Wordfence Security – Firewall &amp; Malware Scan

Version Description

Fix: Issue that caused users running WordPress in debug mode to see a is_404() warning message.
Fix: Issue that caused Call to undefined function wp_get_current_user warning.
Fix: Issue that caused caching to not work on sites using subdirectories.
Fix: Issue that caused SQL errors to periodically appear about wfPerfLog table.
Fix: Issue that caused warnings about array elements not being declared.

Release Info

Developer	mmaunder
Plugin	Wordfence Security – Firewall & Malware Scan
Version	5.0.2
Comparing to
See all releases

Code changes from version 5.0.1 to 5.0.2

Files changed (6) hide show

js/admin.js +2 -2
lib/wfCache.php +22 -3
lib/wfConfig.php +1 -1
lib/wordfenceClass.php +16 -3
readme.txt +8 -1
wordfence.php +2 -2

js/admin.js CHANGED Viewed

	@@ -56,9 +56,9 @@ window['wordfenceAdmin'] = {
56	var self = this;
57	this.setupSwitches('wfLiveTrafficOnOff', 'liveTrafficEnabled', function(){});
58	jQuery('#wfLiveTrafficOnOff').change(function(){
59	- if(WordfenceAdminVars.cacheType ~~== 'falcon'~~){
60	jQuery('#wfLiveTrafficOnOff').attr('checked', false);
61	- self.colorbox('400px', "~~Falcon~~ ~~doesn't~~ ~~support~~ ~~live~~ ~~traffic~~", "Please note that you can't enable live traffic when Falcon Engine is enabled. This is done for performance reasons. If you want live traffic, go to the 'Performance Setup' menu and disable ~~Wordfence Falcon Engine~~.");
62	} else {
63	self.updateSwitch('wfLiveTrafficOnOff', 'liveTrafficEnabled', function(){ window.location.reload(true); });
64	}


56	var self = this;
57	this.setupSwitches('wfLiveTrafficOnOff', 'liveTrafficEnabled', function(){});
58	jQuery('#wfLiveTrafficOnOff').change(function(){
59	+ if(/^(?:falcon\|php)$/.test(WordfenceAdminVars.cacheType) ){
60	jQuery('#wfLiveTrafficOnOff').attr('checked', false);
61	+ self.colorbox('400px', "Live Traffic not available in high performance mode", "Please note that you can't enable live traffic when Falcon Engine or basic caching is enabled. This is done for performance reasons. If you want live traffic, go to the 'Performance Setup' menu and disable caching.");
62	} else {
63	self.updateSwitch('wfLiveTrafficOnOff', 'liveTrafficEnabled', function(){ window.location.reload(true); });
64	}

lib/wfCache.php CHANGED Viewed

	@@ -379,6 +379,25 @@ class wfCache {
379	return false;
380	}
381	private static function getHtaccessCode(){



















382	$sslString = "RewriteCond %{HTTPS} off";
383	if(wfConfig::get('allowHTTPSCaching')){
384	$sslString = "";
	@@ -415,14 +434,14 @@ class wfCache {
415	RewriteCond %{HTTP:Accept-Encoding} gzip
416	RewriteRule .* - [E=WRDFNC_ENC:_gzip]
417	RewriteCond %{REQUEST_METHOD} !=POST
418	- $sslString
419	RewriteCond %{QUERY_STRING} ^(?:\d+=\d+)?$
420	RewriteCond %{REQUEST_URI} (?:\/\|\.html)$ [NC]
421	RewriteCond %{HTTP_COOKIE} !(comment_author\|wp\-postpass\|wf_logout\|wordpress_logged_in\|wptouch_switch_toggle\|wpmp_switcher) [NC]
422
423	RewriteCond %{REQUEST_URI} \/([^\/])\/([^\/])\/([^\/])\/([^\/])\/([^\/])(.*)$
424	- RewriteCond "%{DOCUMENT_ROOT}/wp-content/wfcache/%{HTTP_HOST}_%1/%2~%3~%4~%5~%6_wfcache%{WRDFNC_HTTPS}.html%{ENV:WRDFNC_ENC}" -f
425	- RewriteRule \/([^\/])\/([^\/])\/([^\/])\/([^\/])\/([^\/])(.*)$ "/wp-content/wfcache/%{HTTP_HOST}_$~~1/$2~$3~$4~$5~$6_wfcache~~%{WRDFNC_HTTPS}.html%{ENV:WRDFNC_ENC}" [L]
426	</IfModule>
427	#Do not remove this line. Disable Web caching in Wordfence to remove this data - WFCACHECODE
428	EOT;


