Version Description
- Improvement: WooCommerce now officially supported out of the box.
- Feature: Added the wordfence:doNotCache() function that you can call in your themes and plugins to prevent caching of items.
- Fix: Fixed the warning appearing in lib/wfUtils.php about a scalar being treated as an array which appeared in 5.0.9.
- Fix: Failed logins were not being logged for non-existent usernames that were set to immediatelly block. Fixed.
- Fix: Removed several warnings/notices that would appear when WP_DEBUG is enabled.
- Fix: Added default character set to .htaccess which fixes garbled international characters being served from cache on sites with no default apache charset.
Download this release
Release Info
Developer | mmaunder |
Plugin | Wordfence Security – Firewall & Malware Scan |
Version | 5.1.1 |
Comparing to | |
See all releases |
Code changes from version 5.0.9 to 5.1.1
- lib/wfCache.php +12 -1
- lib/wfUtils.php +6 -6
- lib/wordfenceClass.php +27 -34
- readme.txt +12 -3
- wordfence.php +2 -2
lib/wfCache.php
CHANGED
@@ -64,7 +64,9 @@ class wfCache {
|
|
64 |
}
|
65 |
}
|
66 |
public static function redirectFilter($status){
|
67 |
-
|
|
|
|
|
68 |
return $status;
|
69 |
}
|
70 |
public static function isCachable(){
|
@@ -501,6 +503,10 @@ class wfCache {
|
|
501 |
Header set Vary "Accept-Encoding, Cookie"
|
502 |
</IfModule>
|
503 |
<IfModule mod_rewrite.c>
|
|
|
|
|
|
|
|
|
504 |
RewriteEngine On
|
505 |
RewriteBase /
|
506 |
RewriteCond %{HTTPS} on
|
@@ -653,4 +659,9 @@ EOT;
|
|
653 |
}
|
654 |
return false;
|
655 |
}
|
|
|
|
|
|
|
|
|
|
|
656 |
}
|
64 |
}
|
65 |
}
|
66 |
public static function redirectFilter($status){
|
67 |
+
if(! defined('WFDONOTCACHE')){
|
68 |
+
define('WFDONOTCACHE', true);
|
69 |
+
}
|
70 |
return $status;
|
71 |
}
|
72 |
public static function isCachable(){
|
503 |
Header set Vary "Accept-Encoding, Cookie"
|
504 |
</IfModule>
|
505 |
<IfModule mod_rewrite.c>
|
506 |
+
#Prevents garbled chars in cached files if there is no default charset.
|
507 |
+
AddDefaultCharset utf-8
|
508 |
+
|
509 |
+
#Cache rules:
|
510 |
RewriteEngine On
|
511 |
RewriteBase /
|
512 |
RewriteCond %{HTTPS} on
|
659 |
}
|
660 |
return false;
|
661 |
}
|
662 |
+
public static function doNotCache(){
|
663 |
+
if(! defined('WFDONOTCACHE')){
|
664 |
+
define('WFDONOTCACHE', true);
|
665 |
+
}
|
666 |
+
}
|
667 |
}
|
lib/wfUtils.php
CHANGED
@@ -426,7 +426,7 @@ class wfUtils {
|
|
426 |
if($value == 'failed'){
|
427 |
$db->queryWrite("insert IGNORE into " . $locsTable . " (IP, ctime, failed) values (%s, unix_timestamp(), 1)", ($isInt ? $IP : self::inet_aton($IP)) );
|
428 |
$IPLocs[$IP] = false;
|
429 |
-
} else {
|
430 |
for($i = 0; $i <= 5; $i++){
|
431 |
//Prevent warnings in debug mode about uninitialized values
|
432 |
if(! isset($value[$i])){ $value[$i] = ''; }
|
@@ -579,11 +579,11 @@ class wfUtils {
|
|
579 |
public static function doNotCache(){
|
580 |
header("Cache-Control: no-cache, must-revalidate");
|
581 |
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); //In the past
|
582 |
-
define('DONOTCACHEPAGE', true);
|
583 |
-
define('DONOTCACHEDB', true);
|
584 |
-
define('DONOTCDN', true);
|
585 |
-
define('DONOTCACHEOBJECT', true);
|
586 |
-
|
587 |
}
|
588 |
public static function isUABlocked($uaPattern){ // takes a pattern using asterisks as wildcards, turns it into regex and checks it against the visitor UA returning true if blocked
