Wordfence Security – Firewall & Malware Scan - Version 5.0.3

Version Description

  • Removed ability to disable XML-RPC. The feature broke many mobile apps and other remote services.
Download this release

Release Info

Developer mmaunder
Plugin Icon 128x128 Wordfence Security – Firewall & Malware Scan
Version 5.0.3
Comparing to
See all releases

Code changes from version 5.0.2 to 5.0.3

lib/menu_options.php CHANGED
@@ -248,7 +248,6 @@ var WFSLevels = <?php echo json_encode(wfConfig::$securityLevels); ?>;
248
</td></tr>
249
<tr><th>Whitelisted IP addresses that bypass all rules:</th><td><input type="text" name="whitelisted" id="whitelisted" value="<?php echo $w->getHTML('whitelisted'); ?>" size="40" /></td></tr>
250
<tr><th colspan="2" style="color: #999;">Whitelisted IP's must be separated by commas. You can specify ranges using the following format: 123.23.34.[1-50]<br />Wordfence automatically whitelists <a href="http://en.wikipedia.org/wiki/Private_network" target="_blank">private networks</a> because these are not routable on the public Internet.<br /><br /></th></tr>
251
- <tr><th>Disable XML-RPC for DDoS protection</th><td><input type="checkbox" id="other_disableXMLRPC" class="wfConfigElem" name="other_disableXMLRPC" value="1" <?php $w->cb('other_disableXMLRPC'); ?> /></td></tr>
252
<tr><th>Hide WordPress version</th><td><input type="checkbox" id="other_hideWPVersion" class="wfConfigElem" name="other_hideWPVersion" value="1" <?php $w->cb('other_hideWPVersion'); ?> /></td></tr>
253
<tr><th>Hold anonymous comments using member emails for moderation</th><td><input type="checkbox" id="other_noAnonMemberComments" class="wfConfigElem" name="other_noAnonMemberComments" value="1" <?php $w->cb('other_noAnonMemberComments'); ?> /></td></tr>
254
<tr><th>Scan comments for malware and phishing URL's</th><td><input type="checkbox" id="other_scanComments" class="wfConfigElem" name="other_scanComments" value="1" <?php $w->cb('other_scanComments'); ?> /></td></tr>
248
</td></tr>
249
<tr><th>Whitelisted IP addresses that bypass all rules:</th><td><input type="text" name="whitelisted" id="whitelisted" value="<?php echo $w->getHTML('whitelisted'); ?>" size="40" /></td></tr>
250
<tr><th colspan="2" style="color: #999;">Whitelisted IP's must be separated by commas. You can specify ranges using the following format: 123.23.34.[1-50]<br />Wordfence automatically whitelists <a href="http://en.wikipedia.org/wiki/Private_network" target="_blank">private networks</a> because these are not routable on the public Internet.<br /><br /></th></tr>
251
<tr><th>Hide WordPress version</th><td><input type="checkbox" id="other_hideWPVersion" class="wfConfigElem" name="other_hideWPVersion" value="1" <?php $w->cb('other_hideWPVersion'); ?> /></td></tr>
252
<tr><th>Hold anonymous comments using member emails for moderation</th><td><input type="checkbox" id="other_noAnonMemberComments" class="wfConfigElem" name="other_noAnonMemberComments" value="1" <?php $w->cb('other_noAnonMemberComments'); ?> /></td></tr>
253
<tr><th>Scan comments for malware and phishing URL's</th><td><input type="checkbox" id="other_scanComments" class="wfConfigElem" name="other_scanComments" value="1" <?php $w->cb('other_scanComments'); ?> /></td></tr>
lib/wfConfig.php CHANGED
@@ -45,7 +45,6 @@ class wfConfig {
45
"loginSec_maskLoginErrors" => false,
46
"loginSec_blockAdminReg" => false,
47
"other_hideWPVersion" => false,
48
- "other_disableXMLRPC" => false,
49
"other_noAnonMemberComments" => false,
50
"other_scanComments" => false,
51
"other_pwStrengthOnUpdate" => false,
@@ -119,7 +118,6 @@ class wfConfig {
119
"loginSec_maskLoginErrors" => true,
120
"loginSec_blockAdminReg" => true,
121
"other_hideWPVersion" => true,
122
- "other_disableXMLRPC" => true,
123
"other_noAnonMemberComments" => true,
124
"other_scanComments" => true,
125
"other_pwStrengthOnUpdate" => true,
@@ -193,7 +191,6 @@ class wfConfig {
193
"loginSec_maskLoginErrors" => true,
194
"loginSec_blockAdminReg" => true,
195
"other_hideWPVersion" => true,
196
- "other_disableXMLRPC" => true,
197
"other_noAnonMemberComments" => true,
198
"other_scanComments" => true,
199
"other_pwStrengthOnUpdate" => true,
@@ -267,7 +264,6 @@ class wfConfig {
267
"loginSec_maskLoginErrors" => true,
268
"loginSec_blockAdminReg" => true,
269
"other_hideWPVersion" => true,
270
- "other_disableXMLRPC" => true,
271
"other_noAnonMemberComments" => true,
272
"other_scanComments" => true,
273
"other_pwStrengthOnUpdate" => true,
@@ -341,7 +337,6 @@ class wfConfig {
341
"loginSec_maskLoginErrors" => true,
342
"loginSec_blockAdminReg" => true,
343
"other_hideWPVersion" => true,
344
- "other_disableXMLRPC" => true,
345
