Wordfence Security – Firewall & Malware Scan - Version 5.3.6

Version Description

  • Feature: You can now block POST requests to your WordPress site that have an empty User-Agent and Referer header. This is a common pattern among badly written brute force bots.
  • Feature: Added cron viewer at bottom of Wordfence options page. The plugin we were using to help diagnose customer issues is broken. Use this instead.
  • Feature: Added DB table viewer at bottom of Wordfence options page. This is a read-only utility to view table names and detailed status. Also for customer diagnostic purposes.
  • Improvement: Code cleanup after in-depth code analysis. Removed unused functions and variables and re-indented selected code.
  • Fix: Fixed issue that appeared after last release where raw HTML tags were appearing in email alerts.
  • Fix: Tour behaved inconsistently under some conditions. Fixed.
  • Fix: Mismatched HTML tags in some presentation code. Fixed.
  • Fix: When fetching theme list the interator had the same name as the array. Fixed.
  • Fix: Detection for malware URLs in comments had a partial description in the issue. Was being overwritten when it should have been appended. Fixed.
  • Fix: Check if dns_get_record() exists before using it to avoid warnings.
  • Fix: If you have the wordfence security network disabled, the _wfVulnScanners table may have grown indefinitely. Fixed so it's regularly truncated.
  • Fix: wordfence::getLog() was private and should be public. Fixed.
  • Fix: Removed warning about wfsf not being an element of GET params. Usually hidden, but in case something checks errorget_last()
Download this release

Release Info

Developer mmaunder
Plugin Icon 128x128 Wordfence Security – Firewall & Malware Scan
Version 5.3.6
Comparing to
See all releases

Code changes from version 5.3.5 to 5.3.6

Files changed (30) hide show
  1. js/admin.js +51 -63
  2. js/tourTip.js +18 -4
  3. lib/Diff/SequenceMatcher.php +0 -50
  4. lib/IPTraf.php +1 -1
  5. lib/conntest.php +1 -1
  6. lib/cronview.php +30 -0
  7. lib/dbview.php +31 -0
  8. lib/diffResult.php +1 -1
  9. lib/email_genericAlert.php +14 -14
  10. lib/menu_options.php +1114 -375
  11. lib/menu_scan.php +4 -4
  12. lib/menu_sitePerfStats.php +1 -1
  13. lib/sysinfo.php +1 -1
  14. lib/wfAPI.php +1 -3
  15. lib/wfCache.php +1 -2
  16. lib/wfConfig.php +5 -4
  17. lib/wfCrawl.php +0 -1
  18. lib/wfDB.php +0 -6
  19. lib/wfIssues.php +0 -2
  20. lib/wfLog.php +5 -14
  21. lib/wfScan.php +0 -2
  22. lib/wfScanEngine.php +10 -19
  23. lib/wfUtils.php +3 -6
  24. lib/wfViewResult.php +1 -1
  25. lib/wordfenceClass.php +27 -22
  26. lib/wordfenceHash.php +0 -1
  27. lib/wordfenceScanner.php +0 -14
  28. lib/wordfenceURLHoover.php +0 -2
  29. readme.txt +17 -2
  30. wordfence.php +3 -2
js/admin.js CHANGED
@@ -11,7 +11,6 @@ window['wordfenceAdmin'] = {
11
iconErrorMsgs: [],
12
scanIDLoaded: 0,
13
colorboxQueue: [],
14
- colorboxOpen: false,
15
mode: '',
16
visibleIssuesPanel: 'new',
17
preFirstScanMsgsLoaded: false,
@@ -35,11 +34,15 @@ window['wordfenceAdmin'] = {
35
countryCodesToSave: "",
36
performanceScale: 3,
37
performanceMinWidth: 20,
38
init: function(){
39
this.nonce = WordfenceAdminVars.firstNonce;
40
