Version Description
- Fixed issue that would cause infected files with identical content to only have the first file found show up in scans and the rest would not appear.
- Whois queries now go via our own server as a workaround for hosting providers who block your web server's access to port 43 preventing you from making a direct whois query.
- Fixed issue that caused litespeed users to receive multiple warnings about the noabort issue.
- Added detection for 5 new malware variants. Thanks to Dave M. and others for the samples. Keep them coming folks!
- Updated Wordfence server API to version 2.12.
- Added facility at bottom of Wordfence options page to send a test email from your WordPress sytem to check if email sending is working.
- Suppress LOCK_EX flock() warnings in falcon engine that were being generated by sites that use NFS and don't support flock() or reliable file locking.
- Updated to the October 2014 version of the Geo IP country DB. (newest edition)
Download this release
Release Info
| Developer | mmaunder |
| Plugin |  Wordfence Security – Firewall & Malware Scan |
| Version | 5.2.7 |
| Comparing to | |
| See all releases | |
Code changes from version 5.2.6 to 5.2.7
- js/admin.js +9 -0
- lib/GeoIP.dat +0 -0
- lib/IPTraf.php +1 -1
- lib/menu_options.php +2 -0
- lib/sysinfo.php +1 -1
- lib/unknownFiles.php +1 -1
- lib/wfCache.php +2 -2
- lib/wfConfig.php +12 -7
- lib/wfIssues.php +6 -1
- lib/wfViewResult.php +1 -1
- lib/wordfenceClass.php +12 -7
- lib/wordfenceConstants.php +1 -1
- readme.txt +11 -1
- wordfence.php +2 -2
js/admin.js
CHANGED
|
@@ -177,6 +177,15 @@ window['wordfenceAdmin'] = {
|
|
| 177 |
jQuery(document).bind('cbox_closed', function(){ self.colorboxIsOpen = false; self.colorboxServiceQueue(); });
|
| 178 |
}
|
| 179 |
},
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 180 |
loadAvgSitePerf: function(){
|
| 181 |
var self = this;
|
| 182 |
this.ajax('wordfence_loadAvgSitePerf', { limit: jQuery('#wfAvgPerfNum').val() }, function(res){
|
| 177 |
jQuery(document).bind('cbox_closed', function(){ self.colorboxIsOpen = false; self.colorboxServiceQueue(); });
|
| 178 |
}
|
| 179 |
},
|
| 180 |
+
sendTestEmail: function(email){
|
| 181 |
+
var self = this;
|
| 182 |
+
this.ajax('wordfence_sendTestEmail', { email: email }, function(res){
|
| 183 |
+
if(res.result){
|
| 184 |
+
self.colorbox('400px', "Test Email Sent", "Your test email was sent to the requested email address. The result we received from the WordPress wp_mail() function was: " +
|
| 185 |
+
res.result + "<br /><br />A 'True' result means WordPress thinks the mail was sent without errors. A 'False' result means that WordPress encountered an error sending your mail. Note that it's possible to get a 'True' response with an error elsewhere in your mail system that may cause emails to not be delivered.");
|
| 186 |
+
}
|
| 187 |
+
});
|
| 188 |
+
},
|
| 189 |
loadAvgSitePerf: function(){
|
| 190 |
var self = this;
|
| 191 |
this.ajax('wordfence_loadAvgSitePerf', { limit: jQuery('#wfAvgPerfNum').val() }, function(res){
|
lib/GeoIP.dat
CHANGED
|
Binary file
|
lib/IPTraf.php
