Wordfence Security – Firewall &amp; Malware Scan

Version Description

Feature: Auto updates for Wordfence! This is a much-requested feature by our power admin's. Enable the "Update Wordfence automatically when a new version is released" option on the Wordfence options page.
Fix: Security fix. Thanks to Narendra Bhati from Suma Soft.

Release Info

Developer	mmaunder
Plugin	Wordfence Security – Firewall & Malware Scan
Version	5.1.4
Comparing to
See all releases

Code changes from version 5.1.2 to 5.1.4

Files changed (10) hide show

lib/IPTraf.php +1 -1
lib/diffResult.php +3 -3
lib/menu_options.php +5 -0
lib/menu_rangeBlocking.php +1 -1
lib/menu_whois.php +2 -2
lib/wfConfig.php +41 -0
lib/wfViewResult.php +1 -1
lib/wordfenceClass.php +27 -5
readme.txt +5 -1
wordfence.php +3 -3

lib/IPTraf.php CHANGED Viewed

	@@ -4,7 +4,7 @@
4	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
5	<link rel='stylesheet' id='wordfence-main-style-css' href='<?php echo wfUtils::getBaseURL(); ?>/css/iptraf.css?ver=<?php echo WORDFENCE_VERSION; ?>' type='text/css' media='all' />
6	<body>
7	- <h1>Wordfence: All recent hits for IP address <?php echo $IP; if($reverseLookup){ echo '[' . $reverseLookup . ']'; } ?></h1>
8	<table border="0" cellpadding="2" cellspacing="0" style="width: 900px;">
9	<?php foreach($results as $key => $v){ ?>
10	<tr><th>Time:</th><td><?php echo $v['timeAgo'] ?> ago -- <?php echo date(DATE_RFC822, $v['ctime']); ?> -- <?php echo $v['ctime']; ?> in Unixtime</td></tr>


4	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
5	<link rel='stylesheet' id='wordfence-main-style-css' href='<?php echo wfUtils::getBaseURL(); ?>/css/iptraf.css?ver=<?php echo WORDFENCE_VERSION; ?>' type='text/css' media='all' />
6	<body>
7	+ <h1>Wordfence: All recent hits for IP address <?php echo htmlspecialchars($IP, ENT_QUOTES, 'UTF-8'); if($reverseLookup){ echo '[' . htmlspecialchars($reverseLookup, ENT_QUOTES, 'UTF-8') . ']'; } ?></h1>
8	<table border="0" cellpadding="2" cellspacing="0" style="width: 900px;">
9	<?php foreach($results as $key => $v){ ?>
10	<tr><th>Time:</th><td><?php echo $v['timeAgo'] ?> ago -- <?php echo date(DATE_RFC822, $v['ctime']); ?> -- <?php echo $v['ctime']; ?> in Unixtime</td></tr>

lib/diffResult.php CHANGED Viewed

	@@ -15,15 +15,15 @@
15	ignore this file the next time Wordfence scans your system.
16	</p>
17	<table border="0" style="margin: 0 0 20px 0;" class="summary">
18	- <tr><td>Filename:</td><td><?php echo $_GET['file']; ?></td></tr>
19	<tr><td>File type:</td><td><?php
20	$cType = $_GET['cType'];
21	if($cType == 'core'){
22	echo "WordPress Core File</td></tr>";
23	} else if($cType == 'theme'){
24	- echo "Theme File</td></tr><tr><td>Theme Name:</td><td>" . $_GET['cName'] . "</td></tr><tr><td>Theme Version:</td><td>" . $_GET['cVersion'] . "</td></tr>";
25	} else if($cType == 'plugin'){
26	- echo "Plugin File</td></tr><tr><td>Plugin Name:</td><td>" . $_GET['cName'] . "</td></tr><tr><td>Plugin Version:</td><td>" . $_GET['cVersion'] . "</td></tr>";
27	} else {
28	echo "Unknown Type</td></tr>";
29	}


15	ignore this file the next time Wordfence scans your system.
16	</p>
17	<table border="0" style="margin: 0 0 20px 0;" class="summary">
18	+ <tr><td>Filename:</td><td><?php echo htmlentities($_GET['file']); ?></td></tr>
19	<tr><td>File type:</td><td><?php
20	$cType = $_GET['cType'];
21	if($cType == 'core'){
22	echo "WordPress Core File</td></tr>";
23	} else if($cType == 'theme'){
24	+ echo "Theme File</td></tr><tr><td>Theme Name:</td><td>" . htmlentities($_GET['cName']) . "</td></tr><tr><td>Theme Version:</td><td>" . htmlentities($_GET['cVersion']) . "</td></tr>";
25	} else if($cType == 'plugin'){
26	+ echo "Plugin File</td></tr><tr><td>Plugin Name:</td><td>" . htmlentities($_GET['cName']) . "</td></tr><tr><td>Plugin Version:</td><td>" . htmlentities($_GET['cVersion']) . "</td></tr>";
27	} else {
28	echo "Unknown Type</td></tr>";
29	}

