Wordfence Security – Firewall & Malware Scan - Version 5.0.2

Version Description

  • Fix: Issue that caused users running WordPress in debug mode to see a is_404() warning message.
  • Fix: Issue that caused Call to undefined function wp_get_current_user warning.
  • Fix: Issue that caused caching to not work on sites using subdirectories.
  • Fix: Issue that caused SQL errors to periodically appear about wfPerfLog table.
  • Fix: Issue that caused warnings about array elements not being declared.
Download this release

Release Info

Developer mmaunder
Plugin Icon 128x128 Wordfence Security – Firewall & Malware Scan
Version 5.0.2
Comparing to
See all releases

Code changes from version 5.0.1 to 5.0.2

Files changed (6) hide show
  1. js/admin.js +2 -2
  2. lib/wfCache.php +22 -3
  3. lib/wfConfig.php +1 -1
  4. lib/wordfenceClass.php +16 -3
  5. readme.txt +8 -1
  6. wordfence.php +2 -2
js/admin.js CHANGED
@@ -56,9 +56,9 @@ window['wordfenceAdmin'] = {
56
var self = this;
57
this.setupSwitches('wfLiveTrafficOnOff', 'liveTrafficEnabled', function(){});
58
jQuery('#wfLiveTrafficOnOff').change(function(){
59
- if(WordfenceAdminVars.cacheType == 'falcon'){
60
jQuery('#wfLiveTrafficOnOff').attr('checked', false);
61
- self.colorbox('400px', "Falcon doesn't support live traffic", "Please note that you can't enable live traffic when Falcon Engine is enabled. This is done for performance reasons. If you want live traffic, go to the 'Performance Setup' menu and disable Wordfence Falcon Engine.");
62
} else {
63
self.updateSwitch('wfLiveTrafficOnOff', 'liveTrafficEnabled', function(){ window.location.reload(true); });
64
}
56
var self = this;
57
this.setupSwitches('wfLiveTrafficOnOff', 'liveTrafficEnabled', function(){});
58
jQuery('#wfLiveTrafficOnOff').change(function(){
59
+ if(/^(?:falcon|php)#x2F;.test(WordfenceAdminVars.cacheType) ){
60
jQuery('#wfLiveTrafficOnOff').attr('checked', false);
61
+ self.colorbox('400px', "Live Traffic not available in high performance mode", "Please note that you can't enable live traffic when Falcon Engine or basic caching is enabled. This is done for performance reasons. If you want live traffic, go to the 'Performance Setup' menu and disable caching.");
62
} else {
63
self.updateSwitch('wfLiveTrafficOnOff', 'liveTrafficEnabled', function(){ window.location.reload(true); });
64
}
lib/wfCache.php CHANGED
@@ -379,6 +379,25 @@ class wfCache {
379
return false;
380
}
381
private static function getHtaccessCode(){
382
$sslString = "RewriteCond %{HTTPS} off";
383
if(wfConfig::get('allowHTTPSCaching')){
384
$sslString = "";
@@ -415,14 +434,14 @@ class wfCache {
415
RewriteCond %{HTTP:Accept-Encoding} gzip
416
RewriteRule .* - [E=WRDFNC_ENC:_gzip]
417
RewriteCond %{REQUEST_METHOD} !=POST
418
- $sslString
419
RewriteCond %{QUERY_STRING} ^(?:\d+=\d+)?$
420
RewriteCond %{REQUEST_URI} (?:\/|\.html)$ [NC]
421
RewriteCond %{HTTP_COOKIE} !(comment_author|wp\-postpass|wf_logout|wordpress_logged_in|wptouch_switch_toggle|wpmp_switcher) [NC]
422
423
RewriteCond %{REQUEST_URI} \/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)(.*)$
424
- RewriteCond "%{DOCUMENT_ROOT}/wp-content/wfcache/%{HTTP_HOST}_%1/%2~%3~%4~%5~%6_wfcache%{WRDFNC_HTTPS}.html%{ENV:WRDFNC_ENC}" -f
425
- RewriteRule \/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)(.*)$ "/wp-content/wfcache/%{HTTP_HOST}_$1/$2~$3~$4~$5~$6_wfcache%{WRDFNC_HTTPS}.html%{ENV:WRDFNC_ENC}" [L]
426
</IfModule>
427
#Do not remove this line. Disable Web caching in Wordfence to remove this data - WFCACHECODE
428
EOT;
379
return false;
380
}
381
private static function getHtaccessCode(){
382
+ $siteURL = site_url();
383
+ $pathPrefix = "";
384
