Wordfence Security – Firewall & Malware Scan - Version 5.1.4

Version Description

  • Feature: Auto updates for Wordfence! This is a much-requested feature by our power admin's. Enable the "Update Wordfence automatically when a new version is released" option on the Wordfence options page.
  • Fix: Security fix. Thanks to Narendra Bhati from Suma Soft.
Download this release

Release Info

Developer mmaunder
Plugin Icon 128x128 Wordfence Security – Firewall & Malware Scan
Version 5.1.4
Comparing to
See all releases

Code changes from version 5.1.2 to 5.1.4

lib/IPTraf.php CHANGED
@@ -4,7 +4,7 @@
4
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
5
<link rel='stylesheet' id='wordfence-main-style-css' href='<?php echo wfUtils::getBaseURL(); ?>/css/iptraf.css?ver=<?php echo WORDFENCE_VERSION; ?>' type='text/css' media='all' />
6
<body>
7
- <h1>Wordfence: All recent hits for IP address <?php echo $IP; if($reverseLookup){ echo '[' . $reverseLookup . ']'; } ?></h1>
8
<table border="0" cellpadding="2" cellspacing="0" style="width: 900px;">
9
<?php foreach($results as $key => $v){ ?>
10
<tr><th>Time:</th><td><?php echo $v['timeAgo'] ?> ago -- <?php echo date(DATE_RFC822, $v['ctime']); ?> -- <?php echo $v['ctime']; ?> in Unixtime</td></tr>
4
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
5
<link rel='stylesheet' id='wordfence-main-style-css' href='<?php echo wfUtils::getBaseURL(); ?>/css/iptraf.css?ver=<?php echo WORDFENCE_VERSION; ?>' type='text/css' media='all' />
6
<body>
7
+ <h1>Wordfence: All recent hits for IP address <?php echo htmlspecialchars($IP, ENT_QUOTES, 'UTF-8'); if($reverseLookup){ echo '[' . htmlspecialchars($reverseLookup, ENT_QUOTES, 'UTF-8') . ']'; } ?></h1>
8
<table border="0" cellpadding="2" cellspacing="0" style="width: 900px;">
9
<?php foreach($results as $key => $v){ ?>
10
<tr><th>Time:</th><td><?php echo $v['timeAgo'] ?> ago -- <?php echo date(DATE_RFC822, $v['ctime']); ?> -- <?php echo $v['ctime']; ?> in Unixtime</td></tr>
lib/diffResult.php CHANGED
@@ -15,15 +15,15 @@
15
ignore this file the next time Wordfence scans your system.
16
</p>
17
<table border="0" style="margin: 0 0 20px 0;" class="summary">
18
- <tr><td>Filename:</td><td><?php echo $_GET['file']; ?></td></tr>
19
<tr><td>File type:</td><td><?php
20
$cType = $_GET['cType'];
21
if($cType == 'core'){
22
echo "WordPress Core File</td></tr>";
23
} else if($cType == 'theme'){
24
- echo "Theme File</td></tr><tr><td>Theme Name:</td><td>" . $_GET['cName'] . "</td></tr><tr><td>Theme Version:</td><td>" . $_GET['cVersion'] . "</td></tr>";
25
} else if($cType == 'plugin'){
26
- echo "Plugin File</td></tr><tr><td>Plugin Name:</td><td>" . $_GET['cName'] . "</td></tr><tr><td>Plugin Version:</td><td>" . $_GET['cVersion'] . "</td></tr>";
27
} else {
28
echo "Unknown Type</td></tr>";
29
}
15
ignore this file the next time Wordfence scans your system.
