Wordfence Security – Firewall &amp; Malware Scan

Version Description

Added ability to export Wordfence settings and reimport on one or many sites using secure token.
Added API function to programatically import Wordfence settings from another WordPress site.
Upgraded to Wordfence API version 2.14.

Release Info

Developer	mmaunder
Plugin	Wordfence Security – Firewall & Malware Scan
Version	5.2.9
Comparing to
See all releases

Code changes from version 5.2.8 to 5.2.9

Files changed (7) hide show

js/admin.js +24 -0
lib/menu_options.php +8 -0
lib/wfConfig.php +12 -0
lib/wordfenceClass.php +53 -1
lib/wordfenceConstants.php +1 -1
readme.txt +6 -1
wordfence.php +2 -2

js/admin.js CHANGED Viewed

@@ -1619,6 +1619,30 @@ window['wordfenceAdmin'] = {
+            			}
             			});
+            	}
             };
             window['WFAD'] = window['wordfenceAdmin'];


1619	}
1620
1621	});
1622	+ },
1623	+ exportSettings: function(){
1624	+ var self = this;
1625	+ this.ajax('wordfence_exportSettings', {}, function(res){
1626	+ if(res.ok && res.token){
1627	+ self.colorbox('400px', "Export Successful", "We successfully exported your site settings. To import your site settings on another site, copy and paste the token below into the import text box on the destination site. Keep this token secret. It is like a password. If anyone else discovers the token it will allow them to import your settings excluding your API key.<br /><br />Token:<input type=\"text\" size=\"20\" value=\"" + res.token + "\" onclick=\"this.select();\" /><br />");
1628	+ } else if(res.err){
1629	+ self.colorbox('400px', "Error during Export", res.err);
1630	+ } else {
1631	+ self.colorbox('400px', "An unknown error occurred", "An unknown error occurred during the export. We received an undefined error from your web server.");
1632	+ }
1633	+ });
1634	+ },
1635	+ importSettings: function(token){
1636	+ var self = this;
1637	+ this.ajax('wordfence_importSettings', { token: token }, function(res){
1638	+ if(res.ok){
1639	+ self.colorbox('400px', "Import Successful", "You successfully imported " + res.totalSet + " options. Your import is complete. Please reload this page or click the button below to reload it:<br /><br /><input type=\"button\" value=\"Reload Page\" onclick=\"window.location.reload(true);\" />");
1640	+ } else if(res.err){
1641	+ self.colorbox('400px', "Error during Import", res.err);
1642	+ } else {
1643	+ self.colorbox('400px', "Error during Export", "An unknown error occurred during the import");
1644	+ }
1645	+ });
1646	}
1647	};
1648	window['WFAD'] = window['wordfenceAdmin'];

lib/menu_options.php CHANGED Viewed

	@@ -291,6 +291,14 @@ var WFSLevels = <?php echo json_encode(wfConfig::$securityLevels); ?>;
291	<tr><th colspan="2"><a href="<?php echo wfUtils::siteURLRelative(); ?>?_wfsf=testmem&nonce=<?php echo wp_create_nonce('wp-ajax'); ?>" target="_blank">Test your WordPress host's available memory</a><a href="http://docs.wordfence.com/en/Wordfence_options#Test_your_WordPress_host.27s_available_memory" target="_blank" class="wfhelp"></a></th></tr>
292	<tr><th>Send a test email from this WordPress server to an email address:<a href="http://docs.wordfence.com/en/Wordfence_options#Send_a_test_email_from_this_WordPress_server_to_an_email_address" target="_blank" class="wfhelp"></a></th><td><input type="text" id="testEmailDest" value="" size="20" maxlength="255" class="wfConfigElem" />
293	<input type="button" value="Send Test Email" onclick="WFAD.sendTestEmail(jQuery('#testEmailDest').val());" /></td></tr>








294	</table>
295	<p><table border="0" cellpadding="0" cellspacing="0"><tr><td><input type="button" id="button1" name="button1" class="button-primary" value="Save Changes" onclick="WFAD.saveConfig();" /></td><td style="height: 24px;"><div class="wfAjax24"></div><span class="wfSavedMsg"> Your changes have been saved!</span></td></tr></table></p>
296	</div>