379	return false;
380	}
381	private static function getHtaccessCode(){
382	+ $siteURL = site_url();
383	+ $pathPrefix = "";
384	+ $matchCaps = '$1/$2~$3~$4~$5~$6';
385	+ if(preg_match('/^https?:\/\/[^\/]+\/(.+)$/i', $siteURL, $matches)){
386	+ $path = $matches[1];
387	+ $path = preg_replace('/^\//', '', $path);
388	+ $path = preg_replace('/\/$/', '', $path);
389	+ $pieces = explode('/', $path);
390	+ $pathPrefix = '/' . $path; // Which is: /my/path
391	+ if(count($pieces) == 1){
392	+ # No path: "/wp-content/wfcache/%{HTTP_HOST}_$1/$2~$3~$4~$5~$6_wfcache%{WRDFNC_HTTPS}.html%{ENV:WRDFNC_ENC}" [L]
393	+ # One path: "/mdm/wp-content/wfcache/%{HTTP_HOST}_mdm/$1~$2~$3~$4~$5_wfcache%{WRDFNC_HTTPS}.html%{ENV:WRDFNC_ENC}" [L]
394	+ $matchCaps = $pieces[0] . '/$1~$2~$3~$4~$5';
395	+ } else if(count($pieces) == 2){
396	+ $matchCaps = $pieces[0] . '/' . $pieces[1] . '/$1~$2~$3~$4';
397	+ } else {
398	+ $matchCaps = '$1/$2~$3~$4~$5~$6'; #defaults to the regular setting but this won't work. However user should already have gotten a warning that we don't support sites more than 2 dirs deep with falcon.
399	+ }
400	+ }
401	$sslString = "RewriteCond %{HTTPS} off";
402	if(wfConfig::get('allowHTTPSCaching')){
403	$sslString = "";

434	RewriteCond %{HTTP:Accept-Encoding} gzip
435	RewriteRule .* - [E=WRDFNC_ENC:_gzip]
436	RewriteCond %{REQUEST_METHOD} !=POST
437	+ {$sslString}
438	RewriteCond %{QUERY_STRING} ^(?:\d+=\d+)?$
439	RewriteCond %{REQUEST_URI} (?:\/\|\.html)$ [NC]
440	RewriteCond %{HTTP_COOKIE} !(comment_author\|wp\-postpass\|wf_logout\|wordpress_logged_in\|wptouch_switch_toggle\|wpmp_switcher) [NC]
441
442	RewriteCond %{REQUEST_URI} \/([^\/])\/([^\/])\/([^\/])\/([^\/])\/([^\/])(.*)$
443	+ RewriteCond "%{DOCUMENT_ROOT}{$pathPrefix}/wp-content/wfcache/%{HTTP_HOST}_%1/%2~%3~%4~%5~%6_wfcache%{WRDFNC_HTTPS}.html%{ENV:WRDFNC_ENC}" -f
444	+ RewriteRule \/([^\/])\/([^\/])\/([^\/])\/([^\/])\/([^\/])(.*)$ "{$pathPrefix}/wp-content/wfcache/%{HTTP_HOST}_{$matchCaps}_wfcache%{WRDFNC_HTTPS}.html%{ENV:WRDFNC_ENC}" [L]
445	</IfModule>
446	#Do not remove this line. Disable Web caching in Wordfence to remove this data - WFCACHECODE
447	EOT;

lib/wfConfig.php CHANGED Viewed

	@@ -666,7 +666,7 @@ class wfConfig {
666	}
667	}
668	public static function liveTrafficEnabled(){
669	- if( (! self::get('liveTrafficEnabled')) \|\| self::get('cacheType') == 'falcon'){ return false; }
670	return true;
671	}
672	}


666	}
667	}
668	public static function liveTrafficEnabled(){
669	+ if( (! self::get('liveTrafficEnabled')) \|\| self::get('cacheType') == 'falcon' \|\| self::get('cacheType') == 'php'){ return false; }
670	return true;
671	}
672	}

lib/wordfenceClass.php CHANGED Viewed

	@@ -153,13 +153,14 @@ class wordfence {
153	$wfdb->queryWrite("delete from $p"."wfHits order by id asc limit %d", ($count - 100));
154	}
155

156	$count6 = $wfdb->querySingle("select count(*) as cnt from $p"."wfPerfLog");
157	if($count6 > 20000){
158	$wfdb->truncate($p . "wfPerfLog"); //So we don't slow down sites that have very large wfHits tables
159	} else if($count6 > 2000){
160	$wfdb->queryWrite("delete from $p"."wfPerfLog order by id asc limit %d", ($count6 - 100));
161	}
162	-
163	$maxRows = 1000; //affects stuff further down too
164	foreach(array('wfLeechers', 'wfScanners') as $table){
165	//This is time based per IP so shouldn't get too big
	@@ -276,9 +277,11 @@ class wordfence {
276	self::$hitID = $wfLog->logHit();
277	add_action('wp_head', 'wordfence::wfLogHumanHeader');
278	}