|
589 |
return fnmatch($uaPattern, $_SERVER['HTTP_USER_AGENT'], FNM_CASEFOLD);
|
426 |
if($value == 'failed'){
|
427 |
$db->queryWrite("insert IGNORE into " . $locsTable . " (IP, ctime, failed) values (%s, unix_timestamp(), 1)", ($isInt ? $IP : self::inet_aton($IP)) );
|
428 |
$IPLocs[$IP] = false;
|
429 |
+
} else if(is_array($value)){
|
430 |
for($i = 0; $i <= 5; $i++){
|
431 |
//Prevent warnings in debug mode about uninitialized values
|
432 |
if(! isset($value[$i])){ $value[$i] = ''; }
|
579 |
public static function doNotCache(){
|
580 |
header("Cache-Control: no-cache, must-revalidate");
|
581 |
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); //In the past
|
582 |
+
if(! defined('DONOTCACHEPAGE')){ define('DONOTCACHEPAGE', true); }
|
583 |
+
if(! defined('DONOTCACHEDB')){ define('DONOTCACHEDB', true); }
|
584 |
+
if(! defined('DONOTCDN')){ define('DONOTCDN', true); }
|
585 |
+
if(! defined('DONOTCACHEOBJECT')){ define('DONOTCACHEOBJECT', true); }
|
586 |
+
wfCache::doNotCache();
|
587 |
}
|
588 |
public static function isUABlocked($uaPattern){ // takes a pattern using asterisks as wildcards, turns it into regex and checks it against the visitor UA returning true if blocked
|
589 |
return fnmatch($uaPattern, $_SERVER['HTTP_USER_AGENT'], FNM_CASEFOLD);
|
lib/wordfenceClass.php
CHANGED
@@ -364,11 +364,14 @@ class wordfence {
|
|
364 |
add_action('init', 'wordfence::initAction');
|
365 |
add_action('template_redirect', 'wordfence::templateRedir');
|
366 |
add_action('shutdown', 'wordfence::shutdownAction');
|
|
|
367 |
if(version_compare(PHP_VERSION, '5.4.0') >= 0){
|
368 |
add_action('wp_authenticate','wordfence::authActionNew', 1, 2);
|
369 |
} else {
|
370 |
add_action('wp_authenticate','wordfence::authActionOld', 1, 2);
|
371 |
}
|
|
|
|
|
372 |
add_action('login_init','wordfence::loginInitAction');
|
373 |
add_action('wp_login','wordfence::loginAction');
|
374 |
add_action('wp_logout','wordfence::logoutAction');
|
@@ -386,7 +389,6 @@ class wordfence {
|
|
386 |
|
387 |
add_filter('wp_redirect', 'wordfence::wpRedirectFilter', 99, 2);
|
388 |
add_filter('pre_comment_approved', 'wordfence::preCommentApprovedFilter', '99', 2);
|
389 |
-
add_filter('authenticate', 'wordfence::authenticateFilter', 99, 3);
|
390 |
//html|xhtml|atom|rss2|rdf|comment|export
|
391 |
add_filter('get_the_generator_html', 'wordfence::genFilter', 99, 2);
|
392 |
add_filter('get_the_generator_xhtml', 'wordfence::genFilter', 99, 2);
|
@@ -497,8 +499,8 @@ class wordfence {
|
|
497 |
if(! wfUtils::isAdmin()){
|
498 |
die(json_encode(array('errorMsg' => "You appear to have logged out or you are not an admin. Please sign-out and sign-in again.")));
|
499 |
}
|
500 |
-
$func = $_POST['action'] ? $_POST['action'] : $_GET['action'];
|
501 |
-
$nonce = $_POST['nonce'] ? $_POST['nonce'] : $_GET['nonce'];
|
502 |
if(! wp_verify_nonce($nonce, 'wp-ajax')){
|
503 |
die(json_encode(array('errorMsg' => "Your browser sent an invalid security token to Wordfence. Please try reloading this page or signing out and in again.")));
|
504 |
}
|
@@ -748,15 +750,15 @@ class wordfence {
|
|
748 |
}
|
749 |
return $errors;
|
750 |
}
|
751 |
-
public static function authenticateFilter($
|
752 |
wfConfig::inc('totalLoginHits'); //The total hits to wp-login.php including logins, logouts and just hits.