16
</p>
17
<table border="0" style="margin: 0 0 20px 0;" class="summary">
18
+ <tr><td>Filename:</td><td><?php echo htmlentities($_GET['file']); ?></td></tr>
19
<tr><td>File type:</td><td><?php
20
$cType = $_GET['cType'];
21
if($cType == 'core'){
22
echo "WordPress Core File</td></tr>";
23
} else if($cType == 'theme'){
24
+ echo "Theme File</td></tr><tr><td>Theme Name:</td><td>" . htmlentities($_GET['cName']) . "</td></tr><tr><td>Theme Version:</td><td>" . htmlentities($_GET['cVersion']) . "</td></tr>";
25
} else if($cType == 'plugin'){
26
+ echo "Plugin File</td></tr><tr><td>Plugin Name:</td><td>" . htmlentities($_GET['cName']) . "</td></tr><tr><td>Plugin Version:</td><td>" . htmlentities($_GET['cVersion']) . "</td></tr>";
27
} else {
28
echo "Unknown Type</td></tr>";
29
}
lib/menu_options.php CHANGED
@@ -47,6 +47,8 @@ var WFSLevels = <?php echo json_encode(wfConfig::$securityLevels); ?>;
47
<tr><td colspan="2">&nbsp;</td></tr>
48
<tr><th class="wfConfigEnable">Enable automatic scheduled scans</th><td><input type="checkbox" id="scheduledScansEnabled" class="wfConfigElem" name="scheduledScansEnabled" value="1" <?php $w->cb('scheduledScansEnabled'); ?> />&nbsp;Regular scans ensure your site stays secure.</td></tr>
49
<tr><td colspan="2">&nbsp;</td></tr>
50
51
<tr><th>Where to email alerts:</th><td><input type="text" id="alertEmails" name="alertEmails" value="<?php $w->f('alertEmails'); ?>" size="50" />&nbsp;<span class="wfTipText">Separate multiple emails with commas</span></td></tr>
52
<tr><th colspan="2">&nbsp;</th></tr>
@@ -87,6 +89,7 @@ var WFSLevels = <?php echo json_encode(wfConfig::$securityLevels); ?>;
87
echo "<tr><th colspan=\"2\" style=\"color: #F00;\">You have not configured an email to receive alerts yet. Set this up under \"Basic Options\" above.</th></tr>\n";
88
}
89
?>
90
<tr><th>Alert on critical problems</th><td><input type="checkbox" id="alertOn_critical" class="wfConfigElem" name="alertOn_critical" value="1" <?php $w->cb('alertOn_critical'); ?>/></td></tr>
91
<tr><th>Alert on warnings</th><td><input type="checkbox" id="alertOn_warnings" class="wfConfigElem" name="alertOn_warnings" value="1" <?php $w->cb('alertOn_warnings'); ?>/></td></tr>
92
<tr><th>Alert when an IP address is blocked</th><td><input type="checkbox" id="alertOn_block" class="wfConfigElem" name="alertOn_block" value="1" <?php $w->cb('alertOn_block'); ?>/></td></tr>
@@ -270,6 +273,8 @@ var WFSLevels = <?php echo json_encode(wfConfig::$securityLevels); ?>;
270
<tr><th>Update interval in seconds (2 is default)</th><td><input type="text" id="actUpdateInterval" name="actUpdateInterval" value="<?php $w->f('actUpdateInterval'); ?>" size="4" />Setting higher will reduce browser traffic but slow scan starts, live traffic &amp; status updates.</td></tr>
271
<tr><th>Enable debugging mode (increases database load)</th><td><input type="checkbox" id="debugOn" class="wfConfigElem" name="debugOn" value="1" <?php $w->cb('debugOn'); ?> /></td></tr>
272
<tr><th>Delete Wordfence tables and data on deactivation?</th><td><input type="checkbox" id="deleteTablesOnDeact" class="wfConfigElem" name="deleteTablesOnDeact" value="1" <?php $w->cb('deleteTablesOnDeact'); ?> /></td></tr>
273
<tr><th>Disable Wordfence Cookies</th><td><input type="checkbox" id="disableCookies" class="wfConfigElem" name="disableCookies" value="1" <?php $w->cb('disableCookies'); ?> />(when enabled all visits in live traffic will appear to be new visits)</td></tr>
274
<tr><th>Start all scans remotely</th><td><input type="checkbox" id="startScansRemotely" class="wfConfigElem" name="startScansRemotely" value="1" <?php $w->cb('startScansRemotely'); ?> />(Try this if your scans aren't starting and your site is publicly accessible)</td></tr>