291	<tr><th colspan="2"><a href="<?php echo wfUtils::siteURLRelative(); ?>?_wfsf=testmem&nonce=<?php echo wp_create_nonce('wp-ajax'); ?>" target="_blank">Test your WordPress host's available memory</a><a href="http://docs.wordfence.com/en/Wordfence_options#Test_your_WordPress_host.27s_available_memory" target="_blank" class="wfhelp"></a></th></tr>
292	<tr><th>Send a test email from this WordPress server to an email address:<a href="http://docs.wordfence.com/en/Wordfence_options#Send_a_test_email_from_this_WordPress_server_to_an_email_address" target="_blank" class="wfhelp"></a></th><td><input type="text" id="testEmailDest" value="" size="20" maxlength="255" class="wfConfigElem" />
293	<input type="button" value="Send Test Email" onclick="WFAD.sendTestEmail(jQuery('#testEmailDest').val());" /></td></tr>
294	+
295	+ <tr><td colspan="2">
296	+ <div class="wfMarker" id="wfMarkerExportOptions"></div>
297	+ <h3 class="wfConfigHeading">Exporting and Importing Wordfence Settings<a href="http://docs.wordfence.com/en/Wordfence_options#Exporting_and_Importing_Wordfence_Settings" target="_blank" class="wfhelp"></a></h3>
298	+ </td></tr>
299	+
300	+ <tr><th>Export this site's Wordfence settings for import on another site:</th><td><input type="button" id="exportSettingsBut" value="Export Wordfence Settings" onclick="WFAD.exportSettings(); return false;" /></td></tr>
301	+ <tr><th>Import Wordfence settings from another site using a token:</th><td><input type="text" size="20" value="" id="importToken" /> <input type="button" name="importSettingsButton" value="Import Settings" onclick="WFAD.importSettings(jQuery('#importToken').val()); return false;" /></td></tr>
302	</table>
303	<p><table border="0" cellpadding="0" cellspacing="0"><tr><td><input type="button" id="button1" name="button1" class="button-primary" value="Save Changes" onclick="WFAD.saveConfig();" /></td><td style="height: 24px;"><div class="wfAjax24"></div><span class="wfSavedMsg"> Your changes have been saved!</span></td></tr></table></p>
304	</div>

lib/wfConfig.php CHANGED Viewed

@@ -434,6 +434,18 @@ class wfConfig {
             			self::set('other_scanOutside', 0);
+            		}
+            	}
             	public static function parseOptions(){
             		$ret = array();
             		foreach(self::$securityLevels[2]['checkboxes'] as $key => $val){ //value is not used. We just need the keys for validation


434	self::set('other_scanOutside', 0);
435	}
436	}
437	+ public static function getExportableOptionsKeys(){
438	+ $ret = array();
439	+ foreach(self::$securityLevels[2]['checkboxes'] as $key => $val){
440	+ $ret[] = $key;
441	+ }
442	+ foreach(self::$securityLevels[2]['otherParams'] as $key => $val){
443	+ if($key != 'apiKey'){
444	+ $ret[] = $key;
445	+ }
446	+ }
447	+ return $ret;
448	+ }
449	public static function parseOptions(){
450	$ret = array();
451	foreach(self::$securityLevels[2]['checkboxes'] as $key => $val){ //value is not used. We just need the keys for validation

