Wordfence Security – Firewall & Malware Scan - Version 5.2.9

Version Description

  • Added ability to export Wordfence settings and reimport on one or many sites using secure token.
  • Added API function to programatically import Wordfence settings from another WordPress site.
  • Upgraded to Wordfence API version 2.14.
Download this release

Release Info

Developer mmaunder
Plugin Icon 128x128 Wordfence Security – Firewall & Malware Scan
Version 5.2.9
Comparing to
See all releases

Code changes from version 5.2.8 to 5.2.9

js/admin.js CHANGED
@@ -1619,6 +1619,30 @@ window['wordfenceAdmin'] = {
1619
}
1620
1621
});
1622
}
1623
};
1624
window['WFAD'] = window['wordfenceAdmin'];
1619
}
1620
1621
});
1622
+ },
1623
+ exportSettings: function(){
1624
+ var self = this;
1625
+ this.ajax('wordfence_exportSettings', {}, function(res){
1626
+ if(res.ok && res.token){
1627
+ self.colorbox('400px', "Export Successful", "We successfully exported your site settings. To import your site settings on another site, copy and paste the token below into the import text box on the destination site. Keep this token secret. It is like a password. If anyone else discovers the token it will allow them to import your settings excluding your API key.<br /><br />Token:<input type=\"text\" size=\"20\" value=\"" + res.token + "\" onclick=\"this.select();\" /><br />");
1628
+ } else if(res.err){
1629
+ self.colorbox('400px', "Error during Export", res.err);
1630
+ } else {
1631
+ self.colorbox('400px', "An unknown error occurred", "An unknown error occurred during the export. We received an undefined error from your web server.");
1632
+ }
1633
+ });
1634
+ },
1635
+ importSettings: function(token){
1636
+ var self = this;
1637
+ this.ajax('wordfence_importSettings', { token: token }, function(res){
1638
+ if(res.ok){
1639
+ self.colorbox('400px', "Import Successful", "You successfully imported " + res.totalSet + " options. Your import is complete. Please reload this page or click the button below to reload it:<br /><br /><input type=\"button\" value=\"Reload Page\" onclick=\"window.location.reload(true);\" />");
1640
+ } else if(res.err){
1641
+ self.colorbox('400px', "Error during Import", res.err);
1642
+ } else {
1643
+ self.colorbox('400px', "Error during Export", "An unknown error occurred during the import");
1644
+ }
1645
+ });
1646
}
1647
};
1648
window['WFAD'] = window['wordfenceAdmin'];
lib/menu_options.php CHANGED
@@ -291,6 +291,14 @@ var WFSLevels = <?php echo json_encode(wfConfig::$securityLevels); ?>;
291
<tr><th colspan="2"><a href="<?php echo wfUtils::siteURLRelative(); ?>?_wfsf=testmem&nonce=<?php echo wp_create_nonce('wp-ajax'); ?>" target="_blank">Test your WordPress host's available memory</a><a href="http://docs.wordfence.com/en/Wordfence_options#Test_your_WordPress_host.27s_available_memory" target="_blank" class="wfhelp"></a></th></tr>
292
<tr><th>Send a test email from this WordPress server to an email address:<a href="http://docs.wordfence.com/en/Wordfence_options#Send_a_test_email_from_this_WordPress_server_to_an_email_address" target="_blank" class="wfhelp"></a></th><td><input type="text" id="testEmailDest" value="" size="20" maxlength="255" class="wfConfigElem" />
293
<input type="button" value="Send Test Email" onclick="WFAD.sendTestEmail(jQuery('#testEmailDest').val());" /></td></tr>
294
</table>
295