275
<tr><th>Add a debugging comment to HTML source of cached pages.</th><td><input type="checkbox" id="addCacheComment" class="wfConfigElem" name="addCacheComment" value="1" <?php $w->cb('addCacheComment'); ?> /></td></tr>
47
<tr><td colspan="2">&nbsp;</td></tr>
48
<tr><th class="wfConfigEnable">Enable automatic scheduled scans</th><td><input type="checkbox" id="scheduledScansEnabled" class="wfConfigElem" name="scheduledScansEnabled" value="1" <?php $w->cb('scheduledScansEnabled'); ?> />&nbsp;Regular scans ensure your site stays secure.</td></tr>
49
<tr><td colspan="2">&nbsp;</td></tr>
50
+ <tr><th class="wfConfigEnable">Update Wordfence automatically when a new version is released?</th><td><input type="checkbox" id="autoUpdate" class="wfConfigElem" name="autoUpdate" value="1" <?php $w->cb('autoUpdate'); ?> />&nbsp;Automatically updates Wordfence to the newest version within 24 hours of a new release.</td></tr>
51
+ <tr><td colspan="2">&nbsp;</td></tr>
52
53
<tr><th>Where to email alerts:</th><td><input type="text" id="alertEmails" name="alertEmails" value="<?php $w->f('alertEmails'); ?>" size="50" />&nbsp;<span class="wfTipText">Separate multiple emails with commas</span></td></tr>
54
<tr><th colspan="2">&nbsp;</th></tr>
89
echo "<tr><th colspan=\"2\" style=\"color: #F00;\">You have not configured an email to receive alerts yet. Set this up under \"Basic Options\" above.</th></tr>\n";
90
}
91
?>
92
+ <tr><th>Email me when Wordfence is automatically updated</th><td><input type="checkbox" id="alertOn_update" class="wfConfigElem" name="alertOn_update" value="1" <?php $w->cb('alertOn_update'); ?>/>&nbsp;If you have automatic updates enabled (see above), you'll get an email when an update occurs.</td></tr>
93
<tr><th>Alert on critical problems</th><td><input type="checkbox" id="alertOn_critical" class="wfConfigElem" name="alertOn_critical" value="1" <?php $w->cb('alertOn_critical'); ?>/></td></tr>
94
<tr><th>Alert on warnings</th><td><input type="checkbox" id="alertOn_warnings" class="wfConfigElem" name="alertOn_warnings" value="1" <?php $w->cb('alertOn_warnings'); ?>/></td></tr>
95
<tr><th>Alert when an IP address is blocked</th><td><input type="checkbox" id="alertOn_block" class="wfConfigElem" name="alertOn_block" value="1" <?php $w->cb('alertOn_block'); ?>/></td></tr>
273
<tr><th>Update interval in seconds (2 is default)</th><td><input type="text" id="actUpdateInterval" name="actUpdateInterval" value="<?php $w->f('actUpdateInterval'); ?>" size="4" />Setting higher will reduce browser traffic but slow scan starts, live traffic &amp; status updates.</td></tr>
274
<tr><th>Enable debugging mode (increases database load)</th><td><input type="checkbox" id="debugOn" class="wfConfigElem" name="debugOn" value="1" <?php $w->cb('debugOn'); ?> /></td></tr>
275
<tr><th>Delete Wordfence tables and data on deactivation?</th><td><input type="checkbox" id="deleteTablesOnDeact" class="wfConfigElem" name="deleteTablesOnDeact" value="1" <?php $w->cb('deleteTablesOnDeact'); ?> /></td></tr>
276
+
277
+
278
<tr><th>Disable Wordfence Cookies</th><td><input type="checkbox" id="disableCookies" class="wfConfigElem" name="disableCookies" value="1" <?php $w->cb('disableCookies'); ?> />(when enabled all visits in live traffic will appear to be new visits)</td></tr>
279
<tr><th>Start all scans remotely</th><td><input type="checkbox" id="startScansRemotely" class="wfConfigElem" name="startScansRemotely" value="1" <?php $w->cb('startScansRemotely'); ?> />(Try this if your scans aren't starting and your site is publicly accessible)</td></tr>
280
<tr><th>Add a debugging comment to HTML source of cached pages.</th><td><input type="checkbox" id="addCacheComment" class="wfConfigElem" name="addCacheComment" value="1" <?php $w->cb('addCacheComment'); ?> /></td></tr>