CHANGED
|
@@ -31,6 +31,6 @@
|
|
| 31 |
|
| 32 |
</table>
|
| 33 |
|
| 34 |
-
<div class="footer">© 2011 Wordfence — Visit <a href="http://wordfence.com/">Wordfence.com</a> for help, security updates and more.</a>
|
| 35 |
</body>
|
| 36 |
</html>
|
| 31 |
|
| 32 |
</table>
|
| 33 |
|
| 34 |
+
<div class="footer">© 2011 to 2014 Wordfence — Visit <a href="http://wordfence.com/">Wordfence.com</a> for help, security updates and more.</a>
|
| 35 |
</body>
|
| 36 |
</html>
|
lib/menu_options.php
CHANGED
|
@@ -289,6 +289,8 @@ var WFSLevels = <?php echo json_encode(wfConfig::$securityLevels); ?>;
|
|
| 289 |
<tr><th colspan="2"><a href="<?php echo wfUtils::siteURLRelative(); ?>?_wfsf=conntest&nonce=<?php echo wp_create_nonce('wp-ajax'); ?>" target="_blank">Click to test connectivity to the Wordfence API servers</a></th></tr>
|
| 290 |
<tr><th colspan="2"><a href="<?php echo wfUtils::siteURLRelative(); ?>?_wfsf=sysinfo&nonce=<?php echo wp_create_nonce('wp-ajax'); ?>" target="_blank">Click to view your system's configuration in a new window</a></th></tr>
|
| 291 |
<tr><th colspan="2"><a href="<?php echo wfUtils::siteURLRelative(); ?>?_wfsf=testmem&nonce=<?php echo wp_create_nonce('wp-ajax'); ?>" target="_blank">Test your WordPress host's available memory</a></th></tr>
|
|
|
|
|
|
|
| 292 |
</table>
|
| 293 |
<p><table border="0" cellpadding="0" cellspacing="0"><tr><td><input type="button" id="button1" name="button1" class="button-primary" value="Save Changes" onclick="WFAD.saveConfig();" /></td><td style="height: 24px;"><div class="wfAjax24"></div><span class="wfSavedMsg"> Your changes have been saved!</span></td></tr></table></p>
|
| 294 |
</div>
|
| 289 |
<tr><th colspan="2"><a href="<?php echo wfUtils::siteURLRelative(); ?>?_wfsf=conntest&nonce=<?php echo wp_create_nonce('wp-ajax'); ?>" target="_blank">Click to test connectivity to the Wordfence API servers</a></th></tr>
|
| 290 |
<tr><th colspan="2"><a href="<?php echo wfUtils::siteURLRelative(); ?>?_wfsf=sysinfo&nonce=<?php echo wp_create_nonce('wp-ajax'); ?>" target="_blank">Click to view your system's configuration in a new window</a></th></tr>
|
| 291 |
<tr><th colspan="2"><a href="<?php echo wfUtils::siteURLRelative(); ?>?_wfsf=testmem&nonce=<?php echo wp_create_nonce('wp-ajax'); ?>" target="_blank">Test your WordPress host's available memory</a></th></tr>
|
| 292 |
+
<tr><th>Send a test email from this WordPress server to an email address:</th><td><input type="text" id="testEmailDest" value="" size="20" maxlength="255" class="wfConfigElem" />
|
| 293 |
+
<input type="button" value="Send Test Email" onclick="WFAD.sendTestEmail(jQuery('#testEmailDest').val());" /></td></tr>
|
| 294 |
</table>
|
| 295 |
<p><table border="0" cellpadding="0" cellspacing="0"><tr><td><input type="button" id="button1" name="button1" class="button-primary" value="Save Changes" onclick="WFAD.saveConfig();" /></td><td style="height: 24px;"><div class="wfAjax24"></div><span class="wfSavedMsg"> Your changes have been saved!</span></td></tr></table></p>
|
| 296 |
</div>
|
lib/sysinfo.php
CHANGED
|
@@ -16,6 +16,6 @@ $out = preg_replace('/<\/a>/', '', $out);
