Version Description
- Feature: Support for Jetpack Mobile Theme in Falcon Caching engine. Regular pages are cached, mobile pages are served direct to browser.
- Improvement: Pages that are less than 1000 bytes will not be cached. The avg web page size in 2014 is 1246,000 bytes. Anything less than 1000 bytes is usuall an error.
- Improvement: Wordfence will now request 128M on hosts instead of 64M where memory in php.ini is set too low.
- Fix: Wordfence was caching 404's under certain conditions. Fixed.
- Fix: Nginx/FastCGI users would sometimes receive an error about not being able to edit .htaccess. Fixed.
Download this release
Release Info
| Developer | mmaunder |
| Plugin |  Wordfence Security – Firewall & Malware Scan |
| Version | 5.0.8 |
| Comparing to | |
| See all releases | |
Code changes from version 5.0.7 to 5.0.8
- js/admin.js +1 -1
- lib/wfCache.php +10 -0
- lib/wordfenceClass.php +4 -0
- readme.txt +8 -1
- wordfence.php +4 -4
js/admin.js
CHANGED
|
@@ -1225,7 +1225,7 @@ window['wordfenceAdmin'] = {
|
|
| 1225 |
if(res.ok){
|
| 1226 |
self.colorbox('400px', "Enabling Falcon Engine", 'First read this <a href="http://www.wordfence.com/introduction-to-wordfence-falcon-engine/" target="_blank">Introduction to Falcon Engine</a>. Falcon modifies your website configuration file which is called your .htaccess file. To enable Falcon we ask that you make a backup of this file. This is a safety precaution in case for some reason Falcon is not compatible with your site.<br /><br /><a href="' + WordfenceAdminVars.ajaxURL + '?action=wordfence_downloadHtaccess&nonce=' + self.nonce + '" onclick="jQuery(\'#wfNextBut\').prop(\'disabled\', false); return true;">Click here to download a backup copy of your .htaccess file now</a><br /><br /><input type="button" name="but1" id="wfNextBut" value="Click to Enable Falcon Engine" disabled="disabled" onclick="WFAD.confirmSwitchToFalcon(0);" />');
|
| 1227 |
} else if(res.nginx){
|
| 1228 |
-
self.colorbox('400px', "Enabling Falcon Engine", 'You are using an Nginx web server and using a FastCGI processor like PHP5-FPM. To use Falcon you will need to manually modify your nginx.conf configuration file and reload your Nginx server for the changes to take effect. You can find the <a href="http://www.wordfence.com/blog/2014/05/nginx-wordfence-falcon-engine-php-fpm-fastcgi-fast-cgi/" target="_blank">rules you need to make these changes to nginx.conf on this page on wordfence.com</a>. Once you have made these changes, compressed cached files will be served to your visitors directly from Nginx making your site extremely fast. When you have made the changes and reloaded your Nginx server, you can click the button below to enable Falcon.<br /><br /><input type="button" name="but1" id="wfNextBut" value="Click to Enable Falcon Engine" onclick="WFAD.confirmSwitchToFalcon(
|
| 1229 |
} else if(res.err){
|
| 1230 |
self.colorbox('400px', "We encountered a problem", "We can't modify your .htaccess file for you because: " + res.err + "<br /><br />Advanced users: If you would like to manually enable Falcon yourself by editing your .htaccess, you can add the rules below to the beginning of your .htaccess file. Then click the button below to enable Falcon. Don't do this unless you understand website configuration.<br /><textarea style='width: 300px; height:100px;' readonly>" + jQuery('<div/>').text(res.code).html() + "</textarea><br /><input type='button' value='Enable Falcon after manually editing .htaccess' onclick='WFAD.confirmSwitchToFalcon(1);' />");
|
| 1231 |
}
|
| 1225 |
if(res.ok){
|
| 1226 |
