Wordfence Security – Firewall & Malware Scan - Version 5.1.7

Version Description

  • Improvement: Wordfence now supports websites behind proxy servers when communicating with the Wordfence API servers.
  • Fix: Removed old image files that were unused.
Download this release

Release Info

Developer mmaunder
Plugin Icon 128x128 Wordfence Security – Firewall & Malware Scan
Version 5.1.7
Comparing to
See all releases

Code changes from version 5.1.6 to 5.1.7

Files changed (11) hide show
  1. images/bh_120x60_01.gif +0 -0
  2. images/bh_120x60_02.gif +0 -0
  3. images/bh_120x60_03.gif +0 -0
  4. images/bh_120x60_04.gif +0 -0
  5. images/bh_120x60_05.gif +0 -0
  6. lib/conntest.php +8 -0
  7. lib/wfAPI.php +15 -0
  8. lib/wfUtils.php +16 -1
  9. lib/wordfenceClass.php +16 -0
  10. readme.txt +5 -1
  11. wordfence.php +2 -2
images/bh_120x60_01.gif DELETED
Binary file
images/bh_120x60_02.gif DELETED
Binary file
images/bh_120x60_03.gif DELETED
Binary file
images/bh_120x60_04.gif DELETED
Binary file
images/bh_120x60_05.gif DELETED
Binary file
lib/conntest.php CHANGED
@@ -48,6 +48,14 @@ function doCurlTest($protocol){
48
  global $curlContent;
49
  $curlContent = "";
50
  $curl = curl_init($protocol . '://noc1.wordfence.com/');
 
 
 
 
 
 
 
 
51
  curl_setopt ($curl, CURLOPT_TIMEOUT, 900);
52
  curl_setopt ($curl, CURLOPT_USERAGENT, "Wordfence.com UA " . (defined('WORDFENCE_VERSION') ? WORDFENCE_VERSION : '[Unknown version]') );
53
  curl_setopt ($curl, CURLOPT_RETURNTRANSFER, TRUE);
48
  global $curlContent;
49
  $curlContent = "";
50
  $curl = curl_init($protocol . '://noc1.wordfence.com/');
51
+ if(defined('WP_PROXY_HOST') && defined('WP_PROXY_PORT') && wfUtils::hostNotExcludedFromProxy('noc1.wordfence.com') ){
52
+ curl_setopt($curl, CURLOPT_HTTPPROXYTUNNEL, 0);
53
+ curl_setopt($curl, CURLOPT_PROXY, WP_PROXY_HOST . ':' . WP_PROXY_PORT);
54
+ if(defined('WP_PROXY_USERNAME') && defined('WP_PROXY_PASSWORD')){
55
+ curl_setopt($curl, CURLOPT_PROXYUSERPWD, WP_PROXY_USERNAME . ':' . WP_PROXY_PASSWORD);
56
+ }
57
+ }
58
+
59
  curl_setopt ($curl, CURLOPT_TIMEOUT, 900);
60
  curl_setopt ($curl, CURLOPT_USERAGENT, "Wordfence.com UA " . (defined('WORDFENCE_VERSION') ? WORDFENCE_VERSION : '[Unknown version]') );
61
  curl_setopt ($curl, CURLOPT_RETURNTRANSFER, TRUE);
lib/wfAPI.php CHANGED
@@ -52,6 +52,13 @@ class wfAPI {
52
  $this->curlDataWritten = 0;
53
  $this->curlContent = "";
54
  $curl = curl_init($url);
 
 
 
 
 
 
 
55
  curl_setopt ($curl, CURLOPT_TIMEOUT, 900);
56
  curl_setopt ($curl, CURLOPT_USERAGENT, "Wordfence.com UA " . (defined('WORDFENCE_VERSION') ? WORDFENCE_VERSION : '[Unknown version]') );
57
  curl_setopt ($curl, CURLOPT_RETURNTRANSFER, TRUE);
@@ -115,6 +122,14 @@ class wfAPI {
115
  $url = $this->getAPIURL() . '/v' . WORDFENCE_API_VERSION . '/?' . $this->makeAPIQueryString() . '&action=' . $func;
116
  if(function_exists('curl_init')){
117
  $curl = curl_init($url);
 
 
 
 
 
 
 