|
|
| 16 |
$out = preg_replace('/<title>[^<]*<\/title>/','', $out);
|
| 17 |
echo $out;
|
| 18 |
?>
|
| 19 |
-
<div class="diffFooter">© 2011 Wordfence — Visit <a href="http://wordfence.com/">Wordfence.com</a> for help, security updates and more.</a>
|
| 20 |
</body>
|
| 21 |
</html>
|
| 16 |
$out = preg_replace('/<title>[^<]*<\/title>/','', $out);
|
| 17 |
echo $out;
|
| 18 |
?>
|
| 19 |
+
<div class="diffFooter">© 2011 to 2014 Wordfence — Visit <a href="http://wordfence.com/">Wordfence.com</a> for help, security updates and more.</a>
|
| 20 |
</body>
|
| 21 |
</html>
|
lib/unknownFiles.php
CHANGED
|
@@ -152,6 +152,6 @@ if($fileList){
|
|
| 152 |
|
| 153 |
?>
|
| 154 |
|
| 155 |
-
<div class="diffFooter">© 2011 Wordfence — Visit <a href="http://wordfence.com/">Wordfence.com</a> for help, security updates and more.</
|
| 156 |
</body>
|
| 157 |
</html>
|
| 152 |
|
| 153 |
?>
|
| 154 |
|
| 155 |
+
<div class="diffFooter">© 2011 to 2014 Wordfence — Visit <a href="http://wordfence.com/">Wordfence.com</a> for help, security updates and more.</div>
|
| 156 |
</body>
|
| 157 |
</html>
|
lib/wfCache.php
CHANGED
|
@@ -160,11 +160,11 @@ class wfCache {
|
|
| 160 |
$append .= " Encoding: Uncompressed -->\n";
|
| 161 |
}
|
| 162 |
|
| 163 |
-
file_put_contents($file, $buffer . $append, LOCK_EX);
|
| 164 |
chmod($file, 0655);
|
| 165 |
if(self::$cacheType == 'falcon'){ //create gzipped files so we can send precompressed files
|
| 166 |
$file .= '_gzip';
|
| 167 |
-
file_put_contents($file, gzencode($buffer . $appendGzip, 9), LOCK_EX);
|
| 168 |
chmod($file, 0655);
|
| 169 |
}
|
| 170 |
return $buffer;
|
| 160 |
$append .= " Encoding: Uncompressed -->\n";
|
| 161 |
}
|
| 162 |
|
| 163 |
+
@file_put_contents($file, $buffer . $append, LOCK_EX);
|
| 164 |
chmod($file, 0655);
|
| 165 |
if(self::$cacheType == 'falcon'){ //create gzipped files so we can send precompressed files
|
| 166 |
$file .= '_gzip';
|
| 167 |
+
@file_put_contents($file, gzencode($buffer . $appendGzip, 9), LOCK_EX);
|
| 168 |
chmod($file, 0655);
|
| 169 |
}
|
| 170 |
return $buffer;
|
lib/wfConfig.php
CHANGED
|
@@ -752,13 +752,18 @@ class wfConfig {
|
|
| 752 |
public static function autoUpdate(){
|
| 753 |
try {
|
| 754 |
if(getenv('noabort') != '1' && stristr($_SERVER['SERVER_SOFTWARE'], 'litespeed') !== false){
|
| 755 |
-
|
| 756 |
-
|
| 757 |
-
|
| 758 |
-
|
| 759 |
-
|
| 760 |
-
|
| 761 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 762 |
return;
|
| 763 |
}
|
| 764 |
require_once(ABSPATH . 'wp-admin/includes/class-wp-upgrader.php');
|
| 752 |
public static function autoUpdate(){
|
| 753 |
try {
|
| 754 |
if(getenv('noabort') != '1' && stristr($_SERVER['SERVER_SOFTWARE'], 'litespeed') !== false){
|
| 755 |
+
$lastEmail = self::get('lastLiteSpdEmail', false);
|
| 756 |
+
if( (! $lastEmail) || (time() - (int)$lastEmail > (86400 * 30))){
|
| 757 |
+
self::set('lastLiteSpdEmail', time());
|
| 758 |
+
wordfence::alert("Wordfence Upgrade not run. Please modify your .htaccess", "To preserve the integrity of your website we are not running Wordfence auto-update.\n" .