<p><table border="0" cellpadding="0" cellspacing="0"><tr><td><input type="button" id="button1" name="button1" class="button-primary" value="Save Changes" onclick="WFAD.saveConfig();" /></td><td style="height: 24px;"><div class="wfAjax24"></div><span class="wfSavedMsg">&nbsp;Your changes have been saved!</span></td></tr></table></p>
296
</div>
291
<tr><th colspan="2"><a href="<?php echo wfUtils::siteURLRelative(); ?>?_wfsf=testmem&nonce=<?php echo wp_create_nonce('wp-ajax'); ?>" target="_blank">Test your WordPress host's available memory</a><a href="http://docs.wordfence.com/en/Wordfence_options#Test_your_WordPress_host.27s_available_memory" target="_blank" class="wfhelp"></a></th></tr>
292
<tr><th>Send a test email from this WordPress server to an email address:<a href="http://docs.wordfence.com/en/Wordfence_options#Send_a_test_email_from_this_WordPress_server_to_an_email_address" target="_blank" class="wfhelp"></a></th><td><input type="text" id="testEmailDest" value="" size="20" maxlength="255" class="wfConfigElem" />
293
<input type="button" value="Send Test Email" onclick="WFAD.sendTestEmail(jQuery('#testEmailDest').val());" /></td></tr>
294
+
295
+ <tr><td colspan="2">
296
+ <div class="wfMarker" id="wfMarkerExportOptions"></div>
297
+ <h3 class="wfConfigHeading">Exporting and Importing Wordfence Settings<a href="http://docs.wordfence.com/en/Wordfence_options#Exporting_and_Importing_Wordfence_Settings" target="_blank" class="wfhelp"></a></h3>
298
+ </td></tr>
299
+
300
+ <tr><th>Export this site's Wordfence settings for import on another site:</th><td><input type="button" id="exportSettingsBut" value="Export Wordfence Settings" onclick="WFAD.exportSettings(); return false;" /></td></tr>
301
+ <tr><th>Import Wordfence settings from another site using a token:</th><td><input type="text" size="20" value="" id="importToken" />&nbsp;<input type="button" name="importSettingsButton" value="Import Settings" onclick="WFAD.importSettings(jQuery('#importToken').val()); return false;" /></td></tr>
302
</table>
303
<p><table border="0" cellpadding="0" cellspacing="0"><tr><td><input type="button" id="button1" name="button1" class="button-primary" value="Save Changes" onclick="WFAD.saveConfig();" /></td><td style="height: 24px;"><div class="wfAjax24"></div><span class="wfSavedMsg">&nbsp;Your changes have been saved!</span></td></tr></table></p>
304
</div>
lib/wfConfig.php CHANGED
@@ -434,6 +434,18 @@ class wfConfig {
434
self::set('other_scanOutside', 0);
435
}
436
}
437
public static function parseOptions(){
438
$ret = array();
439
foreach(self::$securityLevels[2]['checkboxes'] as $key => $val){ //value is not used. We just need the keys for validation
434
self::set('other_scanOutside', 0);
435
}
436
}
437
+ public static function getExportableOptionsKeys(){
438
+ $ret = array();
439
+ foreach(self::$securityLevels[2]['checkboxes'] as $key => $val){
440
+ $ret[] = $key;
441
+ }
442
+ foreach(self::$securityLevels[2]['otherParams'] as $key => $val){
443
+ if($key != 'apiKey'){
444
+ $ret[] = $key;
445
+ }
446
+ }
447
+ return $ret;
448
+ }
449
public static function parseOptions(){
450
$ret = array();
451
foreach(self::$securityLevels[2]['checkboxes'] as $key => $val){ //value is not used. We just need the keys for validation
lib/wordfenceClass.php CHANGED
@@ -2180,6 +2180,58 @@ class wordfence {
2180
return array("ok" => 1);
2181
}
2182
}
2183
public static function startScan(){
2184
wfScanEngine::startScan();
2185
}
@@ -2442,7 +2494,7 @@ EOL;
2442
}
2443
public static function admin_init(){