279	if(wfConfig::get('perfLoggingEnabled', false)){
280	add_action('wp_head', 'wordfence::wfLogPerfHeader');
281	}

282	}
283	}
284	public static function install_actions(){
	@@ -293,7 +296,6 @@ class wordfence {
293	self::runInstall();
294	}
295	//These access wfConfig::get('apiKey') and will fail if runInstall hasn't executed.
296	- self::doEarlyAccessLogging();
297	wfCache::setupCaching();
298
299	if(defined('MULTISITE') && MULTISITE === true){
	@@ -1206,6 +1208,10 @@ class wordfence {
1206	if(count($badPlugins) > 0){
1207	return array('errorMsg' => "You can not enable caching in Wordfence with other caching plugins enabled. This may cause conflicts. You need to disable other caching plugins first. Wordfence caching is very fast and does not require other caching plugins to be active. The plugins you have that conflict are: " . implode(', ', $badPlugins) . ". Disable these plugins, then return to this page and enable Wordfence caching.");
1208	}




1209	}
1210	if($cacheType == 'falcon'){
1211	if(! get_option('permalink_structure', '')){
	@@ -1690,14 +1696,16 @@ class wordfence {
1690	$newestEventTime = $_POST['otherParams'];
1691	$events = self::getLog()->getPerfStats($newestEventTime);
1692	}

1693	$longest = 0;
1694	foreach($events as $e){
1695	$length = $e['domainLookupEnd'] + $e['connectEnd'] + $e['responseStart'] + $e['responseEnd'] + $e['domReady'] + $e['loaded'];
1696	$longest = $length > $longest ? $length : $longest;
1697	}

1698	$jsonData['events'] = $events;
1699	$jsonData['alsoGet'] = $alsoGet; //send it back so we don't load data if panel has changed
1700	- $jsonData['longestLine'] = $longest;
1701	return $jsonData;
1702	}
1703	public static function ajax_activityLogUpdate_callback(){
	@@ -1890,6 +1898,11 @@ class wordfence {
1890	}
1891	public static function templateRedir(){
1892	$wfFunc = get_query_var('_wfsf');





1893
1894	if(! ($wfFunc == 'diff' \|\| $wfFunc == 'view' \|\| $wfFunc == 'sysinfo' \|\| $wfFunc == 'conntest' \|\| $wfFunc == 'unknownFiles' \|\| $wfFunc == 'IPTraf' \|\| $wfFunc == 'viewActivityLog' \|\| $wfFunc == 'testmem' \|\| $wfFunc == 'testtime')){
1895	return;


153	$wfdb->queryWrite("delete from $p"."wfHits order by id asc limit %d", ($count - 100));
154	}
155
156	+ /*
157	$count6 = $wfdb->querySingle("select count(*) as cnt from $p"."wfPerfLog");
158	if($count6 > 20000){
159	$wfdb->truncate($p . "wfPerfLog"); //So we don't slow down sites that have very large wfHits tables
160	} else if($count6 > 2000){
161	$wfdb->queryWrite("delete from $p"."wfPerfLog order by id asc limit %d", ($count6 - 100));
162	}
163	+ */
164	$maxRows = 1000; //affects stuff further down too
165	foreach(array('wfLeechers', 'wfScanners') as $table){
166	//This is time based per IP so shouldn't get too big

277	self::$hitID = $wfLog->logHit();
278	add_action('wp_head', 'wordfence::wfLogHumanHeader');
279	}
280	+ /*
281	if(wfConfig::get('perfLoggingEnabled', false)){
282	add_action('wp_head', 'wordfence::wfLogPerfHeader');
283	}
284	+ */
285	}
286	}
287	public static function install_actions(){

296	self::runInstall();
297	}
298	//These access wfConfig::get('apiKey') and will fail if runInstall hasn't executed.

299	wfCache::setupCaching();
300
301	if(defined('MULTISITE') && MULTISITE === true){

1208	if(count($badPlugins) > 0){
1209	return array('errorMsg' => "You can not enable caching in Wordfence with other caching plugins enabled. This may cause conflicts. You need to disable other caching plugins first. Wordfence caching is very fast and does not require other caching plugins to be active. The plugins you have that conflict are: " . implode(', ', $badPlugins) . ". Disable these plugins, then return to this page and enable Wordfence caching.");
1210	}
1211	+ $siteURL = site_url();
1212	+ if(preg_match('/^https?:\/\/[^\/]+\/[^\/]+\/[^\/]+\/.+/i', $siteURL)){
1213	+ return array('errorMsg' => "Wordfence caching currently does not support sites that are installed in a subdirectory and have a home page that is more than 2 directory levels deep. e.g. we don't support sites who's home page is http://example.com/levelOne/levelTwo/levelThree");
1214	+ }
1215	}
1216	if($cacheType == 'falcon'){
1217	if(! get_option('permalink_structure', '')){