|
| 759 |
+
"You are running the LiteSpeed web server which has been known to cause a problem with Wordfence auto-update.\n" .
|
| 760 |
+
"Please go to your website now and make a minor change to your .htaccess to fix this.\n" .
|
| 761 |
+
"You can find out how to make this change at:\n" .
|
| 762 |
+
"https://support.wordfence.com/solution/articles/1000129050-running-wordfence-under-litespeed-web-server-and-preventing-process-killing-or\n" .
|
| 763 |
+
"\nAlternatively you can disable auto-update on your website to stop receiving this message and upgrade Wordfence manually.\n",
|
| 764 |
+
'127.0.0.1'
|
| 765 |
+
);
|
| 766 |
+
}
|
| 767 |
return;
|
| 768 |
}
|
| 769 |
require_once(ABSPATH . 'wp-admin/includes/class-wp-upgrader.php');
|
lib/wfIssues.php
CHANGED
|
@@ -32,7 +32,12 @@ class wfIssues {
|
|
| 32 |
$ignoreC = md5($ignoreC);
|
| 33 |
$rec = $this->getDB()->querySingleRec("select status, ignoreP, ignoreC from " . $this->issuesTable . " where (ignoreP='%s' OR ignoreC='%s')", $ignoreP, $ignoreC);
|
| 34 |
if($rec){
|
| 35 |
-
if($rec['status'] == 'new' && ($rec['ignoreC'] == $ignoreC || $rec['ignoreP'] == $ignoreP)){
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 36 |
if($rec['status'] == 'ignoreC' && $rec['ignoreC'] == $ignoreC){ return false; }
|
| 37 |
if($rec['status'] == 'ignoreP' && $rec['ignoreP'] == $ignoreP){ return false; }
|
| 38 |
}
|
| 32 |
$ignoreC = md5($ignoreC);
|
| 33 |
$rec = $this->getDB()->querySingleRec("select status, ignoreP, ignoreC from " . $this->issuesTable . " where (ignoreP='%s' OR ignoreC='%s')", $ignoreP, $ignoreC);
|
| 34 |
if($rec){
|
| 35 |
+
if($rec['status'] == 'new' && ($rec['ignoreC'] == $ignoreC || $rec['ignoreP'] == $ignoreP)){
|
| 36 |
+
if($type != 'file'){ //Filter out duplicate new issues but not infected files because we want to see all infections even if file contents are identical
|
| 37 |
+
return false;
|
| 38 |
+
}
|
| 39 |
+
}
|
| 40 |
+
|
| 41 |
if($rec['status'] == 'ignoreC' && $rec['ignoreC'] == $ignoreC){ return false; }
|
| 42 |
if($rec['status'] == 'ignoreP' && $rec['ignoreP'] == $ignoreP){ return false; }
|
| 43 |
}
|
lib/wfViewResult.php
CHANGED
|
@@ -21,6 +21,6 @@
|
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
-
<div class="diffFooter">© 2011 Wordfence — Visit <a href="http://wordfence.com/">Wordfence.com</a> for help, security updates and more.</a>
|
| 25 |
</body>
|
| 26 |
</html>
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
+
<div class="diffFooter">© 2011 to 2014 Wordfence — Visit <a href="http://wordfence.com/">Wordfence.com</a> for help, security updates and more.</a>
|
| 25 |
</body>
|
| 26 |
</html>
|
lib/wordfenceClass.php
CHANGED
|
@@ -1017,6 +1017,11 @@ class wordfence {
|
|
| 1017 |
return array('errorMsg' => wp_kses($e->getMessage(), array()));
|
| 1018 |
}
|
| 1019 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1020 |