 
118
  curl_setopt ($curl, CURLOPT_TIMEOUT, 900);
119
  //curl_setopt($curl, CURLOPT_VERBOSE, true);
120
  curl_setopt ($curl, CURLOPT_USERAGENT, "Wordfence");
52
  $this->curlDataWritten = 0;
53
  $this->curlContent = "";
54
  $curl = curl_init($url);
55
+ if(defined('WP_PROXY_HOST') && defined('WP_PROXY_PORT') && wfUtils::hostNotExcludedFromProxy($url) ){
56
+ curl_setopt($curl, CURLOPT_HTTPPROXYTUNNEL, 0);
57
+ curl_setopt($curl, CURLOPT_PROXY, WP_PROXY_HOST . ':' . WP_PROXY_PORT);
58
+ if(defined('WP_PROXY_USERNAME') && defined('WP_PROXY_PASSWORD')){
59
+ curl_setopt($curl, CURLOPT_PROXYUSERPWD, WP_PROXY_USERNAME . ':' . WP_PROXY_PASSWORD);
60
+ }
61
+ }
62
  curl_setopt ($curl, CURLOPT_TIMEOUT, 900);
63
  curl_setopt ($curl, CURLOPT_USERAGENT, "Wordfence.com UA " . (defined('WORDFENCE_VERSION') ? WORDFENCE_VERSION : '[Unknown version]') );
64
  curl_setopt ($curl, CURLOPT_RETURNTRANSFER, TRUE);
122
  $url = $this->getAPIURL() . '/v' . WORDFENCE_API_VERSION . '/?' . $this->makeAPIQueryString() . '&action=' . $func;
123
  if(function_exists('curl_init')){
124
  $curl = curl_init($url);
125
+ if(defined('WP_PROXY_HOST') && defined('WP_PROXY_PORT') && wfUtils::hostNotExcludedFromProxy($url) ){
126
+ error_log("BINCALL PROXY");
127
+ curl_setopt($curl, CURLOPT_HTTPPROXYTUNNEL, 0);
128
+ curl_setopt($curl, CURLOPT_PROXY, WP_PROXY_HOST . ':' . WP_PROXY_PORT);
129
+ if(defined('WP_PROXY_USERNAME') && defined('WP_PROXY_PASSWORD')){
130
+ curl_setopt($curl, CURLOPT_PROXYUSERPWD, WP_PROXY_USERNAME . ':' . WP_PROXY_PASSWORD);
131
+ }
132
+ }
133
  curl_setopt ($curl, CURLOPT_TIMEOUT, 900);
134
  //curl_setopt($curl, CURLOPT_VERBOSE, true);
135
  curl_setopt ($curl, CURLOPT_USERAGENT, "Wordfence");
lib/wfUtils.php CHANGED
@@ -136,7 +136,7 @@ class wfUtils {
136
  public static function getIP(){
137
  //You can use the following examples to force Wordfence to think a visitor has a certain IP if you're testing. Remember to re-comment this out or you will break Wordfence badly.
138
  //return '1.2.33.57';
139
- //return '1.2.3.4';
140
  //return self::makeRandomIP();
141
 
142
  $howGet = wfConfig::get('howGetIPs', false);
@@ -627,6 +627,21 @@ class wfUtils {
627
  }
628
  return '';
629
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
630
  }
631
 
632
 
136
  public static function getIP(){
137
  //You can use the following examples to force Wordfence to think a visitor has a certain IP if you're testing. Remember to re-comment this out or you will break Wordfence badly.
138
  //return '1.2.33.57';
139
+ //return '4.2.3.14';
140
  //return self::makeRandomIP();
141
 
142
  $howGet = wfConfig::get('howGetIPs', false);
627
  }
628
  return '';
629
  }
630
+ public static function hostNotExcludedFromProxy($url){
631
+ if(! defined('WP_PROXY_BYPASS_HOSTS')){
632
+ return true; //No hosts are excluded
633
+ }
634
+ $hosts = explode(',', WP_PROXY_BYPASS_HOSTS);
635
+ $url = preg_replace('/^https?:\/\//i', '', $url);
636
+ $url = preg_replace('/\/.*$/', '', $url);
637
+ $url = strtolower($url);
638
+ foreach($hosts as $h){
639
+ if(strtolower(trim($h)) == $url){
640
+ return false;
641
+ }
642
+ }
643
+ return true;
644
+ }
645
  }
646
 
647
 
lib/wordfenceClass.php CHANGED
@@ -878,6 +878,14 @@ class wordfence {
878
  public static function wfsnReportBlockedAttempt($IP, $type){
879
  try {
880
  $curl = curl_init('http://noc3.wordfence.com:9050/hackAttempt/?blocked=1&k=' . wfConfig::get('apiKey') . '&IP=' . wfUtils::inet_aton($IP) . '&t=' . $type );
 
 
 
 
 
 
 
 
881
  curl_setopt($curl, CURLOPT_TIMEOUT, 1);
882
  curl_setopt ($curl, CURLOPT_USERAGENT, "Wordfence.com UA " . (defined('WORDFENCE_VERSION') ? WORDFENCE_VERSION : '[Unknown version]') );
883
  curl_setopt ($curl, CURLOPT_RETURNTRANSFER, TRUE);
@@ -893,6 +901,14 @@ class wordfence {
893
  private static function wfsnIsBlocked($IP, $type){
894
  try {
895
  $curl = curl_init('http://noc3.wordfence.com:9050/hackAttempt/?k=' . wfConfig::get('apiKey') . '&IP=' . wfUtils::inet_aton($IP) . '&t=' . $type );
 
 
 
 
 
 
 