lib/menu_options.php CHANGED Viewed

	@@ -47,6 +47,8 @@ var WFSLevels = <?php echo json_encode(wfConfig::$securityLevels); ?>;
47	<tr><td colspan="2"> </td></tr>
48	<tr><th class="wfConfigEnable">Enable automatic scheduled scans</th><td><input type="checkbox" id="scheduledScansEnabled" class="wfConfigElem" name="scheduledScansEnabled" value="1" <?php $w->cb('scheduledScansEnabled'); ?> /> Regular scans ensure your site stays secure.</td></tr>
49	<tr><td colspan="2"> </td></tr>


50
51	<tr><th>Where to email alerts:</th><td><input type="text" id="alertEmails" name="alertEmails" value="<?php $w->f('alertEmails'); ?>" size="50" /> <span class="wfTipText">Separate multiple emails with commas</span></td></tr>
52	<tr><th colspan="2"> </th></tr>
	@@ -87,6 +89,7 @@ var WFSLevels = <?php echo json_encode(wfConfig::$securityLevels); ?>;
87	echo "<tr><th colspan=\"2\" style=\"color: #F00;\">You have not configured an email to receive alerts yet. Set this up under \"Basic Options\" above.</th></tr>\n";
88	}
89	?>

90	<tr><th>Alert on critical problems</th><td><input type="checkbox" id="alertOn_critical" class="wfConfigElem" name="alertOn_critical" value="1" <?php $w->cb('alertOn_critical'); ?>/></td></tr>
91	<tr><th>Alert on warnings</th><td><input type="checkbox" id="alertOn_warnings" class="wfConfigElem" name="alertOn_warnings" value="1" <?php $w->cb('alertOn_warnings'); ?>/></td></tr>
92	<tr><th>Alert when an IP address is blocked</th><td><input type="checkbox" id="alertOn_block" class="wfConfigElem" name="alertOn_block" value="1" <?php $w->cb('alertOn_block'); ?>/></td></tr>
	@@ -270,6 +273,8 @@ var WFSLevels = <?php echo json_encode(wfConfig::$securityLevels); ?>;
270	<tr><th>Update interval in seconds (2 is default)</th><td><input type="text" id="actUpdateInterval" name="actUpdateInterval" value="<?php $w->f('actUpdateInterval'); ?>" size="4" />Setting higher will reduce browser traffic but slow scan starts, live traffic & status updates.</td></tr>
271	<tr><th>Enable debugging mode (increases database load)</th><td><input type="checkbox" id="debugOn" class="wfConfigElem" name="debugOn" value="1" <?php $w->cb('debugOn'); ?> /></td></tr>
272	<tr><th>Delete Wordfence tables and data on deactivation?</th><td><input type="checkbox" id="deleteTablesOnDeact" class="wfConfigElem" name="deleteTablesOnDeact" value="1" <?php $w->cb('deleteTablesOnDeact'); ?> /></td></tr>


273	<tr><th>Disable Wordfence Cookies</th><td><input type="checkbox" id="disableCookies" class="wfConfigElem" name="disableCookies" value="1" <?php $w->cb('disableCookies'); ?> />(when enabled all visits in live traffic will appear to be new visits)</td></tr>
274	<tr><th>Start all scans remotely</th><td><input type="checkbox" id="startScansRemotely" class="wfConfigElem" name="startScansRemotely" value="1" <?php $w->cb('startScansRemotely'); ?> />(Try this if your scans aren't starting and your site is publicly accessible)</td></tr>
275	<tr><th>Add a debugging comment to HTML source of cached pages.</th><td><input type="checkbox" id="addCacheComment" class="wfConfigElem" name="addCacheComment" value="1" <?php $w->cb('addCacheComment'); ?> /></td></tr>