public static function ajax_loadAvgSitePerf_callback(){
|
| 1021 |
$limit = preg_match('/^\d+$/', $_POST['limit']) ? $_POST['limit'] : 10;
|
| 1022 |
$wfdb = new wfDB();
|
|
@@ -1049,6 +1054,7 @@ class wordfence {
|
|
| 1049 |
} else if(isset($codeResult['errorMsg']) && $codeResult['errorMsg']){
|
| 1050 |
return array('errorMsg' => wp_kses($codeResult['errorMsg'], array()));
|
| 1051 |
} else {
|
|
|
|
| 1052 |
return array('errorMsg' => "We could not generate a verification code.");
|
| 1053 |
}
|
| 1054 |
self::twoFactorAdd($user->ID, $phone, $code);
|
|
@@ -1867,14 +1873,13 @@ class wordfence {
|
|
| 1867 |
return array('ok' => 1);
|
| 1868 |
}
|
| 1869 |
public static function ajax_whois_callback(){
|
| 1870 |
-
if( ! class_exists( 'Whois' )){
|
| 1871 |
-
require_once('whois/whois.main.php');
|
| 1872 |
-
}
|
| 1873 |
$val = trim($_POST['val']);
|
| 1874 |
$val = preg_replace('/[^a-zA-Z0-9\.\-]+/', '', $val);
|
| 1875 |
-
$
|
| 1876 |
-
$result = $
|
| 1877 |
-
|
|
|
|
|
|
|
| 1878 |
}
|
| 1879 |
public static function ajax_blockIP_callback(){
|
| 1880 |
$IP = trim($_POST['IP']);
|
|
@@ -2437,7 +2442,7 @@ EOL;
|
|
| 2437 |
}
|
| 2438 |
public static function admin_init(){
|
| 2439 |
if(! wfUtils::isAdmin()){ return; }
|
| 2440 |
-
foreach(array('activate', 'scan', 'updateAlertEmail', 'sendActivityLog', 'restoreFile', 'bulkOperation', 'deleteFile', 'removeExclusion', 'activityLogUpdate', 'ticker', 'loadIssues', 'updateIssueStatus', 'deleteIssue', 'updateAllIssues', 'reverseLookup', 'unlockOutIP', 'loadBlockRanges', 'unblockRange', 'blockIPUARange', 'whois', 'unblockIP', 'blockIP', 'permBlockIP', 'loadStaticPanel', 'saveConfig', 'downloadHtaccess', 'checkFalconHtaccess', 'updateConfig', 'saveCacheConfig', 'removeFromCache', 'autoUpdateChoice', 'saveCacheOptions', 'clearPageCache', 'getCacheStats', 'clearAllBlocked', 'killScan', 'saveCountryBlocking', 'saveScanSchedule', 'tourClosed', 'startTourAgain', 'downgradeLicense', 'addTwoFactor', 'twoFacActivate', 'twoFacDel', 'loadTwoFactor', 'loadAvgSitePerf', 'addCacheExclusion', 'removeCacheExclusion', 'loadCacheExclusions') as $func){
|
| 2441 |
add_action('wp_ajax_wordfence_' . $func, 'wordfence::ajaxReceiver');
|
| 2442 |
}
|
| 2443 |
|
| 1017 |
return array('errorMsg' => wp_kses($e->getMessage(), array()));
|
| 1018 |
}
|
| 1019 |
}
|
| 1020 |
+
public static function ajax_sendTestEmail_callback(){
|
| 1021 |
+
$result = wp_mail($_POST['email'], "Wordfence Test Email", "This is a test email from " . site_url() . ".\nThe IP address that requested this was: " . wfUtils::getIP());
|
| 1022 |
+
$result = $result ? 'True' : 'False';
|
| 1023 |
+
return array('result' => $result);
|
| 1024 |
+
}
|
| 1025 |
public static function ajax_loadAvgSitePerf_callback(){
|
| 1026 |
$limit = preg_match('/^\d+$/', $_POST['limit']) ? $_POST['limit'] : 10;
|
| 1027 |
$wfdb = new wfDB();
|
| 1054 |
