Wordfence Security – Firewall &amp; Malware Scan

Version Description

Fix: Option to disable config caching. You can find this new option at the bottom of the Wordfence options page.
Note: If you are seeing the "cron key does not match the saved key" error, check the box to disable config caching at the bottom of the Wordfence options page, save and this will fix it.
Note: If you are trying to save your Wordfence options and the options keep reverting, enable the "disable config caching" at the bottom of your Wordfence options page, save and this will fix it.

Release Info

Developer	mmaunder
Plugin	Wordfence Security – Firewall & Malware Scan
Version	5.1.8
Comparing to
See all releases

Code changes from version 5.1.7 to 5.1.8

Files changed (4) hide show

lib/menu_options.php +1 -0
lib/wfConfig.php +27 -1
readme.txt +6 -1
wordfence.php +2 -2

lib/menu_options.php CHANGED Viewed

	@@ -277,6 +277,7 @@ var WFSLevels = <?php echo json_encode(wfConfig::$securityLevels); ?>;
277
278	<tr><th>Disable Wordfence Cookies</th><td><input type="checkbox" id="disableCookies" class="wfConfigElem" name="disableCookies" value="1" <?php $w->cb('disableCookies'); ?> />(when enabled all visits in live traffic will appear to be new visits)</td></tr>
279	<tr><th>Start all scans remotely</th><td><input type="checkbox" id="startScansRemotely" class="wfConfigElem" name="startScansRemotely" value="1" <?php $w->cb('startScansRemotely'); ?> />(Try this if your scans aren't starting and your site is publicly accessible)</td></tr>

280	<tr><th>Add a debugging comment to HTML source of cached pages.</th><td><input type="checkbox" id="addCacheComment" class="wfConfigElem" name="addCacheComment" value="1" <?php $w->cb('addCacheComment'); ?> /></td></tr>
281	<tr><th colspan="2"><a href="<?php echo wfUtils::siteURLRelative(); ?>?_wfsf=conntest&nonce=<?php echo wp_create_nonce('wp-ajax'); ?>" target="_blank">Click to test connectivity to the Wordfence API servers</a></th></tr>
282	<tr><th colspan="2"><a href="<?php echo wfUtils::siteURLRelative(); ?>?_wfsf=sysinfo&nonce=<?php echo wp_create_nonce('wp-ajax'); ?>" target="_blank">Click to view your system's configuration in a new window</a></th></tr>


277
278	<tr><th>Disable Wordfence Cookies</th><td><input type="checkbox" id="disableCookies" class="wfConfigElem" name="disableCookies" value="1" <?php $w->cb('disableCookies'); ?> />(when enabled all visits in live traffic will appear to be new visits)</td></tr>
279	<tr><th>Start all scans remotely</th><td><input type="checkbox" id="startScansRemotely" class="wfConfigElem" name="startScansRemotely" value="1" <?php $w->cb('startScansRemotely'); ?> />(Try this if your scans aren't starting and your site is publicly accessible)</td></tr>
280	+ <tr><th>Disable config caching</th><td><input type="checkbox" id="disableConfigCaching" class="wfConfigElem" name="disableConfigCaching" value="1" <?php $w->cb('disableConfigCaching'); ?> />(Try this if your options aren't saving)</td></tr>
281	<tr><th>Add a debugging comment to HTML source of cached pages.</th><td><input type="checkbox" id="addCacheComment" class="wfConfigElem" name="addCacheComment" value="1" <?php $w->cb('addCacheComment'); ?> /></td></tr>
282	<tr><th colspan="2"><a href="<?php echo wfUtils::siteURLRelative(); ?>?_wfsf=conntest&nonce=<?php echo wp_create_nonce('wp-ajax'); ?>" target="_blank">Click to test connectivity to the Wordfence API servers</a></th></tr>
283	<tr><th colspan="2"><a href="<?php echo wfUtils::siteURLRelative(); ?>?_wfsf=sysinfo&nonce=<?php echo wp_create_nonce('wp-ajax'); ?>" target="_blank">Click to view your system's configuration in a new window</a></th></tr>

lib/wfConfig.php CHANGED Viewed

	@@ -2,6 +2,7 @@
2	class wfConfig {
3	public static $diskCache = array();
4	private static $diskCacheDisabled = false; //enables if we detect a write fail so we don't keep calling stat()