2444
if(! wfUtils::isAdmin()){ return; }
2445
- foreach(array('activate', 'scan', 'updateAlertEmail', 'sendActivityLog', 'restoreFile', 'bulkOperation', 'deleteFile', 'removeExclusion', 'activityLogUpdate', 'ticker', 'loadIssues', 'updateIssueStatus', 'deleteIssue', 'updateAllIssues', 'reverseLookup', 'unlockOutIP', 'loadBlockRanges', 'unblockRange', 'blockIPUARange', 'whois', 'unblockIP', 'blockIP', 'permBlockIP', 'loadStaticPanel', 'saveConfig', 'downloadHtaccess', 'checkFalconHtaccess', 'updateConfig', 'saveCacheConfig', 'removeFromCache', 'autoUpdateChoice', 'saveCacheOptions', 'clearPageCache', 'getCacheStats', 'clearAllBlocked', 'killScan', 'saveCountryBlocking', 'saveScanSchedule', 'tourClosed', 'startTourAgain', 'downgradeLicense', 'addTwoFactor', 'twoFacActivate', 'twoFacDel', 'loadTwoFactor', 'loadAvgSitePerf', 'sendTestEmail', 'addCacheExclusion', 'removeCacheExclusion', 'loadCacheExclusions') as $func){
2446
add_action('wp_ajax_wordfence_' . $func, 'wordfence::ajaxReceiver');
2447
}
2448
2180
return array("ok" => 1);
2181
}
2182
}
2183
+ public static function ajax_exportSettings_callback(){
2184
+ $keys = wfConfig::getExportableOptionsKeys();
2185
+ $export = array();
2186
+ foreach($keys as $key){
2187
+ $export[$key] = wfConfig::get($key, '');
2188
+ }
2189
+ try {
2190
+ $api = new wfAPI(wfConfig::get('apiKey'), wfUtils::getWPVersion());
2191
+ $res = $api->call('export_options', array(), $export);
2192
+ if($res['ok'] && $res['token']){
2193
+ return array(
2194
+ 'ok' => 1,
2195
+ 'token' => $res['token'],
2196
+ );
2197
+ } else {
2198
+ throw new Exception("Invalid response: " . var_export($res, true));
2199
+ }
2200
+ } catch(Exception $e){
2201
+ return array('err' => "An error occurred: " . $e->getMessage());
2202
+ }
2203
+ }
2204
+ public static function importSettings($token){
2205
+ $api = new wfAPI(wfConfig::get('apiKey'), wfUtils::getWPVersion());
2206
+ $res = $api->call('import_options', array(), array('token' => $token));
2207
+ $totalSet = 0;
2208
+ if($res['ok'] && $res['options']){
2209
+ $keys = wfConfig::getExportableOptionsKeys();
2210
+ foreach($keys as $key){
2211
+ if(isset($res['options'][$key])){
2212
+ wfConfig::set($key, $res['options'][$key]);
2213
+ $totalSet++;
2214
+ }
2215
+ }
2216
+ return $totalSet;
2217
+ } else if($res['err']){
2218
+ throw new Exception($res['err']);
2219
+ } else {
2220
+ throw new Exception("Invalid response from Wordfence servers during import.");
2221
+ }
2222
+ }
2223
+ public static function ajax_importSettings_callback(){
2224
+ $token = $_POST['token'];
2225
+ try {
2226
+ $totalSet = self::importSettings($token);
2227
+ return array(
2228
+ 'ok' => 1,
2229
+ 'totalSet' => $totalSet,
2230
+ );
2231
+ } catch(Exception $e){
2232
+ return array('err' => "An error occurred: " . $e->getMessage());
2233
+ }
2234
+ }
2235
public static function startScan(){
2236
wfScanEngine::startScan();
2237
}
2494
}
2495
public static function admin_init(){
2496
if(! wfUtils::isAdmin()){ return; }
2497