this.debugOn = WordfenceAdminVars.debugOn == '1' ? true : false;
41
this.tourClosed = WordfenceAdminVars.tourClosed == '1' ? true : false;
42
var startTicker = false;
43
if(jQuery('#wordfenceMode_scan').length > 0){
44
this.mode = 'scan';
45
jQuery('#wfALogViewLink').prop('href', WordfenceAdminVars.siteBaseURL + '?_wfsf=viewActivityLog&nonce=' + this.nonce);
@@ -48,13 +51,12 @@ window['wordfenceAdmin'] = {
48
this.noScanHTML = jQuery('#wfNoScanYetTmpl').tmpl().html();
49
this.loadIssues();
50
this.startActivityLogUpdates();
51
- if(! this.tourClosed){
52
this.scanTourStart();
53
}
54
} else if(jQuery('#wordfenceMode_activity').length > 0){
55
this.mode = 'activity';
56
- var self = this;
57
- this.setupSwitches('wfLiveTrafficOnOff', 'liveTrafficEnabled', function(){});
58
jQuery('#wfLiveTrafficOnOff').change(function(){
59
if(/^(?:falcon|php)#x2F;.test(WordfenceAdminVars.cacheType) ){
60
jQuery('#wfLiveTrafficOnOff').attr('checked', false);
@@ -71,8 +73,7 @@ window['wordfenceAdmin'] = {
71
this.switchTab(jQuery('#wfLoginLogoutTab'), 'wfTab1', 'wfDataPanel', 'wfActivity_loginLogout', function(){ WFAD.activityTabChanged(); });
72
}
73
startTicker = true;
74
- if(! this.tourClosed){
75
- var self = this;
76
this.tour('wfWelcomeContent3', 'wfHeading', 'top', 'left', "Learn about Site Performance", function(){ self.tourRedir('WordfenceSitePerf'); });
77
}
78
} else if(jQuery('#wordfenceMode_options').length > 0){
@@ -80,9 +81,8 @@ window['wordfenceAdmin'] = {
80
jQuery('.wfConfigElem').change(function(){ jQuery('#securityLevel').val('CUSTOM'); });
81
this.updateTicker(true);
82
startTicker = true;
83
- if(! this.tourClosed){
84
- var self = this;
85
- this.tour('wfContentBasicOptions', 'wfMarkerBasicOptions', 'top', 'left', "Learn about Live Traffic Options", function(){
86
self.tour('wfContentLiveTrafficOptions', 'wfMarkerLiveTrafficOptions', 'bottom', 'left', "Learn about Scanning Options", function(){
87
self.tour('wfContentScansToInclude', 'wfMarkerScansToInclude', 'bottom', 'left', "Learn about Firewall Rules", function(){
88
self.tour('wfContentFirewallRules', 'wfMarkerFirewallRules', 'bottom', 'left', "Learn about Login Security", function(){
@@ -99,15 +99,13 @@ window['wordfenceAdmin'] = {
99
this.staticTabChanged();
100
this.updateTicker(true);
101
startTicker = true;
102
- if(! this.tourClosed){
103
- var self = this;
104
this.tour('wfWelcomeContent4', 'wfHeading', 'top', 'left', "Learn about Cellphone Sign-in", function(){ self.tourRedir('WordfenceTwoFactor'); });
105
}
106
} else if(jQuery('#wordfenceMode_twoFactor').length > 0){
107
this.mode = 'twoFactor';
108
startTicker = false;
109
- if(! this.tourClosed){
110
- var self = this;
111
this.tour('wfWelcomeTwoFactor', 'wfHeading', 'top', 'left', "Learn how to Block Countries", function(){ self.tourRedir('WordfenceCountryBlocking'); });
112
}
113
this.loadTwoFactor();
@@ -115,15 +113,13 @@ window['wordfenceAdmin'] = {
115
} else if(jQuery('#wordfenceMode_countryBlocking').length > 0){
116
this.mode = 'countryBlocking';
117
startTicker = false;
118
- if(! this.tourClosed){
119
- var self = this;
120
this.tour('wfWelcomeContentCntBlk', 'wfHeading', 'top', 'left', "Learn how to Schedule Scans", function(){ self.tourRedir('WordfenceScanSchedule'); });
