -0
lib/wordfenceClass.php +47 -2
readme.txt +15 -6
wordfence.php +2 -2

css/main.css CHANGED Viewed

	@@ -91,9 +91,10 @@ div.wordfenceScanButton input.button-wf-grey {
91	.wordfenceScanButton table td { vertical-align: top; }
92
93	.wfTabsContainer {

94	overflow: hidden;
95	border: 1px solid #CCC;
96	- max-width: ~~870px~~;
97	padding: 15px;
98	min-height: 200px;
99	-webkit-font-smoothing: antialiased;
	@@ -308,4 +309,10 @@ input.wfStartScanButton { width: 160px; text-align: left; padding-left: 20px; }
308	height: 1px;
309	width: 1px;
310	}
311	-


91	.wordfenceScanButton table td { vertical-align: top; }
92
93	.wfTabsContainer {
94	+ background-color: #FFF;
95	overflow: hidden;
96	border: 1px solid #CCC;
97	+ max-width: 900px;
98	padding: 15px;
99	min-height: 200px;
100	-webkit-font-smoothing: antialiased;

309	height: 1px;
310	width: 1px;
311	}
312	+ .wfPaidOnlyNotice {
313	+ width: 500px;
314	+ background-color: #FFFFE0;
315	+ border: 1px solid #000;
316	+ padding: 10px;
317	+ margin: 20px;
318	+ }

js/admin.js CHANGED Viewed

	@@ -331,7 +331,7 @@ window['wordfenceAdmin'] = {
331	summaryUpdated = true;
332	} else if(item.msg.indexOf('SUM_PAIDONLY:') != -1){
333	var msg = item.msg.replace('SUM_PAIDONLY:', '');
334	- jQuery('#consoleSummary').append('<div class="wfSummaryLine"><div class="wfSummaryDate">[' + item.date + ']</div><div class="wfSummaryMsg">' + msg + '</div><div class="wfSummaryResult"><a href="https://www.wordfence.com/~~choose-a-~~wordfence-~~membership-type/?s2-ssl=yes~~" target="_blank">Paid Members Only</a></div><div class="wfClear"></div>');
335	summaryUpdated = true;
336	} else if(item.msg.indexOf('SUM_FINAL:') != -1){
337	var msg = item.msg.replace('SUM_FINAL:', '');
	@@ -1208,7 +1208,7 @@ window['wordfenceAdmin'] = {
1208	var pos = jQuery('#paidWrap').position();
1209	var width = jQuery('#paidWrap').width();
1210	var height = jQuery('#paidWrap').height();
1211	- jQuery('<div style="position: absolute; left: ' + pos.left + 'px; top: ' + pos.top + 'px; background-color: #FFF; width: ' + width + 'px; height: ' + height + 'px;"><div class="paidInnerMsg">' + msg + ' <a href="https://www.wordfence.com/~~choose-a-~~wordfence-~~membership-type/?s2-ssl=yes~~" target="_blank">Click here to upgrade and gain access to this feature.</div></div>').insertAfter('#paidWrap').fadeTo(10000, 0.7);
1212	},
1213	sched_modeChange: function(){
1214	var self = this;


331	summaryUpdated = true;
332	} else if(item.msg.indexOf('SUM_PAIDONLY:') != -1){
333	var msg = item.msg.replace('SUM_PAIDONLY:', '');
334	+ jQuery('#consoleSummary').append('<div class="wfSummaryLine"><div class="wfSummaryDate">[' + item.date + ']</div><div class="wfSummaryMsg">' + msg + '</div><div class="wfSummaryResult"><a href="https://www.wordfence.com/wordfence-signup/" target="_blank">Paid Members Only</a></div><div class="wfClear"></div>');
335	summaryUpdated = true;
336	} else if(item.msg.indexOf('SUM_FINAL:') != -1){
337	var msg = item.msg.replace('SUM_FINAL:', '');

1208	var pos = jQuery('#paidWrap').position();
1209	var width = jQuery('#paidWrap').width();
1210	var height = jQuery('#paidWrap').height();
1211	+ jQuery('<div style="position: absolute; left: ' + pos.left + 'px; top: ' + pos.top + 'px; background-color: #FFF; width: ' + width + 'px; height: ' + height + 'px;"><div class="paidInnerMsg">' + msg + ' <a href="https://www.wordfence.com/wordfence-signup/" target="_blank">Click here to upgrade and gain access to this feature.</div></div>').insertAfter('#paidWrap').fadeTo(10000, 0.7);
1212	},
1213	sched_modeChange: function(){
1214	var self = this;

js/tourTip.js CHANGED Viewed

@@ -1,20 +1,61 @@
-            -
            function wfClearEmailField(){
-            -
            	if(jQuery('#wfListEmail').val() == "Enter your email"){
-            -
            		jQuery('#wfListEmail').val('');
+            	}
+            }
             jQuery(function(){
             if(WordfenceAdminVars.tourClosed != '1'){
-            -
            	var formHTML = '<div style="padding: 0 5px 0 15px;"><form target="_new" style="display: inline;" method="post" class="af-form-wrapper" action="http://www.aweber.com/scripts/addlead.pl"  ><div style="display: none;"><input type="hidden" name="meta_web_form_id" value="1428034071" /><input type="hidden" name="meta_split_id" value="" /><input type="hidden" name="listname" value="wordfence" /><input type="hidden" name="redirect" value="http://www.aweber.com/thankyou-coi.htm?m=text" id="redirect_ae9f0882518768f447c80ea8f3b7afde" /><input type="hidden" name="meta_adtracking" value="widgetForm" /><input type="hidden" name="meta_message" value="1" /><input type="hidden" name="meta_required" value="email" /><input type="hidden" name="meta_tooltip" value="" /></div><input class="text" id="wfListEmail" type="text" name="email" value="Enter your email" tabindex="500" onclick="wfClearEmailField(); return false;" /><input name="submit" type="submit" value="Get Alerts" tabindex="501" /><div style="display: none;"><img src="http://forms.aweber.com/form/displays.htm?id=jCxMHAzMLAzsjA==" alt="" /></div></form></div>';
-            -
-            -
            	jQuery('#toplevel_page_Wordfence').pointer({
             		close: function(){},
-            -
            		content: "<h3>Congratulations!</h3><p>You've just installed Wordfence! Start by joining our mailing list to get WordPress security alerts and Wordfence news:</p>" +
             			formHTML +
             			"<p>Then click \"Start Tour\" to get a quick introduction to how Wordfence protects your site, keeps you off Google's SEO black-list and can even help clean a hacked site.</p>",
             		pointerWidth: 300,
-            -
            		position: { edge: 'top', align: 'left' },
             		buttons: function(event, t){
             			buttonElem = jQuery('<a id="pointer-close" style="margin-left:5px" class="button-secondary">Close</a>');
             			buttonElem.bind('click.pointer', function(){ t.element.pointer('close');