|
753 |
$IP = wfUtils::getIP();
|
754 |
$secEnabled = wfConfig::get('loginSecurityEnabled');
|
755 |
if($secEnabled && (! self::getLog()->isWhitelisted($IP)) && wfConfig::get('isPaid') ){
|
756 |
$twoFactorUsers = wfConfig::get_ser('twoFactorUsers', array());
|
757 |
if(isset($twoFactorUsers) && is_array($twoFactorUsers) && sizeof($twoFactorUsers) > 0){
|
758 |
-
$userDat = $_POST['wordfence_userDat'];
|
759 |
-
if(get_class($
|
760 |
if(isset($_POST['wordfence_authFactor']) && $_POST['wordfence_authFactor']){ //user entered a valid user and password with ' wf....' appended
|
761 |
foreach($twoFactorUsers as &$t){
|
762 |
if($t[0] == $userDat->ID && $t[3] == 'activated'){
|
@@ -806,16 +808,16 @@ class wordfence {
|
|
806 |
}
|
807 |
|
808 |
if(self::getLog()->isWhitelisted($IP)){
|
809 |
-
return $
|
810 |
}
|
811 |
-
if(wfConfig::get('other_WFNet') && is_wp_error($
|
812 |
if($maxBlockTime = self::wfsnIsBlocked($IP, 'brute')){
|
813 |
self::getLog()->blockIP($IP, "Blocked by Wordfence Security Network", true, false, $maxBlockTime);
|
814 |
}
|
815 |
|
816 |
}
|
817 |
if($secEnabled){
|
818 |
-
if(is_wp_error($
|
819 |
if($blacklist = wfConfig::get('loginSec_userBlacklist')){
|
820 |
$users = explode(',', $blacklist);
|
821 |
foreach($users as $user){
|
@@ -833,7 +835,7 @@ class wordfence {
|
|
833 |
}
|
834 |
}
|
835 |
$tKey = 'wflginfl_' . wfUtils::inet_aton($IP);
|
836 |
-
if(is_wp_error($
|
837 |
$tries = get_transient($tKey);
|
838 |
if($tries){
|
839 |
$tries++;
|
@@ -845,14 +847,22 @@ class wordfence {
|
|
845 |
require('wfLockedOut.php');
|
846 |
}
|
847 |
set_transient($tKey, $tries, wfConfig::get('loginSec_countFailMins') * 60);
|
848 |
-
} else if(get_class($
|
849 |
delete_transient($tKey); //reset counter on success
|
850 |
}
|
851 |
}
|
852 |
-
if(is_wp_error($
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
853 |
return new WP_Error( 'incorrect_password', sprintf( __( '<strong>ERROR</strong>: The username or password you entered is incorrect. <a href="%2$s" title="Password Lost and Found">Lost your password</a>?' ), $_POST['log'], wp_lostpassword_url() ) );
|
854 |
}
|
855 |
-
return $
|
856 |
}
|
857 |
public static function wfsnReportBlockedAttempt($IP, $type){
|
858 |
try {
|
@@ -912,16 +922,6 @@ class wordfence {
|
|
912 |
$passwd = preg_replace('/^(.+)\s+(wf[a-z0-9]+)$/i', '$1', $passwd);
|
913 |
$_POST['pwd'] = $passwd;
|
914 |
}
|
915 |
-
|
916 |
-
if($userDat){
|
917 |
-
require_once( ABSPATH . 'wp-includes/class-phpass.php');
|
918 |
-
$hasher = new PasswordHash(8, TRUE);
|
919 |
-
if(! $hasher->CheckPassword($_POST['pwd'], $userDat->user_pass)){
|
920 |
-
self::getLog()->logLogin('loginFailValidUsername', 1, $username);
|
921 |
-
}
|
922 |
-
} else {
|
923 |
-
self::getLog()->logLogin('loginFailInvalidUsername', 1, $username);
|
924 |
-
}
|
925 |
}
|
926 |
public static function authActionOld($username, $passwd){ //Code is identical to Newer function above except passing by ref ampersand. Some versions of PHP are throwing an error if we include the ampersand in PHP prior to 5.4.