121
}
122
} else if(jQuery('#wordfenceMode_rangeBlocking').length > 0){
123
this.mode = 'rangeBlocking';
124
startTicker = false;
125
- if(! this.tourClosed){
126
- var self = this;
127
this.tour('wfWelcomeContentRangeBlocking', 'wfHeading', 'top', 'left', "Learn how to Customize Wordfence", function(){ self.tourRedir('WordfenceSecOpt'); });
128
}
129
this.calcRangeTotal();
@@ -131,8 +127,7 @@ window['wordfenceAdmin'] = {
131
} else if(jQuery('#wordfenceMode_whois').length > 0){
132
this.mode = 'whois';
133
startTicker = false;
134
- if(! this.tourClosed){
135
- var self = this;
136
this.tour('wfWelcomeContentWhois', 'wfHeading', 'top', 'left', "Learn how to use Advanced Blocking", function(){ self.tourRedir('WordfenceRangeBlocking'); });
137
}
138
this.calcRangeTotal();
@@ -142,34 +137,20 @@ window['wordfenceAdmin'] = {
142
this.mode = 'scanScheduling';
143
startTicker = false;
144
this.sched_modeChange();
145
- if(! this.tourClosed){
146
- var self = this;
147
this.tour('wfWelcomeContentScanSched', 'wfHeading', 'top', 'left', "Learn about WHOIS", function(){ self.tourRedir('WordfenceWhois'); });
148
}
149
} else if(jQuery('#wordfenceMode_caching').length > 0){
150
this.mode = 'caching';
151
startTicker = false;
152
- if(! this.tourClosed){
153
- var self = this;
154
this.tour('wfWelcomeContentCaching', 'wfHeading', 'top', 'left', "Learn about IP Blocking", function(){ self.tourRedir('WordfenceBlockedIPs'); });
155
}
156
this.loadCacheExclusions();
157
- // } else if(jQuery('#wordfenceMode_perfStats').length > 0){
158
- // var self = this;
159
- // this.loadAvgSitePerf();
160
- // this.setupSwitches('wfPerfOnOff', 'perfLoggingEnabled', function(){});
161
- // jQuery('#wfPerfOnOff').change(function(){ self.updateSwitch('wfPerfOnOff', 'perfLoggingEnabled', function(){}); });
162
- // this.mode = 'perfStats';
163
- // startTicker = true;
164
- // if(! this.tourClosed){
165
- // var self = this;
166
- // this.tour('wfWelcomeContentCaching', 'wfHeading', 'top', 'left', "Learn about IP Blocking", function(){ self.tourRedir('WordfenceBlockedIPs'); });
167
- // }
168
} else {
169
this.mode = false;
170
}
171
if(this.mode){ //We are in a Wordfence page
172
- var self = this;
173
if(startTicker){
174
this.updateTicker();
175
this.liveInt = setInterval(function(){ self.updateTicker(); }, WordfenceAdminVars.actUpdateInterval);
@@ -177,6 +158,13 @@ window['wordfenceAdmin'] = {
177
jQuery(document).bind('cbox_closed', function(){ self.colorboxIsOpen = false; self.colorboxServiceQueue(); });
178
}
179
},
180
sendTestEmail: function(email){
181
var self = this;
182
this.ajax('wordfence_sendTestEmail', { email: email }, function(res){
@@ -275,9 +263,11 @@ window['wordfenceAdmin'] = {
275
}
276
},
277
startTourAgain: function(){
278
- this.ajax('wordfence_startTourAgain', {}, function(res){});
279
- this.tourClosed = false;
280
- this.scanTourStart();
281
},
282
showLoading: function(){
283
this.loadingCount++;
@@ -381,46 +371,47 @@ window['wordfenceAdmin'] = {
381
}
382
},
383
processSummaryLine: function(item){
384
if(item.msg.indexOf('SUM_START:') != -1){
385
- var msg = item.msg.replace('SUM_START:', '');
386
