Version Description
- Fix: Crawler triggering update cron job threw error about show_message() being redeclared at end of update. Fixed.
- Fix: Live traffic cities were incorrect and did not match country blocking block effects under certain conditions. Fixed.
- Fix: If a site database contained a table with dashes in the table name, we would throw an error at the end of every scan. Fixed.
- Improvement: Upgraded country DB to newest version.
- Improvement: Changed live traffic geo location caching to be 24 hours instead of a week so that geo DB updates for live traffic on our servers take effect sooner.
- Improvement: Ignoring .sql files in scans which are usually backups and contain many false positives, unless high sensitivity scanning is enabled.
Download this release
Release Info
| Developer | mmaunder |
| Plugin |  Wordfence Security – Firewall & Malware Scan |
| Version | 5.1.9 |
| Comparing to | |
| See all releases | |
Code changes from version 5.1.8 to 5.1.9
- lib/GeoIP.dat +0 -0
- lib/wfConfig.php +5 -2
- lib/wfIssues.php +1 -1
- lib/wfLog.php +0 -1
- lib/wordfenceConstants.php +1 -1
- lib/wordfenceScanner.php +3 -0
- readme.txt +10 -2
- wordfence.php +2 -2
lib/GeoIP.dat
CHANGED
|
Binary file
|
lib/wfConfig.php
CHANGED
|
@@ -752,9 +752,12 @@ class wfConfig {
|
|
| 752 |
public static function autoUpdate(){
|
| 753 |
try {
|
| 754 |
require_once(ABSPATH . 'wp-admin/includes/class-wp-upgrader.php');
|
|
|
|
|
|
|
| 755 |
if(! function_exists('show_message')){
|
| 756 |
function show_message($msg = 'null'){}
|
| 757 |
}
|
|
|
|
| 758 |
define('FS_METHOD', 'direct');
|
| 759 |
require_once(ABSPATH . 'wp-includes/update.php');
|
| 760 |
require_once(ABSPATH . 'wp-admin/includes/file.php');
|
|
@@ -768,8 +771,8 @@ class wfConfig {
|
|
| 768 |
wordfence::alert("Wordfence Upgraded to version " . $matches[1], "Your Wordfence installation has been upgraded to version " . $matches[1], '127.0.0.1');
|
| 769 |
}
|
| 770 |
}
|
| 771 |
-
$output = ob_get_contents();
|
| 772 |
-
ob_end_clean();
|
| 773 |
} catch(Exception $e){}
|
| 774 |
}
|
| 775 |
}
|
| 752 |
public static function autoUpdate(){
|
| 753 |
try {
|
| 754 |
require_once(ABSPATH . 'wp-admin/includes/class-wp-upgrader.php');
|
| 755 |
+
require_once(ABSPATH . 'wp-admin/includes/misc.php');
|
| 756 |
+
/* We were creating show_message here so that WP did not write to STDOUT. This had the strange effect of throwing an error about redeclaring show_message function, but only when a crawler hit the site and triggered the cron job. Not a human. So we're now just require'ing misc.php which does generate output, but that's OK because it is a loopback cron request.
|
| 757 |
if(! function_exists('show_message')){
|
| 758 |
function show_message($msg = 'null'){}
|
| 759 |
}
|
| 760 |
+
*/
|
| 761 |
define('FS_METHOD', 'direct');
|
| 762 |
require_once(ABSPATH . 'wp-includes/update.php');
|
| 763 |
require_once(ABSPATH . 'wp-admin/includes/file.php');
|
| 771 |
wordfence::alert("Wordfence Upgraded to version " . $matches[1], "Your Wordfence installation has been upgraded to version " . $matches[1], '127.0.0.1');
|
| 772 |
}
|
| 773 |
}
|
| 774 |
+
$output = @ob_get_contents();
|
| 775 |
+
@ob_end_clean();
|
| 776 |
} catch(Exception $e){}
|
| 777 |
}
|
| 778 |
}
|
lib/wfIssues.php