 
896
  curl_setopt($curl, CURLOPT_TIMEOUT, 3);
897
  curl_setopt ($curl, CURLOPT_USERAGENT, "Wordfence.com UA " . (defined('WORDFENCE_VERSION') ? WORDFENCE_VERSION : '[Unknown version]') );
898
  curl_setopt ($curl, CURLOPT_RETURNTRANSFER, TRUE);
878
  public static function wfsnReportBlockedAttempt($IP, $type){
879
  try {
880
  $curl = curl_init('http://noc3.wordfence.com:9050/hackAttempt/?blocked=1&k=' . wfConfig::get('apiKey') . '&IP=' . wfUtils::inet_aton($IP) . '&t=' . $type );
881
+ if(defined('WP_PROXY_HOST') && defined('WP_PROXY_PORT') && wfUtils::hostNotExcludedFromProxy('noc3.wordfence.com') ){
882
+ curl_setopt($curl, CURLOPT_HTTPPROXYTUNNEL, 0);
883
+ curl_setopt($curl, CURLOPT_PROXY, WP_PROXY_HOST . ':' . WP_PROXY_PORT);
884
+ if(defined('WP_PROXY_USERNAME') && defined('WP_PROXY_PASSWORD')){
885
+ curl_setopt($curl, CURLOPT_PROXYUSERPWD, WP_PROXY_USERNAME . ':' . WP_PROXY_PASSWORD);
886
+ }
887
+ }
888
+
889
  curl_setopt($curl, CURLOPT_TIMEOUT, 1);
890
  curl_setopt ($curl, CURLOPT_USERAGENT, "Wordfence.com UA " . (defined('WORDFENCE_VERSION') ? WORDFENCE_VERSION : '[Unknown version]') );
891
  curl_setopt ($curl, CURLOPT_RETURNTRANSFER, TRUE);
901
  private static function wfsnIsBlocked($IP, $type){
902
  try {
903
  $curl = curl_init('http://noc3.wordfence.com:9050/hackAttempt/?k=' . wfConfig::get('apiKey') . '&IP=' . wfUtils::inet_aton($IP) . '&t=' . $type );
904
+ if(defined('WP_PROXY_HOST') && defined('WP_PROXY_PORT') && wfUtils::hostNotExcludedFromProxy('noc3.wordfence.com') ){
905
+ curl_setopt($curl, CURLOPT_HTTPPROXYTUNNEL, 0);
906
+ curl_setopt($curl, CURLOPT_PROXY, WP_PROXY_HOST . ':' . WP_PROXY_PORT);
907
+ if(defined('WP_PROXY_USERNAME') && defined('WP_PROXY_PASSWORD')){
908
+ curl_setopt($curl, CURLOPT_PROXYUSERPWD, WP_PROXY_USERNAME . ':' . WP_PROXY_PASSWORD);
909
+ }
910
+ }
911
+
912
  curl_setopt($curl, CURLOPT_TIMEOUT, 3);
913
  curl_setopt ($curl, CURLOPT_USERAGENT, "Wordfence.com UA " . (defined('WORDFENCE_VERSION') ? WORDFENCE_VERSION : '[Unknown version]') );
914
  curl_setopt ($curl, CURLOPT_RETURNTRANSFER, TRUE);
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: mmaunder
3
  Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching
4
  Requires at least: 3.3.1
5
  Tested up to: 3.9.1
6
- Stable tag: 5.1.6
7
 
8
  Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
9
 
@@ -163,6 +163,10 @@ cause a security hole on your site.
163
 
164
  == Changelog ==
165
 
 
 
 
 
166
  = 5.1.6 =
167
  * Feature: Country blocking now lets you block login page OR rest of site or any combination. So you can now block the login page only for example.
168
  * Improvement: Upgraded the country blocking database to the newest version which is July 2014.
3
  Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching
4
  Requires at least: 3.3.1
5
  Tested up to: 3.9.1
6
+ Stable tag: 5.1.7
7
 
8
  Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
9
 
163
 
164
  == Changelog ==
165
 
166
+ = 5.1.7 =
167
+ * Improvement: Wordfence now supports websites behind proxy servers when communicating with the Wordfence API servers.
168
+ * Fix: Removed old image files that were unused.
169
+
170
  = 5.1.6 =
171
  * Feature: Country blocking now lets you block login page OR rest of site or any combination. So you can now block the login page only for example.
172
  * Improvement: Upgraded the country blocking database to the newest version which is July 2014.
wordfence.php CHANGED
@@ -4,13 +4,13 @@ Plugin Name: Wordfence Security
4
  Plugin URI: http://www.wordfence.com/
5
  Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
6
  Author: Wordfence
7
- Version: 5.1.6
8
  Author URI: http://www.wordfence.com/
9
  */
10
  if(defined('WP_INSTALLING') && WP_INSTALLING){
11
  return;
12
  }
13
- define('WORDFENCE_VERSION', '5.1.6');
14
  if(get_option('wordfenceActivated') != 1){
15
  add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
16
  }
4
  Plugin URI: http://www.wordfence.com/
5
  Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
6
  Author: Wordfence
7
+ Version: 5.1.7
8
  Author URI: http://www.wordfence.com/
9
  */
10
  if(defined('WP_INSTALLING') && WP_INSTALLING){
11
  return;
12
  }
13
+ define('WORDFENCE_VERSION', '5.1.7');
14
  if(get_option('wordfenceActivated') != 1){
15
  add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
16
  }