1	+ if(! window['wordfenceTour']){
2	+ window['wordfenceTour'] = {
3	+ wfClearEmailField: function(){
4	+ if(jQuery('#wfListEmail').val() == "Enter your email"){
5	+ jQuery('#wfListEmail').val('');
6	+ }
7	+ },
8	+ processEmailClick: function(evt){
9	+ var email = jQuery('#wfListEmail').val();
10	+ if(! /[^\@]+\@[^\.]+\.[^\.]+/.test(email)){
11	+ alert("Please enter a valid email address.");
12	+ return false;
13	+ }
14	+ jQuery.ajax({
15	+ type: 'POST',
16	+ url: WordfenceAdminVars.ajaxURL,
17	+ dataType: "json",
18	+ data: {
19	+ nonce: WordfenceAdminVars.firstNonce,
20	+ email: email,
21	+ action: 'wordfence_updateAlertEmail'
22	+ },
23	+ success: function(json){
24	+ if(json.ok){
25	+ jQuery('#wordfenceEmailDiv').html('<div style="color: #0A0;">Your admin alert email address has been set to ' + jQuery('<div/>').text(json.email).html() + '.</div>');
26	+ } else if(json.err){
27	+ alert(json.err);
28	+ }
29	+ },
30	+ error: function(){
31	+ }
32	+ });
33	+
34	+ if(jQuery('#wfJoinListCheck').is(':checked')){
35	+ return true;
36	+ } else {
37	+ try {
38	+ if(evt.preventDefault) evt.preventDefault();
39	+ evt.returnValue = false;
40	+ } catch(e){}
41	+
42	+ return false;
43	+ }
44	}
45	}
46	+ }
47
48	jQuery(function(){
49	if(WordfenceAdminVars.tourClosed != '1'){
50	+ var formHTML = '<div style="padding: 0 5px 0 15px;" id="wordfenceEmailDiv"><form target="_new" style="display: inline;" method="post" class="af-form-wrapper" action="http://www.aweber.com/scripts/addlead.pl" ><div style="display: none;"><input type="hidden" name="meta_web_form_id" value="1428034071" /><input type="hidden" name="meta_split_id" value="" /><input type="hidden" name="listname" value="wordfence" /><input type="hidden" name="redirect" value="http://www.aweber.com/thankyou-coi.htm?m=text" id="redirect_ae9f0882518768f447c80ea8f3b7afde" /><input type="hidden" name="meta_adtracking" value="widgetForm" /><input type="hidden" name="meta_message" value="1" /><input type="hidden" name="meta_required" value="email" /><input type="hidden" name="meta_tooltip" value="" /></div><input class="text" id="wfListEmail" type="text" name="email" value="Enter your email" tabindex="500" onclick="wordfenceTour.wfClearEmailField(); return false;" /><input name="submit" type="submit" value="Get Alerted" tabindex="501" onclick="var evt = event \|\| window.event; try { return wordfenceTour.processEmailClick(evt); } catch(err){ evt.returnValue = false; evt.preventDefault(); }" /><div style="display: none;"><img src="http://forms.aweber.com/form/displays.htm?id=jCxMHAzMLAzsjA==" alt="" /></div><div style="padding: 5px; font-size: 10px;"><input type="checkbox" id="wfJoinListCheck" value="1" checked /><span style="font-size: 10px;">Also join our WordPress Security email list to receive WordPress Security Alerts and Wordfence news.</span></div></form></div>';
51	+ var elem = '#toplevel_page_Wordfence';
52	+ jQuery(elem).pointer({
53	close: function(){},
54	+ content: "<h3>Congratulations!</h3><p>You've just installed Wordfence! Start by entering the administrator email address where you would like to receive security alerts for your site:</p>" +
55	formHTML +
56	"<p>Then click \"Start Tour\" to get a quick introduction to how Wordfence protects your site, keeps you off Google's SEO black-list and can even help clean a hacked site.</p>",
57	pointerWidth: 300,
58	+ position: { edge: 'bottom', align: 'left' },
59	buttons: function(event, t){
60	buttonElem = jQuery('<a id="pointer-close" style="margin-left:5px" class="button-secondary">Close</a>');
61	buttonElem.bind('click.pointer', function(){ t.element.pointer('close');

lib/GeoIP.dat CHANGED Viewed

Binary file

lib/email_genericAlert.php CHANGED Viewed

	@@ -1,6 +1,14 @@
1	This alert was generated by Wordfence on "<?php echo $blogName; ?>" at <?php echo $date; ?>
2
3








4	<?php echo $alertMsg; ?>
5	<?php if($IPMsg){ echo "\n$IPMsg\n"; } ?>
6


1	This alert was generated by Wordfence on "<?php echo $blogName; ?>" at <?php echo $date; ?>
2
3
4	+ <?php if(! $isPaid){ ?>
5	+ NOTE: Upgrading to the paid version of Wordfence gives you two factor authentication (sign-in via cellphone)
6	+ and country blocking which are both effective methods to block attacks.
7	+ Click here to sign-up for the Premium version of Wordfence now.
8	+ https://www.wordfence.com/wordfence-signup/
9	+
10	+ <?php } ?>
11	+
12	<?php echo $alertMsg; ?>
13	<?php if($IPMsg){ echo "\n$IPMsg\n"; } ?>
14

lib/email_newIssues.php CHANGED Viewed

@@ -1,5 +1,14 @@
             Wordfence found the following new issues on "<?php echo get_bloginfo('name', 'raw'); ?>".
             Alert generated at <?php echo wfUtils::localHumanDate(); ?>
             <?php if($totalCriticalIssues > 0){ ?>


1	Wordfence found the following new issues on "<?php echo get_bloginfo('name', 'raw'); ?>".
2
3	+ <?php if(! $isPaid){ ?>
4	+ NOTE: Upgrading to the paid version of Wordfence gives you two factor authentication (sign-in via cellphone)
5	+ and country blocking which are both effective methods to block attacks.
6	+ You can also schedule when your scans occur with Wordfence Premium.
7	+ Click here to sign-up for the Premium version of Wordfence now.
8	+ https://www.wordfence.com/wordfence-signup/
9	+
10	+ <?php } ?>
11	+
12	Alert generated at <?php echo wfUtils::localHumanDate(); ?>
13
14	<?php if($totalCriticalIssues > 0){ ?>

lib/menu_activity.php CHANGED Viewed

	@@ -134,16 +134,10 @@
134	left <a href="${referer}" target="_blank" style="color: #999; font-weight: normal;">${referer}</a> and
135	{{/if}}
136	{{/if}}
137	- {{if ~~activityMode~~ == '~~hit~~'}}
138	- ~~landed~~ on
139	- {{else ~~activityMode == 'human' \|\| activityMode == 'ruser'~~}}
140	visited
141	- {{else activityMode == '404'}}
142	- tried to access
143	- {{else activityMode == 'gCrawler'}}
144	- crawled
145	- {{else activityMode == 'crawler'}}
146	- crawled
147	{{/if}}
148	<a href="${URL}" target="_blank">${URL}</a>
149	</td></tr>