5	private static $table = false;
6	private static $cache = array();
7	private static $DB = false;
	@@ -60,6 +61,7 @@ class wfConfig {
60	"autoUpdate" => false,
61	"disableCookies" => false,
62	"startScansRemotely" => false,

63	"addCacheComment" => false,
64	"allowHTTPSCaching" => false,
65	"debugOn" => false
	@@ -140,6 +142,7 @@ class wfConfig {
140	"autoUpdate" => false,
141	"disableCookies" => false,
142	"startScansRemotely" => false,

143	"addCacheComment" => false,
144	"allowHTTPSCaching" => false,
145	"debugOn" => false
	@@ -220,6 +223,7 @@ class wfConfig {
220	"autoUpdate" => false,
221	"disableCookies" => false,
222	"startScansRemotely" => false,

223	"addCacheComment" => false,
224	"allowHTTPSCaching" => false,
225	"debugOn" => false
	@@ -300,6 +304,7 @@ class wfConfig {
300	"autoUpdate" => false,
301	"disableCookies" => false,
302	"startScansRemotely" => false,

303	"addCacheComment" => false,
304	"allowHTTPSCaching" => false,
305	"debugOn" => false
	@@ -380,6 +385,7 @@ class wfConfig {
380	"autoUpdate" => false,
381	"disableCookies" => false,
382	"startScansRemotely" => false,

383	"addCacheComment" => false,
384	"allowHTTPSCaching" => false,
385	"debugOn" => false
	@@ -468,6 +474,11 @@ class wfConfig {
468	self::set($key, $val + 1);
469	}
470	public static function set($key, $val){





471	if(is_array($val)){
472	$msg = "wfConfig::set() got an array as second param with key: $key and value: " . var_export($val, true);
473	wordfence::status(1, 'error', $msg);
	@@ -494,6 +505,19 @@ class wfConfig {
494	self::$diskCacheDisabled = true;
495	}
496	public static function get($key, $default = false){













497	if(! isset(self::$cache[$key])){
498	$val = self::loadFromDiskCache($key);
499	//$val = self::getDB()->querySingle("select val from " . self::table() . " where name='%s'", $key);
	@@ -527,7 +551,9 @@ class wfConfig {
527	}
528	}
529	$val = self::getDB()->querySingle("select val from " . self::table() . " where name='%s'", $key);
530	- if(self::$diskCacheDisabled){ ~~return $val; }~~


531	wfConfig::$diskCache[$key] = isset($val) ? $val : '';
532	try {
533	$bytesWritten = @file_put_contents($cacheFile, self::$tmpFileHeader . serialize(wfConfig::$diskCache), LOCK_EX);


2	class wfConfig {
3	public static $diskCache = array();
4	private static $diskCacheDisabled = false; //enables if we detect a write fail so we don't keep calling stat()
5	+ private static $cacheDisableCheckDone = false;
6	private static $table = false;
7	private static $cache = array();
8	private static $DB = false;

61	"autoUpdate" => false,
62	"disableCookies" => false,
63	"startScansRemotely" => false,
64	+ "disableConfigCaching" => false,
65	"addCacheComment" => false,
66	"allowHTTPSCaching" => false,
67	"debugOn" => false

142	"autoUpdate" => false,
143	"disableCookies" => false,
144	"startScansRemotely" => false,
145	+ "disableConfigCaching" => false,
146	"addCacheComment" => false,
147	"allowHTTPSCaching" => false,
148	"debugOn" => false

223	"autoUpdate" => false,
224	"disableCookies" => false,
225	"startScansRemotely" => false,
226	+ "disableConfigCaching" => false,
227	"addCacheComment" => false,
228	"allowHTTPSCaching" => false,
229	"debugOn" => false

304	"autoUpdate" => false,
305	"disableCookies" => false,
306	"startScansRemotely" => false,
307	+ "disableConfigCaching" => false,
308	"addCacheComment" => false,
309	"allowHTTPSCaching" => false,
310	"debugOn" => false

385	"autoUpdate" => false,
386	"disableCookies" => false,
387	"startScansRemotely" => false,
388	+ "disableConfigCaching" => false,
389	"addCacheComment" => false,
390	"allowHTTPSCaching" => false,
391	"debugOn" => false

