Version Description
- Improvement: Added "high sensitivity" scanning which catches evals with other bad functions but may give false positives. Not enabled by default.
- Fix: Removed code that caused error message during scan initialization.
- Fix: IP to number conversation code had a problem with IP's with a single 0 in them. Bug was introduced in 4.0.2.
- Fix: Very fast attacks would generate a lot of email alerts due to race condition. Fixed.
Download this release
Release Info
| Developer | mmaunder |
| Plugin |  Wordfence Security – Firewall & Malware Scan |
| Version | 4.0.3 |
| Comparing to | |
| See all releases | |
Code changes from version 4.0.2 to 4.0.3
- lib/menu_options.php +1 -0
- lib/wfConfig.php +5 -0
- lib/wfScanEngine.php +0 -2
- lib/wfUtils.php +1 -1
- lib/wordfenceClass.php +3 -1
- lib/wordfenceConstants.php +1 -1
- lib/wordfenceScanner.php +25 -23
- readme.txt +9 -2
- wordfence.php +2 -2
lib/menu_options.php
CHANGED
|
@@ -119,6 +119,7 @@ var WFSLevels = <?php echo json_encode(wfConfig::$securityLevels); ?>;
|
|
| 119 |
<tr><th>Scan for unauthorized DNS changes</th><td><input type="checkbox" id="scansEnabled_dns" class="wfConfigElem" name="scansEnabled_dns" value="1" <?php $w->cb('scansEnabled_dns'); ?>/></td></tr>
|
| 120 |
<tr><th>Scan files outside your WordPress installation</th><td><input type="checkbox" id="other_scanOutside" class="wfConfigElem" name="other_scanOutside" value="1" <?php $w->cb('other_scanOutside'); ?> /></td></tr>
|
| 121 |
<tr><th>Scan image files as if they were executable</th><td><input type="checkbox" id="scansEnabled_scanImages" class="wfConfigElem" name="scansEnabled_scanImages" value="1" <?php $w->cb('scansEnabled_scanImages'); ?> /></td></tr>
|
|
|
|
| 122 |
<tr><td colspan="2">
|
| 123 |
<div class="wfMarker" id="wfMarkerFirewallRules"></div>
|
| 124 |
<h3 class="wfConfigHeading">Firewall Rules</h3>
|
| 119 |
<tr><th>Scan for unauthorized DNS changes</th><td><input type="checkbox" id="scansEnabled_dns" class="wfConfigElem" name="scansEnabled_dns" value="1" <?php $w->cb('scansEnabled_dns'); ?>/></td></tr>
|
| 120 |
<tr><th>Scan files outside your WordPress installation</th><td><input type="checkbox" id="other_scanOutside" class="wfConfigElem" name="other_scanOutside" value="1" <?php $w->cb('other_scanOutside'); ?> /></td></tr>
|
| 121 |
<tr><th>Scan image files as if they were executable</th><td><input type="checkbox" id="scansEnabled_scanImages" class="wfConfigElem" name="scansEnabled_scanImages" value="1" <?php $w->cb('scansEnabled_scanImages'); ?> /></td></tr>
|
| 122 |
+
<tr><th>Enable HIGH SENSITIVITY scanning. May give false positives.</th><td><input type="checkbox" id="scansEnabled_highSense" class="wfConfigElem" name="scansEnabled_highSense" value="1" <?php $w->cb('scansEnabled_highSense'); ?> /></td></tr>
|
| 123 |
<tr><td colspan="2">
|
| 124 |
<div class="wfMarker" id="wfMarkerFirewallRules"></div>
|
| 125 |
<h3 class="wfConfigHeading">Firewall Rules</h3>
|
lib/wfConfig.php
CHANGED
|
@@ -32,6 +32,7 @@ class wfConfig {
|
|
| 32 |
"scansEnabled_options" => false,
|
| 33 |
"scansEnabled_dns" => false,
|
| 34 |
"scansEnabled_scanImages" => false,
|
|
|
|
| 35 |
"scansEnabled_oldVersions" => false,
|
| 36 |
"firewallEnabled" => false,
|
| 37 |
"blockFakeBots" => false,
|
|
@@ -99,6 +100,7 @@ class wfConfig {
|
|
| 99 |
"scansEnabled_options" => true,
|
| 100 |
"scansEnabled_dns" => true,
|
| 101 |
"scansEnabled_scanImages" => false,
|
|
|
|
| 102 |
"scansEnabled_oldVersions" => true,