47	<tr><td colspan="2"> </td></tr>
48	<tr><th class="wfConfigEnable">Enable automatic scheduled scans</th><td><input type="checkbox" id="scheduledScansEnabled" class="wfConfigElem" name="scheduledScansEnabled" value="1" <?php $w->cb('scheduledScansEnabled'); ?> /> Regular scans ensure your site stays secure.</td></tr>
49	<tr><td colspan="2"> </td></tr>
50	+ <tr><th class="wfConfigEnable">Update Wordfence automatically when a new version is released?</th><td><input type="checkbox" id="autoUpdate" class="wfConfigElem" name="autoUpdate" value="1" <?php $w->cb('autoUpdate'); ?> /> Automatically updates Wordfence to the newest version within 24 hours of a new release.</td></tr>
51	+ <tr><td colspan="2"> </td></tr>
52
53	<tr><th>Where to email alerts:</th><td><input type="text" id="alertEmails" name="alertEmails" value="<?php $w->f('alertEmails'); ?>" size="50" /> <span class="wfTipText">Separate multiple emails with commas</span></td></tr>
54	<tr><th colspan="2"> </th></tr>

89	echo "<tr><th colspan=\"2\" style=\"color: #F00;\">You have not configured an email to receive alerts yet. Set this up under \"Basic Options\" above.</th></tr>\n";
90	}
91	?>
92	+ <tr><th>Email me when Wordfence is automatically updated</th><td><input type="checkbox" id="alertOn_update" class="wfConfigElem" name="alertOn_update" value="1" <?php $w->cb('alertOn_update'); ?>/> If you have automatic updates enabled (see above), you'll get an email when an update occurs.</td></tr>
93	<tr><th>Alert on critical problems</th><td><input type="checkbox" id="alertOn_critical" class="wfConfigElem" name="alertOn_critical" value="1" <?php $w->cb('alertOn_critical'); ?>/></td></tr>
94	<tr><th>Alert on warnings</th><td><input type="checkbox" id="alertOn_warnings" class="wfConfigElem" name="alertOn_warnings" value="1" <?php $w->cb('alertOn_warnings'); ?>/></td></tr>
95	<tr><th>Alert when an IP address is blocked</th><td><input type="checkbox" id="alertOn_block" class="wfConfigElem" name="alertOn_block" value="1" <?php $w->cb('alertOn_block'); ?>/></td></tr>

273	<tr><th>Update interval in seconds (2 is default)</th><td><input type="text" id="actUpdateInterval" name="actUpdateInterval" value="<?php $w->f('actUpdateInterval'); ?>" size="4" />Setting higher will reduce browser traffic but slow scan starts, live traffic & status updates.</td></tr>
274	<tr><th>Enable debugging mode (increases database load)</th><td><input type="checkbox" id="debugOn" class="wfConfigElem" name="debugOn" value="1" <?php $w->cb('debugOn'); ?> /></td></tr>
275	<tr><th>Delete Wordfence tables and data on deactivation?</th><td><input type="checkbox" id="deleteTablesOnDeact" class="wfConfigElem" name="deleteTablesOnDeact" value="1" <?php $w->cb('deleteTablesOnDeact'); ?> /></td></tr>
276	+
277	+
278	<tr><th>Disable Wordfence Cookies</th><td><input type="checkbox" id="disableCookies" class="wfConfigElem" name="disableCookies" value="1" <?php $w->cb('disableCookies'); ?> />(when enabled all visits in live traffic will appear to be new visits)</td></tr>
279	<tr><th>Start all scans remotely</th><td><input type="checkbox" id="startScansRemotely" class="wfConfigElem" name="startScansRemotely" value="1" <?php $w->cb('startScansRemotely'); ?> />(Try this if your scans aren't starting and your site is publicly accessible)</td></tr>
280	<tr><th>Add a debugging comment to HTML source of cached pages.</th><td><input type="checkbox" id="addCacheComment" class="wfConfigElem" name="addCacheComment" value="1" <?php $w->cb('addCacheComment'); ?> /></td></tr>

lib/menu_rangeBlocking.php CHANGED Viewed

	@@ -16,7 +16,7 @@
16	</ul>
17	</div>
18	<table class="wfConfigForm">
19	- <tr><th>Block anyone that has an IP address in this range:</th><td><input id="ipRange" type="text" size="30" maxlength="255" value="<?php if( isset( $_GET['wfBlockRange'] ) && $_GET['wfBlockRange']){ echo $_GET['wfBlockRange']; } ?>" onkeyup="WFAD.calcRangeTotal();"> <span id="wfShowRangeTotal"></span></td></tr>
20	<tr><td></td><td style="padding-bottom: 15px;"><strong>Examples:</strong> 192.168.200.200 - 192.168.200.220</td></tr>
21	<tr><th>...you can also enter a User-Agent (browser) that matches:</th><td><input id="uaRange" type="text" size="30" maxlength="255" > (Case insensitive)</td></tr>
22	<tr><td></td><td style="padding-bottom: 15px;"><strong>Examples:</strong> badRobot, AnotherBadRobot, someKindOfSuffix</td></tr>


