Version Description
- Security fix. Thanks Matt B!
- Changed what we consider to be private addresses to a smaller range of addresses. See current range at: http://docs.wordfence.com/en/How_Wordfence_handles_Private_Addresses
- Fixed a warning about an undefined value which appeared after we added referer blocking in 5.3.2.
Download this release
Release Info
Developer | mmaunder |
Plugin | Wordfence Security – Firewall & Malware Scan |
Version | 5.3.3 |
Comparing to | |
See all releases |
Code changes from version 5.3.2 to 5.3.3
- lib/menu_rangeBlocking.php +3 -1
- lib/wfLog.php +1 -1
- lib/wfUtils.php +17 -16
- readme.txt +6 -1
- wordfence.php +2 -2
lib/menu_rangeBlocking.php
CHANGED
@@ -6,7 +6,9 @@
|
|
6 |
<p>
|
7 |
<?php if(! wfConfig::get('firewallEnabled')){ ?><div style="color: #F00; font-weight: bold;">Firewall is disabled. You can enable it on the <a href="admin.php?page=WordfenceSecOpt">Wordfence Options page</a> at the top.</div><br /><?php } ?>
|
8 |
<table class="wfConfigForm">
|
9 |
-
<tr><th>IP address range:</th><td><input id="ipRange" type="text" size="30" maxlength="255" value="<?php
|
|
|
|
|
10 |
<tr><td></td><td style="padding-bottom: 15px;"><strong>Examples:</strong> 192.168.200.200 - 192.168.200.220</td></tr>
|
11 |
<tr><th>User-Agent (browser) that matches:</th><td><input id="uaRange" type="text" size="30" maxlength="255" > (Case insensitive)</td></tr>
|
12 |
<tr><td></td><td style="padding-bottom: 15px;"><strong>Examples:</strong> *badRobot*, AnotherBadRobot*, *someBrowserSuffix</td></tr>
|
6 |
<p>
|
7 |
<?php if(! wfConfig::get('firewallEnabled')){ ?><div style="color: #F00; font-weight: bold;">Firewall is disabled. You can enable it on the <a href="admin.php?page=WordfenceSecOpt">Wordfence Options page</a> at the top.</div><br /><?php } ?>
|
8 |
<table class="wfConfigForm">
|
9 |
+
<tr><th>IP address range:</th><td><input id="ipRange" type="text" size="30" maxlength="255" value="<?php
|
10 |
+
if( isset( $_GET['wfBlockRange'] ) && preg_match('/^[\d\.\s\t\-]+$/', $_GET['wfBlockRange']) ){ echo wp_kses($_GET['wfBlockRange'], array()); }
|
11 |
+
?>" onkeyup="WFAD.calcRangeTotal();"> <span id="wfShowRangeTotal"></span></td></tr>
|
12 |
<tr><td></td><td style="padding-bottom: 15px;"><strong>Examples:</strong> 192.168.200.200 - 192.168.200.220</td></tr>
|
13 |
<tr><th>User-Agent (browser) that matches:</th><td><input id="uaRange" type="text" size="30" maxlength="255" > (Case insensitive)</td></tr>
|
14 |
<tr><td></td><td style="padding-bottom: 15px;"><strong>Examples:</strong> *badRobot*, AnotherBadRobot*, *someBrowserSuffix</td></tr>
|
lib/wfLog.php
CHANGED
@@ -668,7 +668,7 @@ class wfLog {
|
|
668 |
$bDat = explode('|', $blockRec['blockString']);
|
669 |
$ipRange = $bDat[0];
|
670 |
$uaPattern = $bDat[1];
|
671 |
-
$refPattern = $bDat[2];
|
672 |
if($ipRange){
|
673 |
$ips = explode('-', $ipRange);
|
674 |
if($IPnum >= $ips[0] && $IPnum <= $ips[1]){
|
668 |
$bDat = explode('|', $blockRec['blockString']);
|
669 |
$ipRange = $bDat[0];
