Wordfence Security – Firewall & Malware Scan - Version 5.0.5

Version Description

  • Fix: Removed mysql_real_escape_string because its deprecated. Using WPs internal escape.
  • Fix: Wordfence issues list would be deleted halfway through scan under certain conditions.
  • Fix: Connection tester would generate php error under certain conditions.
Download this release

Release Info

Developer mmaunder
Plugin Icon 128x128 Wordfence Security – Firewall & Malware Scan
Version 5.0.5
Comparing to
See all releases

Code changes from version 5.0.4 to 5.0.5

lib/conntest.php CHANGED
@@ -26,8 +26,10 @@ function doWPostTest($protocol){
26
'sslverify' => false,
27
'headers' => array()
28
));
29
- if($result['response']['code'] == 200 && strpos($result['body'], "scanptestok") !== false){
30
echo "wp_remote_post() test to noc1.wordfence.com passed!<br />\n";
31
} else {
32
echo "wp_remote_post() test to noc1.wordfence.com failed! Response was: " . $result['response']['code'] . " " . $result['response']['message'] . "<br />\n";
33
echo "This likely means that your hosting provider is blocking requests to noc1.wordfence.com or has set up a proxy that is not behaving itself.<br />\n";
26
'sslverify' => false,
27
'headers' => array()
28
));
29
+ if( (! is_wp_error($result)) && $result['response']['code'] == 200 && strpos($result['body'], "scanptestok") !== false){
30
echo "wp_remote_post() test to noc1.wordfence.com passed!<br />\n";
31
+ } else if(is_wp_error($result)){
32
+ echo "wp_remote_post() test to noc1.wordfence.com failed! Response was: " . $result->get_error_message() . "<br />\n";
33
} else {
34
echo "wp_remote_post() test to noc1.wordfence.com failed! Response was: " . $result['response']['code'] . " " . $result['response']['message'] . "<br />\n";
35
echo "This likely means that your hosting provider is blocking requests to noc1.wordfence.com or has set up a proxy that is not behaving itself.<br />\n";
lib/wfDB.php CHANGED
@@ -104,6 +104,11 @@ class wfDB {
104
global $wpdb;
105
return $wpdb->last_error;
106
}
107
}
108
109
?>
104
global $wpdb;
105
return $wpdb->last_error;
106
}
107
+ public function realEscape($str){
108
+ global $wpdb;
109
+ return $wpdb->_real_escape($str);
110
+ }
111
+
112
}
113
114
?>
lib/wfScan.php CHANGED
@@ -80,6 +80,7 @@ class wfScan {
80
} else {
81
wordfence::statusPrep(); //Re-initializes all status counters
82
$scan = new wfScanEngine();
83
}
84
try {
85
$scan->go();
80
} else {
81
wordfence::statusPrep(); //Re-initializes all status counters
82
$scan = new wfScanEngine();
83
+ $scan->deleteNewIssues();
84
}
85
try {
86
$scan->go();
lib/wfScanEngine.php CHANGED
@@ -42,7 +42,6 @@ class wfScanEngine {
42
$this->startTime = time();
43
$this->maxExecTime = self::getMaxExecutionTime();
44
$this->i = new wfIssues();
45
- $this->i->deleteNew();
46
$this->cycleStartTime = time();
47
$this->wp_version = wfUtils::getWPVersion();
48
$this->apiKey = wfConfig::get('apiKey');
@@ -64,6 +63,9 @@ class wfScanEngine {
64
}
65
}
66
}
67
public function __wakeup(){
68
$this->cycleStartTime = time();
69
$this->api = new wfAPI($this->apiKey, $this->wp_version);
42
$this->startTime = time();
43
$this->maxExecTime = self::getMaxExecutionTime();
44
$this->i = new wfIssues();
45
$this->cycleStartTime = time();
46
$this->wp_version = wfUtils::getWPVersion();
47
$this->apiKey = wfConfig::get('apiKey');
63
}
64
}
65
}
66
+ public function deleteNewIssues(){
67
+ $this->i->deleteNew();
68
+ }
69
public function __wakeup(){
70
$this->cycleStartTime = time();
71
$this->api = new wfAPI($this->apiKey, $this->wp_version);
lib/wordfenceURLHoover.php CHANGED
@@ -129,11 +129,11 @@ class wordfenceURLHoover {
129
while($elem = $this->hostsToAdd->shift()){
130
//This may be an issue for hyperDB or other abstraction layers, but leaving it for now.
131
$sql .= sprintf("('%s', '%s', '%s', '%s'),",
132
- mysql_real_escape_string($elem['owner']),
133
- mysql_real_escape_string($elem['host']),
134
- mysql_real_escape_string($elem['path']),
135
- mysql_real_escape_string($elem['hostKey'])
136
- );
137
}
138
$sql = rtrim($sql, ',');
139
$this->db->queryWrite($sql);
129
while($elem = $this->hostsToAdd->shift()){
130