+ $matchCaps = '$1/$2~$3~$4~$5~$6';
385
+ if(preg_match('/^https?:\/\/[^\/]+\/(.+)#x2F;i', $siteURL, $matches)){
386
+ $path = $matches[1];
387
+ $path = preg_replace('/^\//', '', $path);
388
+ $path = preg_replace('/\/#x2F;', '', $path);
389
+ $pieces = explode('/', $path);
390
+ $pathPrefix = '/' . $path; // Which is: /my/path
391
+ if(count($pieces) == 1){
392
+ # No path: "/wp-content/wfcache/%{HTTP_HOST}_$1/$2~$3~$4~$5~$6_wfcache%{WRDFNC_HTTPS}.html%{ENV:WRDFNC_ENC}" [L]
393
+ # One path: "/mdm/wp-content/wfcache/%{HTTP_HOST}_mdm/$1~$2~$3~$4~$5_wfcache%{WRDFNC_HTTPS}.html%{ENV:WRDFNC_ENC}" [L]
394
+ $matchCaps = $pieces[0] . '/$1~$2~$3~$4~$5';
395
+ } else if(count($pieces) == 2){
396
+ $matchCaps = $pieces[0] . '/' . $pieces[1] . '/$1~$2~$3~$4';
397
+ } else {
398
+ $matchCaps = '$1/$2~$3~$4~$5~$6'; #defaults to the regular setting but this won't work. However user should already have gotten a warning that we don't support sites more than 2 dirs deep with falcon.
399
+ }
400
+ }
401
$sslString = "RewriteCond %{HTTPS} off";
402
if(wfConfig::get('allowHTTPSCaching')){
403
$sslString = "";
434
RewriteCond %{HTTP:Accept-Encoding} gzip
435
RewriteRule .* - [E=WRDFNC_ENC:_gzip]
436
RewriteCond %{REQUEST_METHOD} !=POST
437
+ {$sslString}
438
RewriteCond %{QUERY_STRING} ^(?:\d+=\d+)?$
439
RewriteCond %{REQUEST_URI} (?:\/|\.html)$ [NC]
440
RewriteCond %{HTTP_COOKIE} !(comment_author|wp\-postpass|wf_logout|wordpress_logged_in|wptouch_switch_toggle|wpmp_switcher) [NC]
441
442
RewriteCond %{REQUEST_URI} \/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)(.*)$
443
+ RewriteCond "%{DOCUMENT_ROOT}{$pathPrefix}/wp-content/wfcache/%{HTTP_HOST}_%1/%2~%3~%4~%5~%6_wfcache%{WRDFNC_HTTPS}.html%{ENV:WRDFNC_ENC}" -f
444
+ RewriteRule \/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)(.*)$ "{$pathPrefix}/wp-content/wfcache/%{HTTP_HOST}_{$matchCaps}_wfcache%{WRDFNC_HTTPS}.html%{ENV:WRDFNC_ENC}" [L]
445
</IfModule>
446
#Do not remove this line. Disable Web caching in Wordfence to remove this data - WFCACHECODE
447
EOT;
lib/wfConfig.php CHANGED
@@ -666,7 +666,7 @@ class wfConfig {
666
}
667
}
668
public static function liveTrafficEnabled(){
669
- if( (! self::get('liveTrafficEnabled')) || self::get('cacheType') == 'falcon'){ return false; }
670
return true;
671
}
672
}
666
}
667
}
668
public static function liveTrafficEnabled(){
669
+ if( (! self::get('liveTrafficEnabled')) || self::get('cacheType') == 'falcon' || self::get('cacheType') == 'php'){ return false; }
670
return true;
671
}
672
}
lib/wordfenceClass.php CHANGED
@@ -153,13 +153,14 @@ class wordfence {
153
$wfdb->queryWrite("delete from $p"."wfHits order by id asc limit %d", ($count - 100));
154
}
155
156
$count6 = $wfdb->querySingle("select count(*) as cnt from $p"."wfPerfLog");
157
if($count6 > 20000){
158
$wfdb->truncate($p . "wfPerfLog"); //So we don't slow down sites that have very large wfHits tables
159
} else if($count6 > 2000){
160
$wfdb->queryWrite("delete from $p"."wfPerfLog order by id asc limit %d", ($count6 - 100));
161
}
162
-
163
$maxRows = 1000; //affects stuff further down too
164
foreach(array('wfLeechers', 'wfScanners') as $table){
165
//This is time based per IP so shouldn't get too big
@@ -276,9 +277,11 @@ class wordfence {
276
self::$hitID = $wfLog->logHit();
277
add_action('wp_head', 'wordfence::wfLogHumanHeader');
278
}
279
if(wfConfig::get('perfLoggingEnabled', false)){
280
add_action('wp_head', 'wordfence::wfLogPerfHeader');
281
}
282
}
283
}
284
public static function install_actions(){
@@ -293,7 +296,6 @@ class wordfence {
293
self::runInstall();
294
}
295
//These access wfConfig::get('apiKey') and will fail if runInstall hasn't executed.