16	</ul>
17	</div>
18	<table class="wfConfigForm">
19	+ <tr><th>Block anyone that has an IP address in this range:</th><td><input id="ipRange" type="text" size="30" maxlength="255" value="<?php if( isset( $_GET['wfBlockRange'] ) && $_GET['wfBlockRange']){ echo htmlentities($_GET['wfBlockRange']); } ?>" onkeyup="WFAD.calcRangeTotal();"> <span id="wfShowRangeTotal"></span></td></tr>
20	<tr><td></td><td style="padding-bottom: 15px;"><strong>Examples:</strong> 192.168.200.200 - 192.168.200.220</td></tr>
21	<tr><th>...you can also enter a User-Agent (browser) that matches:</th><td><input id="uaRange" type="text" size="30" maxlength="255" > (Case insensitive)</td></tr>
22	<tr><td></td><td style="padding-bottom: 15px;"><strong>Examples:</strong> badRobot, AnotherBadRobot, someKindOfSuffix</td></tr>

lib/menu_whois.php CHANGED Viewed

	@@ -28,7 +28,7 @@ if(! function_exists('fsockopen')){
28	<?php if( isset( $_GET['wfnetworkblock'] ) && $_GET['wfnetworkblock']){ ?>
29	<h2>How to block a network</h2>
30	<p style="width: 600px;">
31	- You've chosen to block the network that <span style="color: #F00;"><?php echo $_GET['whoisval']; ?></span> is part of.
32	We've marked the networks we found that this IP address belongs to in red below.
33	Make sure you read all the WHOIS information so that you see all networks this IP belongs to. We recommend blocking the network with the lowest number of addresses.
34	You may find this is listed at the end as part of the 'rWHOIS' query which contacts
	@@ -51,7 +51,7 @@ if(! function_exists('fsockopen')){
51	</div>
52	</script>
53	<script type="text/javascript">
54	- var whoisval = "<?php if( isset( $_GET['whoisval'] ) ) { echo $_GET['whoisval']; } ?>";
55	if(whoisval){
56	jQuery(function(){
57	jQuery('#wfwhois').val(whoisval);


28	<?php if( isset( $_GET['wfnetworkblock'] ) && $_GET['wfnetworkblock']){ ?>
29	<h2>How to block a network</h2>
30	<p style="width: 600px;">
31	+ You've chosen to block the network that <span style="color: #F00;"><?php echo htmlentities($_GET['whoisval']); ?></span> is part of.
32	We've marked the networks we found that this IP address belongs to in red below.
33	Make sure you read all the WHOIS information so that you see all networks this IP belongs to. We recommend blocking the network with the lowest number of addresses.
34	You may find this is listed at the end as part of the 'rWHOIS' query which contacts

51	</div>
52	</script>
53	<script type="text/javascript">
54	+ var whoisval = "<?php if( isset( $_GET['whoisval'] ) ) { echo htmlentities($_GET['whoisval']); } ?>";
55	if(whoisval){
56	jQuery(function(){
57	jQuery('#wfwhois').val(whoisval);

lib/wfConfig.php CHANGED Viewed

	@@ -11,6 +11,7 @@ class wfConfig {
11	array( //level 0
12	"checkboxes" => array(
13	"alertOn_critical" => false,

14	"alertOn_warnings" => false,
15	"alertOn_throttle" => false,
16	"alertOn_block" => false,
	@@ -56,6 +57,7 @@ class wfConfig {
56	"other_WFNet" => true,
57	"other_scanOutside" => false,
58	"deleteTablesOnDeact" => false,

59	"disableCookies" => false,
60	"startScansRemotely" => false,
61	"addCacheComment" => false,
	@@ -89,6 +91,7 @@ class wfConfig {
89	array( //level 1
90	"checkboxes" => array(
91	"alertOn_critical" => true,

92	"alertOn_warnings" => false,
93	"alertOn_throttle" => false,
94	"alertOn_block" => true,
	@@ -134,6 +137,7 @@ class wfConfig {
134	"other_WFNet" => true,
135	"other_scanOutside" => false,
136	"deleteTablesOnDeact" => false,

137	"disableCookies" => false,
138	"startScansRemotely" => false,
139	"addCacheComment" => false,
	@@ -167,6 +171,7 @@ class wfConfig {
167	array( //level 2
168	"checkboxes" => array(
169	"alertOn_critical" => true,

170	"alertOn_warnings" => true,
171	"alertOn_throttle" => false,
172	"alertOn_block" => true,
	@@ -212,6 +217,7 @@ class wfConfig {
212	"other_WFNet" => true,
213	"other_scanOutside" => false,
214	"deleteTablesOnDeact" => false,