|
927 |
if(self::isLockedOut(wfUtils::getIP())){
|
@@ -935,18 +935,7 @@ class wordfence {
|
|
935 |
$passwd = preg_replace('/^(.+)\s+(wf[a-z0-9]+)$/i', '$1', $passwd);
|
936 |
$_POST['pwd'] = $passwd;
|
937 |
}
|
938 |
-
|
939 |
-
if($userDat){
|
940 |
-
require_once( ABSPATH . 'wp-includes/class-phpass.php');
|
941 |
-
$hasher = new PasswordHash(8, TRUE);
|
942 |
-
if(! $hasher->CheckPassword($_POST['pwd'], $userDat->user_pass)){
|
943 |
-
self::getLog()->logLogin('loginFailValidUsername', 1, $username);
|
944 |
-
}
|
945 |
-
} else {
|
946 |
-
self::getLog()->logLogin('loginFailInvalidUsername', 1, $username);
|
947 |
-
}
|
948 |
}
|
949 |
-
|
950 |
public static function getWPFileContent($file, $cType, $cName, $cVersion){
|
951 |
if($cType == 'plugin'){
|
952 |
if(preg_match('#^/?wp-content/plugins/[^/]+/#', $file)){
|
@@ -2746,5 +2735,9 @@ EOL;
|
|
2746 |
}
|
2747 |
return self::$debugOn;
|
2748 |
}
|
|
|
|
|
|
|
|
|
2749 |
}
|
2750 |
?>
|
364 |
add_action('init', 'wordfence::initAction');
|
365 |
add_action('template_redirect', 'wordfence::templateRedir');
|
366 |
add_action('shutdown', 'wordfence::shutdownAction');
|
367 |
+
|
368 |
if(version_compare(PHP_VERSION, '5.4.0') >= 0){
|
369 |
add_action('wp_authenticate','wordfence::authActionNew', 1, 2);
|
370 |
} else {
|
371 |
add_action('wp_authenticate','wordfence::authActionOld', 1, 2);
|
372 |
}
|
373 |
+
add_filter('authenticate', 'wordfence::authenticateFilter', 99, 3);
|
374 |
+
|
375 |
add_action('login_init','wordfence::loginInitAction');
|
376 |
add_action('wp_login','wordfence::loginAction');
|
377 |
add_action('wp_logout','wordfence::logoutAction');
|
389 |
|
390 |
add_filter('wp_redirect', 'wordfence::wpRedirectFilter', 99, 2);
|
391 |
add_filter('pre_comment_approved', 'wordfence::preCommentApprovedFilter', '99', 2);
|
|
|
392 |
//html|xhtml|atom|rss2|rdf|comment|export
|
393 |
add_filter('get_the_generator_html', 'wordfence::genFilter', 99, 2);
|
394 |
add_filter('get_the_generator_xhtml', 'wordfence::genFilter', 99, 2);
|
499 |
if(! wfUtils::isAdmin()){
|
500 |
die(json_encode(array('errorMsg' => "You appear to have logged out or you are not an admin. Please sign-out and sign-in again.")));
|
501 |
}
|
502 |
+
$func = (isset($_POST['action']) && $_POST['action']) ? $_POST['action'] : $_GET['action'];
|
503 |
+
$nonce = (isset($_POST['nonce']) && $_POST['nonce']) ? $_POST['nonce'] : $_GET['nonce'];
|
504 |
if(! wp_verify_nonce($nonce, 'wp-ajax')){
|
505 |
die(json_encode(array('errorMsg' => "Your browser sent an invalid security token to Wordfence. Please try reloading this page or signing out and in again.")));
|
506 |
}
|
750 |
}
|
751 |
return $errors;
|
752 |
}
|
753 |
+
public static function authenticateFilter($authUser, $username, $passwd){
|
754 |
wfConfig::inc('totalLoginHits'); //The total hits to wp-login.php including logins, logouts and just hits.