self.colorbox('400px', "Enabling Falcon Engine", 'First read this <a href="http://www.wordfence.com/introduction-to-wordfence-falcon-engine/" target="_blank">Introduction to Falcon Engine</a>. Falcon modifies your website configuration file which is called your .htaccess file. To enable Falcon we ask that you make a backup of this file. This is a safety precaution in case for some reason Falcon is not compatible with your site.<br /><br /><a href="' + WordfenceAdminVars.ajaxURL + '?action=wordfence_downloadHtaccess&nonce=' + self.nonce + '" onclick="jQuery(\'#wfNextBut\').prop(\'disabled\', false); return true;">Click here to download a backup copy of your .htaccess file now</a><br /><br /><input type="button" name="but1" id="wfNextBut" value="Click to Enable Falcon Engine" disabled="disabled" onclick="WFAD.confirmSwitchToFalcon(0);" />');
|
| 1227 |
} else if(res.nginx){
|
| 1228 |
+
self.colorbox('400px', "Enabling Falcon Engine", 'You are using an Nginx web server and using a FastCGI processor like PHP5-FPM. To use Falcon you will need to manually modify your nginx.conf configuration file and reload your Nginx server for the changes to take effect. You can find the <a href="http://www.wordfence.com/blog/2014/05/nginx-wordfence-falcon-engine-php-fpm-fastcgi-fast-cgi/" target="_blank">rules you need to make these changes to nginx.conf on this page on wordfence.com</a>. Once you have made these changes, compressed cached files will be served to your visitors directly from Nginx making your site extremely fast. When you have made the changes and reloaded your Nginx server, you can click the button below to enable Falcon.<br /><br /><input type="button" name="but1" id="wfNextBut" value="Click to Enable Falcon Engine" onclick="WFAD.confirmSwitchToFalcon(1);" />');
|
| 1229 |
} else if(res.err){
|
| 1230 |
self.colorbox('400px', "We encountered a problem", "We can't modify your .htaccess file for you because: " + res.err + "<br /><br />Advanced users: If you would like to manually enable Falcon yourself by editing your .htaccess, you can add the rules below to the beginning of your .htaccess file. Then click the button below to enable Falcon. Don't do this unless you understand website configuration.<br /><textarea style='width: 300px; height:100px;' readonly>" + jQuery('<div/>').text(res.code).html() + "</textarea><br /><input type='button' value='Enable Falcon after manually editing .htaccess' onclick='WFAD.confirmSwitchToFalcon(1);' />");
|
| 1231 |
}
|
lib/wfCache.php
CHANGED
|
@@ -67,6 +67,9 @@ class wfCache {
|
|
| 67 |
return $status;
|
| 68 |
}
|
| 69 |
public static function isCachable(){
|
|
|
|
|
|
|
|
|
|
| 70 |
if(defined('WFDONOTCACHE') || defined('DONOTCACHEPAGE') || defined('DONOTCACHEDB') || defined('DONOTCACHEOBJECT')){ //If you want to tell Wordfence not to cache something in another plugin, simply define one of these.
|
| 71 |
return false;
|
| 72 |
}
|
|
@@ -125,10 +128,17 @@ class wfCache {
|
|
| 125 |
return false;
|
| 126 |
}
|
| 127 |
public static function obComplete($buffer = ''){
|
|
|
|
|
|
|
|
|
|
|
|
|
| 128 |
if(defined('WFDONOTCACHE') || defined('DONOTCACHEPAGE') || defined('DONOTCACHEDB') || defined('DONOTCACHEOBJECT')){
|
| 129 |
//These constants may have been set after we did the initial isCachable check by e.g. wp_redirect filter. If they're set then just return the buffer and don't cache.
|
| 130 |
return $buffer;
|
| 131 |
}
|
|
|
|
|
|
|
|
|
|
| 132 |
|
| 133 |
$file = self::fileFromRequest( ($_SERVER['HTTP_HOST'] ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME']), $_SERVER['REQUEST_URI']);
|
| 134 |
self::makeDirIfNeeded($file);
|
| 67 |
return $status;
|
| 68 |
}
|
| 69 |
public static function isCachable(){
|
| 70 |
+
if(function_exists('is_404') && is_404()){
|
| 71 |
+
return false;
|
| 72 |
+
}
|
| 73 |
if(defined('WFDONOTCACHE') || defined('DONOTCACHEPAGE') || defined('DONOTCACHEDB') || defined('DONOTCACHEOBJECT')){ //If you want to tell Wordfence not to cache something in another plugin, simply define one of these.