134	left <a href="${referer}" target="_blank" style="color: #999; font-weight: normal;">${referer}</a> and
135	{{/if}}
136	{{/if}}
137	+ {{if is404 == '1'}}
138	+ tried to access <span style="color: #F00;">non-existent page</span>
139	+ {{else}}
140	visited






141	{{/if}}
142	<a href="${URL}" target="_blank">${URL}</a>
143	</td></tr>

lib/menu_countryBlocking.php CHANGED Viewed

	@@ -7,6 +7,14 @@ WFAD.countryMap = <?php echo json_encode($wfBulkCountries); ?>;
7	<div class="wordfenceModeElem" id="wordfenceMode_countryBlocking"></div>
8	<div class="wrap" id="paidWrap">
9	<div class="wordfence-lock-icon wordfence-icon32"><br /></div><h2 id="wfHeading">Block specific countries from accessing your site</h2>








10	<div class="wordfenceWrap" style="margin: 20px 20px 20px 30px;">
11	<table class="wfConfigForm">
12	<tr><td colspan="2"><h2>Country Blocking Options</h2></td></tr>
	@@ -70,11 +78,6 @@ jQuery(function(){ WFAD.loadBlockedCountries('<?php echo wfConfig::get('cbl_coun
70	<?php
71	}
72	?>
73	- <?php
74	- if( (! wfConfig::get('isPaid')) && (wfConfig::get('tourClosed', 0) == '1') ){
75	- echo 'WFAD.paidUsersOnly("Country blocking is only available to paid members because we have licensed a commercial geolocation database to provide this feature.");';
76	- }
77	- ?>
78	</script>
79	<script type="text/x-jquery-template" id="wfWelcomeContentCntBlk">
80	<div>
	@@ -95,7 +98,7 @@ if(wfConfig::get('isPaid')){
95	} else {
96	?>
97	If you would like access to this premium feature, please
98	- <a href="https://www.wordfence.com/~~choose-a-~~wordfence-~~membership-type/?s2-ssl=yes~~" target="_blank">upgrade to our premium version</a>.
99	</p>
100	<?php
101	}


7	<div class="wordfenceModeElem" id="wordfenceMode_countryBlocking"></div>
8	<div class="wrap" id="paidWrap">
9	<div class="wordfence-lock-icon wordfence-icon32"><br /></div><h2 id="wfHeading">Block specific countries from accessing your site</h2>
10	+ <?php if(! wfConfig::get('isPaid')){ ?>
11	+ <div class="wfPaidOnlyNotice">
12	+ <strong>Country Blocking is only available to Premium Members at this time</strong><br /><br />
13	+ Country Blocking is a premium feature because we have licensed a very accurate commercial geolocation database to provide this feature. If you would like to
14	+ activate this feature, simply <a href="https://www.wordfence.com/wordfence-signup/" target="_blank">click here and get a premium Wordfence API Key</a>, and then copy and paste it into your options
15	+ page.
16	+ </div>
17	+ <?php } ?>
18	<div class="wordfenceWrap" style="margin: 20px 20px 20px 30px;">
19	<table class="wfConfigForm">
20	<tr><td colspan="2"><h2>Country Blocking Options</h2></td></tr>

78	<?php
79	}
80	?>





81	</script>
82	<script type="text/x-jquery-template" id="wfWelcomeContentCntBlk">
83	<div>

98	} else {
99	?>
100	If you would like access to this premium feature, please
101	+ <a href="https://www.wordfence.com/wordfence-signup/" target="_blank">upgrade to our premium version</a>.
102	</p>
103	<?php
104	}

lib/menu_options.php CHANGED Viewed

	@@ -102,7 +102,7 @@ var WFSLevels = <?php echo json_encode(wfConfig::$securityLevels); ?>;
102	<?php if(wfConfig::get('isPaid')){ ?>
103	<tr><th>Scan public facing site for vulnerabilities?</th><td><input type="checkbox" id="scansEnabled_public" class="wfConfigElem" name="scansEnabled_public" value="1" <?php $w->cb('scansEnabled_public'); ?></td></tr>
104	<?php } else { ?>
105	- <tr><th style="color: #F00;">Scan public facing site for vulnerabilities? (<a href="https://www.wordfence.com/~~choose-a-~~wordfence-~~membership-type/?s2-ssl=yes~~" target="_blank">Paid members only</a>)</th><td><input type="checkbox" id="scansEnabled_public" class="wfConfigElem" name="scansEnabled_public" value="1" DISABLED ?></td></tr>
106	<?php } ?>
107	<tr><th>Scan core files against repository versions for changes</th><td><input type="checkbox" id="scansEnabled_core" class="wfConfigElem" name="scansEnabled_core" value="1" <?php $w->cb('scansEnabled_core'); ?>/></td></tr>
108
	@@ -268,7 +268,7 @@ var WFSLevels = <?php echo json_encode(wfConfig::$securityLevels); ?>;
268	We give you a few basic security levels to choose from, depending on your needs. Remember to hit the "Save" button to save any changes you make.
269	</p>
270	<p>
271	- If you use the free edition of Wordfence, you don't need to worry about entering an API key in the "API Key" field above. One is automatically created for you. If you choose to <a href="https://www.wordfence.com/~~choose-a-~~wordfence-~~membership-type/?s2-ssl=yes~~" target="_blank">upgrade to Wordfence ~~premium~~ edition</a>, you will receive an API key. You will need to copy and paste that key into the "API Key"
272	field above and hit "Save" to activate your key.
273	</p>
274	</div>


102	<?php if(wfConfig::get('isPaid')){ ?>
103	<tr><th>Scan public facing site for vulnerabilities?</th><td><input type="checkbox" id="scansEnabled_public" class="wfConfigElem" name="scansEnabled_public" value="1" <?php $w->cb('scansEnabled_public'); ?></td></tr>
104	<?php } else { ?>
105	+ <tr><th style="color: #F00;">Scan public facing site for vulnerabilities? (<a href="https://www.wordfence.com/wordfence-signup/" target="_blank">Paid members only</a>)</th><td><input type="checkbox" id="scansEnabled_public" class="wfConfigElem" name="scansEnabled_public" value="1" DISABLED ?></td></tr>
106	<?php } ?>
107	<tr><th>Scan core files against repository versions for changes</th><td><input type="checkbox" id="scansEnabled_core" class="wfConfigElem" name="scansEnabled_core" value="1" <?php $w->cb('scansEnabled_core'); ?>/></td></tr>
108