CHANGED
|
@@ -228,7 +228,7 @@ class wfIssues {
|
|
| 228 |
$res1 = $wpdb->get_col("show tables"); $dat['totalTables'] = sizeof($res1);
|
| 229 |
$totalRows = 0;
|
| 230 |
foreach($res1 as $table){
|
| 231 |
-
$res2 = $wpdb->get_col("select count(*) from
|
| 232 |
if(isset($res2[0]) ){
|
| 233 |
$totalRows += $res2[0];
|
| 234 |
}
|
| 228 |
$res1 = $wpdb->get_col("show tables"); $dat['totalTables'] = sizeof($res1);
|
| 229 |
$totalRows = 0;
|
| 230 |
foreach($res1 as $table){
|
| 231 |
+
$res2 = $wpdb->get_col("select count(*) from `$table`");
|
| 232 |
if(isset($res2[0]) ){
|
| 233 |
$totalRows += $res2[0];
|
| 234 |
}
|
lib/wfLog.php
CHANGED
|
@@ -697,7 +697,6 @@ class wfLog {
|
|
| 697 |
$skipCountryBlocking = true;
|
| 698 |
}
|
| 699 |
|
| 700 |
-
|
| 701 |
if((! $skipCountryBlocking) && $blockedCountries && wfConfig::get('isPaid') && (! self::isCBLBypassCookieSet()) ){
|
| 702 |
if(is_user_logged_in() && (! wfConfig::get('cbl_loggedInBlocked', false)) ){ //User is logged in and we're allowing logins
|
| 703 |
//Do nothing
|
| 697 |
$skipCountryBlocking = true;
|
| 698 |
}
|
| 699 |
|
|
|
|
| 700 |
if((! $skipCountryBlocking) && $blockedCountries && wfConfig::get('isPaid') && (! self::isCBLBypassCookieSet()) ){
|
| 701 |
if(is_user_logged_in() && (! wfConfig::get('cbl_loggedInBlocked', false)) ){ //User is logged in and we're allowing logins
|
| 702 |
//Do nothing
|
lib/wordfenceConstants.php
CHANGED
|
@@ -4,7 +4,7 @@ define('WORDFENCE_API_URL_SEC', 'https://noc1.wordfence.com/');
|
|
| 4 |
define('WORDFENCE_API_URL_NONSEC', 'http://noc1.wordfence.com/');
|
| 5 |
define('WORDFENCE_MAX_SCAN_TIME', 86400); //Increased this from 10 mins to 1 day because very big scans run for a long time. Users can use kill.
|
| 6 |
define('WORDFENCE_TRANSIENTS_TIMEOUT', 3600); //how long are items cached in seconds e.g. files downloaded for diffing
|
| 7 |
-
define('WORDFENCE_MAX_IPLOC_AGE',
|
| 8 |
define('WORDFENCE_CRAWLER_VERIFY_CACHE_TIME', 604800);
|
| 9 |
define('WORDFENCE_REVERSE_LOOKUP_CACHE_TIME', 86400);
|
| 10 |
define('WORDFENCE_MAX_FILE_SIZE_TO_PROCESS', 52428800); //50 megs
|
| 4 |
define('WORDFENCE_API_URL_NONSEC', 'http://noc1.wordfence.com/');
|
| 5 |
define('WORDFENCE_MAX_SCAN_TIME', 86400); //Increased this from 10 mins to 1 day because very big scans run for a long time. Users can use kill.
|
| 6 |
define('WORDFENCE_TRANSIENTS_TIMEOUT', 3600); //how long are items cached in seconds e.g. files downloaded for diffing
|
| 7 |
+
define('WORDFENCE_MAX_IPLOC_AGE', 86400); //1 week
|
| 8 |
define('WORDFENCE_CRAWLER_VERIFY_CACHE_TIME', 604800);
|
| 9 |
define('WORDFENCE_REVERSE_LOOKUP_CACHE_TIME', 86400);
|
| 10 |
define('WORDFENCE_MAX_FILE_SIZE_TO_PROCESS', 52428800); //50 megs
|
lib/wordfenceScanner.php
CHANGED
|
@@ -101,6 +101,9 @@ class wordfenceScanner {
|
|
| 101 |
if(preg_match('/^(?:jpg|jpeg|mp3|avi|m4v|gif|png)$/', $fileExt) && (! wfConfig::get('scansEnabled_scanImages')) ){
|
| 102 |
continue;
|
| 103 |
}
|
|
|
|
|
|
|
|
|
|
| 104 |
if(wfUtils::fileTooBig($this->path . $file)){ //We can't use filesize on 32 bit systems for files > 2 gigs
|
| 105 |
//We should not need this check because files > 2 gigs are not hashed and therefore won't be received back as unknowns from the API server
|
| 106 |
//But we do it anyway to be safe.