|
| 74 |
return false;
|
| 75 |
}
|
| 128 |
return false;
|
| 129 |
}
|
| 130 |
public static function obComplete($buffer = ''){
|
| 131 |
+
if(function_exists('is_404') && is_404()){
|
| 132 |
+
return false;
|
| 133 |
+
}
|
| 134 |
+
|
| 135 |
if(defined('WFDONOTCACHE') || defined('DONOTCACHEPAGE') || defined('DONOTCACHEDB') || defined('DONOTCACHEOBJECT')){
|
| 136 |
//These constants may have been set after we did the initial isCachable check by e.g. wp_redirect filter. If they're set then just return the buffer and don't cache.
|
| 137 |
return $buffer;
|
| 138 |
}
|
| 139 |
+
if(strlen($buffer) < 1000){ //The average web page size is 1246,000 bytes. If web page is less than 1000 bytes, don't cache it.
|
| 140 |
+
return $buffer;
|
| 141 |
+
}
|
| 142 |
|
| 143 |
$file = self::fileFromRequest( ($_SERVER['HTTP_HOST'] ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME']), $_SERVER['REQUEST_URI']);
|
| 144 |
self::makeDirIfNeeded($file);
|
lib/wordfenceClass.php
CHANGED
|
@@ -374,6 +374,7 @@ class wordfence {
|
|
| 374 |
add_action('validate_password_reset', 'wordfence::validatePassword', 10, 2 );
|
| 375 |
}
|
| 376 |
add_action('publish_future_post', 'wordfence::publishFuturePost');
|
|
|
|
| 377 |
|
| 378 |
//For debugging
|
| 379 |
//add_filter( 'cron_schedules', 'wordfence::cronAddSchedules' );
|
|
@@ -416,6 +417,9 @@ class wordfence {
|
|
| 416 |
return $schedules;
|
| 417 |
}
|
| 418 |
*/
|
|
|
|
|
|
|
|
|
|
| 419 |
public static function wpRedirectFilter($URL, $status){
|
| 420 |
if(isset($_GET['author']) && preg_match('/\/author\/.+/i', $URL) && wfConfig::get('loginSec_disableAuthorScan') ){ //author query variable is present and we're about to redirect to a URL that starts with http://blah/author/...
|
| 421 |
return home_url(); //Send the user to the home URL (as opposed to site_url() which is not the home page on some sites)
|
| 374 |
add_action('validate_password_reset', 'wordfence::validatePassword', 10, 2 );
|
| 375 |
}
|
| 376 |
add_action('publish_future_post', 'wordfence::publishFuturePost');
|
| 377 |
+
add_action('mobile_setup', 'wordfence::jetpackMobileSetup'); //Action called in Jetpack Mobile Theme: modules/minileven/minileven.php
|
| 378 |
|
| 379 |
//For debugging
|
| 380 |
//add_filter( 'cron_schedules', 'wordfence::cronAddSchedules' );
|
| 417 |
return $schedules;
|
| 418 |
}
|
| 419 |
*/
|
| 420 |
+
public static function jetpackMobileSetup(){
|
| 421 |
+
define('WFDONOTCACHE', true); //Don't cache jetpack mobile theme pages.
|
| 422 |
+
}
|
| 423 |
public static function wpRedirectFilter($URL, $status){
|
| 424 |
if(isset($_GET['author']) && preg_match('/\/author\/.+/i', $URL) && wfConfig::get('loginSec_disableAuthorScan') ){ //author query variable is present and we're about to redirect to a URL that starts with http://blah/author/...
|
| 425 |
return home_url(); //Send the user to the home URL (as opposed to site_url() which is not the home page on some sites)
|
readme.txt
CHANGED
|
@@ -3,7 +3,7 @@ Contributors: mmaunder
|
|
| 3 |
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm
|
| 4 |
Requires at least: 3.3.1
|
| 5 |
Tested up to: 3.9.1
|
| 6 |
-
Stable tag: 5.0.
|
| 7 |
|
| 8 |
Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
|
| 9 |
|
|
@@ -162,6 +162,13 @@ cause a security hole on your site.