lib/wordfenceClass.php CHANGED Viewed

@@ -2180,6 +2180,58 @@ class wordfence {
             			return array("ok" => 1);
+            		}
+            	}
             	public static function startScan(){
             		wfScanEngine::startScan();
+            	}
@@ -2442,7 +2494,7 @@ EOL;
+            	}
             	public static function admin_init(){
             		if(! wfUtils::isAdmin()){ return; }
-            -
            		foreach(array('activate', 'scan', 'updateAlertEmail', 'sendActivityLog', 'restoreFile', 'bulkOperation', 'deleteFile', 'removeExclusion', 'activityLogUpdate', 'ticker', 'loadIssues', 'updateIssueStatus', 'deleteIssue', 'updateAllIssues', 'reverseLookup', 'unlockOutIP', 'loadBlockRanges', 'unblockRange', 'blockIPUARange', 'whois', 'unblockIP', 'blockIP', 'permBlockIP', 'loadStaticPanel', 'saveConfig', 'downloadHtaccess', 'checkFalconHtaccess', 'updateConfig', 'saveCacheConfig', 'removeFromCache', 'autoUpdateChoice', 'saveCacheOptions', 'clearPageCache', 'getCacheStats', 'clearAllBlocked', 'killScan', 'saveCountryBlocking', 'saveScanSchedule', 'tourClosed', 'startTourAgain', 'downgradeLicense', 'addTwoFactor', 'twoFacActivate', 'twoFacDel', 'loadTwoFactor', 'loadAvgSitePerf', 'sendTestEmail', 'addCacheExclusion', 'removeCacheExclusion', 'loadCacheExclusions') as $func){
             			add_action('wp_ajax_wordfence_' . $func, 'wordfence::ajaxReceiver');
+            		}


2180	return array("ok" => 1);
2181	}
2182	}
2183	+ public static function ajax_exportSettings_callback(){
2184	+ $keys = wfConfig::getExportableOptionsKeys();
2185	+ $export = array();
2186	+ foreach($keys as $key){
2187	+ $export[$key] = wfConfig::get($key, '');
2188	+ }
2189	+ try {
2190	+ $api = new wfAPI(wfConfig::get('apiKey'), wfUtils::getWPVersion());
2191	+ $res = $api->call('export_options', array(), $export);
2192	+ if($res['ok'] && $res['token']){
2193	+ return array(
2194	+ 'ok' => 1,
2195	+ 'token' => $res['token'],
2196	+ );
2197	+ } else {
2198	+ throw new Exception("Invalid response: " . var_export($res, true));
2199	+ }
2200	+ } catch(Exception $e){
2201	+ return array('err' => "An error occurred: " . $e->getMessage());
2202	+ }
2203	+ }
2204	+ public static function importSettings($token){
2205	+ $api = new wfAPI(wfConfig::get('apiKey'), wfUtils::getWPVersion());
2206	+ $res = $api->call('import_options', array(), array('token' => $token));
2207	+ $totalSet = 0;
2208	+ if($res['ok'] && $res['options']){
2209	+ $keys = wfConfig::getExportableOptionsKeys();
2210	+ foreach($keys as $key){
2211	+ if(isset($res['options'][$key])){
2212	+ wfConfig::set($key, $res['options'][$key]);
2213	+ $totalSet++;
2214	+ }
2215	+ }
2216	+ return $totalSet;
2217	+ } else if($res['err']){
2218	+ throw new Exception($res['err']);
2219	+ } else {
2220	+ throw new Exception("Invalid response from Wordfence servers during import.");
2221	+ }
2222	+ }
2223	+ public static function ajax_importSettings_callback(){
2224	+ $token = $_POST['token'];
2225	+ try {
2226	+ $totalSet = self::importSettings($token);
2227	+ return array(
2228	+ 'ok' => 1,
2229	+ 'totalSet' => $totalSet,
2230	+ );
2231	+ } catch(Exception $e){
2232	+ return array('err' => "An error occurred: " . $e->getMessage());
2233	+ }
2234	+ }
2235	public static function startScan(){
2236	wfScanEngine::startScan();
2237	}