268	We give you a few basic security levels to choose from, depending on your needs. Remember to hit the "Save" button to save any changes you make.
269	</p>
270	<p>
271	+ If you use the free edition of Wordfence, you don't need to worry about entering an API key in the "API Key" field above. One is automatically created for you. If you choose to <a href="https://www.wordfence.com/wordfence-signup/" target="_blank">upgrade to Wordfence Premium edition</a>, you will receive an API key. You will need to copy and paste that key into the "API Key"
272	field above and hit "Save" to activate your key.
273	</p>
274	</div>

lib/menu_scan.php CHANGED Viewed

	@@ -11,7 +11,7 @@
11	</td>
12	<td>
13	<div style="border: 1px solid #CCC; padding: 4px;">
14	- You can <a href="#" onclick="WFAD.startTourAgain(); return false;">start the tour again</a>, <a href="http://www.wordfence.com/subscribe-to-the-wordfence-email-list/" target="_blank">subscribe to get WordPress Security Alerts and Product News</a> or <a target="_blank" href="http://~~www~~.wordfence.com/~~forums/~~">visit our support ~~forums~~ ~~for~~ help.</a> Love Wordfence? You can help by doing two simple things: <a href="http://wordpress.org/extend/plugins/wordfence/" target="_blank">Go to WordPress.org now and give this plugin a 5★ rating</a>. Blog about Wordfence and link to the <a href="http://wordpress.org/extend/plugins/wordfence/" target="_blank">plugin page</a>. Spreading the word helps us keep the best features free.
15	</div>
16	</td>
17	</tr>
	@@ -38,7 +38,7 @@
38	</div>
39	<?php } else { ?>
40	<div style="margin: 0 0 20px 5px; width: 795px;">
41	- <strong>How to upgrade:</strong> If you would like to ~~control~~ ~~how~~ ~~often~~ ~~your~~ ~~site~~ is ~~checked~~ ~~for~~ ~~security~~ ~~vulnerabilities~~ ~~and~~ ~~infections~~, ~~and~~ ~~you~~ ~~would~~ ~~like~~ to be ~~able~~ to ~~block~~ ~~countries~~, <a href="https://www.wordfence.com/~~choose-a-~~wordfence-~~membership-type/?s2-ssl=yes~~" target="_blank">visit ~~www.wordfence.com~~</a> and sign up for ~~our~~ ~~paid~~ ~~option~~. Then go to the Wordfence options page on this site and replace your free API key with your new premium key. You will ~~then~~ be ~~able~~ to ~~activate~~ the ~~premium~~ ~~scanning~~ ~~options~~ on ~~the~~ ~~Wordfence~~ ~~options~~ ~~page~~.
42	</div>
43
44	<?php } ?>
	@@ -79,7 +79,7 @@
79	<a href="#" target="_blank" class="wfALogViewLink" id="wfALogViewLink">View activity log</a>
80	</div>
81	<div style="margin: 0 0 20px 5px; width: 795px;">
82	- <strong>Docs:</strong> Our <a href="http://~~www~~.wordfence.com/~~docs/~~" target="_blank">~~Wordfence~~ ~~Documentation~~</a> ~~has~~ ~~tips~~ on <a ~~href="http://www.wordfence.com/docs/using-wordfence-to-analyze-changes-in-wordpress-files/"~~ ~~target="_blank">dealing~~ ~~with~~ ~~changed~~ ~~files</a>,~~ <a ~~href="http://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/"~~ ~~target="_blank">how~~ to ~~clean~~ a ~~hacked~~ ~~site</a>~~ ~~and~~ ~~our~~ <a ~~href="http://www~~.~~wordfence.com/docs/frequently-asked-questions/"~~ ~~target="_blank">FAQ</a>.~~
83	<?php $unknownFilesLink = wfUtils::siteURLRelative() . '?_wfsf=unknownFiles&nonce=' . wp_create_nonce('wp-ajax'); ?>
84	<br /><strong>Tools:</strong> Cleaning a hacked system? See a <a href="<?php echo $unknownFilesLink ?>&sort=3&dir=rev" target="_blank">list of files that are not in the WordPress core, plugin or theme repositories</a> after your first scan.
85	</div>


11	</td>
12	<td>
13	<div style="border: 1px solid #CCC; padding: 4px;">
14	+ You can <a href="#" onclick="WFAD.startTourAgain(); return false;">start the tour again</a>, <a href="http://www.wordfence.com/subscribe-to-the-wordfence-email-list/" target="_blank">subscribe to get WordPress Security Alerts and Product News</a> or <a target="_blank" href="http://support.wordfence.com/">visit our support website help.</a> Love Wordfence? You can help by doing two simple things: <a href="http://wordpress.org/extend/plugins/wordfence/" target="_blank">Go to WordPress.org now and give this plugin a 5★ rating</a>. Blog about Wordfence and link to the <a href="http://wordpress.org/extend/plugins/wordfence/" target="_blank">plugin page</a> or <a href="http://www.wordfence.com/" target="_blank">www.wordfence.com</a>. Spreading the word helps us keep the best features free.
15	</div>
16	</td>
17	</tr>

38	</div>
39	<?php } else { ?>
40	<div style="margin: 0 0 20px 5px; width: 795px;">
41	+ <strong style="color: #F00;">How to upgrade:</strong> If you would like access to our <a href="http://support.wordfence.com/" target="_blank">Premium Support help system</a> and features like Cellphone Sign-in, Country Blocking, external site scanning and the ability to schedule scans, simply <a href="https://www.wordfence.com/wordfence-signup/" target="_blank">visit our Wordfence Premium sign-up page</a> and sign up for a Premium Wordfence API key. Then go to the Wordfence options page on this site and replace your free API key with your new premium key. You will immediately be upgraded to Wordfence Premium with all the features it includes and you will have instant access to our ticketing system on <a href="http://support.wordfence.com/" target="_blank">support.wordfence.com</a>.
42	</div>
43
44	<?php } ?>

79	<a href="#" target="_blank" class="wfALogViewLink" id="wfALogViewLink">View activity log</a>
80	</div>
81	<div style="margin: 0 0 20px 5px; width: 795px;">
82	+ <strong>Docs:</strong> Our <a href="http://support.wordfence.com/" target="_blank">Support Site</a> can answer many common (and some less common) questions. It also includes our priority support ticketing system for Premium Wordfence users.
83	<?php $unknownFilesLink = wfUtils::siteURLRelative() . '?_wfsf=unknownFiles&nonce=' . wp_create_nonce('wp-ajax'); ?>
84	<br /><strong>Tools:</strong> Cleaning a hacked system? See a <a href="<?php echo $unknownFilesLink ?>&sort=3&dir=rev" target="_blank">list of files that are not in the WordPress core, plugin or theme repositories</a> after your first scan.
85	</div>

lib/menu_scanSchedule.php CHANGED Viewed

	@@ -1,6 +1,15 @@
1	<div class="wordfenceModeElem" id="wordfenceMode_scanScheduling"></div>
2	<div class="wrap" id="paidWrap">
3	<div class="wordfence-lock-icon wordfence-icon32"><br /></div><h2 id="wfHeading">Schedule Wordfence Scanning</h2>