474	self::set($key, $val + 1);
475	}
476	public static function set($key, $val){
477	+ if($key == 'disableConfigCaching'){
478	+ self::getDB()->queryWrite("insert into " . self::table() . " (name, val) values ('%s', '%s') ON DUPLICATE KEY UPDATE val='%s'", $key, $val, $val);
479	+ return;
480	+ }
481	+
482	if(is_array($val)){
483	$msg = "wfConfig::set() got an array as second param with key: $key and value: " . var_export($val, true);
484	wordfence::status(1, 'error', $msg);

505	self::$diskCacheDisabled = true;
506	}
507	public static function get($key, $default = false){
508	+ if($key == 'disableConfigCaching'){
509	+ $val = self::getDB()->querySingle("select val from " . self::table() . " where name='%s'", $key);
510	+ return $val;
511	+ }
512	+
513	+ if(! self::$cacheDisableCheckDone){
514	+ self::$cacheDisableCheckDone = true;
515	+ $cachingDisabledSetting = self::getDB()->querySingle("select val from " . self::table() . " where name='%s'", 'disableConfigCaching');
516	+ if($cachingDisabledSetting == '1'){
517	+ self::$diskCacheDisabled = true;
518	+ }
519	+ }
520	+
521	if(! isset(self::$cache[$key])){
522	$val = self::loadFromDiskCache($key);
523	//$val = self::getDB()->querySingle("select val from " . self::table() . " where name='%s'", $key);

551	}
552	}
553	$val = self::getDB()->querySingle("select val from " . self::table() . " where name='%s'", $key);
554	+ if(self::$diskCacheDisabled){
555	+ return $val;
556	+ }
557	wfConfig::$diskCache[$key] = isset($val) ? $val : '';
558	try {
559	$bytesWritten = @file_put_contents($cacheFile, self::$tmpFileHeader . serialize(wfConfig::$diskCache), LOCK_EX);

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: mmaunder
3	Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching
4	Requires at least: 3.3.1
5	Tested up to: 3.9.1
6	- Stable tag: 5.1.7
7
8	Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
9
	@@ -163,6 +163,11 @@ cause a security hole on your site.
163
164	== Changelog ==
165





166	= 5.1.7 =
167	* Improvement: Wordfence now supports websites behind proxy servers when communicating with the Wordfence API servers.
168	* Fix: Removed old image files that were unused.


3	Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching
4	Requires at least: 3.3.1
5	Tested up to: 3.9.1
6	+ Stable tag: 5.1.8
7
8	Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
9

163
164	== Changelog ==
165
166	+ = 5.1.8 =
167	+ * Fix: Option to disable config caching. You can find this new option at the bottom of the Wordfence options page.
168	+ * Note: If you are seeing the "cron key does not match the saved key" error, check the box to disable config caching at the bottom of the Wordfence options page, save and this will fix it.
169	+ * Note: If you are trying to save your Wordfence options and the options keep reverting, enable the "disable config caching" at the bottom of your Wordfence options page, save and this will fix it.
170	+
171	= 5.1.7 =
172	* Improvement: Wordfence now supports websites behind proxy servers when communicating with the Wordfence API servers.
173	* Fix: Removed old image files that were unused.

wordfence.php CHANGED Viewed

	@@ -4,13 +4,13 @@ Plugin Name: Wordfence Security
4	Plugin URI: http://www.wordfence.com/
5	Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
6	Author: Wordfence
7	- Version: 5.1.7
8	Author URI: http://www.wordfence.com/
9	*/
10	if(defined('WP_INSTALLING') && WP_INSTALLING){
11	return;
12	}
13	- define('WORDFENCE_VERSION', '5.1.7');
14	if(get_option('wordfenceActivated') != 1){
15	add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
16	}


4	Plugin URI: http://www.wordfence.com/
5	Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
6	Author: Wordfence
7	+ Version: 5.1.8
8	Author URI: http://www.wordfence.com/
9	*/
10	if(defined('WP_INSTALLING') && WP_INSTALLING){
11	return;
12	}
13	+ define('WORDFENCE_VERSION', '5.1.8');
14	if(get_option('wordfenceActivated') != 1){
15	add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
16	}

Wordfence Security – Firewall & Malware Scan - Version 5.1.8

Version Description

Release Info

Code changes from version 5.1.7 to 5.1.8