"other_noAnonMemberComments" => true,
346
"other_scanComments" => true,
347
"other_pwStrengthOnUpdate" => true,
45
"loginSec_maskLoginErrors" => false,
46
"loginSec_blockAdminReg" => false,
47
"other_hideWPVersion" => false,
48
"other_noAnonMemberComments" => false,
49
"other_scanComments" => false,
50
"other_pwStrengthOnUpdate" => false,
118
"loginSec_maskLoginErrors" => true,
119
"loginSec_blockAdminReg" => true,
120
"other_hideWPVersion" => true,
121
"other_noAnonMemberComments" => true,
122
"other_scanComments" => true,
123
"other_pwStrengthOnUpdate" => true,
191
"loginSec_maskLoginErrors" => true,
192
"loginSec_blockAdminReg" => true,
193
"other_hideWPVersion" => true,
194
"other_noAnonMemberComments" => true,
195
"other_scanComments" => true,
196
"other_pwStrengthOnUpdate" => true,
264
"loginSec_maskLoginErrors" => true,
265
"loginSec_blockAdminReg" => true,
266
"other_hideWPVersion" => true,
267
"other_noAnonMemberComments" => true,
268
"other_scanComments" => true,
269
"other_pwStrengthOnUpdate" => true,
337
"loginSec_maskLoginErrors" => true,
338
"loginSec_blockAdminReg" => true,
339
"other_hideWPVersion" => true,
340
"other_noAnonMemberComments" => true,
341
"other_scanComments" => true,
342
"other_pwStrengthOnUpdate" => true,
lib/wordfenceClass.php CHANGED
@@ -337,9 +337,6 @@ class wordfence {
337
add_action('validate_password_reset', 'wordfence::validatePassword', 10, 2 );
338
}
339
340
- if(wfConfig::get('other_disableXMLRPC')){
341
- add_filter('xmlrpc_enabled', '__return_false');
342
- }
343
add_filter('pre_comment_approved', 'wordfence::preCommentApprovedFilter', '99', 2);
344
add_filter('authenticate', 'wordfence::authenticateFilter', 99, 3);
345
//html|xhtml|atom|rss2|rdf|comment|export
337
add_action('validate_password_reset', 'wordfence::validatePassword', 10, 2 );
338
}
339
340
add_filter('pre_comment_approved', 'wordfence::preCommentApprovedFilter', '99', 2);
341
add_filter('authenticate', 'wordfence::authenticateFilter', 99, 3);
342
//html|xhtml|atom|rss2|rdf|comment|export
readme.txt CHANGED
@@ -3,9 +3,9 @@ Contributors: mmaunder
3
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security
4
Requires at least: 3.3.1
5
Tested up to: 3.8.1
6
- Stable tag: 5.0.2
7
8
- Wordfence Security is a free enterprise class security plugin that makes your site up to 50 times faster and more secure. Wordfence includes a firewall, virus scanning, real-time traffic with geolocation and two very fast caching engines.
9
10
== Description ==
11
@@ -161,8 +161,11 @@ cause a security hole on your site.
161
162
== Changelog ==
163
164
= 5.0.2 =
165
- * Fix: Issue that caused users running WordPress in debug mode to see a is_404() warning message.
166
* Fix: Issue that caused Call to undefined function wp_get_current_user warning.
167
* Fix: Issue that caused caching to not work on sites using subdirectories.
168
* Fix: Issue that caused SQL errors to periodically appear about wfPerfLog table.
3
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security
4
Requires at least: 3.3.1
5
Tested up to: 3.8.1
6
+ Stable tag: 5.0.3
7
8
+ Wordfence Security is a free enterprise class security plugin that makes your site up to 50 times faster and more secure.
9
10
== Description ==
11
161
162
== Changelog ==
163
164
+ = 5.0.3 =
165
+ * Removed ability to disable XML-RPC. The feature broke many mobile apps and other remote services.
166
+
167
= 5.0.2 =
168
+ * Fix: Issue that caused users running WordPress in debug mode to see a is_404 warning message.
169
* Fix: Issue that caused Call to undefined function wp_get_current_user warning.
170
* Fix: Issue that caused caching to not work on sites using subdirectories.
171
* Fix: Issue that caused SQL errors to periodically appear about wfPerfLog table.
wordfence.php CHANGED
@@ -4,13 +4,13 @@ Plugin Name: Wordfence Security
4
Plugin URI: http://www.wordfence.com/
5
Description: Wordfence Security - Anti-virus, Firewall and real-time WordPress security Network
6
Author: Wordfence
7
- Version: 5.0.2
8
Author URI: http://www.wordfence.com/
9
*/
10
if(defined('WP_INSTALLING') && WP_INSTALLING){
11
return;
12
}
13
- define('WORDFENCE_VERSION', '5.0.2');
14
if(get_option('wordfenceActivated') != 1){
15
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
16
}
4
Plugin URI: http://www.wordfence.com/
5
Description: Wordfence Security - Anti-virus, Firewall and real-time WordPress security Network
6
Author: Wordfence
7
+ Version: 5.0.3
8
Author URI: http://www.wordfence.com/
9
*/
10
if(defined('WP_INSTALLING') && WP_INSTALLING){
11
return;
12
}
13
+ define('WORDFENCE_VERSION', '5.0.3');
14
if(get_option('wordfenceActivated') != 1){
15
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
16
}