4	<div class="wordfenceWrap" style="margin: 20px 20px 20px 30px;">
5	<p>
6	<strong>Current time:</strong> <?php echo date('l jS \of F Y H:i:s A', current_time('timestamp')); ?>
	@@ -69,14 +78,6 @@
69	<br />
70	</div>
71
72	- <script type="text/javascript">
73	- <?php
74	- if( (! wfConfig::get('isPaid')) && (wfConfig::get('tourClosed', 0) == '1') ){
75	- echo 'WFAD.paidUsersOnly("Scan scheduling is only available to paid members because it puts significant additional load on our cloud scanning servers. As a free customer, Wordfence will automatically schedule scans to run approximately once daily.");';
76	- }
77	- ?>
78	-
79	- </script>
80	<script type="text/x-jquery-template" id="wfWelcomeContentScanSched">
81	<div>
82	<h3>Premium Feature: Scan Scheduling</h3>
	@@ -101,7 +102,7 @@ if(wfConfig::get('isPaid')){
101	} else {
102	?>
103	If you would like access to this premium feature, please
104	- <a href="https://www.wordfence.com/~~choose-a-~~wordfence-~~membership-type/?s2-ssl=yes~~" target="_blank">upgrade to our ~~premium~~ version</a>.
105	</p>
106	<?php
107	}


1	<div class="wordfenceModeElem" id="wordfenceMode_scanScheduling"></div>
2	<div class="wrap" id="paidWrap">
3	<div class="wordfence-lock-icon wordfence-icon32"><br /></div><h2 id="wfHeading">Schedule Wordfence Scanning</h2>
4	+ <?php if(! wfConfig::get('isPaid')){ ?>
5	+ <div class="wfPaidOnlyNotice">
6	+ <strong>Scan Scheduling is only available to Premium Members at this time</strong><br /><br />
7	+ Scan Scheduling is a premium feature because it places additional load on our scanning servers. If you would like to
8	+ activate this feature, simply <a href="https://www.wordfence.com/wordfence-signup/" target="_blank">click here and get a premium Wordfence API Key</a>, and then copy and paste it into your options
9	+ page.
10	+ </div>
11	+ <?php } ?>
12	+
13	<div class="wordfenceWrap" style="margin: 20px 20px 20px 30px;">
14	<p>
15	<strong>Current time:</strong> <?php echo date('l jS \of F Y H:i:s A', current_time('timestamp')); ?>

78	<br />
79	</div>
80








81	<script type="text/x-jquery-template" id="wfWelcomeContentScanSched">
82	<div>
83	<h3>Premium Feature: Scan Scheduling</h3>

102	} else {
103	?>
104	If you would like access to this premium feature, please
105	+ <a href="https://www.wordfence.com/wordfence-signup/" target="_blank">upgrade to our Premium version</a>.
106	</p>
107	<?php
108	}

lib/menu_twoFactor.php CHANGED Viewed

	@@ -1,6 +1,15 @@
1	<div class="wordfenceModeElem" id="wordfenceMode_twoFactor"></div>
2	<div class="wrap" id="paidWrap">
3	<div class="wordfence-lock-icon wordfence-icon32"><br /></div><h2 id="wfHeading">Cellphone Sign-in</h2>









4	<div class="wordfenceWrap" style="margin: 20px 20px 20px 30px;">
5	<p style="width: 500px;">
6	Wordfence's Cellphone Sign-in uses a technique called "Two Factor Authentication" which is used by banks, government agencies and military world-wide as one of the most secure forms of remote system authentication.
	@@ -61,13 +70,6 @@
61	</table>
62	</div>
63	</script>
64	- <script type="text/javascript">
65	- <?php
66	- if( (! wfConfig::get('isPaid')) && (wfConfig::get('tourClosed', 0) == '1') ){
67	- echo 'WFAD.paidUsersOnly("Wordfence Cellphone Sign-in uses a technique called \'Two Factor Authentication\'. Two Factor Authentication is used by banks, government agencies and military world-wide as one of the most secure forms of remote system authentication. It\'s now available for all paid Wordfence members to permanently stop all brute force hacks. <br /><br />When you enable Cellphone Sign-in on a member\'s account, they complete a two-step process to sign in. First they enter their username and password as per normal. If the username and password are correct, we send a code to their phone. Then they enter their username and their password again but this time they add a space and the code to the end of their password. This form of authentication provides the highest level of security. It is called Two Factor in the security industry because it relies on two factors: Something you know (your password) and something you have (your phone).");';
68	- }
69	- ?>
70	- </script>
71	<script type="text/x-jquery-template" id="wfWelcomeTwoFactor">
72	<div>
73	<h3>Secure Sign-in using your Cellphone</h3>
	@@ -96,7 +98,7 @@ if(wfConfig::get('isPaid')){
96	} else {
97	?>
98	If you would like access to this premium feature, please
99	- <a href="https://www.wordfence.com/~~choose-a-~~wordfence-~~membership-type/?s2-ssl=yes~~" target="_blank">upgrade to our premium version</a>.
100	<?php
101	}
102	?>


1	<div class="wordfenceModeElem" id="wordfenceMode_twoFactor"></div>
2	<div class="wrap" id="paidWrap">
3	<div class="wordfence-lock-icon wordfence-icon32"><br /></div><h2 id="wfHeading">Cellphone Sign-in</h2>
4	+ <?php if(! wfConfig::get('isPaid')){ ?>
5	+ <div class="wfPaidOnlyNotice">
6	+ <strong>Cellphone Sign-in is only available to Premium Members at this time</strong><br /><br />
7	+ Cellphone Sign-in is a premium feature because we are charged per SMS we send when a user signs in. If you would like to
8	+ activate this feature, simply <a href="https://www.wordfence.com/wordfence-signup/" target="_blank">click here and get a premium Wordfence API Key</a>, and then copy and paste it into your options
9	+ page.
10	+ </div>
11	+ <?php } ?>
12	+
13	<div class="wordfenceWrap" style="margin: 20px 20px 20px 30px;">
14	<p style="width: 500px;">
15	Wordfence's Cellphone Sign-in uses a technique called "Two Factor Authentication" which is used by banks, government agencies and military world-wide as one of the most secure forms of remote system authentication.