2494	}
2495	public static function admin_init(){
2496	if(! wfUtils::isAdmin()){ return; }
2497	+ foreach(array('activate', 'scan', 'updateAlertEmail', 'sendActivityLog', 'restoreFile', 'exportSettings', 'importSettings', 'bulkOperation', 'deleteFile', 'removeExclusion', 'activityLogUpdate', 'ticker', 'loadIssues', 'updateIssueStatus', 'deleteIssue', 'updateAllIssues', 'reverseLookup', 'unlockOutIP', 'loadBlockRanges', 'unblockRange', 'blockIPUARange', 'whois', 'unblockIP', 'blockIP', 'permBlockIP', 'loadStaticPanel', 'saveConfig', 'downloadHtaccess', 'checkFalconHtaccess', 'updateConfig', 'saveCacheConfig', 'removeFromCache', 'autoUpdateChoice', 'saveCacheOptions', 'clearPageCache', 'getCacheStats', 'clearAllBlocked', 'killScan', 'saveCountryBlocking', 'saveScanSchedule', 'tourClosed', 'startTourAgain', 'downgradeLicense', 'addTwoFactor', 'twoFacActivate', 'twoFacDel', 'loadTwoFactor', 'loadAvgSitePerf', 'sendTestEmail', 'addCacheExclusion', 'removeCacheExclusion', 'loadCacheExclusions') as $func){
2498	add_action('wp_ajax_wordfence_' . $func, 'wordfence::ajaxReceiver');
2499	}
2500

lib/wordfenceConstants.php CHANGED Viewed

	@@ -1,5 +1,5 @@
1	<?php
2	- define('WORDFENCE_API_VERSION', '2.12');
3	define('WORDFENCE_API_URL_SEC', 'https://noc1.wordfence.com/');
4	define('WORDFENCE_API_URL_NONSEC', 'http://noc1.wordfence.com/');
5	define('WORDFENCE_MAX_SCAN_TIME', 86400); //Increased this from 10 mins to 1 day because very big scans run for a long time. Users can use kill.


1	<?php
2	+ define('WORDFENCE_API_VERSION', '2.14');
3	define('WORDFENCE_API_URL_SEC', 'https://noc1.wordfence.com/');
4	define('WORDFENCE_API_URL_NONSEC', 'http://noc1.wordfence.com/');
5	define('WORDFENCE_MAX_SCAN_TIME', 86400); //Increased this from 10 mins to 1 day because very big scans run for a long time. Users can use kill.

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: mmaunder
3	Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching
4	Requires at least: 3.3.1
5	Tested up to: 4.0
6	- Stable tag: 5.2.8
7
8	Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
9
	@@ -163,6 +163,11 @@ cause a security hole on your site.
163
164	== Changelog ==
165





166	= 5.2.8 =
167	* Detailed documentation for all options on the Wordfence options page. Launching docs.wordfence.com wiki.
168	* Fixed server-side issue where diff'ing certain files would give a blank page or an API error.


3	Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching
4	Requires at least: 3.3.1
5	Tested up to: 4.0
6	+ Stable tag: 5.2.9
7
8	Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
9

163
164	== Changelog ==
165
166	+ = 5.2.9 =
167	+ * Added ability to export Wordfence settings and reimport on one or many sites using secure token.
168	+ * Added API function to programatically import Wordfence settings from another WordPress site.
169	+ * Upgraded to Wordfence API version 2.14.
170	+
171	= 5.2.8 =
172	* Detailed documentation for all options on the Wordfence options page. Launching docs.wordfence.com wiki.
173	* Fixed server-side issue where diff'ing certain files would give a blank page or an API error.

wordfence.php CHANGED Viewed

	@@ -4,13 +4,13 @@ Plugin Name: Wordfence Security
4	Plugin URI: http://www.wordfence.com/
5	Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
6	Author: Wordfence
7	- Version: 5.2.8
8	Author URI: http://www.wordfence.com/
9	*/
10	if(defined('WP_INSTALLING') && WP_INSTALLING){
11	return;
12	}
13	- define('WORDFENCE_VERSION', '5.2.8');
14	if(get_option('wordfenceActivated') != 1){
15	add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
16	}


4	Plugin URI: http://www.wordfence.com/
5	Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
6	Author: Wordfence
7	+ Version: 5.2.9
8	Author URI: http://www.wordfence.com/
9	*/
10	if(defined('WP_INSTALLING') && WP_INSTALLING){
11	return;
12	}
13	+ define('WORDFENCE_VERSION', '5.2.9');
14	if(get_option('wordfenceActivated') != 1){
15	add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
16	}

Wordfence Security – Firewall & Malware Scan - Version 5.2.9

Version Description

Release Info

Code changes from version 5.2.8 to 5.2.9