|
| 103 |
"firewallEnabled" => true,
|
| 104 |
"blockFakeBots" => false,
|
|
@@ -166,6 +168,7 @@ class wfConfig {
|
|
| 166 |
"scansEnabled_options" => true,
|
| 167 |
"scansEnabled_dns" => true,
|
| 168 |
"scansEnabled_scanImages" => false,
|
|
|
|
| 169 |
"scansEnabled_oldVersions" => true,
|
| 170 |
"firewallEnabled" => true,
|
| 171 |
"blockFakeBots" => false,
|
|
@@ -233,6 +236,7 @@ class wfConfig {
|
|
| 233 |
"scansEnabled_options" => true,
|
| 234 |
"scansEnabled_dns" => true,
|
| 235 |
"scansEnabled_scanImages" => false,
|
|
|
|
| 236 |
"scansEnabled_oldVersions" => true,
|
| 237 |
"firewallEnabled" => true,
|
| 238 |
"blockFakeBots" => false,
|
|
@@ -300,6 +304,7 @@ class wfConfig {
|
|
| 300 |
"scansEnabled_options" => true,
|
| 301 |
"scansEnabled_dns" => true,
|
| 302 |
"scansEnabled_scanImages" => false,
|
|
|
|
| 303 |
"scansEnabled_oldVersions" => true,
|
| 304 |
"firewallEnabled" => true,
|
| 305 |
"blockFakeBots" => true,
|
| 32 |
"scansEnabled_options" => false,
|
| 33 |
"scansEnabled_dns" => false,
|
| 34 |
"scansEnabled_scanImages" => false,
|
| 35 |
+
"scansEnabled_highSense" => false,
|
| 36 |
"scansEnabled_oldVersions" => false,
|
| 37 |
"firewallEnabled" => false,
|
| 38 |
"blockFakeBots" => false,
|
| 100 |
"scansEnabled_options" => true,
|
| 101 |
"scansEnabled_dns" => true,
|
| 102 |
"scansEnabled_scanImages" => false,
|
| 103 |
+
"scansEnabled_highSense" => false,
|
| 104 |
"scansEnabled_oldVersions" => true,
|
| 105 |
"firewallEnabled" => true,
|
| 106 |
"blockFakeBots" => false,
|
| 168 |
"scansEnabled_options" => true,
|
| 169 |
"scansEnabled_dns" => true,
|
| 170 |
"scansEnabled_scanImages" => false,
|
| 171 |
+
"scansEnabled_highSense" => false,
|
| 172 |
"scansEnabled_oldVersions" => true,
|
| 173 |
"firewallEnabled" => true,
|
| 174 |
"blockFakeBots" => false,
|
| 236 |
"scansEnabled_options" => true,
|
| 237 |
"scansEnabled_dns" => true,
|
| 238 |
"scansEnabled_scanImages" => false,
|
| 239 |
+
"scansEnabled_highSense" => false,
|
| 240 |
"scansEnabled_oldVersions" => true,
|
| 241 |
"firewallEnabled" => true,
|
| 242 |
"blockFakeBots" => false,
|
| 304 |
"scansEnabled_options" => true,
|
| 305 |
"scansEnabled_dns" => true,
|
| 306 |
"scansEnabled_scanImages" => false,
|
| 307 |
+
"scansEnabled_highSense" => false,
|
| 308 |
"scansEnabled_oldVersions" => true,
|
| 309 |
"firewallEnabled" => true,
|
| 310 |
"blockFakeBots" => true,
|
lib/wfScanEngine.php
CHANGED
|
@@ -908,8 +908,6 @@ class wfScanEngine {
|
|
| 908 |
'sslverify' => false,
|
| 909 |
'headers' => $headers
|
| 910 |
) );
|
| 911 |
-
wordfence::status(4, 'info', "Proxy scan start headers: " . var_export($result['headers'], true));
|
| 912 |
-
wordfence::status(4, 'info', "Proxy scan start response: " . var_export($result['response'], true));
|
| 913 |
wordfence::status(4, 'info', "Scan process ended after forking.");
|
| 914 |
}
|
| 915 |
return false; //No error
|
| 908 |
'sslverify' => false,
|
| 909 |
'headers' => $headers
|
| 910 |
) );
|
|
|
|
|
|
|
| 911 |
wordfence::status(4, 'info', "Scan process ended after forking.");
|
| 912 |
}
|
| 913 |
return false; //No error
|
lib/wfUtils.php
CHANGED
|
@@ -83,7 +83,7 @@ class wfUtils {
|
|
| 83 |
return long2ip(-$long);
|
| 84 |
}
|
| 85 |
public static function inet_aton($ip){
|
| 86 |
-
$ip = preg_replace('/(?<=^|\.)0
|
| 87 |
return sprintf("%u", ip2long($ip));
|
| 88 |
}
|
| 89 |
public static function getBaseURL(){
|
| 83 |
return long2ip(-$long);
|
| 84 |
}
|
| 85 |