|
| 101 |
if(preg_match('/^(?:jpg|jpeg|mp3|avi|m4v|gif|png)$/', $fileExt) && (! wfConfig::get('scansEnabled_scanImages')) ){
|
| 102 |
continue;
|
| 103 |
}
|
| 104 |
+
if( (! wfConfig::get('scansEnabled_highSense')) && strtolower($fileExt) == 'sql'){ //
|
| 105 |
+
continue;
|
| 106 |
+
}
|
| 107 |
if(wfUtils::fileTooBig($this->path . $file)){ //We can't use filesize on 32 bit systems for files > 2 gigs
|
| 108 |
//We should not need this check because files > 2 gigs are not hashed and therefore won't be received back as unknowns from the API server
|
| 109 |
//But we do it anyway to be safe.
|
readme.txt
CHANGED
|
@@ -2,8 +2,8 @@
|
|
| 2 |
Contributors: mmaunder
|
| 3 |
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching
|
| 4 |
Requires at least: 3.3.1
|
| 5 |
-
Tested up to: 3.9.
|
| 6 |
-
Stable tag: 5.1.
|
| 7 |
|
| 8 |
Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
|
| 9 |
|
|
@@ -163,6 +163,14 @@ cause a security hole on your site.
|
|
| 163 |
|
| 164 |
== Changelog ==
|
| 165 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 166 |
= 5.1.8 =
|
| 167 |
* Fix: Option to disable config caching. You can find this new option at the bottom of the Wordfence options page.
|
| 168 |
* Note: If you are seeing the "cron key does not match the saved key" error, check the box to disable config caching at the bottom of the Wordfence options page, save and this will fix it.
|
| 2 |
Contributors: mmaunder
|
| 3 |
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching
|
| 4 |
Requires at least: 3.3.1
|
| 5 |
+
Tested up to: 3.9.2
|
| 6 |
+
Stable tag: 5.1.9
|
| 7 |
|
| 8 |
Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
|
| 9 |
|
| 163 |
|
| 164 |
== Changelog ==
|
| 165 |
|
| 166 |
+
= 5.1.9 =
|
| 167 |
+
* Fix: Crawler triggering update cron job threw error about show_message() being redeclared at end of update. Fixed.
|
| 168 |
+
* Fix: Live traffic cities were incorrect and did not match country blocking block effects under certain conditions. Fixed.
|
| 169 |
+
* Fix: If a site database contained a table with dashes in the table name, we would throw an error at the end of every scan. Fixed.
|
| 170 |
+
* Improvement: Upgraded country DB to newest version.
|
| 171 |
+
* Improvement: Changed live traffic geo location caching to be 24 hours instead of a week so that geo DB updates for live traffic on our servers take effect sooner.
|
| 172 |
+
* Improvement: Ignoring .sql files in scans which are usually backups and contain many false positives, unless high sensitivity scanning is enabled.
|
| 173 |
+
|
| 174 |
= 5.1.8 =
|
| 175 |
* Fix: Option to disable config caching. You can find this new option at the bottom of the Wordfence options page.
|
| 176 |
* Note: If you are seeing the "cron key does not match the saved key" error, check the box to disable config caching at the bottom of the Wordfence options page, save and this will fix it.
|
wordfence.php
CHANGED
|
@@ -4,13 +4,13 @@ Plugin Name: Wordfence Security
|
|
| 4 |
Plugin URI: http://www.wordfence.com/
|
| 5 |
Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
|
| 6 |
Author: Wordfence
|
| 7 |
-
Version: 5.1.
|
| 8 |
Author URI: http://www.wordfence.com/
|
| 9 |
*/
|
| 10 |
if(defined('WP_INSTALLING') && WP_INSTALLING){
|
| 11 |
return;
|
| 12 |
}
|
| 13 |
-
define('WORDFENCE_VERSION', '5.1.
|
| 14 |
if(get_option('wordfenceActivated') != 1){
|
| 15 |
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
|
| 16 |
}
|
| 4 |
Plugin URI: http://www.wordfence.com/
|
| 5 |
Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
|
| 6 |
Author: Wordfence
|
| 7 |
+
Version: 5.1.9
|
| 8 |
Author URI: http://www.wordfence.com/
|
| 9 |
*/
|
| 10 |
if(defined('WP_INSTALLING') && WP_INSTALLING){
|
| 11 |
return;
|
| 12 |
}
|
| 13 |
+
define('WORDFENCE_VERSION', '5.1.9');
|
| 14 |
if(get_option('wordfenceActivated') != 1){
|
| 15 |
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
|
| 16 |
}
|