215	"disableCookies" => false,
216	"startScansRemotely" => false,
217	"addCacheComment" => false,
	@@ -245,6 +251,7 @@ class wfConfig {
245	array( //level 3
246	"checkboxes" => array(
247	"alertOn_critical" => true,

248	"alertOn_warnings" => true,
249	"alertOn_throttle" => false,
250	"alertOn_block" => true,
	@@ -290,6 +297,7 @@ class wfConfig {
290	"other_WFNet" => true,
291	"other_scanOutside" => false,
292	"deleteTablesOnDeact" => false,

293	"disableCookies" => false,
294	"startScansRemotely" => false,
295	"addCacheComment" => false,
	@@ -323,6 +331,7 @@ class wfConfig {
323	array( //level 4
324	"checkboxes" => array(
325	"alertOn_critical" => true,

326	"alertOn_warnings" => true,
327	"alertOn_throttle" => false,
328	"alertOn_block" => true,
	@@ -368,6 +377,7 @@ class wfConfig {
368	"other_WFNet" => true,
369	"other_scanOutside" => false,
370	"deleteTablesOnDeact" => false,

371	"disableCookies" => false,
372	"startScansRemotely" => false,
373	"addCacheComment" => false,
	@@ -705,5 +715,36 @@ class wfConfig {
705	if( (! self::get('liveTrafficEnabled')) \|\| self::get('cacheType') == 'falcon' \|\| self::get('cacheType') == 'php'){ return false; }
706	return true;
707	}































708	}
709	?>


11	array( //level 0
12	"checkboxes" => array(
13	"alertOn_critical" => false,
14	+ "alertOn_update" => false,
15	"alertOn_warnings" => false,
16	"alertOn_throttle" => false,
17	"alertOn_block" => false,

57	"other_WFNet" => true,
58	"other_scanOutside" => false,
59	"deleteTablesOnDeact" => false,
60	+ "autoUpdate" => false,
61	"disableCookies" => false,
62	"startScansRemotely" => false,
63	"addCacheComment" => false,

91	array( //level 1
92	"checkboxes" => array(
93	"alertOn_critical" => true,
94	+ "alertOn_update" => false,
95	"alertOn_warnings" => false,
96	"alertOn_throttle" => false,
97	"alertOn_block" => true,

137	"other_WFNet" => true,
138	"other_scanOutside" => false,
139	"deleteTablesOnDeact" => false,
140	+ "autoUpdate" => false,
141	"disableCookies" => false,
142	"startScansRemotely" => false,
143	"addCacheComment" => false,

171	array( //level 2
172	"checkboxes" => array(
173	"alertOn_critical" => true,
174	+ "alertOn_update" => false,
175	"alertOn_warnings" => true,
176	"alertOn_throttle" => false,
177	"alertOn_block" => true,

217	"other_WFNet" => true,
218	"other_scanOutside" => false,
219	"deleteTablesOnDeact" => false,
220	+ "autoUpdate" => false,
221	"disableCookies" => false,
222	"startScansRemotely" => false,
223	"addCacheComment" => false,

251	array( //level 3
252	"checkboxes" => array(
253	"alertOn_critical" => true,
254	+ "alertOn_update" => false,
255	"alertOn_warnings" => true,
256	"alertOn_throttle" => false,
257	"alertOn_block" => true,

297	"other_WFNet" => true,
298	"other_scanOutside" => false,
299	"deleteTablesOnDeact" => false,
300	+ "autoUpdate" => false,
301	"disableCookies" => false,
302	"startScansRemotely" => false,
303	"addCacheComment" => false,

331	array( //level 4
332	"checkboxes" => array(
333	"alertOn_critical" => true,
334	+ "alertOn_update" => false,
335	"alertOn_warnings" => true,
336	"alertOn_throttle" => false,
337	"alertOn_block" => true,

377	"other_WFNet" => true,
378	"other_scanOutside" => false,
379	"deleteTablesOnDeact" => false,
380	+ "autoUpdate" => false,
381	"disableCookies" => false,
382	"startScansRemotely" => false,
383	"addCacheComment" => false,