296
- self::doEarlyAccessLogging();
297
wfCache::setupCaching();
298
299
if(defined('MULTISITE') && MULTISITE === true){
@@ -1206,6 +1208,10 @@ class wordfence {
1206
if(count($badPlugins) > 0){
1207
return array('errorMsg' => "You can not enable caching in Wordfence with other caching plugins enabled. This may cause conflicts. You need to disable other caching plugins first. Wordfence caching is very fast and does not require other caching plugins to be active. The plugins you have that conflict are: " . implode(', ', $badPlugins) . ". Disable these plugins, then return to this page and enable Wordfence caching.");
1208
}
1209
}
1210
if($cacheType == 'falcon'){
1211
if(! get_option('permalink_structure', '')){
@@ -1690,14 +1696,16 @@ class wordfence {
1690
$newestEventTime = $_POST['otherParams'];
1691
$events = self::getLog()->getPerfStats($newestEventTime);
1692
}
1693
$longest = 0;
1694
foreach($events as $e){
1695
$length = $e['domainLookupEnd'] + $e['connectEnd'] + $e['responseStart'] + $e['responseEnd'] + $e['domReady'] + $e['loaded'];
1696
$longest = $length > $longest ? $length : $longest;
1697
}
1698
$jsonData['events'] = $events;
1699
$jsonData['alsoGet'] = $alsoGet; //send it back so we don't load data if panel has changed
1700
- $jsonData['longestLine'] = $longest;
1701
return $jsonData;
1702
}
1703
public static function ajax_activityLogUpdate_callback(){
@@ -1890,6 +1898,11 @@ class wordfence {
1890
}
1891
public static function templateRedir(){
1892
$wfFunc = get_query_var('_wfsf');
1893
1894
if(! ($wfFunc == 'diff' || $wfFunc == 'view' || $wfFunc == 'sysinfo' || $wfFunc == 'conntest' || $wfFunc == 'unknownFiles' || $wfFunc == 'IPTraf' || $wfFunc == 'viewActivityLog' || $wfFunc == 'testmem' || $wfFunc == 'testtime')){
1895
return;
153
$wfdb->queryWrite("delete from $p"."wfHits order by id asc limit %d", ($count - 100));
154
}
155
156
+ /*
157
$count6 = $wfdb->querySingle("select count(*) as cnt from $p"."wfPerfLog");
158
if($count6 > 20000){
159
$wfdb->truncate($p . "wfPerfLog"); //So we don't slow down sites that have very large wfHits tables
160
} else if($count6 > 2000){
161
$wfdb->queryWrite("delete from $p"."wfPerfLog order by id asc limit %d", ($count6 - 100));
162
}
163
+ */
164
$maxRows = 1000; //affects stuff further down too
165
foreach(array('wfLeechers', 'wfScanners') as $table){
166
//This is time based per IP so shouldn't get too big
277
self::$hitID = $wfLog->logHit();
278
add_action('wp_head', 'wordfence::wfLogHumanHeader');
279
}
280
+ /*
281
if(wfConfig::get('perfLoggingEnabled', false)){
282
add_action('wp_head', 'wordfence::wfLogPerfHeader');
283
}
284
+ */
285
}
286
}
287
public static function install_actions(){
296
self::runInstall();
297
}
298
//These access wfConfig::get('apiKey') and will fail if runInstall hasn't executed.