|
755 |
$IP = wfUtils::getIP();
|
756 |
$secEnabled = wfConfig::get('loginSecurityEnabled');
|
757 |
if($secEnabled && (! self::getLog()->isWhitelisted($IP)) && wfConfig::get('isPaid') ){
|
758 |
$twoFactorUsers = wfConfig::get_ser('twoFactorUsers', array());
|
759 |
if(isset($twoFactorUsers) && is_array($twoFactorUsers) && sizeof($twoFactorUsers) > 0){
|
760 |
+
$userDat = (isset($_POST['wordfence_userDat']) ? $_POST['wordfence_userDat'] : false);
|
761 |
+
if(is_object($userDat) && get_class($authUser) == 'WP_User'){ //Valid username and password either with or without the 'wf...' code. Users is now logged in at this point.
|
762 |
if(isset($_POST['wordfence_authFactor']) && $_POST['wordfence_authFactor']){ //user entered a valid user and password with ' wf....' appended
|
763 |
foreach($twoFactorUsers as &$t){
|
764 |
if($t[0] == $userDat->ID && $t[3] == 'activated'){
|
808 |
}
|
809 |
|
810 |
if(self::getLog()->isWhitelisted($IP)){
|
811 |
+
return $authUser;
|
812 |
}
|
813 |
+
if(wfConfig::get('other_WFNet') && is_wp_error($authUser) && ($authUser->get_error_code() == 'invalid_username' || $authUser->get_error_code() == 'incorrect_password') ){
|
814 |
if($maxBlockTime = self::wfsnIsBlocked($IP, 'brute')){
|
815 |
self::getLog()->blockIP($IP, "Blocked by Wordfence Security Network", true, false, $maxBlockTime);
|
816 |
}
|
817 |
|
818 |
}
|
819 |
if($secEnabled){
|
820 |
+
if(is_wp_error($authUser) && $authUser->get_error_code() == 'invalid_username'){
|
821 |
if($blacklist = wfConfig::get('loginSec_userBlacklist')){
|
822 |
$users = explode(',', $blacklist);
|
823 |
foreach($users as $user){
|
835 |
}
|
836 |
}
|
837 |
$tKey = 'wflginfl_' . wfUtils::inet_aton($IP);
|
838 |
+
if(is_wp_error($authUser) && ($authUser->get_error_code() == 'invalid_username' || $authUser->get_error_code() == 'incorrect_password') ){
|
839 |
$tries = get_transient($tKey);
|
840 |
if($tries){
|
841 |
$tries++;
|
847 |
require('wfLockedOut.php');
|
848 |
}
|
849 |
set_transient($tKey, $tries, wfConfig::get('loginSec_countFailMins') * 60);
|
850 |
+
} else if(get_class($authUser) == 'WP_User'){
|
851 |
delete_transient($tKey); //reset counter on success
|
852 |
}
|
853 |
}
|
854 |
+
if(is_wp_error($authUser)){
|
855 |
+
if($authUser->get_error_code() == 'invalid_username'){
|
856 |
+
self::getLog()->logLogin('loginFailInvalidUsername', 1, $username);
|
857 |
+
} else {
|
858 |
+
self::getLog()->logLogin('loginFailValidUsername', 1, $username);
|
859 |
+
}
|
860 |
+
}
|
861 |
+
|
862 |
+
if(is_wp_error($authUser) && ($authUser->get_error_code() == 'invalid_username' || $authUser->get_error_code() == 'incorrect_password') && wfConfig::get('loginSec_maskLoginErrors')){
|
863 |
return new WP_Error( 'incorrect_password', sprintf( __( '<strong>ERROR</strong>: The username or password you entered is incorrect. <a href="%2$s" title="Password Lost and Found">Lost your password</a>?' ), $_POST['log'], wp_lostpassword_url() ) );
|
864 |
}
|
865 |
+
return $authUser;
|
866 |
}
|
867 |
public static function wfsnReportBlockedAttempt($IP, $type){
|
868 |
try {
|
922 |
$passwd = preg_replace('/^(.+)\s+(wf[a-z0-9]+)$/i', '$1', $passwd);
|
923 |
$_POST['pwd'] = $passwd;
|
924 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
925 |
}
|
926 |
public static function authActionOld($username, $passwd){ //Code is identical to Newer function above except passing by ref ampersand. Some versions of PHP are throwing an error if we include the ampersand in PHP prior to 5.4.