70	</table>
71	</div>
72	</script>







73	<script type="text/x-jquery-template" id="wfWelcomeTwoFactor">
74	<div>
75	<h3>Secure Sign-in using your Cellphone</h3>

98	} else {
99	?>
100	If you would like access to this premium feature, please
101	+ <a href="https://www.wordfence.com/wordfence-signup/" target="_blank">upgrade to our premium version</a>.
102	<?php
103	}
104	?>

lib/wfConfig.php CHANGED Viewed

	@@ -77,10 +77,10 @@ class wfConfig {
77	"alertOn_critical" => true,
78	"alertOn_warnings" => false,
79	"alertOn_throttle" => false,
80	- "alertOn_block" => ~~false~~,
81	- "alertOn_loginLockout" => ~~false~~,
82	"alertOn_lostPasswdForm" => false,
83	- "alertOn_adminLogin" => ~~false~~,
84	"alertOn_nonAdminLogin" => false,
85	"liveTrafficEnabled" => true,
86	"liveTraf_ignorePublishers" => true,
	@@ -143,10 +143,10 @@ class wfConfig {
143	"alertOn_critical" => true,
144	"alertOn_warnings" => true,
145	"alertOn_throttle" => false,
146	- "alertOn_block" => ~~false~~,
147	- "alertOn_loginLockout" => ~~false~~,
148	- "alertOn_lostPasswdForm" => ~~false~~,
149	- "alertOn_adminLogin" => ~~false~~,
150	"alertOn_nonAdminLogin" => false,
151	"liveTrafficEnabled" => true,
152	"liveTraf_ignorePublishers" => true,
	@@ -209,10 +209,10 @@ class wfConfig {
209	"alertOn_critical" => true,
210	"alertOn_warnings" => true,
211	"alertOn_throttle" => false,
212	- "alertOn_block" => ~~false~~,
213	- "alertOn_loginLockout" => ~~false~~,
214	- "alertOn_lostPasswdForm" => ~~false~~,
215	- "alertOn_adminLogin" => ~~false~~,
216	"alertOn_nonAdminLogin" => false,
217	"liveTrafficEnabled" => true,
218	"liveTraf_ignorePublishers" => true,
	@@ -275,10 +275,10 @@ class wfConfig {
275	"alertOn_critical" => true,
276	"alertOn_warnings" => true,
277	"alertOn_throttle" => false,
278	- "alertOn_block" => ~~false~~,
279	- "alertOn_loginLockout" => ~~false~~,
280	- "alertOn_lostPasswdForm" => ~~false~~,
281	- "alertOn_adminLogin" => ~~false~~,
282	"alertOn_nonAdminLogin" => false,
283	"liveTrafficEnabled" => true,
284	"liveTraf_ignorePublishers" => true,


77	"alertOn_critical" => true,
78	"alertOn_warnings" => false,
79	"alertOn_throttle" => false,
80	+ "alertOn_block" => true,
81	+ "alertOn_loginLockout" => true,
82	"alertOn_lostPasswdForm" => false,
83	+ "alertOn_adminLogin" => true,
84	"alertOn_nonAdminLogin" => false,
85	"liveTrafficEnabled" => true,
86	"liveTraf_ignorePublishers" => true,

143	"alertOn_critical" => true,
144	"alertOn_warnings" => true,
145	"alertOn_throttle" => false,
146	+ "alertOn_block" => true,
147	+ "alertOn_loginLockout" => true,
148	+ "alertOn_lostPasswdForm" => true,
149	+ "alertOn_adminLogin" => true,
150	"alertOn_nonAdminLogin" => false,
151	"liveTrafficEnabled" => true,
152	"liveTraf_ignorePublishers" => true,

209	"alertOn_critical" => true,
210	"alertOn_warnings" => true,
211	"alertOn_throttle" => false,
212	+ "alertOn_block" => true,
213	+ "alertOn_loginLockout" => true,
214	+ "alertOn_lostPasswdForm" => true,
215	+ "alertOn_adminLogin" => true,
216	"alertOn_nonAdminLogin" => false,
217	"liveTrafficEnabled" => true,
218	"liveTraf_ignorePublishers" => true,

275	"alertOn_critical" => true,
276	"alertOn_warnings" => true,
277	"alertOn_throttle" => false,
278	+ "alertOn_block" => true,
279	+ "alertOn_loginLockout" => true,
280	+ "alertOn_lostPasswdForm" => true,
281	+ "alertOn_adminLogin" => true,
282	"alertOn_nonAdminLogin" => false,
283	"liveTrafficEnabled" => true,
284	"liveTraf_ignorePublishers" => true,

lib/wfIssues.php CHANGED Viewed

	@@ -116,6 +116,7 @@ class wfIssues {
116	if($level == 2 && $totalCriticalIssues < 1 && $totalWarningIssues < 1){ return; }
117	if($level == 1 && $totalCriticalIssues < 1){ return; }
118	$content = wfUtils::tmpl('email_newIssues.php', array(

119	'issues' => $finalIssues,
120	'totalCriticalIssues' => $totalCriticalIssues,
121	'totalWarningIssues' => $totalWarningIssues,


116	if($level == 2 && $totalCriticalIssues < 1 && $totalWarningIssues < 1){ return; }
117	if($level == 1 && $totalCriticalIssues < 1){ return; }
118	$content = wfUtils::tmpl('email_newIssues.php', array(
119	+ 'isPaid' => wfConfig::get('isPaid'),
120	'issues' => $finalIssues,
121	'totalCriticalIssues' => $totalCriticalIssues,
122	'totalWarningIssues' => $totalWarningIssues,

lib/wordfenceClass.php CHANGED Viewed

	@@ -609,6 +609,9 @@ class wordfence {
609	if(self::getLog()->isWhitelisted($IP)){
610	return $authResult;
611	}



612	if($secEnabled){
613	if(is_wp_error($authResult) && $authResult->get_error_code() == 'invalid_username' && wfConfig::get('loginSec_lockInvalidUsers')){
614	self::lockOutIP($IP, "Used an invalid username '" . $_POST['log'] . "' to try to sign in.");
	@@ -636,6 +639,17 @@ class wordfence {
636	}
637	return $authResult;
638	}











639	public static function logoutAction(){
640	$userID = get_current_user_id();
641	$userDat = get_user_by('id', $userID);
	@@ -731,6 +745,9 @@ class wordfence {
731	}
732	}
733	public static function ajax_addTwoFactor_callback(){



734	$username = $_POST['username'];
735	$phone = $_POST['phone'];
736	$user = get_user_by('login', $username);
	@@ -1371,6 +1388,14 @@ class wordfence {
1371	'currentScanID' => $issues->getScanTime()
1372	);
1373	}








1374	public static function ajax_deleteFile_callback(){
1375	$issueID = $_POST['issueID'];
1376	$wfIssues = new wfIssues();
	@@ -1458,7 +1483,7 @@ class wordfence {
1458	$wfFunc = get_query_var('_wfsf');
1459	$wfLog = self::getLog();
1460	if($wfLog->logHitOK()){
1461	- if( (! empty($wfFunc)) && is_404() ){
1462	$wfLog->logLeechAndBlock('404');
1463	} else {
1464	$wfLog->logLeechAndBlock('hit');
	@@ -1672,7 +1697,7 @@ class wordfence {
1672	}
1673	public static function admin_init(){
1674	if(! wfUtils::isAdmin()){ return; }
1675	- foreach(array('activate', 'scan', 'sendActivityLog', 'restoreFile', 'deleteFile', 'removeExclusion', 'activityLogUpdate', 'ticker', 'loadIssues', 'updateIssueStatus', 'deleteIssue', 'updateAllIssues', 'reverseLookup', 'unlockOutIP', 'loadBlockRanges', 'unblockRange', 'blockIPUARange', 'whois', 'unblockIP', 'blockIP', 'permBlockIP', 'loadStaticPanel', 'saveConfig', 'clearAllBlocked', 'killScan', 'saveCountryBlocking', 'saveScanSchedule', 'tourClosed', 'startTourAgain', 'downgradeLicense', 'addTwoFactor', 'twoFacActivate', 'twoFacDel', 'loadTwoFactor') as $func){
1676	add_action('wp_ajax_wordfence_' . $func, 'wordfence::ajaxReceiver');
1677	}
1678
	@@ -1727,6 +1752,10 @@ class wordfence {
1727	public static function noKeyError(){
1728	echo '<div id="wordfenceConfigWarning" class="fade error"><p><strong>Wordfence could not get an API key from the Wordfence scanning servers when it activated.</strong> You can try to fix this by going to the Wordfence "options" page and hitting "Save Changes". This will cause Wordfence to retry fetching an API key for you. If you keep seeing this error it usually means your WordPress server can\'t connect to our scanning servers. You can try asking your WordPress host to allow your WordPress server to connect to noc1.wordfence.com.</p></div>';
1729	}