} else if(isset($codeResult['errorMsg']) && $codeResult['errorMsg']){
|
| 1055 |
return array('errorMsg' => wp_kses($codeResult['errorMsg'], array()));
|
| 1056 |
} else {
|
| 1057 |
+
wordfence::status(4, 'info', "Could not gen verification code: " . var_export($codeResult, true));
|
| 1058 |
return array('errorMsg' => "We could not generate a verification code.");
|
| 1059 |
}
|
| 1060 |
self::twoFactorAdd($user->ID, $phone, $code);
|
| 1873 |
return array('ok' => 1);
|
| 1874 |
}
|
| 1875 |
public static function ajax_whois_callback(){
|
|
|
|
|
|
|
|
|
|
| 1876 |
$val = trim($_POST['val']);
|
| 1877 |
$val = preg_replace('/[^a-zA-Z0-9\.\-]+/', '', $val);
|
| 1878 |
+
$api = new wfAPI(wfConfig::get('apiKey'), wfUtils::getWPVersion());
|
| 1879 |
+
$result = $api->call('whois', array(), array(
|
| 1880 |
+
'val' => $val,
|
| 1881 |
+
));
|
| 1882 |
+
return array('ok' => 1, 'result' => $result['result']);
|
| 1883 |
}
|
| 1884 |
public static function ajax_blockIP_callback(){
|
| 1885 |
$IP = trim($_POST['IP']);
|
| 2442 |
}
|
| 2443 |
public static function admin_init(){
|
| 2444 |
if(! wfUtils::isAdmin()){ return; }
|
| 2445 |
+
foreach(array('activate', 'scan', 'updateAlertEmail', 'sendActivityLog', 'restoreFile', 'bulkOperation', 'deleteFile', 'removeExclusion', 'activityLogUpdate', 'ticker', 'loadIssues', 'updateIssueStatus', 'deleteIssue', 'updateAllIssues', 'reverseLookup', 'unlockOutIP', 'loadBlockRanges', 'unblockRange', 'blockIPUARange', 'whois', 'unblockIP', 'blockIP', 'permBlockIP', 'loadStaticPanel', 'saveConfig', 'downloadHtaccess', 'checkFalconHtaccess', 'updateConfig', 'saveCacheConfig', 'removeFromCache', 'autoUpdateChoice', 'saveCacheOptions', 'clearPageCache', 'getCacheStats', 'clearAllBlocked', 'killScan', 'saveCountryBlocking', 'saveScanSchedule', 'tourClosed', 'startTourAgain', 'downgradeLicense', 'addTwoFactor', 'twoFacActivate', 'twoFacDel', 'loadTwoFactor', 'loadAvgSitePerf', 'sendTestEmail', 'addCacheExclusion', 'removeCacheExclusion', 'loadCacheExclusions') as $func){
|
| 2446 |
add_action('wp_ajax_wordfence_' . $func, 'wordfence::ajaxReceiver');
|
| 2447 |
}
|
| 2448 |
|
lib/wordfenceConstants.php
CHANGED
|
@@ -1,5 +1,5 @@
|
|
| 1 |
<?php
|
| 2 |
-
define('WORDFENCE_API_VERSION', '2.
|
| 3 |
define('WORDFENCE_API_URL_SEC', 'https://noc1.wordfence.com/');
|
| 4 |
define('WORDFENCE_API_URL_NONSEC', 'http://noc1.wordfence.com/');
|
| 5 |
define('WORDFENCE_MAX_SCAN_TIME', 86400); //Increased this from 10 mins to 1 day because very big scans run for a long time. Users can use kill.
|
| 1 |
<?php
|
| 2 |
+
define('WORDFENCE_API_VERSION', '2.12');
|
| 3 |
define('WORDFENCE_API_URL_SEC', 'https://noc1.wordfence.com/');
|
| 4 |
define('WORDFENCE_API_URL_NONSEC', 'http://noc1.wordfence.com/');
|
| 5 |
define('WORDFENCE_MAX_SCAN_TIME', 86400); //Increased this from 10 mins to 1 day because very big scans run for a long time. Users can use kill.