715	if( (! self::get('liveTrafficEnabled')) \|\| self::get('cacheType') == 'falcon' \|\| self::get('cacheType') == 'php'){ return false; }
716	return true;
717	}
718	+ public static function enableAutoUpdate(){
719	+ wfConfig::set('autoUpdate', '1');
720	+ wp_schedule_event(time(), 'daily', 'wordfence_daily_autoUpdate');
721	+ }
722	+ public static function disableAutoUpdate(){
723	+ wfConfig::set('autoUpdate', '0');
724	+ wp_clear_scheduled_hook('wordfence_daily_autoUpdate');
725	+ }
726	+ public static function autoUpdate(){
727	+ try {
728	+ require_once(ABSPATH . 'wp-admin/includes/class-wp-upgrader.php');
729	+ if(! function_exists('show_message')){
730	+ function show_message($msg = 'null'){}
731	+ }
732	+ define('FS_METHOD', 'direct');
733	+ require_once(ABSPATH . 'wp-includes/update.php');
734	+ require_once(ABSPATH . 'wp-admin/includes/file.php');
735	+ wp_update_plugins();
736	+ ob_start();
737	+ $upgrader = new Plugin_Upgrader();
738	+ $upret = $upgrader->upgrade('wordfence/wordfence.php');
739	+ if($upret){
740	+ $cont = file_get_contents(WP_PLUGIN_DIR . '/wordfence/wordfence.php');
741	+ if(wfConfig::get('alertOn_update') == '1' && preg_match('/Version: (\d+\.\d+\.\d+)/', $cont, $matches) ){
742	+ wordfence::alert("Wordfence Upgraded to version " . $matches[1], "Your Wordfence installation has been upgraded to version " . $matches[1], '127.0.0.1');
743	+ }
744	+ }
745	+ $output = ob_get_contents();
746	+ ob_end_clean();
747	+ } catch(Exception $e){}
748	+ }
749	}
750	?>

lib/wfViewResult.php CHANGED Viewed

	@@ -6,7 +6,7 @@
6	<body>
7	<h1>Wordfence: File Viewer</h1>
8	<table border="0" style="margin: 0 0 20px 0;" class="summary">
9	- <tr><td>Filename:</td><td><?php echo $localFile; ?></td></tr>
10	<tr><td>File Size:</td><td><?php echo $fileSize; ?></td></tr>
11	<tr><td>File last modified:</td><td><?php echo $fileMTime; ?></td></tr>
12	</table>


6	<body>
7	<h1>Wordfence: File Viewer</h1>
8	<table border="0" style="margin: 0 0 20px 0;" class="summary">
9	+ <tr><td>Filename:</td><td><?php echo htmlspecialchars($localFile, ENT_QUOTES, 'UTF-8'); ?></td></tr>
10	<tr><td>File Size:</td><td><?php echo $fileSize; ?></td></tr>
11	<tr><td>File last modified:</td><td><?php echo $fileMTime; ?></td></tr>
12	</table>

lib/wordfenceClass.php CHANGED Viewed

	@@ -35,7 +35,6 @@ class wordfence {
35	update_option('wordfenceActivated', 1);
36	}
37	public static function uninstallPlugin(){
38	-
39	//Check if caching is enabled and if it is, disable it and fix the .htaccess file.
40	$cacheType = wfConfig::get('cacheType', false);
41	if($cacheType == 'falcon'){
	@@ -54,6 +53,7 @@ class wordfence {
54	update_option('wordfenceActivated', 0);
55	wp_clear_scheduled_hook('wordfence_daily_cron');
56	wp_clear_scheduled_hook('wordfence_hourly_cron');

57
58	//Remove old legacy cron job if it exists
59	wp_clear_scheduled_hook('wordfence_scheduled_scan');
	@@ -242,6 +242,10 @@ class wordfence {
242	//Install new schedule. If schedule config is blank it will install the default 'auto' schedule.
243	wordfence::scheduleScans();
244




245	if(! wfConfig::get('apiKey')){
246	$api = new wfAPI('', wfUtils::getWPVersion());
247	try {
	@@ -359,6 +363,7 @@ class wordfence {
359
360	add_action('wordfence_start_scheduled_scan', 'wordfence::wordfenceStartScheduledScan');
361	add_action('wordfence_daily_cron', 'wordfence::dailyCron');

362	add_action('wordfence_hourly_cron', 'wordfence::hourlyCron');
363	add_action('plugins_loaded', 'wordfence::veryFirstAction');
364	add_action('init', 'wordfence::initAction');
	@@ -415,7 +420,7 @@ class wordfence {
415	}
416	}
417	}
418	- /* ~~For debugging:~~
419	public static function cronAddSchedules($schedules){
420	$schedules['wfEachMinute'] = array(
421	'interval' => 60,
	@@ -1683,6 +1688,14 @@ class wordfence {
1683	if($regenerateHtaccess){
1684	wfCache::addHtaccessCode('add');
1685	}