public static function inet_aton($ip){
|
| 86 |
+
$ip = preg_replace('/(?<=^|\.)0+([1-9])/', '$1', $ip);
|
| 87 |
return sprintf("%u", ip2long($ip));
|
| 88 |
}
|
| 89 |
public static function getBaseURL(){
|
lib/wordfenceClass.php
CHANGED
|
@@ -434,10 +434,12 @@ class wordfence {
|
|
| 434 |
}
|
| 435 |
}
|
| 436 |
public static function lockOutIP($IP, $reason){
|
|
|
|
|
|
|
|
|
|
| 437 |
if(wfConfig::get('alertOn_loginLockout')){
|
| 438 |
wordfence::alert("User locked out from signing in", "A user with IP address $IP has been locked out from the signing in or using the password recovery form for the following reason: $reason", $IP);
|
| 439 |
}
|
| 440 |
-
self::getLog()->lockOutIP(wfUtils::getIP(), $reason);
|
| 441 |
}
|
| 442 |
public static function isLockedOut($IP){
|
| 443 |
return self::getLog()->isIPLockedOut($IP);
|
| 434 |
}
|
| 435 |
}
|
| 436 |
public static function lockOutIP($IP, $reason){
|
| 437 |
+
//First we lock out IP
|
| 438 |
+
self::getLog()->lockOutIP(wfUtils::getIP(), $reason);
|
| 439 |
+
//Then we send the email because email sending takes time and we want to block the baddie asap. If we don't users can get a lot of emails about a single attacker getting locked out.
|
| 440 |
if(wfConfig::get('alertOn_loginLockout')){
|
| 441 |
wordfence::alert("User locked out from signing in", "A user with IP address $IP has been locked out from the signing in or using the password recovery form for the following reason: $reason", $IP);
|
| 442 |
}
|
|
|
|
| 443 |
}
|
| 444 |
public static function isLockedOut($IP){
|
| 445 |
return self::getLog()->isIPLockedOut($IP);
|
lib/wordfenceConstants.php
CHANGED
|
@@ -1,5 +1,5 @@
|
|
| 1 |
<?php
|
| 2 |
-
define('WORDFENCE_API_VERSION', '2.
|
| 3 |
define('WORDFENCE_API_URL_SEC', 'https://noc1.wordfence.com/');
|
| 4 |
define('WORDFENCE_API_URL_NONSEC', 'http://noc1.wordfence.com/');
|
| 5 |
define('WORDFENCE_MAX_SCAN_TIME', 86400); //Increased this from 10 mins to 1 day because very big scans run for a long time. Users can use kill.
|
| 1 |
<?php
|
| 2 |
+
define('WORDFENCE_API_VERSION', '2.8');
|
| 3 |
define('WORDFENCE_API_URL_SEC', 'https://noc1.wordfence.com/');
|
| 4 |
define('WORDFENCE_API_URL_NONSEC', 'http://noc1.wordfence.com/');
|
| 5 |
define('WORDFENCE_MAX_SCAN_TIME', 86400); //Increased this from 10 mins to 1 day because very big scans run for a long time. Users can use kill.
|
lib/wordfenceScanner.php
CHANGED
|
@@ -186,31 +186,33 @@ class wordfenceScanner {
|
|
| 186 |
));
|
| 187 |
break;
|
| 188 |
}
|
| 189 |
-
|
| 190 |
-
|
| 191 |
-
|
| 192 |
-
|
| 193 |
-
$
|
| 194 |
-
|
|
|
|
|
|
|
| 195 |
}
|
| 196 |
}
|
| 197 |
-
|
| 198 |
-
|
| 199 |
-
|
| 200 |
-
|
| 201 |
-
|
| 202 |
-
|
| 203 |
-
|
| 204 |
-
|
| 205 |
-
|
| 206 |
-
|
| 207 |
-
|
| 208 |
-
|
| 209 |
-
|
| 210 |
-
|
| 211 |
-
|
| 212 |
-
|
| 213 |
-
|
| 214 |
}
|
| 215 |
$this->urlHoover->hoover($file, $data);
|
| 216 |
} else {
|
| 186 |
));
|
| 187 |
break;
|
| 188 |
}
|
| 189 |
+
if(wfConfig::get('scansEnabled_highSense')){
|
| 190 |
+
$badStringFound = false;
|
| 191 |
+
if(strpos($data, $this->patterns['badstrings'][0]) !== false){
|
| 192 |
+
for($i = 1; $i < sizeof($this->patterns['badstrings']); $i++){
|
| 193 |
+
if(strpos($data, $this->patterns['badstrings'][$i]) !== false){
|
| 194 |
+
$badStringFound = $this->patterns['badstrings'][$i];
|
| 195 |
+
break;
|
| 196 |
+
}
|
| 197 |
}
|
| 198 |
}
|
| 199 |
+
if($badStringFound){
|
| 200 |
+
$this->addResult(array(
|
| 201 |
+
'type' => 'file',
|
| 202 |
+
'severity' => 1,