lib/menu_rangeBlocking.php CHANGED
@@ -16,7 +16,7 @@
16
</ul>
17
</div>
18
<table class="wfConfigForm">
19
- <tr><th>Block anyone that has an IP address in this range:</th><td><input id="ipRange" type="text" size="30" maxlength="255" value="<?php if( isset( $_GET['wfBlockRange'] ) && $_GET['wfBlockRange']){ echo $_GET['wfBlockRange']; } ?>" onkeyup="WFAD.calcRangeTotal();">&nbsp;<span id="wfShowRangeTotal"></span></td></tr>
20
<tr><td></td><td style="padding-bottom: 15px;"><strong>Examples:</strong> 192.168.200.200 - 192.168.200.220</td></tr>
21
<tr><th>...you can also enter a User-Agent (browser) that matches:</th><td><input id="uaRange" type="text" size="30" maxlength="255" >&nbsp;(Case insensitive)</td></tr>
22
<tr><td></td><td style="padding-bottom: 15px;"><strong>Examples:</strong> *badRobot*, AnotherBadRobot*, *someKindOfSuffix</td></tr>
16
</ul>
17
</div>
18
<table class="wfConfigForm">
19
+ <tr><th>Block anyone that has an IP address in this range:</th><td><input id="ipRange" type="text" size="30" maxlength="255" value="<?php if( isset( $_GET['wfBlockRange'] ) && $_GET['wfBlockRange']){ echo htmlentities($_GET['wfBlockRange']); } ?>" onkeyup="WFAD.calcRangeTotal();">&nbsp;<span id="wfShowRangeTotal"></span></td></tr>
20
<tr><td></td><td style="padding-bottom: 15px;"><strong>Examples:</strong> 192.168.200.200 - 192.168.200.220</td></tr>
21
<tr><th>...you can also enter a User-Agent (browser) that matches:</th><td><input id="uaRange" type="text" size="30" maxlength="255" >&nbsp;(Case insensitive)</td></tr>
22
<tr><td></td><td style="padding-bottom: 15px;"><strong>Examples:</strong> *badRobot*, AnotherBadRobot*, *someKindOfSuffix</td></tr>
lib/menu_whois.php CHANGED
@@ -28,7 +28,7 @@ if(! function_exists('fsockopen')){
28
<?php if( isset( $_GET['wfnetworkblock'] ) && $_GET['wfnetworkblock']){ ?>
29
<h2>How to block a network</h2>
30
<p style="width: 600px;">
31
- You've chosen to block the network that <span style="color: #F00;"><?php echo $_GET['whoisval']; ?></span> is part of.
32
We've marked the networks we found that this IP address belongs to in red below.
33
Make sure you read all the WHOIS information so that you see all networks this IP belongs to. We recommend blocking the network with the lowest number of addresses.
34
You may find this is listed at the end as part of the 'rWHOIS' query which contacts
@@ -51,7 +51,7 @@ if(! function_exists('fsockopen')){
51
</div>
52
</script>
53
<script type="text/javascript">
54
- var whoisval = "<?php if( isset( $_GET['whoisval'] ) ) { echo $_GET['whoisval']; } ?>";
55
if(whoisval){
56
jQuery(function(){
57
jQuery('#wfwhois').val(whoisval);
28
<?php if( isset( $_GET['wfnetworkblock'] ) && $_GET['wfnetworkblock']){ ?>
29
<h2>How to block a network</h2>
30
<p style="width: 600px;">
31
+ You've chosen to block the network that <span style="color: #F00;"><?php echo htmlentities($_GET['whoisval']); ?></span> is part of.
32
We've marked the networks we found that this IP address belongs to in red below.
33
Make sure you read all the WHOIS information so that you see all networks this IP belongs to. We recommend blocking the network with the lowest number of addresses.
34
You may find this is listed at the end as part of the 'rWHOIS' query which contacts
51
</div>
52
</script>
53
<script type="text/javascript">
54
+ var whoisval = "<?php if( isset( $_GET['whoisval'] ) ) { echo htmlentities($_GET['whoisval']); } ?>";
55
if(whoisval){
56
jQuery(function(){
57
jQuery('#wfwhois').val(whoisval);
lib/wfConfig.php CHANGED
@@ -11,6 +11,7 @@ class wfConfig {
11
array( //level 0
12
"checkboxes" => array(
13
"alertOn_critical" => false,