jQuery('#consoleSummary').append('<div class="wfSummaryLine"><div class="wfSummaryDate">[' + item.date + ']</div><div class="wfSummaryMsg">' + msg + '</div><div class="wfSummaryResult"><div class="wfSummaryLoading"></div></div><div class="wfClear"></div>');
387
summaryUpdated = true;
388
} else if(item.msg.indexOf('SUM_ENDBAD') != -1){
389
- var msg = item.msg.replace('SUM_ENDBAD:', '');
390
jQuery('div.wfSummaryMsg:contains("' + msg + '")').next().addClass('wfSummaryBad').html('Problems found.');
391
summaryUpdated = true;
392
} else if(item.msg.indexOf('SUM_ENDFAILED') != -1){
393
- var msg = item.msg.replace('SUM_ENDFAILED:', '');
394
jQuery('div.wfSummaryMsg:contains("' + msg + '")').next().addClass('wfSummaryBad').html('Failed.');
395
summaryUpdated = true;
396
} else if(item.msg.indexOf('SUM_ENDOK') != -1){
397
- var msg = item.msg.replace('SUM_ENDOK:', '');
398
jQuery('div.wfSummaryMsg:contains("' + msg + '")').next().addClass('wfSummaryOK').html('Secure.');
399
summaryUpdated = true;
400
} else if(item.msg.indexOf('SUM_ENDSUCCESS') != -1){
401
- var msg = item.msg.replace('SUM_ENDSUCCESS:', '');
402
jQuery('div.wfSummaryMsg:contains("' + msg + '")').next().addClass('wfSummaryOK').html('Success.');
403
summaryUpdated = true;
404
} else if(item.msg.indexOf('SUM_ENDERR') != -1){
405
- var msg = item.msg.replace('SUM_ENDERR:', '');
406
jQuery('div.wfSummaryMsg:contains("' + msg + '")').next().addClass('wfSummaryErr').html('An error occurred.');
407
summaryUpdated = true;
408
} else if(item.msg.indexOf('SUM_DISABLED:') != -1){
409
- var msg = item.msg.replace('SUM_DISABLED:', '');
410
jQuery('#consoleSummary').append('<div class="wfSummaryLine"><div class="wfSummaryDate">[' + item.date + ']</div><div class="wfSummaryMsg">' + msg + '</div><div class="wfSummaryResult">Disabled [<a href="admin.php?page=WordfenceSecOpt">Visit Options to Enable</a>]</div><div class="wfClear"></div>');
411
summaryUpdated = true;
412
} else if(item.msg.indexOf('SUM_PAIDONLY:') != -1){
413
- var msg = item.msg.replace('SUM_PAIDONLY:', '');
414
jQuery('#consoleSummary').append('<div class="wfSummaryLine"><div class="wfSummaryDate">[' + item.date + ']</div><div class="wfSummaryMsg">' + msg + '</div><div class="wfSummaryResult"><a href="https://www.wordfence.com/wordfence-signup/" target="_blank">Paid Members Only</a></div><div class="wfClear"></div>');
415
summaryUpdated = true;
416
} else if(item.msg.indexOf('SUM_FINAL:') != -1){
417
- var msg = item.msg.replace('SUM_FINAL:', '');
418
jQuery('#consoleSummary').append('<div class="wfSummaryLine"><div class="wfSummaryDate">[' + item.date + ']</div><div class="wfSummaryMsg wfSummaryFinal">' + msg + '</div><div class="wfSummaryResult wfSummaryOK">Scan Complete.</div><div class="wfClear"></div>');
419
} else if(item.msg.indexOf('SUM_PREP:') != -1){
420
- var msg = item.msg.replace('SUM_PREP:', '');
421
jQuery('#consoleSummary').empty().html('<div class="wfSummaryLine"><div class="wfSummaryDate">[' + item.date + ']</div><div class="wfSummaryMsg">' + msg + '</div><div class="wfSummaryResult" id="wfStartingScan"><div class="wfSummaryLoading"></div></div><div class="wfClear"></div>');
422
} else if(item.msg.indexOf('SUM_KILLED:') != -1){
423
- var msg = item.msg.replace('SUM_KILLED:', '');
424