|
| 203 |
+
'ignoreP' => $this->path . $file,
|
| 204 |
+
'ignoreC' => $fileSum,
|
| 205 |
+
'shortMsg' => "This file may contain malicious executable code",
|
| 206 |
+
'longMsg' => "This file is a PHP executable file and contains the word 'eval' (without quotes) and the word '" . $badStringFound . "' (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans.",
|
| 207 |
+
'data' => array(
|
| 208 |
+
'file' => $file,
|
| 209 |
+
'canDiff' => false,
|
| 210 |
+
'canFix' => false,
|
| 211 |
+
'canDelete' => true
|
| 212 |
+
)
|
| 213 |
+
));
|
| 214 |
+
break;
|
| 215 |
+
}
|
| 216 |
}
|
| 217 |
$this->urlHoover->hoover($file, $data);
|
| 218 |
} else {
|
readme.txt
CHANGED
|
@@ -2,8 +2,8 @@
|
|
| 2 |
Contributors: mmaunder
|
| 3 |
Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security
|
| 4 |
Requires at least: 3.3.1
|
| 5 |
-
Tested up to: 3.8
|
| 6 |
-
Stable tag: 4.0.
|
| 7 |
|
| 8 |
Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
|
| 9 |
|
|
@@ -150,6 +150,13 @@ cause a security hole on your site.
|
|
| 150 |
|
| 151 |
== Changelog ==
|
| 152 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 153 |
= 4.0.2 =
|
| 154 |
* Feature: Ability to bulk repair or delete files when cleaning a site.
|
| 155 |
* Feature: You can now limit the number of emails per hour that Wordfence sends.
|
| 2 |
Contributors: mmaunder
|
| 3 |
Tags: wordpress, security, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security
|
| 4 |
Requires at least: 3.3.1
|
| 5 |
+
Tested up to: 3.8.1
|
| 6 |
+
Stable tag: 4.0.3
|
| 7 |
|
| 8 |
Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
|
| 9 |
|
| 150 |
|
| 151 |
== Changelog ==
|
| 152 |
|
| 153 |
+
= 4.0.3 =
|
| 154 |
+
* Improvement: Added "high sensitivity" scanning which catches evals with other bad functions but may give false positives. Not enabled by default.
|
| 155 |
+
* Fix: Removed code that caused error message during scan initialization.
|
| 156 |
+
* Fix: IP to number conversation code had a problem with IP's with a single 0 in them. Bug was introduced in 4.0.2.
|
| 157 |
+
* Fix: Very fast attacks would generate a lot of email alerts due to race condition. Fixed.
|
| 158 |
+
|
| 159 |
+
|
| 160 |
= 4.0.2 =
|
| 161 |
* Feature: Ability to bulk repair or delete files when cleaning a site.
|
| 162 |
* Feature: You can now limit the number of emails per hour that Wordfence sends.
|
wordfence.php
CHANGED
|
@@ -4,13 +4,13 @@ Plugin Name: Wordfence Security
|
|
| 4 |
Plugin URI: http://www.wordfence.com/
|
| 5 |
Description: Wordfence Security - Anti-virus, Firewall and real-time WordPress security Network
|
| 6 |
Author: Mark Maunder
|
| 7 |
-
Version: 4.0.
|
| 8 |
Author URI: http://www.wordfence.com/
|
| 9 |
*/
|
| 10 |
if(defined('WP_INSTALLING') && WP_INSTALLING){
|
| 11 |
return;
|
| 12 |
}
|
| 13 |
-
define('WORDFENCE_VERSION', '4.0.
|
| 14 |
if(get_option('wordfenceActivated') != 1){
|
| 15 |
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
|
| 16 |
}
|
| 4 |
Plugin URI: http://www.wordfence.com/
|
| 5 |
Description: Wordfence Security - Anti-virus, Firewall and real-time WordPress security Network
|
| 6 |
Author: Mark Maunder
|
| 7 |
+
Version: 4.0.3
|
| 8 |
Author URI: http://www.wordfence.com/
|
| 9 |
*/
|
| 10 |
if(defined('WP_INSTALLING') && WP_INSTALLING){
|
| 11 |
return;
|
| 12 |
}
|
| 13 |
+
define('WORDFENCE_VERSION', '4.0.3');
|
| 14 |
if(get_option('wordfenceActivated') != 1){
|
| 15 |
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
|
| 16 |
}
|