1686
1687	$paidKeyMsg = false;
1688
	@@ -2067,9 +2080,9 @@ class wordfence {
2067	return array('cerrorMsg' => "We could not find that issue in our database.");
2068	}
2069	$dat = $issue['data'];
2070	- $result = self::getWPFileContent($dat['file'], $dat['cType'], $dat['cName'], $dat['cVersion']);
2071	$file = $dat['file'];
2072	- if($result['cerrorMsg']){
2073	return $result;
2074	} else if(! $result['fileContent']){
2075	return array('cerrorMsg' => "We could not get the original file to do a repair.");
	@@ -2259,11 +2272,11 @@ EOL;
2259	}
2260	public static function wfFunc_IPTraf(){
2261	$IP = $_GET['IP'];
2262	- $reverseLookup = wfUtils::reverseLookup($IP);
2263	if(! preg_match('/^\d+\.\d+\.\d+\.\d+$/', $IP)){
2264	echo "An invalid IP address was specified.";
2265	exit(0);
2266	}

2267	$wfLog = new wfLog(wfConfig::get('apiKey'), wfUtils::getWPVersion());
2268	$results = array_merge(
2269	$wfLog->getHits('hits', 'hit', 0, 10000, $IP),
	@@ -2290,6 +2303,10 @@ EOL;
2290	echo "Invalid file requested. (Relative paths not allowed)";
2291	exit();
2292	}




2293	$lang = false;
2294	$cont = @file_get_contents($localFile);
2295	$isEmpty = false;
	@@ -2317,6 +2334,11 @@ EOL;
2317	exit(0);
2318	}
2319	public static function wfFunc_diff(){





2320	$result = self::getWPFileContent($_GET['file'], $_GET['cType'], $_GET['cName'], $_GET['cVersion']);
2321	if( isset( $result['errorMsg'] ) && $result['errorMsg']){
2322	echo htmlentities($result['errorMsg']);


35	update_option('wordfenceActivated', 1);
36	}
37	public static function uninstallPlugin(){

38	//Check if caching is enabled and if it is, disable it and fix the .htaccess file.
39	$cacheType = wfConfig::get('cacheType', false);
40	if($cacheType == 'falcon'){

53	update_option('wordfenceActivated', 0);
54	wp_clear_scheduled_hook('wordfence_daily_cron');
55	wp_clear_scheduled_hook('wordfence_hourly_cron');
56	+ wp_clear_scheduled_hook('wordfence_daily_autoUpdate');
57
58	//Remove old legacy cron job if it exists
59	wp_clear_scheduled_hook('wordfence_scheduled_scan');

242	//Install new schedule. If schedule config is blank it will install the default 'auto' schedule.
243	wordfence::scheduleScans();
244
245	+ if(wfConfig::get('autoUpdate') == '1'){
246	+ wfConfig::enableAutoUpdate(); //Sets up the cron
247	+ }
248	+
249	if(! wfConfig::get('apiKey')){
250	$api = new wfAPI('', wfUtils::getWPVersion());
251	try {

363
364	add_action('wordfence_start_scheduled_scan', 'wordfence::wordfenceStartScheduledScan');
365	add_action('wordfence_daily_cron', 'wordfence::dailyCron');
366	+ add_action('wordfence_daily_autoUpdate', 'wfConfig::autoUpdate');
367	add_action('wordfence_hourly_cron', 'wordfence::hourlyCron');
368	add_action('plugins_loaded', 'wordfence::veryFirstAction');
369	add_action('init', 'wordfence::initAction');

420	}
421	}
422	}
423	+ /*
424	public static function cronAddSchedules($schedules){
425	$schedules['wfEachMinute'] = array(
426	'interval' => 60,

1688	if($regenerateHtaccess){
1689	wfCache::addHtaccessCode('add');
1690	}
1691	+
1692	+ if($opts['autoUpdate'] == '1'){
1693	+ wfConfig::enableAutoUpdate();
1694	+ } else if($opts['autoUpdate'] == '0'){
1695	+ wfConfig::disableAutoUpdate();
1696	+ }
1697	+
1698	+
1699
1700	$paidKeyMsg = false;
1701

2080	return array('cerrorMsg' => "We could not find that issue in our database.");
2081	}
2082	$dat = $issue['data'];
2083	+ $result = self::getWPFileContent($dat['file'], $dat['cType'], (isset($dat['cName']) ? $dat['cName'] : ''), (isset($dat['cVersion']) ? $dat['cVersion'] : ''));
2084	$file = $dat['file'];
2085	+ if(isset($result['cerrorMsg']) && $result['cerrorMsg']){
2086	return $result;
2087	} else if(! $result['fileContent']){
2088	return array('cerrorMsg' => "We could not get the original file to do a repair.");

2272	}
2273	public static function wfFunc_IPTraf(){
2274	$IP = $_GET['IP'];

