Wordfence Security – Firewall & Malware Scan - Version 5.3.3

Version Description

  • Security fix. Thanks Matt B!
  • Changed what we consider to be private addresses to a smaller range of addresses. See current range at: http://docs.wordfence.com/en/How_Wordfence_handles_Private_Addresses
  • Fixed a warning about an undefined value which appeared after we added referer blocking in 5.3.2.
Download this release

Release Info

Developer mmaunder
Plugin Icon 128x128 Wordfence Security – Firewall & Malware Scan
Version 5.3.3
Comparing to
See all releases

Code changes from version 5.3.2 to 5.3.3

Files changed (5) hide show
  1. lib/menu_rangeBlocking.php +3 -1
  2. lib/wfLog.php +1 -1
  3. lib/wfUtils.php +17 -16
  4. readme.txt +6 -1
  5. wordfence.php +2 -2
lib/menu_rangeBlocking.php CHANGED
@@ -6,7 +6,9 @@
6
<p>
7
<?php if(! wfConfig::get('firewallEnabled')){ ?><div style="color: #F00; font-weight: bold;">Firewall is disabled. You can enable it on the <a href="admin.php?page=WordfenceSecOpt">Wordfence Options page</a> at the top.</div><br /><?php } ?>
8
<table class="wfConfigForm">
9
- <tr><th>IP address range:</th><td><input id="ipRange" type="text" size="30" maxlength="255" value="<?php if( isset( $_GET['wfBlockRange'] ) && $_GET['wfBlockRange']){ echo wp_kses($_GET['wfBlockRange'], array()); } ?>" onkeyup="WFAD.calcRangeTotal();">&nbsp;<span id="wfShowRangeTotal"></span></td></tr>
10
<tr><td></td><td style="padding-bottom: 15px;"><strong>Examples:</strong> 192.168.200.200 - 192.168.200.220</td></tr>
11
<tr><th>User-Agent (browser) that matches:</th><td><input id="uaRange" type="text" size="30" maxlength="255" >&nbsp;(Case insensitive)</td></tr>
12
<tr><td></td><td style="padding-bottom: 15px;"><strong>Examples:</strong> *badRobot*, AnotherBadRobot*, *someBrowserSuffix</td></tr>
6
<p>
7
<?php if(! wfConfig::get('firewallEnabled')){ ?><div style="color: #F00; font-weight: bold;">Firewall is disabled. You can enable it on the <a href="admin.php?page=WordfenceSecOpt">Wordfence Options page</a> at the top.</div><br /><?php } ?>
8
<table class="wfConfigForm">
9
+ <tr><th>IP address range:</th><td><input id="ipRange" type="text" size="30" maxlength="255" value="<?php
10
+ if( isset( $_GET['wfBlockRange'] ) && preg_match('/^[\d\.\s\t\-]+#x2F;', $_GET['wfBlockRange']) ){ echo wp_kses($_GET['wfBlockRange'], array()); }
11
+ ?>" onkeyup="WFAD.calcRangeTotal();">&nbsp;<span id="wfShowRangeTotal"></span></td></tr>
12
<tr><td></td><td style="padding-bottom: 15px;"><strong>Examples:</strong> 192.168.200.200 - 192.168.200.220</td></tr>
13
<tr><th>User-Agent (browser) that matches:</th><td><input id="uaRange" type="text" size="30" maxlength="255" >&nbsp;(Case insensitive)</td></tr>
14
<tr><td></td><td style="padding-bottom: 15px;"><strong>Examples:</strong> *badRobot*, AnotherBadRobot*, *someBrowserSuffix</td></tr>
lib/wfLog.php CHANGED
@@ -668,7 +668,7 @@ class wfLog {
668
$bDat = explode('|', $blockRec['blockString']);
669
$ipRange = $bDat[0];
670
$uaPattern = $bDat[1];
671
- $refPattern = $bDat[2];
672
if($ipRange){
673
$ips = explode('-', $ipRange);
674
if($IPnum >= $ips[0] && $IPnum <= $ips[1]){
668
$bDat = explode('|', $blockRec['blockString']);
669
$ipRange = $bDat[0];
670
$uaPattern = $bDat[1];
671
+ $refPattern = isset($bDat[2]) ? $bDat[2] : '';
672
if($ipRange){
673
$ips = explode('-', $ipRange);
674
if($IPnum >= $ips[0] && $IPnum <= $ips[1]){
lib/wfUtils.php CHANGED
@@ -2,23 +2,24 @@
2
require_once('wfConfig.php');
3
require_once('wfCountryMap.php');
4
class wfUtils {
5
private static $privateAddrs = array(
6
- array('0.0.0.0/8',0,16777215),
7
- array('10.0.0.0/8',167772160,184549375),
8
- array('100.64.0.0/10',1681915904,1686110207),
9
- array('127.0.0.0/8',2130706432,2147483647),
10
- array('169.254.0.0/16',2851995648,2852061183),
11
- array('172.16.0.0/12',2886729728,2887778303),
12
- array('192.0.0.0/29',3221225472,3221225479),
13
- array('192.0.2.0/24',3221225984,3221226239),
14
- array('192.88.99.0/24',3227017984,3227018239),
15
- array('192.168.0.0/16',3232235520,3232301055),
16
- array('198.18.0.0/15',3323068416,3323199487),
17
- array('198.51.100.0/24',3325256704,3325256959),
18
- array('203.0.113.0/24',3405803776,3405804031),
19
- array('224.0.0.0/4',3758096384,4026531839),
20
- array('240.0.0.0/4',4026531840,4294967295),
21
- array('255.255.255.255/32',4294967295,4294967295)
22
);
23
private static $isWindows = false;
24
public static $scanLockFH = false;
2
require_once('wfConfig.php');
3