1696	$newestEventTime = $_POST['otherParams'];
1697	$events = self::getLog()->getPerfStats($newestEventTime);
1698	}
1699	+ /*
1700	$longest = 0;
1701	foreach($events as $e){
1702	$length = $e['domainLookupEnd'] + $e['connectEnd'] + $e['responseStart'] + $e['responseEnd'] + $e['domReady'] + $e['loaded'];
1703	$longest = $length > $longest ? $length : $longest;
1704	}
1705	+ */
1706	$jsonData['events'] = $events;
1707	$jsonData['alsoGet'] = $alsoGet; //send it back so we don't load data if panel has changed
1708	+ //$jsonData['longestLine'] = $longest;
1709	return $jsonData;
1710	}
1711	public static function ajax_activityLogUpdate_callback(){

1898	}
1899	public static function templateRedir(){
1900	$wfFunc = get_query_var('_wfsf');
1901	+
1902	+ //Logging
1903	+ self::doEarlyAccessLogging();
1904	+ //End logging
1905	+
1906
1907	if(! ($wfFunc == 'diff' \|\| $wfFunc == 'view' \|\| $wfFunc == 'sysinfo' \|\| $wfFunc == 'conntest' \|\| $wfFunc == 'unknownFiles' \|\| $wfFunc == 'IPTraf' \|\| $wfFunc == 'viewActivityLog' \|\| $wfFunc == 'testmem' \|\| $wfFunc == 'testtime')){
1908	return;

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: mmaunder
3	Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security
4	Requires at least: 3.3.1
5	Tested up to: 3.8.1
6	- Stable tag: 5.0.1
7
8	Wordfence Security is a free enterprise class security plugin that makes your site up to 50 times faster and more secure. Wordfence includes a firewall, virus scanning, real-time traffic with geolocation and two very fast caching engines.
9
	@@ -161,6 +161,13 @@ cause a security hole on your site.
161
162	== Changelog ==
163







164	= 5.0.1 =
165	* To see a video introduction of Falcon Engine included with Wordfence 5, [please watch this video](https://vimeo.com/91217997)
166	* SUMMARY: This is a major release which includes Falcon Engine which provides the fastest WordPress caching available today. It also includes many other improvements and fixes. Upgrade immediatelly to get a massive performance boost for your site, many new features and fixes.


3	Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security
4	Requires at least: 3.3.1
5	Tested up to: 3.8.1
6	+ Stable tag: 5.0.2
7
8	Wordfence Security is a free enterprise class security plugin that makes your site up to 50 times faster and more secure. Wordfence includes a firewall, virus scanning, real-time traffic with geolocation and two very fast caching engines.
9

161
162	== Changelog ==
163
164	+ = 5.0.2 =
165	+ * Fix: Issue that caused users running WordPress in debug mode to see a is_404() warning message.
166	+ * Fix: Issue that caused Call to undefined function wp_get_current_user warning.
167	+ * Fix: Issue that caused caching to not work on sites using subdirectories.
168	+ * Fix: Issue that caused SQL errors to periodically appear about wfPerfLog table.
169	+ * Fix: Issue that caused warnings about array elements not being declared.
170	+
171	= 5.0.1 =
172	* To see a video introduction of Falcon Engine included with Wordfence 5, [please watch this video](https://vimeo.com/91217997)
173	* SUMMARY: This is a major release which includes Falcon Engine which provides the fastest WordPress caching available today. It also includes many other improvements and fixes. Upgrade immediatelly to get a massive performance boost for your site, many new features and fixes.

wordfence.php CHANGED Viewed

	@@ -4,13 +4,13 @@ Plugin Name: Wordfence Security
4	Plugin URI: http://www.wordfence.com/
5	Description: Wordfence Security - Anti-virus, Firewall and real-time WordPress security Network
6	Author: Wordfence
7	- Version: 5.0.1
8	Author URI: http://www.wordfence.com/
9	*/
10	if(defined('WP_INSTALLING') && WP_INSTALLING){
11	return;
12	}
13	- define('WORDFENCE_VERSION', '5.0.1');
14	if(get_option('wordfenceActivated') != 1){
15	add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
16	}


4	Plugin URI: http://www.wordfence.com/
5	Description: Wordfence Security - Anti-virus, Firewall and real-time WordPress security Network
6	Author: Wordfence
7	+ Version: 5.0.2
8	Author URI: http://www.wordfence.com/
9	*/
10	if(defined('WP_INSTALLING') && WP_INSTALLING){
11	return;
12	}
13	+ define('WORDFENCE_VERSION', '5.0.2');
14	if(get_option('wordfenceActivated') != 1){
15	add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
16	}

Wordfence Security – Firewall & Malware Scan - Version 5.0.2

Version Description

Release Info

Code changes from version 5.0.1 to 5.0.2