|
readme.txt
CHANGED
|
@@ -3,7 +3,7 @@ Contributors: mmaunder
|
|
| 3 |
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching
|
| 4 |
Requires at least: 3.3.1
|
| 5 |
Tested up to: 4.0
|
| 6 |
-
Stable tag: 5.2.
|
| 7 |
|
| 8 |
Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
|
| 9 |
|
|
@@ -163,6 +163,16 @@ cause a security hole on your site.
|
|
| 163 |
|
| 164 |
== Changelog ==
|
| 165 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 166 |
= 5.2.6 =
|
| 167 |
* Fixed bug that caused country blocking and redirecting to an external URL to not work if the external URL's relative path matched the current page's relative path.
|
| 168 |
* Made it clear that country blocking URL's require absolute URL's.
|
| 3 |
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching
|
| 4 |
Requires at least: 3.3.1
|
| 5 |
Tested up to: 4.0
|
| 6 |
+
Stable tag: 5.2.7
|
| 7 |
|
| 8 |
Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
|
| 9 |
|
| 163 |
|
| 164 |
== Changelog ==
|
| 165 |
|
| 166 |
+
= 5.2.7 =
|
| 167 |
+
* Fixed issue that would cause infected files with identical content to only have the first file found show up in scans and the rest would not appear.
|
| 168 |
+
* Whois queries now go via our own server as a workaround for hosting providers who block your web server's access to port 43 preventing you from making a direct whois query.
|
| 169 |
+
* Fixed issue that caused litespeed users to receive multiple warnings about the noabort issue.
|
| 170 |
+
* Added detection for 5 new malware variants. Thanks to Dave M. and others for the samples. Keep them coming folks!
|
| 171 |
+
* Updated Wordfence server API to version 2.12.
|
| 172 |
+
* Added facility at bottom of Wordfence options page to send a test email from your WordPress sytem to check if email sending is working.
|
| 173 |
+
* Suppress LOCK_EX flock() warnings in falcon engine that were being generated by sites that use NFS and don't support flock() or reliable file locking.
|
| 174 |
+
* Updated to the October 2014 version of the Geo IP country DB. (newest edition)
|
| 175 |
+
|
| 176 |
= 5.2.6 =
|
| 177 |
* Fixed bug that caused country blocking and redirecting to an external URL to not work if the external URL's relative path matched the current page's relative path.
|
| 178 |
* Made it clear that country blocking URL's require absolute URL's.
|
wordfence.php
CHANGED
|
@@ -4,13 +4,13 @@ Plugin Name: Wordfence Security
|
|
| 4 |
Plugin URI: http://www.wordfence.com/
|
| 5 |
Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
|
| 6 |
Author: Wordfence
|
| 7 |
-
Version: 5.2.
|
| 8 |
Author URI: http://www.wordfence.com/
|
| 9 |
*/
|
| 10 |
if(defined('WP_INSTALLING') && WP_INSTALLING){
|
| 11 |
return;
|
| 12 |
}
|
| 13 |
-
define('WORDFENCE_VERSION', '5.2.
|
| 14 |
if(get_option('wordfenceActivated') != 1){
|
| 15 |
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
|
| 16 |
}
|
| 4 |
Plugin URI: http://www.wordfence.com/
|
| 5 |
Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
|
| 6 |
Author: Wordfence
|
| 7 |
+
Version: 5.2.7
|
| 8 |
Author URI: http://www.wordfence.com/
|
| 9 |
*/
|
| 10 |
if(defined('WP_INSTALLING') && WP_INSTALLING){
|
| 11 |
return;
|
| 12 |
}
|
| 13 |
+
define('WORDFENCE_VERSION', '5.2.7');
|
| 14 |
if(get_option('wordfenceActivated') != 1){
|
| 15 |
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
|
| 16 |
}
|