jQuery('#consoleSummary').empty().html('<div class="wfSummaryLine"><div class="wfSummaryDate">[' + item.date + ']</div><div class="wfSummaryMsg">' + msg + '</div><div class="wfSummaryResult wfSummaryOK">Scan Complete.</div><div class="wfClear"></div>');
425
}
426
},
@@ -470,13 +461,13 @@ window['wordfenceAdmin'] = {
470
if(newMsg && newMsg != oldMsg){
471
jQuery('#wfLiveStatus').hide().html(newMsg).fadeIn(200);
472
}
473
-
474
if(this.mode == 'activity'){
475
if(res.alsoGet != 'logList_' + this.activityMode){ return; } //user switched panels since ajax request started
476
if(res.events.length > 0){
477
this.newestActivityTime = res.events[0]['ctime'];
478
}
479
- var haveEvents = false;
480
if(jQuery('#wfActivity_' + this.activityMode + ' .wfActEvent').length > 0){
481
haveEvents = true;
482
}
@@ -488,7 +479,6 @@ window['wordfenceAdmin'] = {
488
var elemID = '#wfActEvent_' + res.events[i].id;
489
if(jQuery(elemID).length < 1){
490
res.events[i]['activityMode'] = this.activityMode;
491
- var newElem;
492
if(this.activityMode == 'loginLogout'){
493
newElem = jQuery('#wfLoginLogoutEventTmpl').tmpl(res.events[i]);
494
} else {
@@ -509,7 +499,7 @@ window['wordfenceAdmin'] = {
509
jQuery(elem).html(self.makeTimeAgo(res.serverTime - jQuery(elem).data('wfctime')) + ' ago');
510
});
511
} else if(this.mode == 'perfStats'){
512
- var haveEvents = false;
513
if(jQuery('#wfPerfStats .wfPerfEvent').length > 0){
514
haveEvents = true;
515
}
@@ -525,7 +515,7 @@ window['wordfenceAdmin'] = {
525
for(var i = res.events.length - 1; i >= 0; i--){
526
res.events[i]['scale'] = this.performanceScale;
527
res.events[i]['min'] = this.performanceMinWidth;
528
- var newElem = jQuery('#wfPerfStatTmpl').tmpl(res.events[i]);
529
jQuery(newElem).find('.wfTimeAgo').data('wfctime', res.events[i].ctime);
530
newElem.prependTo('#wfPerfStats').fadeIn();
531
}
@@ -534,7 +524,6 @@ window['wordfenceAdmin'] = {
534
jQuery('#wfPerfStats').html('<p>No events to report yet.</p>');
535
}
536
}
537
- var self = this;
538
jQuery('.wfTimeAgo').each(function(idx, elem){
539
jQuery(elem).html(self.makeTimeAgo(res.serverTime - jQuery(elem).data('wfctime')) + ' ago');
540
});
@@ -565,7 +554,7 @@ window['wordfenceAdmin'] = {
565
if(res.ok){
566
jQuery('.wfReverseLookup').each(function(idx, elem){
567
var txt = jQuery(elem).text();
568
- for(ip in res.ips){
569
if(txt == ip){
570
if(res.ips[ip]){
571
jQuery(elem).html('<strong>Hostname:</strong>&nbsp;' + res.ips[ip]);
@@ -591,7 +580,7 @@ window['wordfenceAdmin'] = {
591
startScan: function(){
592
var scanReqAnimation = setInterval(function(){
593
var str = jQuery('#wfStartScanButton1').prop('value');
594
- ch = str.charAt(str.length - 1);
595
if(ch == '/'){ ch = '-'; }
596
else if(ch == '-'){ ch = '\\'; }
597
else if(ch == '\\'){ ch = '|'; }
@@ -631,7 +620,7 @@ window['wordfenceAdmin'] = {
631
res.summary['lastScanCompleted'] = 'Never';
632
}
633
jQuery('.wfIssuesContainer').hide();
634
- for(issueStatus in res.issuesLists){
635
var containerID = 'wfIssues_dataTable_' + issueStatus;
636
var tableID = 'wfIssuesTable_' + issueStatus;
637
if(jQuery('#' + containerID).length < 1){
@@ -672,8 +661,7 @@ window['wordfenceAdmin'] = {
672
"sClass": "center",
673
"sType": 'severity',
674
"fnRender": function(obj) {
675
- var cls = "";
676
