Version Description
- Fix: Removed mysql_real_escape_string because its deprecated. Using WPs internal escape.
- Fix: Wordfence issues list would be deleted halfway through scan under certain conditions.
- Fix: Connection tester would generate php error under certain conditions.
Download this release
Release Info
Developer | mmaunder |
Plugin | Wordfence Security – Firewall & Malware Scan |
Version | 5.0.5 |
Comparing to | |
See all releases |
Code changes from version 5.0.4 to 5.0.5
- lib/conntest.php +3 -1
- lib/wfDB.php +5 -0
- lib/wfScan.php +1 -0
- lib/wfScanEngine.php +3 -1
- lib/wordfenceURLHoover.php +5 -5
- readme.txt +7 -2
- wordfence.php +2 -2
lib/conntest.php
CHANGED
@@ -26,8 +26,10 @@ function doWPostTest($protocol){
|
|
26 |
'sslverify' => false,
|
27 |
'headers' => array()
|
28 |
));
|
29 |
-
if($result['response']['code'] == 200 && strpos($result['body'], "scanptestok") !== false){
|
30 |
echo "wp_remote_post() test to noc1.wordfence.com passed!<br />\n";
|
|
|
|
|
31 |
} else {
|
32 |
echo "wp_remote_post() test to noc1.wordfence.com failed! Response was: " . $result['response']['code'] . " " . $result['response']['message'] . "<br />\n";
|
33 |
echo "This likely means that your hosting provider is blocking requests to noc1.wordfence.com or has set up a proxy that is not behaving itself.<br />\n";
|
26 |
'sslverify' => false,
|
27 |
'headers' => array()
|
28 |
));
|
29 |
+
if( (! is_wp_error($result)) && $result['response']['code'] == 200 && strpos($result['body'], "scanptestok") !== false){
|
30 |
echo "wp_remote_post() test to noc1.wordfence.com passed!<br />\n";
|
31 |
+
} else if(is_wp_error($result)){
|
32 |
+
echo "wp_remote_post() test to noc1.wordfence.com failed! Response was: " . $result->get_error_message() . "<br />\n";
|
33 |
} else {
|
34 |
echo "wp_remote_post() test to noc1.wordfence.com failed! Response was: " . $result['response']['code'] . " " . $result['response']['message'] . "<br />\n";
|
35 |
echo "This likely means that your hosting provider is blocking requests to noc1.wordfence.com or has set up a proxy that is not behaving itself.<br />\n";
|
lib/wfDB.php
CHANGED
@@ -104,6 +104,11 @@ class wfDB {
|
|
104 |
global $wpdb;
|
105 |
return $wpdb->last_error;
|
106 |
}
|
|
|
|
|
|
|
|
|
|
|
107 |
}
|
108 |
|
109 |
?>
|
104 |
global $wpdb;
|
105 |
return $wpdb->last_error;
|
106 |
}
|
107 |
+
public function realEscape($str){
|
108 |
+
global $wpdb;
|
109 |
+
return $wpdb->_real_escape($str);
|
110 |
+
}
|
111 |
+
|
112 |
}
|
113 |
|
114 |
?>
|
lib/wfScan.php
CHANGED
@@ -80,6 +80,7 @@ class wfScan {
|
|
80 |
} else {
|
81 |
wordfence::statusPrep(); //Re-initializes all status counters
|
82 |
$scan = new wfScanEngine();
|
|
|
83 |
}
|
84 |
try {
|
85 |
$scan->go();
|
80 |
} else {
|
81 |
wordfence::statusPrep(); //Re-initializes all status counters
|
82 |
$scan = new wfScanEngine();
|
83 |
+
$scan->deleteNewIssues();
|
84 |
}
|
85 |
try {
|
86 |
$scan->go();
|
lib/wfScanEngine.php
CHANGED
@@ -42,7 +42,6 @@ class wfScanEngine {
|
|
42 |
$this->startTime = time();
|
43 |
$this->maxExecTime = self::getMaxExecutionTime();
|
44 |
$this->i = new wfIssues();
|
45 |
-
$this->i->deleteNew();
|
46 |
$this->cycleStartTime = time();
|
47 |
$this->wp_version = wfUtils::getWPVersion();
|
48 |
$this->apiKey = wfConfig::get('apiKey');
|
@@ -64,6 +63,9 @@ class wfScanEngine {
|
|
64 |
}
|
65 |
}
|
66 |
}
|
|
|
|
|
|
|
67 |
public function __wakeup(){
|
68 |
$this->cycleStartTime = time();
|
69 |
$this->api = new wfAPI($this->apiKey, $this->wp_version);
|
42 |
$this->startTime = time();
|
43 |
$this->maxExecTime = self::getMaxExecutionTime();
|
44 |
$this->i = new wfIssues();
|
|
|
45 |
$this->cycleStartTime = time();
|
46 |
$this->wp_version = wfUtils::getWPVersion();
|
47 |
$this->apiKey = wfConfig::get('apiKey');
|
63 |
}
|
64 |
}
|
65 |
}
|
66 |
+
public function deleteNewIssues(){
|
67 |
+
$this->i->deleteNew();
|
68 |
+
}
|
69 |
public function __wakeup(){
|
70 |
$this->cycleStartTime = time();
|
71 |
$this->api = new wfAPI($this->apiKey, $this->wp_version);
|
lib/wordfenceURLHoover.php
CHANGED
@@ -129,11 +129,11 @@ class wordfenceURLHoover {
|
|
129 |
while($elem = $this->hostsToAdd->shift()){
|
130 |
//This may be an issue for hyperDB or other abstraction layers, but leaving it for now.