|
670 |
$uaPattern = $bDat[1];
|
671 |
+
$refPattern = isset($bDat[2]) ? $bDat[2] : '';
|
672 |
if($ipRange){
|
673 |
$ips = explode('-', $ipRange);
|
674 |
if($IPnum >= $ips[0] && $IPnum <= $ips[1]){
|
lib/wfUtils.php
CHANGED
@@ -2,23 +2,24 @@
|
|
2 |
require_once('wfConfig.php');
|
3 |
require_once('wfCountryMap.php');
|
4 |
class wfUtils {
|
|
|
5 |
private static $privateAddrs = array(
|
6 |
-
array('0.0.0.0/8',0,16777215),
|
7 |
-
array('10.0.0.0/8',167772160,184549375),
|
8 |
-
array('100.64.0.0/10',1681915904,1686110207),
|
9 |
-
array('127.0.0.0/8',2130706432,2147483647),
|
10 |
-
array('169.254.0.0/16',2851995648,2852061183),
|
11 |
-
array('172.16.0.0/12',2886729728,2887778303),
|
12 |
-
array('192.0.0.0/29',3221225472,3221225479),
|
13 |
-
array('192.0.2.0/24',3221225984,3221226239),
|
14 |
-
array('192.88.99.0/24',3227017984,3227018239),
|
15 |
-
array('192.168.0.0/16',3232235520,3232301055),
|
16 |
-
array('198.18.0.0/15',3323068416,3323199487),
|
17 |
-
array('198.51.100.0/24',3325256704,3325256959),
|
18 |
-
array('203.0.113.0/24',3405803776,3405804031),
|
19 |
-
array('224.0.0.0/4',3758096384,4026531839),
|
20 |
-
array('240.0.0.0/4',4026531840,4294967295),
|
21 |
-
array('255.255.255.255/32',4294967295,4294967295)
|
22 |
);
|
23 |
private static $isWindows = false;
|
24 |
public static $scanLockFH = false;
|
2 |
require_once('wfConfig.php');
|
3 |
require_once('wfCountryMap.php');
|
4 |
class wfUtils {
|
5 |
+
#We've modified this and removed some addresses which may be routable on the Net and cause auto-whitelisting.
|
6 |
private static $privateAddrs = array(
|
7 |
+
//array('0.0.0.0/8',0,16777215), #Broadcast addr
|
8 |
+
array('10.0.0.0/8',167772160,184549375), #Private addrs
|
9 |
+
//array('100.64.0.0/10',1681915904,1686110207), #carrier-grade-nat for comms between ISP and subscribers
|
10 |
+
array('127.0.0.0/8',2130706432,2147483647), #loopback
|
11 |
+
//array('169.254.0.0/16',2851995648,2852061183), #link-local when DHCP fails e.g. os x
|
12 |
+
array('172.16.0.0/12',2886729728,2887778303), #private addrs
|
13 |
+
array('192.0.0.0/29',3221225472,3221225479), #used for NAT with IPv6, so basically a private addr
|
14 |
+
//array('192.0.2.0/24',3221225984,3221226239), #Only for use in docs and examples, not for public use
|
15 |
+
//array('192.88.99.0/24',3227017984,3227018239), #Used by 6to4 anycast relays
|
16 |
+
array('192.168.0.0/16',3232235520,3232301055), #Used for local communications within a private network
|
17 |
+
//array('198.18.0.0/15',3323068416,3323199487), #Used for testing of inter-network communications between two separate subnets
|
18 |
+
//array('198.51.100.0/24',3325256704,3325256959), #Assigned as "TEST-NET-2" in RFC 5737 for use solely in documentation and example source code and should not be used publicly.
|
19 |
+
//array('203.0.113.0/24',3405803776,3405804031), #Assigned as "TEST-NET-3" in RFC 5737 for use solely in documentation and example source code and should not be used publicly.