2275	if(! preg_match('/^\d+\.\d+\.\d+\.\d+$/', $IP)){
2276	echo "An invalid IP address was specified.";
2277	exit(0);
2278	}
2279	+ $reverseLookup = wfUtils::reverseLookup($IP);
2280	$wfLog = new wfLog(wfConfig::get('apiKey'), wfUtils::getWPVersion());
2281	$results = array_merge(
2282	$wfLog->getHits('hits', 'hit', 0, 10000, $IP),

2303	echo "Invalid file requested. (Relative paths not allowed)";
2304	exit();
2305	}
2306	+ if(preg_match('/[\'\"<>\!\{\}\&\@\%\$\*\+\[\]\?]+/', $localFile)){
2307	+ echo "File contains illegal characters.";
2308	+ exit();
2309	+ }
2310	$lang = false;
2311	$cont = @file_get_contents($localFile);
2312	$isEmpty = false;

2334	exit(0);
2335	}
2336	public static function wfFunc_diff(){
2337	+ if(preg_match('/[\'\"<>\!\{\}\&\@\%\$\*\+\[\]\?]+/', $_GET['file'])){
2338	+ echo "File contains illegal characters.";
2339	+ exit();
2340	+ }
2341	+
2342	$result = self::getWPFileContent($_GET['file'], $_GET['cType'], $_GET['cName'], $_GET['cVersion']);
2343	if( isset( $result['errorMsg'] ) && $result['errorMsg']){
2344	echo htmlentities($result['errorMsg']);

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: mmaunder
3	Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching
4	Requires at least: 3.3.1
5	Tested up to: 3.9.1
6	- Stable tag: 5.1.2
7
8	Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
9
	@@ -163,6 +163,10 @@ cause a security hole on your site.
163
164	== Changelog ==
165




166	= 5.1.2 =
167	* Feature: You can now specify one or more URL's that if accessed will cause the IP to immediately be blocked. See below "Other Options" for the new feature.
168	* Improvement: Added additional debugging info when cron key does not match saved key to help diagnose any problems.


3	Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching
4	Requires at least: 3.3.1
5	Tested up to: 3.9.1
6	+ Stable tag: 5.1.4
7
8	Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
9

163
164	== Changelog ==
165
166	+ = 5.1.4 =
167	+ * Feature: Auto updates for Wordfence! This is a much-requested feature by our power admin's. Enable the "Update Wordfence automatically when a new version is released" option on the Wordfence options page.
168	+ * Fix: Security fix. Thanks to Narendra Bhati from Suma Soft.
169	+
170	= 5.1.2 =
171	* Feature: You can now specify one or more URL's that if accessed will cause the IP to immediately be blocked. See below "Other Options" for the new feature.
172	* Improvement: Added additional debugging info when cron key does not match saved key to help diagnose any problems.

wordfence.php CHANGED Viewed

	@@ -4,17 +4,17 @@ Plugin Name: Wordfence Security
4	Plugin URI: http://www.wordfence.com/
5	Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
6	Author: Wordfence
7	- Version: 5.1.2
8	Author URI: http://www.wordfence.com/
9	*/
10	if(defined('WP_INSTALLING') && WP_INSTALLING){
11	return;
12	}
13	- define('WORDFENCE_VERSION', '5.1.2');
14	if(get_option('wordfenceActivated') != 1){
15	add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
16	}
17	- if(! defined('WORDFENCE_VERSIONONLY_MODE')){
18	if((int) @ini_get('memory_limit') < 128){
19	if(strpos(ini_get('disable_functions'), 'ini_set') === false){
20	@ini_set('memory_limit', '128M'); //Some hosts have ini set at as little as 32 megs. 64 is the min sane amount of memory.


4	Plugin URI: http://www.wordfence.com/
5	Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
6	Author: Wordfence
7	+ Version: 5.1.4
8	Author URI: http://www.wordfence.com/
9	*/
10	if(defined('WP_INSTALLING') && WP_INSTALLING){
11	return;
12	}
13	+ define('WORDFENCE_VERSION', '5.1.4');
14	if(get_option('wordfenceActivated') != 1){
15	add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
16	}
17	+ if(! defined('WORDFENCE_VERSIONONLY_MODE')){ //Used to get version from file.
18	if((int) @ini_get('memory_limit') < 128){
19	if(strpos(ini_get('disable_functions'), 'ini_set') === false){
20	@ini_set('memory_limit', '128M'); //Some hosts have ini set at as little as 32 megs. 64 is the min sane amount of memory.

Wordfence Security – Firewall & Malware Scan - Version 5.1.4

Version Description

Release Info

Code changes from version 5.1.2 to 5.1.4