//This may be an issue for hyperDB or other abstraction layers, but leaving it for now.
131
$sql .= sprintf("('%s', '%s', '%s', '%s'),",
132
+ $this->db->realEscape($elem['owner']),
133
+ $this->db->realEscape($elem['host']),
134
+ $this->db->realEscape($elem['path']),
135
+ $this->db->realEscape($elem['hostKey'])
136
+ );
137
}
138
$sql = rtrim($sql, ',');
139
$this->db->queryWrite($sql);
readme.txt CHANGED
@@ -3,13 +3,13 @@ Contributors: mmaunder
3
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability
4
Requires at least: 3.3.1
5
Tested up to: 3.9
6
- Stable tag: 5.0.4
7
8
Wordfence Security is a free enterprise class security plugin that makes your site up to 50 times faster and more secure.
9
10
== Description ==
11
12
- Wordfence Security is a free enterprise class security and performance plugin that includes a very fast caching engine, firewall, anti-virus scanning, cellphone sign-in (two factor authentication), malicious URL scanning and live traffic including crawlers. Wordfence is the only WordPress security and performance plugin that can verify and repair your core, theme and plugin files, even if you don't have backups.
13
14
Wordfence Security is 100% free. We also offer a Premium API key that gives you access to our premium support ticketing system at [support.wordfence.com](http://support.wordfence.com/) along with two factor authentication via SMS, country blocking and the ability to schedule scans for specific times.
15
@@ -162,6 +162,11 @@ cause a security hole on your site.
162
163
== Changelog ==
164
165
= 5.0.4 =
166
* Feature: We now scan for the infamous heartbleed openssl vulnerability using a non-intrusive scan method safe for production servers.
167
* Improvement: We now check if .htaccess is writable and if not we give you rules to manually enable Falcon.
3
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability
4
Requires at least: 3.3.1
5
Tested up to: 3.9
6
+ Stable tag: 5.0.5
7
8
Wordfence Security is a free enterprise class security plugin that makes your site up to 50 times faster and more secure.
9
10
== Description ==
11
12
+ Wordfence starts by checking if your site is already infected. We do a deep server-side scan of your source code comparing it to the Official WordPress repository for core, themes and plugins. Then Wordfence secures your site and makes it up to 50 times faster.
13
14
Wordfence Security is 100% free. We also offer a Premium API key that gives you access to our premium support ticketing system at [support.wordfence.com](http://support.wordfence.com/) along with two factor authentication via SMS, country blocking and the ability to schedule scans for specific times.
15
162
163
== Changelog ==
164
165
+ = 5.0.5 =
166
+ * Fix: Removed mysql_real_escape_string because it’s deprecated. Using WP’s internal escape.
167
+ * Fix: Wordfence issues list would be deleted halfway through scan under certain conditions.
168
+ * Fix: Connection tester would generate php error under certain conditions.
169
+
170
= 5.0.4 =
171
* Feature: We now scan for the infamous heartbleed openssl vulnerability using a non-intrusive scan method safe for production servers.
172
* Improvement: We now check if .htaccess is writable and if not we give you rules to manually enable Falcon.
wordfence.php CHANGED
@@ -4,13 +4,13 @@ Plugin Name: Wordfence Security
4
Plugin URI: http://www.wordfence.com/
5
Description: Wordfence Security - Anti-virus, Firewal and Site Speedup
6
Author: Wordfence
7
- Version: 5.0.4
8
Author URI: http://www.wordfence.com/
9
*/
10
if(defined('WP_INSTALLING') && WP_INSTALLING){
11
return;
12
}
13
- define('WORDFENCE_VERSION', '5.0.4');
14
if(get_option('wordfenceActivated') != 1){
15
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
16
}
4
Plugin URI: http://www.wordfence.com/
5
Description: Wordfence Security - Anti-virus, Firewal and Site Speedup
6
Author: Wordfence
7
+ Version: 5.0.5
8
Author URI: http://www.wordfence.com/
9
*/
10
if(defined('WP_INSTALLING') && WP_INSTALLING){
11
return;
12
}
13
+ define('WORDFENCE_VERSION', '5.0.5');
14
if(get_option('wordfenceActivated') != 1){
15
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
16
}