1730	public static function admin_menus(){
1731	if(! wfUtils::isAdmin()){ return; }
1732	$warningAdded = false;
	@@ -1746,6 +1775,16 @@ class wordfence {
1746	}
1747	$warningAdded = true;
1748	}










1749	/*
1750	if(is_plugin_active('w3-total-cache/w3-total-cache.php') && wfConfig::get('liveTrafficEnabled')){
1751	wfConfig::set('liveTrafficEnabled', 0);
	@@ -1779,6 +1818,11 @@ class wordfence {
1779	add_submenu_page("Wordfence", "Options", "Options", "activate_plugins", "WordfenceSecOpt", 'wordfence::menu_options');
1780	}
1781	public static function menu_options(){





1782	require 'menu_options.php';
1783	}
1784	public static function menu_blockedIPs(){
	@@ -1889,6 +1933,7 @@ class wordfence {
1889	}
1890	}
1891	$content = wfUtils::tmpl('email_genericAlert.php', array(

1892	'subject' => $subject,
1893	'blogName' => get_bloginfo('name', 'raw'),
1894	'alertMsg' => $alertMsg,


609	if(self::getLog()->isWhitelisted($IP)){
610	return $authResult;
611	}
612	+ if(is_wp_error($authResult) && ($authResult->get_error_code() == 'invalid_username' \|\| $authResult->get_error_code() == 'incorrect_password') && wfConfig::get('loginSec_maskLoginErrors')){
613	+ self::reportHackAttempt($IP, 'brute');
614	+ }
615	if($secEnabled){
616	if(is_wp_error($authResult) && $authResult->get_error_code() == 'invalid_username' && wfConfig::get('loginSec_lockInvalidUsers')){
617	self::lockOutIP($IP, "Used an invalid username '" . $_POST['log'] . "' to try to sign in.");

639	}
640	return $authResult;
641	}
642	+ private static function reportHackAttempt($IP, $type){
643	+ $curl = curl_init('http://noc3.wordfence.com:9050/hackAttempt/?k=' . wfConfig::get('apiKey') . '&IP=' . wfUtils::inet_aton($IP) . '&t=' . $type );
644	+ curl_setopt($curl, CURLOPT_TIMEOUT, 1);
645	+ curl_setopt ($curl, CURLOPT_USERAGENT, "Wordfence.com UA " . (defined('WORDFENCE_VERSION') ? WORDFENCE_VERSION : '[Unknown version]') );
646	+ curl_setopt ($curl, CURLOPT_RETURNTRANSFER, TRUE);
647	+ curl_setopt ($curl, CURLOPT_HEADER, 0);
648	+ curl_setopt ($curl, CURLOPT_SSL_VERIFYPEER, false);
649	+ curl_setopt ($curl, CURLOPT_SSL_VERIFYHOST, false);
650	+ curl_setopt($curl, CURLOPT_POST, false);
651	+ curl_exec($curl);
652	+ }
653	public static function logoutAction(){
654	$userID = get_current_user_id();
655	$userDat = get_user_by('id', $userID);

745	}
746	}
747	public static function ajax_addTwoFactor_callback(){
748	+ if(! wfConfig::get('isPaid')){
749	+ return array('errorMsg' => 'Cellphone Sign-in is only available to paid members. <a href="https://www.wordfence.com/wordfence-signup/" target="_blank">Click here to upgrade now.</a>');
750	+ }
751	$username = $_POST['username'];
752	$phone = $_POST['phone'];
753	$user = get_user_by('login', $username);

1388	'currentScanID' => $issues->getScanTime()
1389	);
1390	}
1391	+ public static function ajax_updateAlertEmail_callback(){
1392	+ $email = trim($_POST['email']);
1393	+ if(! preg_match('/[^\@]+\@[^\.]+\.[^\.]+/', $email)){
1394	+ return array( 'err' => "Invalid email address given.");
1395	+ }
1396	+ wfConfig::set('alertEmails', $email);
1397	+ return array('ok' => 1, 'email' => $email);
1398	+ }
1399	public static function ajax_deleteFile_callback(){
1400	$issueID = $_POST['issueID'];
1401	$wfIssues = new wfIssues();

1483	$wfFunc = get_query_var('_wfsf');
1484	$wfLog = self::getLog();
1485	if($wfLog->logHitOK()){
1486	+ if( empty($wfFunc) && is_404() ){
1487	$wfLog->logLeechAndBlock('404');
1488	} else {
1489	$wfLog->logLeechAndBlock('hit');

1697	}
1698	public static function admin_init(){
1699	if(! wfUtils::isAdmin()){ return; }
1700	+ foreach(array('activate', 'scan', 'updateAlertEmail', 'sendActivityLog', 'restoreFile', 'deleteFile', 'removeExclusion', 'activityLogUpdate', 'ticker', 'loadIssues', 'updateIssueStatus', 'deleteIssue', 'updateAllIssues', 'reverseLookup', 'unlockOutIP', 'loadBlockRanges', 'unblockRange', 'blockIPUARange', 'whois', 'unblockIP', 'blockIP', 'permBlockIP', 'loadStaticPanel', 'saveConfig', 'clearAllBlocked', 'killScan', 'saveCountryBlocking', 'saveScanSchedule', 'tourClosed', 'startTourAgain', 'downgradeLicense', 'addTwoFactor', 'twoFacActivate', 'twoFacDel', 'loadTwoFactor') as $func){
1701	add_action('wp_ajax_wordfence_' . $func, 'wordfence::ajaxReceiver');
1702	}
1703

1752	public static function noKeyError(){
1753	echo '<div id="wordfenceConfigWarning" class="fade error"><p><strong>Wordfence could not get an API key from the Wordfence scanning servers when it activated.</strong> You can try to fix this by going to the Wordfence "options" page and hitting "Save Changes". This will cause Wordfence to retry fetching an API key for you. If you keep seeing this error it usually means your WordPress server can\'t connect to our scanning servers. You can try asking your WordPress host to allow your WordPress server to connect to noc1.wordfence.com.</p></div>';
1754	}
1755	+ public static function adminEmailWarning(){
1756	+ echo '<div id="wordfenceConfigWarning" class="fade error"><p><strong>You have not set an administrator email address to receive alerts for Wordfence.</strong> Please <a href="' . self::getMyOptionsURL() . '">click here to go to the Wordfence Options Page</a> and set an email address where you will receive security alerts from this site.</p></div>';
1757	+ }
1758	+
1759	public static function admin_menus(){
1760	if(! wfUtils::isAdmin()){ return; }
1761	$warningAdded = false;