299
wfCache::setupCaching();
300
301
if(defined('MULTISITE') && MULTISITE === true){
1208
if(count($badPlugins) > 0){
1209
return array('errorMsg' => "You can not enable caching in Wordfence with other caching plugins enabled. This may cause conflicts. You need to disable other caching plugins first. Wordfence caching is very fast and does not require other caching plugins to be active. The plugins you have that conflict are: " . implode(', ', $badPlugins) . ". Disable these plugins, then return to this page and enable Wordfence caching.");
1210
}
1211
+ $siteURL = site_url();
1212
+ if(preg_match('/^https?:\/\/[^\/]+\/[^\/]+\/[^\/]+\/.+/i', $siteURL)){
1213
+ return array('errorMsg' => "Wordfence caching currently does not support sites that are installed in a subdirectory and have a home page that is more than 2 directory levels deep. e.g. we don't support sites who's home page is http://example.com/levelOne/levelTwo/levelThree");
1214
+ }
1215
}
1216
if($cacheType == 'falcon'){
1217
if(! get_option('permalink_structure', '')){
1696
$newestEventTime = $_POST['otherParams'];
1697
$events = self::getLog()->getPerfStats($newestEventTime);
1698
}
1699
+ /*
1700
$longest = 0;
1701
foreach($events as $e){
1702
$length = $e['domainLookupEnd'] + $e['connectEnd'] + $e['responseStart'] + $e['responseEnd'] + $e['domReady'] + $e['loaded'];
1703
$longest = $length > $longest ? $length : $longest;
1704
}
1705
+ */
1706
$jsonData['events'] = $events;
1707
$jsonData['alsoGet'] = $alsoGet; //send it back so we don't load data if panel has changed
1708
+ //$jsonData['longestLine'] = $longest;
1709
return $jsonData;
1710
}
1711
public static function ajax_activityLogUpdate_callback(){
1898
}
1899
public static function templateRedir(){
1900
$wfFunc = get_query_var('_wfsf');
1901
+
1902
+ //Logging
1903
+ self::doEarlyAccessLogging();
1904
+ //End logging
1905
+
1906
1907
if(! ($wfFunc == 'diff' || $wfFunc == 'view' || $wfFunc == 'sysinfo' || $wfFunc == 'conntest' || $wfFunc == 'unknownFiles' || $wfFunc == 'IPTraf' || $wfFunc == 'viewActivityLog' || $wfFunc == 'testmem' || $wfFunc == 'testtime')){
1908
return;
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: mmaunder
3
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security
4
Requires at least: 3.3.1
5
Tested up to: 3.8.1
6
- Stable tag: 5.0.1
7
8
Wordfence Security is a free enterprise class security plugin that makes your site up to 50 times faster and more secure. Wordfence includes a firewall, virus scanning, real-time traffic with geolocation and two very fast caching engines.
9
@@ -161,6 +161,13 @@ cause a security hole on your site.
161
162
== Changelog ==
163
164
= 5.0.1 =
165
* To see a video introduction of Falcon Engine included with Wordfence 5, [please watch this video](https://vimeo.com/91217997)
166
* SUMMARY: This is a major release which includes Falcon Engine which provides the fastest WordPress caching available today. It also includes many other improvements and fixes. Upgrade immediatelly to get a massive performance boost for your site, many new features and fixes.
3
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security
4
Requires at least: 3.3.1
5
Tested up to: 3.8.1
6
+ Stable tag: 5.0.2
7
8
Wordfence Security is a free enterprise class security plugin that makes your site up to 50 times faster and more secure. Wordfence includes a firewall, virus scanning, real-time traffic with geolocation and two very fast caching engines.
9
161
162
== Changelog ==
163
164
+ = 5.0.2 =
165
+ * Fix: Issue that caused users running WordPress in debug mode to see a is_404() warning message.
166
+ * Fix: Issue that caused Call to undefined function wp_get_current_user warning.
167
+ * Fix: Issue that caused caching to not work on sites using subdirectories.
168
+ * Fix: Issue that caused SQL errors to periodically appear about wfPerfLog table.
169
+ * Fix: Issue that caused warnings about array elements not being declared.
170
+
171
= 5.0.1 =
172
* To see a video introduction of Falcon Engine included with Wordfence 5, [please watch this video](https://vimeo.com/91217997)
173
* SUMMARY: This is a major release which includes Falcon Engine which provides the fastest WordPress caching available today. It also includes many other improvements and fixes. Upgrade immediatelly to get a massive performance boost for your site, many new features and fixes.
wordfence.php CHANGED
@@ -4,13 +4,13 @@ Plugin Name: Wordfence Security
4
Plugin URI: http://www.wordfence.com/
5
Description: Wordfence Security - Anti-virus, Firewall and real-time WordPress security Network
6
Author: Wordfence
7
- Version: 5.0.1
8
Author URI: http://www.wordfence.com/
9
*/
10
if(defined('WP_INSTALLING') && WP_INSTALLING){
11
return;
12
}
13
- define('WORDFENCE_VERSION', '5.0.1');
14
if(get_option('wordfenceActivated') != 1){
15
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
16
}
4
Plugin URI: http://www.wordfence.com/
5
Description: Wordfence Security - Anti-virus, Firewall and real-time WordPress security Network
6
Author: Wordfence
7
+ Version: 5.0.2
8
Author URI: http://www.wordfence.com/
9
*/
10
if(defined('WP_INSTALLING') && WP_INSTALLING){
11
return;
12
}
13
+ define('WORDFENCE_VERSION', '5.0.2');
14
if(get_option('wordfenceActivated') != 1){
15
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
16
}