14
"alertOn_warnings" => false,
15
"alertOn_throttle" => false,
16
"alertOn_block" => false,
@@ -56,6 +57,7 @@ class wfConfig {
56
"other_WFNet" => true,
57
"other_scanOutside" => false,
58
"deleteTablesOnDeact" => false,
59
"disableCookies" => false,
60
"startScansRemotely" => false,
61
"addCacheComment" => false,
@@ -89,6 +91,7 @@ class wfConfig {
89
array( //level 1
90
"checkboxes" => array(
91
"alertOn_critical" => true,
92
"alertOn_warnings" => false,
93
"alertOn_throttle" => false,
94
"alertOn_block" => true,
@@ -134,6 +137,7 @@ class wfConfig {
134
"other_WFNet" => true,
135
"other_scanOutside" => false,
136
"deleteTablesOnDeact" => false,
137
"disableCookies" => false,
138
"startScansRemotely" => false,
139
"addCacheComment" => false,
@@ -167,6 +171,7 @@ class wfConfig {
167
array( //level 2
168
"checkboxes" => array(
169
"alertOn_critical" => true,
170
"alertOn_warnings" => true,
171
"alertOn_throttle" => false,
172
"alertOn_block" => true,
@@ -212,6 +217,7 @@ class wfConfig {
212
"other_WFNet" => true,
213
"other_scanOutside" => false,
214
"deleteTablesOnDeact" => false,
215
"disableCookies" => false,
216
"startScansRemotely" => false,
217
"addCacheComment" => false,
@@ -245,6 +251,7 @@ class wfConfig {
245
array( //level 3
246
"checkboxes" => array(
247
"alertOn_critical" => true,
248
"alertOn_warnings" => true,
249
"alertOn_throttle" => false,
250
"alertOn_block" => true,
@@ -290,6 +297,7 @@ class wfConfig {
290
"other_WFNet" => true,
291
"other_scanOutside" => false,
292
"deleteTablesOnDeact" => false,
293
"disableCookies" => false,
294
"startScansRemotely" => false,
295
"addCacheComment" => false,
@@ -323,6 +331,7 @@ class wfConfig {
323
array( //level 4
324
"checkboxes" => array(
325
"alertOn_critical" => true,
326
"alertOn_warnings" => true,
327
"alertOn_throttle" => false,
328
"alertOn_block" => true,
@@ -368,6 +377,7 @@ class wfConfig {
368
"other_WFNet" => true,
369
"other_scanOutside" => false,
370
"deleteTablesOnDeact" => false,
371
"disableCookies" => false,
372
"startScansRemotely" => false,
373
"addCacheComment" => false,
@@ -705,5 +715,36 @@ class wfConfig {
705
if( (! self::get('liveTrafficEnabled')) || self::get('cacheType') == 'falcon' || self::get('cacheType') == 'php'){ return false; }
706
return true;
707
}
708
}
709
?>
11
array( //level 0
12
"checkboxes" => array(
13
"alertOn_critical" => false,
14
+ "alertOn_update" => false,
15
"alertOn_warnings" => false,
16
"alertOn_throttle" => false,
17
"alertOn_block" => false,
57
"other_WFNet" => true,
58
"other_scanOutside" => false,
59
"deleteTablesOnDeact" => false,
60
+ "autoUpdate" => false,
61
"disableCookies" => false,
62
"startScansRemotely" => false,
63
"addCacheComment" => false,
91
array( //level 1
92
"checkboxes" => array(
93
"alertOn_critical" => true,
94
+ "alertOn_update" => false,
95
"alertOn_warnings" => false,
96
"alertOn_throttle" => false,
97
"alertOn_block" => true,
137
"other_WFNet" => true,
138
"other_scanOutside" => false,
139
"deleteTablesOnDeact" => false,
140
+ "autoUpdate" => false,
141
"disableCookies" => false,
142
"startScansRemotely" => false,
143
"addCacheComment" => false,
171
array( //level 2
172
"checkboxes" => array(
173
"alertOn_critical" => true,
174
+ "alertOn_update" => false,
175
"alertOn_warnings" => true,
176
"alertOn_throttle" => false,
177
"alertOn_block" => true,
217
"other_WFNet" => true,
218
"other_scanOutside" => false,
219
"deleteTablesOnDeact" => false,
220
+ "autoUpdate" => false,
221
"disableCookies" => false,
222
"startScansRemotely" => false,
223
"addCacheComment" => false,
251
array( //level 3
252
"checkboxes" => array(
253
"alertOn_critical" => true,
254
+ "alertOn_update" => false,
255
"alertOn_warnings" => true,