|
927 |
if(self::isLockedOut(wfUtils::getIP())){
|
935 |
$passwd = preg_replace('/^(.+)\s+(wf[a-z0-9]+)$/i', '$1', $passwd);
|
936 |
$_POST['pwd'] = $passwd;
|
937 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
938 |
}
|
|
|
939 |
public static function getWPFileContent($file, $cType, $cName, $cVersion){
|
940 |
if($cType == 'plugin'){
|
941 |
if(preg_match('#^/?wp-content/plugins/[^/]+/#', $file)){
|
2735 |
}
|
2736 |
return self::$debugOn;
|
2737 |
}
|
2738 |
+
//PUBLIC API
|
2739 |
+
public static function doNotCache(){ //Call this to prevent Wordfence from caching the current page.
|
2740 |
+
wfCache::doNotCache();
|
2741 |
+
}
|
2742 |
}
|
2743 |
?>
|
readme.txt
CHANGED
@@ -1,9 +1,9 @@
|
|
1 |
=== Wordfence Security ===
|
2 |
Contributors: mmaunder
|
3 |
-
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm
|
4 |
Requires at least: 3.3.1
|
5 |
Tested up to: 3.9.1
|
6 |
-
Stable tag: 5.
|
7 |
|
8 |
Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
|
9 |
|
@@ -27,6 +27,7 @@ Wordfence Security is now Multi-Site compatible and includes Cellphone Sign-in w
|
|
27 |
Wordfence Security:
|
28 |
|
29 |
* Includes Falcon Engine, the fastest WordPress caching engine available today. Falcon is faster because it reduces your web server disk and database activity to a minimum.
|
|
|
30 |
* Real-time blocking of known attackers. If another site using Wordfence is attacked and blocks the attacker, your site is automatically protected.
|
31 |
* Sign-in using your password and your cellphone to vastly improve login security. This is called Two Factor Authentication and is used by banks, government agencies and military world-wide for highest security authentication.
|
32 |
* Includes two-factor authentication, also referred to as cellphone sign-in.
|
@@ -162,6 +163,14 @@ cause a security hole on your site.
|
|
162 |
|
163 |
== Changelog ==
|
164 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
165 |
= 5.0.9 =
|
166 |
* Feature: (Premium) Advanced Comment Spam Filter. Checks comment source IP, author URL and hosts and IP's in body against additional spam lists.
|
167 |
* Feature: (Premium) Check if your site is being Spamvertised i.e. your domain is being included in spam emails. Usually indicates you've been hacked.
|
@@ -170,7 +179,7 @@ cause a security hole on your site.
|
|
170 |
* Improvement: Added lightweight stats logging internally in preparation for displaying them on the admin UI in the next release.
|
171 |
* Fix: If a non-existent user tries to sign in it is not logged in the live logins tab. Fixed.
|
172 |
* Fix: Removed warning "Trying to get property of non-object" that would occur under certain conditions.
|
173 |
-
* Fix: Removed call to is_404()
|
174 |
* Fix: Check if CURL is installed as part of connectivity test.