|
20 |
+
//array('224.0.0.0/4',3758096384,4026531839), #Reserved for multicast assignments as specified in RFC 5771
|
21 |
+
//array('240.0.0.0/4',4026531840,4294967295), #Reserved for future use, as specified by RFC 6890
|
22 |
+
//array('255.255.255.255/32',4294967295,4294967295) #Reserved for the "limited broadcast" destination address, as specified by RFC 6890
|
23 |
);
|
24 |
private static $isWindows = false;
|
25 |
public static $scanLockFH = false;
|
readme.txt
CHANGED
@@ -3,7 +3,7 @@ Contributors: mmaunder
|
|
3 |
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching
|
4 |
Requires at least: 3.3.1
|
5 |
Tested up to: 4.0
|
6 |
-
Stable tag: 5.3.
|
7 |
|
8 |
Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
|
9 |
|
@@ -165,6 +165,11 @@ cause a security hole on your site.
|
|
165 |
|
166 |
== Changelog ==
|
167 |
|
|
|
|
|
|
|
|
|
|
|
168 |
= 5.3.2 =
|
169 |
* Feature: Advanced blocking now includes referer blocking. i.e. you can block visitors arriving from certain websites or pretending to. See updated http://docs.wordfence.com/en/Advanced_Blocking
|
170 |
* Feature: Developers, you can now ask Wordfence to whitelist your server IP by calling wordfence::whitelistIP(). See http://docs.wordfence.com/en/WhitelistIP
|
3 |
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching
|
4 |
Requires at least: 3.3.1
|
5 |
Tested up to: 4.0
|
6 |
+
Stable tag: 5.3.3
|
7 |
|
8 |
Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
|
9 |
|
165 |
|
166 |
== Changelog ==
|
167 |
|
168 |
+
= 5.3.3 =
|
169 |
+
* Security fix. Thanks Matt B!
|
170 |
+
* Changed what we consider to be private addresses to a smaller range of addresses. See current range at: http://docs.wordfence.com/en/How_Wordfence_handles_Private_Addresses
|
171 |
+
* Fixed a warning about an undefined value which appeared after we added referer blocking in 5.3.2.
|
172 |
+
|
173 |
= 5.3.2 =
|
174 |
* Feature: Advanced blocking now includes referer blocking. i.e. you can block visitors arriving from certain websites or pretending to. See updated http://docs.wordfence.com/en/Advanced_Blocking
|
175 |
* Feature: Developers, you can now ask Wordfence to whitelist your server IP by calling wordfence::whitelistIP(). See http://docs.wordfence.com/en/WhitelistIP
|
wordfence.php
CHANGED
@@ -4,13 +4,13 @@ Plugin Name: Wordfence Security
|
|
4 |
Plugin URI: http://www.wordfence.com/
|
5 |
Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
|
6 |
Author: Wordfence
|
7 |
-
Version: 5.3.
|
8 |
Author URI: http://www.wordfence.com/
|
9 |
*/
|
10 |
if(defined('WP_INSTALLING') && WP_INSTALLING){
|
11 |
return;
|
12 |
}
|
13 |
-
define('WORDFENCE_VERSION', '5.3.
|
14 |
if(get_option('wordfenceActivated') != 1){
|
15 |
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
|
16 |
}
|
4 |
Plugin URI: http://www.wordfence.com/
|
5 |
Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
|
6 |
Author: Wordfence
|
7 |
+
Version: 5.3.3
|
8 |
Author URI: http://www.wordfence.com/
|
9 |
*/
|
10 |
if(defined('WP_INSTALLING') && WP_INSTALLING){
|
11 |
return;
|
12 |
}
|
13 |
+
define('WORDFENCE_VERSION', '5.3.3');
|
14 |
if(get_option('wordfenceActivated') != 1){
|
15 |
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
|
16 |
}
|