256
"alertOn_throttle" => false,
257
"alertOn_block" => true,
297
"other_WFNet" => true,
298
"other_scanOutside" => false,
299
"deleteTablesOnDeact" => false,
300
+ "autoUpdate" => false,
301
"disableCookies" => false,
302
"startScansRemotely" => false,
303
"addCacheComment" => false,
331
array( //level 4
332
"checkboxes" => array(
333
"alertOn_critical" => true,
334
+ "alertOn_update" => false,
335
"alertOn_warnings" => true,
336
"alertOn_throttle" => false,
337
"alertOn_block" => true,
377
"other_WFNet" => true,
378
"other_scanOutside" => false,
379
"deleteTablesOnDeact" => false,
380
+ "autoUpdate" => false,
381
"disableCookies" => false,
382
"startScansRemotely" => false,
383
"addCacheComment" => false,
715
if( (! self::get('liveTrafficEnabled')) || self::get('cacheType') == 'falcon' || self::get('cacheType') == 'php'){ return false; }
716
return true;
717
}
718
+ public static function enableAutoUpdate(){
719
+ wfConfig::set('autoUpdate', '1');
720
+ wp_schedule_event(time(), 'daily', 'wordfence_daily_autoUpdate');
721
+ }
722
+ public static function disableAutoUpdate(){
723
+ wfConfig::set('autoUpdate', '0');
724
+ wp_clear_scheduled_hook('wordfence_daily_autoUpdate');
725
+ }
726
+ public static function autoUpdate(){
727
+ try {
728
+ require_once(ABSPATH . 'wp-admin/includes/class-wp-upgrader.php');
729
+ if(! function_exists('show_message')){
730
+ function show_message($msg = 'null'){}
731
+ }
732
+ define('FS_METHOD', 'direct');
733
+ require_once(ABSPATH . 'wp-includes/update.php');
734
+ require_once(ABSPATH . 'wp-admin/includes/file.php');
735
+ wp_update_plugins();
736
+ ob_start();
737
+ $upgrader = new Plugin_Upgrader();
738
+ $upret = $upgrader->upgrade('wordfence/wordfence.php');
739
+ if($upret){
740
+ $cont = file_get_contents(WP_PLUGIN_DIR . '/wordfence/wordfence.php');
741
+ if(wfConfig::get('alertOn_update') == '1' && preg_match('/Version: (\d+\.\d+\.\d+)/', $cont, $matches) ){
742
+ wordfence::alert("Wordfence Upgraded to version " . $matches[1], "Your Wordfence installation has been upgraded to version " . $matches[1], '127.0.0.1');
743
+ }
744
+ }
745
+ $output = ob_get_contents();
746
+ ob_end_clean();
747
+ } catch(Exception $e){}
748
+ }
749
}
750
?>
lib/wfViewResult.php CHANGED
@@ -6,7 +6,7 @@
6
<body>
7
<h1>Wordfence: File Viewer</h1>
8
<table border="0" style="margin: 0 0 20px 0;" class="summary">
9
- <tr><td>Filename:</td><td><?php echo $localFile; ?></td></tr>
10
<tr><td>File Size:</td><td><?php echo $fileSize; ?></td></tr>
11
<tr><td>File last modified:</td><td><?php echo $fileMTime; ?></td></tr>
12
</table>
6
<body>
7
<h1>Wordfence: File Viewer</h1>
8
<table border="0" style="margin: 0 0 20px 0;" class="summary">
9
+ <tr><td>Filename:</td><td><?php echo htmlspecialchars($localFile, ENT_QUOTES, 'UTF-8'); ?></td></tr>
10
<tr><td>File Size:</td><td><?php echo $fileSize; ?></td></tr>
11
<tr><td>File last modified:</td><td><?php echo $fileMTime; ?></td></tr>
12
</table>
lib/wordfenceClass.php CHANGED
@@ -35,7 +35,6 @@ class wordfence {
35
update_option('wordfenceActivated', 1);
36
}
37
public static function uninstallPlugin(){
38
-
39
//Check if caching is enabled and if it is, disable it and fix the .htaccess file.
40
$cacheType = wfConfig::get('cacheType', false);
41
if($cacheType == 'falcon'){
@@ -54,6 +53,7 @@ class wordfence {
54
update_option('wordfenceActivated', 0);
55
wp_clear_scheduled_hook('wordfence_daily_cron');
56
wp_clear_scheduled_hook('wordfence_hourly_cron');
57
58
//Remove old legacy cron job if it exists
59
wp_clear_scheduled_hook('wordfence_scheduled_scan');
@@ -242,6 +242,10 @@ class wordfence {
242
//Install new schedule. If schedule config is blank it will install the default 'auto' schedule.