|
175 |
|
176 |
= 5.0.8 =
|
1 |
=== Wordfence Security ===
|
2 |
Contributors: mmaunder
|
3 |
+
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching
|
4 |
Requires at least: 3.3.1
|
5 |
Tested up to: 3.9.1
|
6 |
+
Stable tag: 5.1.1
|
7 |
|
8 |
Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
|
9 |
|
27 |
Wordfence Security:
|
28 |
|
29 |
* Includes Falcon Engine, the fastest WordPress caching engine available today. Falcon is faster because it reduces your web server disk and database activity to a minimum.
|
30 |
+
* Includes support for other major plugins and themes like WooCommerce.
|
31 |
* Real-time blocking of known attackers. If another site using Wordfence is attacked and blocks the attacker, your site is automatically protected.
|
32 |
* Sign-in using your password and your cellphone to vastly improve login security. This is called Two Factor Authentication and is used by banks, government agencies and military world-wide for highest security authentication.
|
33 |
* Includes two-factor authentication, also referred to as cellphone sign-in.
|
163 |
|
164 |
== Changelog ==
|
165 |
|
166 |
+
= 5.1.1 =
|
167 |
+
* Improvement: WooCommerce now officially supported out of the box.
|
168 |
+
* Feature: Added the wordfence:doNotCache() function that you can call in your themes and plugins to prevent caching of items.
|
169 |
+
* Fix: Fixed the warning appearing in lib/wfUtils.php about a scalar being treated as an array which appeared in 5.0.9.
|
170 |
+
* Fix: Failed logins were not being logged for non-existent usernames that were set to immediatelly block. Fixed.
|
171 |
+
* Fix: Removed several warnings/notices that would appear when WP_DEBUG is enabled.
|
172 |
+
* Fix: Added default character set to .htaccess which fixes garbled international characters being served from cache on sites with no default apache charset.
|
173 |
+
|
174 |
= 5.0.9 =
|
175 |
* Feature: (Premium) Advanced Comment Spam Filter. Checks comment source IP, author URL and hosts and IP's in body against additional spam lists.
|
176 |
* Feature: (Premium) Check if your site is being Spamvertised i.e. your domain is being included in spam emails. Usually indicates you've been hacked.
|
179 |
* Improvement: Added lightweight stats logging internally in preparation for displaying them on the admin UI in the next release.
|
180 |
* Fix: If a non-existent user tries to sign in it is not logged in the live logins tab. Fixed.
|
181 |
* Fix: Removed warning "Trying to get property of non-object" that would occur under certain conditions.
|
182 |
+
* Fix: Removed call to is_404() which was not having any effect and would issue a warning if debug mode is enabled.
|
183 |
* Fix: Check if CURL is installed as part of connectivity test.
|
184 |
|
185 |
= 5.0.8 =
|
wordfence.php
CHANGED
@@ -4,13 +4,13 @@ Plugin Name: Wordfence Security
|
|
4 |
Plugin URI: http://www.wordfence.com/
|
5 |
Description: Wordfence Security - Anti-virus, Firewall and Site Speedup
|
6 |
Author: Wordfence
|
7 |
-
Version: 5.
|
8 |
Author URI: http://www.wordfence.com/
|
9 |
*/
|
10 |
if(defined('WP_INSTALLING') && WP_INSTALLING){
|
11 |
return;
|
12 |
}
|
13 |
-
define('WORDFENCE_VERSION', '5.
|
14 |
if(get_option('wordfenceActivated') != 1){
|
15 |
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
|
16 |
}
|
4 |
Plugin URI: http://www.wordfence.com/
|
5 |
Description: Wordfence Security - Anti-virus, Firewall and Site Speedup
|
6 |
Author: Wordfence
|
7 |
+
Version: 5.1.1
|
8 |
Author URI: http://www.wordfence.com/
|
9 |
*/
|
10 |
if(defined('WP_INSTALLING') && WP_INSTALLING){
|
11 |
return;
|
12 |
}
|
13 |
+
define('WORDFENCE_VERSION', '5.1.1');
|
14 |
if(get_option('wordfenceActivated') != 1){
|
15 |
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
|
16 |
}
|