- cls = 'wfProbSev' + obj.aData.severity;
677
return '<span class="' + cls + '"></span>';
678
}
679
},
@@ -833,6 +821,7 @@ window['wordfenceAdmin'] = {
833
},
834
updateAllIssues: function(op){ // deleteIgnored, deleteNew, ignoreAllNew
835
var head = "Please confirm";
836
if(op == 'deleteIgnored'){
837
body = "You have chosen to remove all ignored issues. Once these issues are removed they will be re-scanned by Wordfence and if they have not been fixed, they will appear in the 'new issues' list. Are you sure you want to do this?";
838
} else if(op == 'deleteNew'){
@@ -1391,8 +1380,7 @@ window['wordfenceAdmin'] = {
1391
}
1392
}
1393
});
1394
- var codes = codesArr.join(',');
1395
- this.countryCodesToSave = codes;
1396
if(ownCountryBlocked){
1397
this.colorbox('400px', "Please confirm blocking yourself", "You are about to block your own country. This could lead to you being locked out. Please make sure that your user profile on this machine has a current and valid email address and make sure you know what it is. That way if you are locked out, you can send yourself an unlock email. If you're sure you want to block your own country, click 'Confirm' below, otherwise click 'Cancel'.<br />" +
1398
'<input type="button" name="but1" value="Confirm" onclick="jQuery.colorbox.close(); WFAD.confirmSaveCountryBlocking();" />&nbsp;<input type="button" name="but1" value="Cancel" onclick="jQuery.colorbox.close();" />');
@@ -1503,7 +1491,7 @@ window['wordfenceAdmin'] = {
1503
}
1504
schedule[day] = hours.join(',');
1505
}
1506
- scheduleTxt = schedule.join('|');
1507
var self = this;
1508
this.ajax('wordfence_saveScanSchedule', {
1509
schedMode: schedMode,
11
iconErrorMsgs: [],
12
scanIDLoaded: 0,
13
colorboxQueue: [],
14
mode: '',
15
visibleIssuesPanel: 'new',
16
preFirstScanMsgsLoaded: false,
34
countryCodesToSave: "",
35
performanceScale: 3,
36
performanceMinWidth: 20,
37
+ tourClosed: false,
38
+ welcomeClosed: false,
39
init: function(){
40
this.nonce = WordfenceAdminVars.firstNonce;
41
this.debugOn = WordfenceAdminVars.debugOn == '1' ? true : false;
42
this.tourClosed = WordfenceAdminVars.tourClosed == '1' ? true : false;
43
+ this.welcomeClosed = WordfenceAdminVars.welcomeClosed == '1' ? true : false;
44
var startTicker = false;
45
+ var self = this;
46
if(jQuery('#wordfenceMode_scan').length > 0){
47
this.mode = 'scan';
48
jQuery('#wfALogViewLink').prop('href', WordfenceAdminVars.siteBaseURL + '?_wfsf=viewActivityLog&nonce=' + this.nonce);
51
this.noScanHTML = jQuery('#wfNoScanYetTmpl').tmpl().html();
52
this.loadIssues();
53
this.startActivityLogUpdates();
54
+ if(this.needTour()){
55
this.scanTourStart();
56
}
57
} else if(jQuery('#wordfenceMode_activity').length > 0){
58
this.mode = 'activity';
59
+ this.setupSwitches('wfLiveTrafficOnOff', 'liveTrafficEnabled', function(){});
60
jQuery('#wfLiveTrafficOnOff').change(function(){
61
if(/^(?:falcon|php)#x2F;.test(WordfenceAdminVars.cacheType) ){
62
jQuery('#wfLiveTrafficOnOff').attr('checked', false);
73
this.switchTab(jQuery('#wfLoginLogoutTab'), 'wfTab1', 'wfDataPanel', 'wfActivity_loginLogout', function(){ WFAD.activityTabChanged(); });
74
}
75
startTicker = true;
76
+ if(this.needTour()){
77