243
wordfence::scheduleScans();
244
245
if(! wfConfig::get('apiKey')){
246
$api = new wfAPI('', wfUtils::getWPVersion());
247
try {
@@ -359,6 +363,7 @@ class wordfence {
359
360
add_action('wordfence_start_scheduled_scan', 'wordfence::wordfenceStartScheduledScan');
361
add_action('wordfence_daily_cron', 'wordfence::dailyCron');
362
add_action('wordfence_hourly_cron', 'wordfence::hourlyCron');
363
add_action('plugins_loaded', 'wordfence::veryFirstAction');
364
add_action('init', 'wordfence::initAction');
@@ -415,7 +420,7 @@ class wordfence {
415
}
416
}
417
}
418
- /* For debugging:
419
public static function cronAddSchedules($schedules){
420
$schedules['wfEachMinute'] = array(
421
'interval' => 60,
@@ -1683,6 +1688,14 @@ class wordfence {
1683
if($regenerateHtaccess){
1684
wfCache::addHtaccessCode('add');
1685
}
1686
1687
$paidKeyMsg = false;
1688
@@ -2067,9 +2080,9 @@ class wordfence {
2067
return array('cerrorMsg' => "We could not find that issue in our database.");
2068
}
2069
$dat = $issue['data'];
2070
- $result = self::getWPFileContent($dat['file'], $dat['cType'], $dat['cName'], $dat['cVersion']);
2071
$file = $dat['file'];
2072
- if($result['cerrorMsg']){
2073
return $result;
2074
} else if(! $result['fileContent']){
2075
return array('cerrorMsg' => "We could not get the original file to do a repair.");
@@ -2259,11 +2272,11 @@ EOL;
2259
}
2260
public static function wfFunc_IPTraf(){
2261
$IP = $_GET['IP'];
2262
- $reverseLookup = wfUtils::reverseLookup($IP);
2263
if(! preg_match('/^\d+\.\d+\.\d+\.\d+#x2F;', $IP)){
2264
echo "An invalid IP address was specified.";
2265
exit(0);
2266
}
2267
$wfLog = new wfLog(wfConfig::get('apiKey'), wfUtils::getWPVersion());
2268
$results = array_merge(
2269
$wfLog->getHits('hits', 'hit', 0, 10000, $IP),
@@ -2290,6 +2303,10 @@ EOL;
2290
echo "Invalid file requested. (Relative paths not allowed)";
2291
exit();
2292
}
2293
$lang = false;
2294
$cont = @file_get_contents($localFile);
2295
$isEmpty = false;
@@ -2317,6 +2334,11 @@ EOL;
2317
exit(0);
2318
}
2319
public static function wfFunc_diff(){
2320
$result = self::getWPFileContent($_GET['file'], $_GET['cType'], $_GET['cName'], $_GET['cVersion']);
2321
if( isset( $result['errorMsg'] ) && $result['errorMsg']){
2322
echo htmlentities($result['errorMsg']);
35
update_option('wordfenceActivated', 1);
36
}
37
public static function uninstallPlugin(){
38
//Check if caching is enabled and if it is, disable it and fix the .htaccess file.
39
$cacheType = wfConfig::get('cacheType', false);
40
if($cacheType == 'falcon'){
53
update_option('wordfenceActivated', 0);
54
wp_clear_scheduled_hook('wordfence_daily_cron');
55
wp_clear_scheduled_hook('wordfence_hourly_cron');
56
+ wp_clear_scheduled_hook('wordfence_daily_autoUpdate');
57
58
//Remove old legacy cron job if it exists
59
wp_clear_scheduled_hook('wordfence_scheduled_scan');
242
//Install new schedule. If schedule config is blank it will install the default 'auto' schedule.
243
wordfence::scheduleScans();
244
245
+ if(wfConfig::get('autoUpdate') == '1'){
246
+ wfConfig::enableAutoUpdate(); //Sets up the cron
247
+ }
248
+
249
if(! wfConfig::get('apiKey')){
250
$api = new wfAPI('', wfUtils::getWPVersion());
251
try {
363
364
add_action('wordfence_start_scheduled_scan', 'wordfence::wordfenceStartScheduledScan');
365
add_action('wordfence_daily_cron', 'wordfence::dailyCron');
366
+ add_action('wordfence_daily_autoUpdate', 'wfConfig::autoUpdate');
367
add_action('wordfence_hourly_cron', 'wordfence::hourlyCron');
368
add_action('plugins_loaded', 'wordfence::veryFirstAction');
369
add_action('init', 'wordfence::initAction');
420
}
421
}
422
}
423
+ /*
424
public static function cronAddSchedules($schedules){
425
$schedules['wfEachMinute'] = array(
426
'interval' => 60,
1688
if($regenerateHtaccess){
1689
wfCache::addHtaccessCode('add');
1690
}
1691
+
1692
+ if($opts['autoUpdate'] == '1'){
1693
+ wfConfig::enableAutoUpdate();
1694
+ } else if($opts['autoUpdate'] == '0'){
1695
+ wfConfig::disableAutoUpdate();
1696
+ }
1697
+
1698
+
1699
1700
$paidKeyMsg = false;
1701
2080
return array('cerrorMsg' => "We could not find that issue in our database.");
2081
}
2082
$dat = $issue['data'];
2083
+ $result = self::getWPFileContent($dat['file'], $dat['cType'], (isset($dat['cName']) ? $dat['cName'] : ''), (isset($dat['cVersion']) ? $dat['cVersion'] : ''));