|
131 |
$sql .= sprintf("('%s', '%s', '%s', '%s'),",
|
132 |
-
|
133 |
-
|
134 |
-
|
135 |
-
|
136 |
-
|
137 |
}
|
138 |
$sql = rtrim($sql, ',');
|
139 |
$this->db->queryWrite($sql);
|
129 |
while($elem = $this->hostsToAdd->shift()){
|
130 |
//This may be an issue for hyperDB or other abstraction layers, but leaving it for now.
|
131 |
$sql .= sprintf("('%s', '%s', '%s', '%s'),",
|
132 |
+
$this->db->realEscape($elem['owner']),
|
133 |
+
$this->db->realEscape($elem['host']),
|
134 |
+
$this->db->realEscape($elem['path']),
|
135 |
+
$this->db->realEscape($elem['hostKey'])
|
136 |
+
);
|
137 |
}
|
138 |
$sql = rtrim($sql, ',');
|
139 |
$this->db->queryWrite($sql);
|
readme.txt
CHANGED
@@ -3,13 +3,13 @@ Contributors: mmaunder
|
|
3 |
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability
|
4 |
Requires at least: 3.3.1
|
5 |
Tested up to: 3.9
|
6 |
-
Stable tag: 5.0.
|
7 |
|
8 |
Wordfence Security is a free enterprise class security plugin that makes your site up to 50 times faster and more secure.
|
9 |
|
10 |
== Description ==
|
11 |
|
12 |
-
Wordfence
|
13 |
|
14 |
Wordfence Security is 100% free. We also offer a Premium API key that gives you access to our premium support ticketing system at [support.wordfence.com](http://support.wordfence.com/) along with two factor authentication via SMS, country blocking and the ability to schedule scans for specific times.
|
15 |
|
@@ -162,6 +162,11 @@ cause a security hole on your site.
|
|
162 |
|
163 |
== Changelog ==
|
164 |
|
|
|
|
|
|
|
|
|
|
|
165 |
= 5.0.4 =
|
166 |
* Feature: We now scan for the infamous heartbleed openssl vulnerability using a non-intrusive scan method safe for production servers.
|
167 |
* Improvement: We now check if .htaccess is writable and if not we give you rules to manually enable Falcon.
|
3 |
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability
|
4 |
Requires at least: 3.3.1
|
5 |
Tested up to: 3.9
|
6 |
+
Stable tag: 5.0.5
|
7 |
|
8 |
Wordfence Security is a free enterprise class security plugin that makes your site up to 50 times faster and more secure.
|
9 |
|
10 |
== Description ==
|
11 |
|
12 |
+
Wordfence starts by checking if your site is already infected. We do a deep server-side scan of your source code comparing it to the Official WordPress repository for core, themes and plugins. Then Wordfence secures your site and makes it up to 50 times faster.
|
13 |
|
14 |
Wordfence Security is 100% free. We also offer a Premium API key that gives you access to our premium support ticketing system at [support.wordfence.com](http://support.wordfence.com/) along with two factor authentication via SMS, country blocking and the ability to schedule scans for specific times.
|
15 |
|
162 |
|
163 |
== Changelog ==
|
164 |
|
165 |
+
= 5.0.5 =
|
166 |
+
* Fix: Removed mysql_real_escape_string because it’s deprecated. Using WP’s internal escape.
|
167 |
+
* Fix: Wordfence issues list would be deleted halfway through scan under certain conditions.
|
168 |
+
* Fix: Connection tester would generate php error under certain conditions.
|
169 |
+
|
170 |
= 5.0.4 =
|
171 |
* Feature: We now scan for the infamous heartbleed openssl vulnerability using a non-intrusive scan method safe for production servers.
|
172 |
* Improvement: We now check if .htaccess is writable and if not we give you rules to manually enable Falcon.
|
wordfence.php
CHANGED
@@ -4,13 +4,13 @@ Plugin Name: Wordfence Security
|
|
4 |
Plugin URI: http://www.wordfence.com/
|
5 |
Description: Wordfence Security - Anti-virus, Firewal and Site Speedup
|
6 |
Author: Wordfence
|
7 |
-
Version: 5.0.
|
8 |
Author URI: http://www.wordfence.com/
|
9 |
*/
|
10 |
if(defined('WP_INSTALLING') && WP_INSTALLING){
|
11 |
return;
|
12 |
}
|
13 |
-
define('WORDFENCE_VERSION', '5.0.
|
14 |
if(get_option('wordfenceActivated') != 1){
|
15 |
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
|
16 |
}
|
4 |
Plugin URI: http://www.wordfence.com/
|
5 |
Description: Wordfence Security - Anti-virus, Firewal and Site Speedup
|
6 |
Author: Wordfence
|
7 |
+
Version: 5.0.5
|
8 |
Author URI: http://www.wordfence.com/
|
9 |
*/
|
10 |
if(defined('WP_INSTALLING') && WP_INSTALLING){
|
11 |
return;
|
12 |
}
|
13 |
+
define('WORDFENCE_VERSION', '5.0.5');
|
14 |
if(get_option('wordfenceActivated') != 1){
|
15 |
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
|
16 |
}
|