1775	}
1776	$warningAdded = true;
1777	}
1778	+ if(! $warningAdded){
1779	+ if(wfConfig::get('tourClosed') == '1' && (! wfConfig::get('alertEmails')) ){
1780	+ if(wfUtils::isAdminPageMU()){
1781	+ add_action('network_admin_notices', 'wordfence::adminEmailWarning');
1782	+ } else {
1783	+ add_action('admin_notices', 'wordfence::adminEmailWarning');
1784	+ }
1785	+ }
1786	+ }
1787	+
1788	/*
1789	if(is_plugin_active('w3-total-cache/w3-total-cache.php') && wfConfig::get('liveTrafficEnabled')){
1790	wfConfig::set('liveTrafficEnabled', 0);

1818	add_submenu_page("Wordfence", "Options", "Options", "activate_plugins", "WordfenceSecOpt", 'wordfence::menu_options');
1819	}
1820	public static function menu_options(){
1821	+ if(! wfConfig::get('alertEmails')){
1822	+ foreach(array('alertOn_block', 'alertOn_loginLockout', 'alertOn_lostPasswdForm', 'alertOn_adminLogin') as $opt){
1823	+ wfConfig::set($opt, '1');
1824	+ }
1825	+ }
1826	require 'menu_options.php';
1827	}
1828	public static function menu_blockedIPs(){

1933	}
1934	}
1935	$content = wfUtils::tmpl('email_genericAlert.php', array(
1936	+ 'isPaid' => wfConfig::get('isPaid'),
1937	'subject' => $subject,
1938	'blogName' => get_bloginfo('name', 'raw'),
1939	'alertMsg' => $alertMsg,

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: mmaunder
3	Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security
4	Requires at least: 3.3.1
5	Tested up to: 3.8
6	- Stable tag: 3.8.9
7
8	Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
9
	@@ -152,16 +152,25 @@ cause a security hole on your site.
152
153	== Changelog ==
154









155	= 3.8.9 =
156	- * Fix: Fixed issue that caused certain Wordfence login functions to not work. Was a PHP 5.4 vs older version incompatability issue.
157	* Updated GeoIP location database to new version for country blocking.
158	- * Fix: Resolved issue that caused the Issues that Wordfence found to not be displayed in some cases.
159	- * Updated to WordPress 3.8 Compatability.
160
161	= 3.8.8 =
162	* Fix: We now truncate the wfHoover table after scans to save disk space on servers with huge numbers of URLs in files.
163	* Fix: isStrongPasswd function was being called statically but not declared as static.
164	- * Fix: Improved error reporting when we can't connect to Wordfence API servers.
165	* Fix: Fixed code that was causing an error log warning when we read the requested URL.
166	* Fix: Disable and clear cellphone sign-in if you downgrade to free from paid to prevent lockouts.
167
	@@ -180,7 +189,7 @@ cause a security hole on your site.
180	* Fixed issue that caused Human traffic to not be logged in Wordfence Security live traffic view.
181
182	= 3.8.4 =
183	- * Removed Wordfence .htaccess because it doesn't offer any security functionality and increases incompatibility.
184	* Fixed spelling errors.
185	* Added check to see if HTTP_USER_AGENT server variable is defined before using it to suppress large number of warnings on some sites.
186	* Changed the way we call admin_url to the correct syntax.


3	Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security
4	Requires at least: 3.3.1
5	Tested up to: 3.8
6	+ Stable tag: 3.9.1
7
8	Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
9

152
153	== Changelog ==
154
155	+ = 3.9.1 =
156	+ * Fixed issue that caused Wordfence security to not log 404's.
157	+ * Made 404's more visible on the live traffic page.
158	+ * Fixed panel width that was too narrow for WP 3.8 on live traffic and issues pages.
159	+ * Report hack attempts to Wordfence Security scanning server for DDoS protection.
160	+ * Remind admin if security alert email is blank and tour is closed.
161	+ * Updated links to new Wordfence Security support website at support.wordfence.com.
162	+ * Made Wordfence Security paid-users-only message a little more user friendly.
163	+
164	= 3.8.9 =
165	+ * Fix: Fixed issue that caused certain Wordfence Security login functions to not work. Was a PHP 5.4 vs older version incompatability issue.
166	* Updated GeoIP location database to new version for country blocking.
167	+ * Fix: Resolved issue that caused the Issues that Wordfence Security found to not be displayed in some cases.
168	+ * Updated Wordfence Security to WordPress 3.8 Compatability.
169
170	= 3.8.8 =
171	* Fix: We now truncate the wfHoover table after scans to save disk space on servers with huge numbers of URLs in files.
172	* Fix: isStrongPasswd function was being called statically but not declared as static.
173	+ * Fix: Improved error reporting when we can't connect to Wordfence Security API servers.
174	* Fix: Fixed code that was causing an error log warning when we read the requested URL.
175	* Fix: Disable and clear cellphone sign-in if you downgrade to free from paid to prevent lockouts.
176

189	* Fixed issue that caused Human traffic to not be logged in Wordfence Security live traffic view.
190
191	= 3.8.4 =
192	+ * Removed Wordfence Security .htaccess because it doesn't offer any security functionality and increases incompatibility.
193	* Fixed spelling errors.
194	* Added check to see if HTTP_USER_AGENT server variable is defined before using it to suppress large number of warnings on some sites.
195	* Changed the way we call admin_url to the correct syntax.

wordfence.php CHANGED Viewed

	@@ -4,10 +4,10 @@ Plugin Name: Wordfence Security
4	Plugin URI: http://www.wordfence.com/
5	Description: Wordfence Security - Anti-virus and Firewall security plugin for WordPress
6	Author: Mark Maunder
7	- Version: 3.8.9
8	Author URI: http://www.wordfence.com/
9	*/
10	- define('WORDFENCE_VERSION', '3.8.9');
11	if(get_option('wordfenceActivated') != 1){
12	add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
13	}


4	Plugin URI: http://www.wordfence.com/
5	Description: Wordfence Security - Anti-virus and Firewall security plugin for WordPress
6	Author: Mark Maunder
7	+ Version: 3.9.1
8	Author URI: http://www.wordfence.com/
9	*/
10	+ define('WORDFENCE_VERSION', '3.9.1');
11	if(get_option('wordfenceActivated') != 1){
12	add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
13	}

Wordfence Security – Firewall & Malware Scan - Version 3.9.1

Version Description

Release Info

Code changes from version 3.8.9 to 3.9.1