this.tour('wfWelcomeContent3', 'wfHeading', 'top', 'left', "Learn about Site Performance", function(){ self.tourRedir('WordfenceSitePerf'); });
78
}
79
} else if(jQuery('#wordfenceMode_options').length > 0){
81
jQuery('.wfConfigElem').change(function(){ jQuery('#securityLevel').val('CUSTOM'); });
82
this.updateTicker(true);
83
startTicker = true;
84
+ if(this.needTour()){
85
+ this.tour('wfContentBasicOptions', 'wfMarkerBasicOptions', 'top', 'left', "Learn about Live Traffic Options", function(){
86
self.tour('wfContentLiveTrafficOptions', 'wfMarkerLiveTrafficOptions', 'bottom', 'left', "Learn about Scanning Options", function(){
87
self.tour('wfContentScansToInclude', 'wfMarkerScansToInclude', 'bottom', 'left', "Learn about Firewall Rules", function(){
88
self.tour('wfContentFirewallRules', 'wfMarkerFirewallRules', 'bottom', 'left', "Learn about Login Security", function(){
99
this.staticTabChanged();
100
this.updateTicker(true);
101
startTicker = true;
102
+ if(this.needTour()){
103
this.tour('wfWelcomeContent4', 'wfHeading', 'top', 'left', "Learn about Cellphone Sign-in", function(){ self.tourRedir('WordfenceTwoFactor'); });
104
}
105
} else if(jQuery('#wordfenceMode_twoFactor').length > 0){
106
this.mode = 'twoFactor';
107
startTicker = false;
108
+ if(this.needTour()){
109
this.tour('wfWelcomeTwoFactor', 'wfHeading', 'top', 'left', "Learn how to Block Countries", function(){ self.tourRedir('WordfenceCountryBlocking'); });
110
}
111
this.loadTwoFactor();
113
} else if(jQuery('#wordfenceMode_countryBlocking').length > 0){
114
this.mode = 'countryBlocking';
115
startTicker = false;
116
+ if(this.needTour()){
117
this.tour('wfWelcomeContentCntBlk', 'wfHeading', 'top', 'left', "Learn how to Schedule Scans", function(){ self.tourRedir('WordfenceScanSchedule'); });
118
}
119
} else if(jQuery('#wordfenceMode_rangeBlocking').length > 0){
120
this.mode = 'rangeBlocking';
121
startTicker = false;
122
+ if(this.needTour()){
123
this.tour('wfWelcomeContentRangeBlocking', 'wfHeading', 'top', 'left', "Learn how to Customize Wordfence", function(){ self.tourRedir('WordfenceSecOpt'); });
124
}
125
this.calcRangeTotal();
127
} else if(jQuery('#wordfenceMode_whois').length > 0){
128
this.mode = 'whois';
129
startTicker = false;
130
+ if(this.needTour()){
131
this.tour('wfWelcomeContentWhois', 'wfHeading', 'top', 'left', "Learn how to use Advanced Blocking", function(){ self.tourRedir('WordfenceRangeBlocking'); });
132
}
133
this.calcRangeTotal();
137
this.mode = 'scanScheduling';
138
startTicker = false;
139
this.sched_modeChange();
140
+ if(this.needTour()){
141
this.tour('wfWelcomeContentScanSched', 'wfHeading', 'top', 'left', "Learn about WHOIS", function(){ self.tourRedir('WordfenceWhois'); });
142
}
143
} else if(jQuery('#wordfenceMode_caching').length > 0){
144
this.mode = 'caching';
145
startTicker = false;
146
+ if(this.needTour()){
147
this.tour('wfWelcomeContentCaching', 'wfHeading', 'top', 'left', "Learn about IP Blocking", function(){ self.tourRedir('WordfenceBlockedIPs'); });
148
}
149
this.loadCacheExclusions();
150
} else {
151
this.mode = false;
152
}
153
if(this.mode){ //We are in a Wordfence page
154
if(startTicker){
155
this.updateTicker();
156
this.liveInt = setInterval(function(){ self.updateTicker(); }, WordfenceAdminVars.actUpdateInterval);