+ foreach(array('activate', 'scan', 'updateAlertEmail', 'sendActivityLog', 'restoreFile', 'exportSettings', 'importSettings', 'bulkOperation', 'deleteFile', 'removeExclusion', 'activityLogUpdate', 'ticker', 'loadIssues', 'updateIssueStatus', 'deleteIssue', 'updateAllIssues', 'reverseLookup', 'unlockOutIP', 'loadBlockRanges', 'unblockRange', 'blockIPUARange', 'whois', 'unblockIP', 'blockIP', 'permBlockIP', 'loadStaticPanel', 'saveConfig', 'downloadHtaccess', 'checkFalconHtaccess', 'updateConfig', 'saveCacheConfig', 'removeFromCache', 'autoUpdateChoice', 'saveCacheOptions', 'clearPageCache', 'getCacheStats', 'clearAllBlocked', 'killScan', 'saveCountryBlocking', 'saveScanSchedule', 'tourClosed', 'startTourAgain', 'downgradeLicense', 'addTwoFactor', 'twoFacActivate', 'twoFacDel', 'loadTwoFactor', 'loadAvgSitePerf', 'sendTestEmail', 'addCacheExclusion', 'removeCacheExclusion', 'loadCacheExclusions') as $func){
2498
add_action('wp_ajax_wordfence_' . $func, 'wordfence::ajaxReceiver');
2499
}
2500
lib/wordfenceConstants.php CHANGED
@@ -1,5 +1,5 @@
1
<?php
2
- define('WORDFENCE_API_VERSION', '2.12');
3
define('WORDFENCE_API_URL_SEC', 'https://noc1.wordfence.com/');
4
define('WORDFENCE_API_URL_NONSEC', 'http://noc1.wordfence.com/');
5
define('WORDFENCE_MAX_SCAN_TIME', 86400); //Increased this from 10 mins to 1 day because very big scans run for a long time. Users can use kill.
1
<?php
2
+ define('WORDFENCE_API_VERSION', '2.14');
3
define('WORDFENCE_API_URL_SEC', 'https://noc1.wordfence.com/');
4
define('WORDFENCE_API_URL_NONSEC', 'http://noc1.wordfence.com/');
5
define('WORDFENCE_MAX_SCAN_TIME', 86400); //Increased this from 10 mins to 1 day because very big scans run for a long time. Users can use kill.
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: mmaunder
3
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching
4
Requires at least: 3.3.1
5
Tested up to: 4.0
6
- Stable tag: 5.2.8
7
8
Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
9
@@ -163,6 +163,11 @@ cause a security hole on your site.
163
164
== Changelog ==
165
166
= 5.2.8 =
167
* Detailed documentation for all options on the Wordfence options page. Launching docs.wordfence.com wiki.
168
* Fixed server-side issue where diff'ing certain files would give a blank page or an API error.
3
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching
4
Requires at least: 3.3.1
5
Tested up to: 4.0
6
+ Stable tag: 5.2.9
7
8
Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
9
163
164
== Changelog ==
165
166
+ = 5.2.9 =
167
+ * Added ability to export Wordfence settings and reimport on one or many sites using secure token.
168
+ * Added API function to programatically import Wordfence settings from another WordPress site.
169
+ * Upgraded to Wordfence API version 2.14.
170
+
171
= 5.2.8 =
172
* Detailed documentation for all options on the Wordfence options page. Launching docs.wordfence.com wiki.
173
* Fixed server-side issue where diff'ing certain files would give a blank page or an API error.
wordfence.php CHANGED
@@ -4,13 +4,13 @@ Plugin Name: Wordfence Security
4
Plugin URI: http://www.wordfence.com/
5
Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
6
Author: Wordfence
7
- Version: 5.2.8
8
Author URI: http://www.wordfence.com/
9
*/
10
if(defined('WP_INSTALLING') && WP_INSTALLING){
11
return;
12
}
13
- define('WORDFENCE_VERSION', '5.2.8');
14
if(get_option('wordfenceActivated') != 1){
15
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
16
}
4
Plugin URI: http://www.wordfence.com/
5
Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
6
Author: Wordfence
7
+ Version: 5.2.9
8
Author URI: http://www.wordfence.com/
9
*/
10
if(defined('WP_INSTALLING') && WP_INSTALLING){
11
return;
12
}
13
+ define('WORDFENCE_VERSION', '5.2.9');
14
if(get_option('wordfenceActivated') != 1){
15
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
16
}