|
|
| 162 |
|
| 163 |
== Changelog ==
|
| 164 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 165 |
= 5.0.7 =
|
| 166 |
* Feature: Immediately block IP if hacker tries any of the following usernames. (Comma separated list that you can specify on the Wordfence options page)
|
| 167 |
* Feature: Exclude exact URL's from caching. Specifically, this allows you to exclude the home page which was not possible before.
|
| 3 |
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm
|
| 4 |
Requires at least: 3.3.1
|
| 5 |
Tested up to: 3.9.1
|
| 6 |
+
Stable tag: 5.0.8
|
| 7 |
|
| 8 |
Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
|
| 9 |
|
| 162 |
|
| 163 |
== Changelog ==
|
| 164 |
|
| 165 |
+
= 5.0.8 =
|
| 166 |
+
* Feature: Support for Jetpack Mobile Theme in Falcon Caching engine. Regular pages are cached, mobile pages are served direct to browser.
|
| 167 |
+
* Improvement: Pages that are less than 1000 bytes will not be cached. The avg web page size in 2014 is 1246,000 bytes. Anything less than 1000 bytes is usuall an error.
|
| 168 |
+
* Improvement: Wordfence will now request 128M on hosts instead of 64M where memory in php.ini is set too low.
|
| 169 |
+
* Fix: Wordfence was caching 404's under certain conditions. Fixed.
|
| 170 |
+
* Fix: Nginx/FastCGI users would sometimes receive an error about not being able to edit .htaccess. Fixed.
|
| 171 |
+
|
| 172 |
= 5.0.7 =
|
| 173 |
* Feature: Immediately block IP if hacker tries any of the following usernames. (Comma separated list that you can specify on the Wordfence options page)
|
| 174 |
* Feature: Exclude exact URL's from caching. Specifically, this allows you to exclude the home page which was not possible before.
|
wordfence.php
CHANGED
|
@@ -4,20 +4,20 @@ Plugin Name: Wordfence Security
|
|
| 4 |
Plugin URI: http://www.wordfence.com/
|
| 5 |
Description: Wordfence Security - Anti-virus, Firewall and Site Speedup
|
| 6 |
Author: Wordfence
|
| 7 |
-
Version: 5.0.
|
| 8 |
Author URI: http://www.wordfence.com/
|
| 9 |
*/
|
| 10 |
if(defined('WP_INSTALLING') && WP_INSTALLING){
|
| 11 |
return;
|
| 12 |
}
|
| 13 |
-
define('WORDFENCE_VERSION', '5.0.
|
| 14 |
if(get_option('wordfenceActivated') != 1){
|
| 15 |
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
|
| 16 |
}
|
| 17 |
if(! defined('WORDFENCE_VERSIONONLY_MODE')){
|
| 18 |
-
if((int) @ini_get('memory_limit') <
|
| 19 |
if(strpos(ini_get('disable_functions'), 'ini_set') === false){
|
| 20 |
-
@ini_set('memory_limit', '
|
| 21 |
}
|
| 22 |
}
|
| 23 |
require_once('lib/wordfenceConstants.php');
|
| 4 |
Plugin URI: http://www.wordfence.com/
|
| 5 |
Description: Wordfence Security - Anti-virus, Firewall and Site Speedup
|
| 6 |
Author: Wordfence
|
| 7 |
+
Version: 5.0.8
|
| 8 |
Author URI: http://www.wordfence.com/
|
| 9 |
*/
|
| 10 |
if(defined('WP_INSTALLING') && WP_INSTALLING){
|
| 11 |
return;
|
| 12 |
}
|
| 13 |
+
define('WORDFENCE_VERSION', '5.0.8');
|
| 14 |
if(get_option('wordfenceActivated') != 1){
|
| 15 |
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
|
| 16 |
}
|
| 17 |
if(! defined('WORDFENCE_VERSIONONLY_MODE')){
|
| 18 |
+
if((int) @ini_get('memory_limit') < 128){
|
| 19 |
if(strpos(ini_get('disable_functions'), 'ini_set') === false){
|
| 20 |
+
@ini_set('memory_limit', '128M'); //Some hosts have ini set at as little as 32 megs. 64 is the min sane amount of memory.
|
| 21 |
}
|
| 22 |
}
|
| 23 |
require_once('lib/wordfenceConstants.php');
|