2084
$file = $dat['file'];
2085
+ if(isset($result['cerrorMsg']) && $result['cerrorMsg']){
2086
return $result;
2087
} else if(! $result['fileContent']){
2088
return array('cerrorMsg' => "We could not get the original file to do a repair.");
2272
}
2273
public static function wfFunc_IPTraf(){
2274
$IP = $_GET['IP'];
2275
if(! preg_match('/^\d+\.\d+\.\d+\.\d+#x2F;', $IP)){
2276
echo "An invalid IP address was specified.";
2277
exit(0);
2278
}
2279
+ $reverseLookup = wfUtils::reverseLookup($IP);
2280
$wfLog = new wfLog(wfConfig::get('apiKey'), wfUtils::getWPVersion());
2281
$results = array_merge(
2282
$wfLog->getHits('hits', 'hit', 0, 10000, $IP),
2303
echo "Invalid file requested. (Relative paths not allowed)";
2304
exit();
2305
}
2306
+ if(preg_match('/[\'\"<>\!\{\}\(\)\&\@\%\$\*\+\[\]\?]+/', $localFile)){
2307
+ echo "File contains illegal characters.";
2308
+ exit();
2309
+ }
2310
$lang = false;
2311
$cont = @file_get_contents($localFile);
2312
$isEmpty = false;
2334
exit(0);
2335
}
2336
public static function wfFunc_diff(){
2337
+ if(preg_match('/[\'\"<>\!\{\}\(\)\&\@\%\$\*\+\[\]\?]+/', $_GET['file'])){
2338
+ echo "File contains illegal characters.";
2339
+ exit();
2340
+ }
2341
+
2342
$result = self::getWPFileContent($_GET['file'], $_GET['cType'], $_GET['cName'], $_GET['cVersion']);
2343
if( isset( $result['errorMsg'] ) && $result['errorMsg']){
2344
echo htmlentities($result['errorMsg']);
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: mmaunder
3
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching
4
Requires at least: 3.3.1
5
Tested up to: 3.9.1
6
- Stable tag: 5.1.2
7
8
Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
9
@@ -163,6 +163,10 @@ cause a security hole on your site.
163
164
== Changelog ==
165
166
= 5.1.2 =
167
* Feature: You can now specify one or more URL's that if accessed will cause the IP to immediately be blocked. See below "Other Options" for the new feature.
168
* Improvement: Added additional debugging info when cron key does not match saved key to help diagnose any problems.
3
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching
4
Requires at least: 3.3.1
5
Tested up to: 3.9.1
6
+ Stable tag: 5.1.4
7
8
Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
9
163
164
== Changelog ==
165
166
+ = 5.1.4 =
167
+ * Feature: Auto updates for Wordfence! This is a much-requested feature by our power admin's. Enable the "Update Wordfence automatically when a new version is released" option on the Wordfence options page.
168
+ * Fix: Security fix. Thanks to Narendra Bhati from Suma Soft.
169
+
170
= 5.1.2 =
171
* Feature: You can now specify one or more URL's that if accessed will cause the IP to immediately be blocked. See below "Other Options" for the new feature.
172
* Improvement: Added additional debugging info when cron key does not match saved key to help diagnose any problems.
wordfence.php CHANGED
@@ -4,17 +4,17 @@ Plugin Name: Wordfence Security
4
Plugin URI: http://www.wordfence.com/
5
Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
6
Author: Wordfence
7
- Version: 5.1.2
8
Author URI: http://www.wordfence.com/
9
*/
10
if(defined('WP_INSTALLING') && WP_INSTALLING){
11
return;
12
}
13
- define('WORDFENCE_VERSION', '5.1.2');
14
if(get_option('wordfenceActivated') != 1){
15
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
16
}
17
- if(! defined('WORDFENCE_VERSIONONLY_MODE')){
18
if((int) @ini_get('memory_limit') < 128){
19
if(strpos(ini_get('disable_functions'), 'ini_set') === false){
20
@ini_set('memory_limit', '128M'); //Some hosts have ini set at as little as 32 megs. 64 is the min sane amount of memory.
4
Plugin URI: http://www.wordfence.com/
5
Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
6
Author: Wordfence
7
+ Version: 5.1.4
8
Author URI: http://www.wordfence.com/
9
*/
10
if(defined('WP_INSTALLING') && WP_INSTALLING){
11
return;
12
}
13
+ define('WORDFENCE_VERSION', '5.1.4');
14
if(get_option('wordfenceActivated') != 1){
15
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
16
}
17
+ if(! defined('WORDFENCE_VERSIONONLY_MODE')){ //Used to get version from file.
18
if((int) @ini_get('memory_limit') < 128){
19
if(strpos(ini_get('disable_functions'), 'ini_set') === false){
20
@ini_set('memory_limit', '128M'); //Some hosts have ini set at as little as 32 megs. 64 is the min sane amount of memory.