require_once('wfCountryMap.php');
4
class wfUtils {
5
+ #We've modified this and removed some addresses which may be routable on the Net and cause auto-whitelisting.
6
private static $privateAddrs = array(
7
+ //array('0.0.0.0/8',0,16777215), #Broadcast addr
8
+ array('10.0.0.0/8',167772160,184549375), #Private addrs
9
+ //array('100.64.0.0/10',1681915904,1686110207), #carrier-grade-nat for comms between ISP and subscribers
10
+ array('127.0.0.0/8',2130706432,2147483647), #loopback
11
+ //array('169.254.0.0/16',2851995648,2852061183), #link-local when DHCP fails e.g. os x
12
+ array('172.16.0.0/12',2886729728,2887778303), #private addrs
13
+ array('192.0.0.0/29',3221225472,3221225479), #used for NAT with IPv6, so basically a private addr
14
+ //array('192.0.2.0/24',3221225984,3221226239), #Only for use in docs and examples, not for public use
15
+ //array('192.88.99.0/24',3227017984,3227018239), #Used by 6to4 anycast relays
16
+ array('192.168.0.0/16',3232235520,3232301055), #Used for local communications within a private network
17
+ //array('198.18.0.0/15',3323068416,3323199487), #Used for testing of inter-network communications between two separate subnets
18
+ //array('198.51.100.0/24',3325256704,3325256959), #Assigned as "TEST-NET-2" in RFC 5737 for use solely in documentation and example source code and should not be used publicly.
19
+ //array('203.0.113.0/24',3405803776,3405804031), #Assigned as "TEST-NET-3" in RFC 5737 for use solely in documentation and example source code and should not be used publicly.
20
+ //array('224.0.0.0/4',3758096384,4026531839), #Reserved for multicast assignments as specified in RFC 5771
21
+ //array('240.0.0.0/4',4026531840,4294967295), #Reserved for future use, as specified by RFC 6890
22
+ //array('255.255.255.255/32',4294967295,4294967295) #Reserved for the "limited broadcast" destination address, as specified by RFC 6890
23
);
24
private static $isWindows = false;
25
public static $scanLockFH = false;
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: mmaunder
3
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching
4
Requires at least: 3.3.1
5
Tested up to: 4.0
6
- Stable tag: 5.3.2
7
8
Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
9
@@ -165,6 +165,11 @@ cause a security hole on your site.
165
166
== Changelog ==
167
168
= 5.3.2 =
169
* Feature: Advanced blocking now includes referer blocking. i.e. you can block visitors arriving from certain websites or pretending to. See updated http://docs.wordfence.com/en/Advanced_Blocking
170
* Feature: Developers, you can now ask Wordfence to whitelist your server IP by calling wordfence::whitelistIP(). See http://docs.wordfence.com/en/WhitelistIP
3
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching
4
Requires at least: 3.3.1
5
Tested up to: 4.0
6
+ Stable tag: 5.3.3
7
8
Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
9
165
166
== Changelog ==
167
168
+ = 5.3.3 =
169
+ * Security fix. Thanks Matt B!
170
+ * Changed what we consider to be private addresses to a smaller range of addresses. See current range at: http://docs.wordfence.com/en/How_Wordfence_handles_Private_Addresses
171
+ * Fixed a warning about an undefined value which appeared after we added referer blocking in 5.3.2.
172
+
173
= 5.3.2 =
174
* Feature: Advanced blocking now includes referer blocking. i.e. you can block visitors arriving from certain websites or pretending to. See updated http://docs.wordfence.com/en/Advanced_Blocking
175
* Feature: Developers, you can now ask Wordfence to whitelist your server IP by calling wordfence::whitelistIP(). See http://docs.wordfence.com/en/WhitelistIP
wordfence.php CHANGED
@@ -4,13 +4,13 @@ Plugin Name: Wordfence Security
4
Plugin URI: http://www.wordfence.com/
5
Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
6
Author: Wordfence
7
- Version: 5.3.2
8
Author URI: http://www.wordfence.com/
9
*/
10
if(defined('WP_INSTALLING') && WP_INSTALLING){
11
return;
12
}
13
- define('WORDFENCE_VERSION', '5.3.2');
14
if(get_option('wordfenceActivated') != 1){
15
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
16
}
4
Plugin URI: http://www.wordfence.com/
5
Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
6
Author: Wordfence
7
+ Version: 5.3.3
8
Author URI: http://www.wordfence.com/
9
*/
10
if(defined('WP_INSTALLING') && WP_INSTALLING){
11
return;
12
}
13
+ define('WORDFENCE_VERSION', '5.3.3');
14
if(get_option('wordfenceActivated') != 1){
15
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
16
}