158
jQuery(document).bind('cbox_closed', function(){ self.colorboxIsOpen = false; self.colorboxServiceQueue(); });
159
}
160
},
161
+ needTour: function(){
162
+ if( (! this.tourClosed) && this.welcomeClosed) {
163
+ return true;
164
+ } else {
165
+ return false;
166
+ }
167
+ },
168
sendTestEmail: function(email){
169
var self = this;
170
this.ajax('wordfence_sendTestEmail', { email: email }, function(res){
263
}
264
},
265
startTourAgain: function(){
266
+ var self = this;
267
+ this.ajax('wordfence_startTourAgain', {}, function(res){
268
+ self.tourClosed = false;
269
+ self.scanTourStart();
270
+ });
271
},
272
showLoading: function(){
273
this.loadingCount++;
371
}
372
},
373
processSummaryLine: function(item){
374
+ var msg, summaryUpdated;
375
if(item.msg.indexOf('SUM_START:') != -1){
376
+ msg = item.msg.replace('SUM_START:', '');
377
jQuery('#consoleSummary').append('<div class="wfSummaryLine"><div class="wfSummaryDate">[' + item.date + ']</div><div class="wfSummaryMsg">' + msg + '</div><div class="wfSummaryResult"><div class="wfSummaryLoading"></div></div><div class="wfClear"></div>');
378
summaryUpdated = true;
379
} else if(item.msg.indexOf('SUM_ENDBAD') != -1){
380
+ msg = item.msg.replace('SUM_ENDBAD:', '');
381
jQuery('div.wfSummaryMsg:contains("' + msg + '")').next().addClass('wfSummaryBad').html('Problems found.');
382
summaryUpdated = true;
383
} else if(item.msg.indexOf('SUM_ENDFAILED') != -1){
384
+ msg = item.msg.replace('SUM_ENDFAILED:', '');
385
jQuery('div.wfSummaryMsg:contains("' + msg + '")').next().addClass('wfSummaryBad').html('Failed.');
386
summaryUpdated = true;
387
} else if(item.msg.indexOf('SUM_ENDOK') != -1){
388
+ msg = item.msg.replace('SUM_ENDOK:', '');
389
jQuery('div.wfSummaryMsg:contains("' + msg + '")').next().addClass('wfSummaryOK').html('Secure.');
390
summaryUpdated = true;
391
} else if(item.msg.indexOf('SUM_ENDSUCCESS') != -1){
392
+ msg = item.msg.replace('SUM_ENDSUCCESS:', '');
393
jQuery('div.wfSummaryMsg:contains("' + msg + '")').next().addClass('wfSummaryOK').html('Success.');
394
summaryUpdated = true;
395
} else if(item.msg.indexOf('SUM_ENDERR') != -1){
396
+ msg = item.msg.replace('SUM_ENDERR:', '');
397
jQuery('div.wfSummaryMsg:contains("' + msg + '")').next().addClass('wfSummaryErr').html('An error occurred.');
398
summaryUpdated = true;
399
} else if(item.msg.indexOf('SUM_DISABLED:') != -1){
400
+ msg = item.msg.replace('SUM_DISABLED:', '');
401
jQuery('#consoleSummary').append('<div class="wfSummaryLine"><div class="wfSummaryDate">[' + item.date + ']</div><div class="wfSummaryMsg">' + msg + '</div><div class="wfSummaryResult">Disabled [<a href="admin.php?page=WordfenceSecOpt">Visit Options to Enable</a>]</div><div class="wfClear"></div>');
402
summaryUpdated = true;
403
} else if(item.msg.indexOf('SUM_PAIDONLY:') != -1){
404
+ msg = item.msg.replace('SUM_PAIDONLY:', '');
405
jQuery('#consoleSummary').append('<div class="wfSummaryLine"><div class="wfSummaryDate">[' + item.date + ']</div><div class="wfSummaryMsg">' + msg + '</div><div class="wfSummaryResult"><a href="https://www.wordfence.com/wordfence-signup/" target="_blank">Paid Members Only</a></div><div class="wfClear"></div>');
406
summaryUpdated = true;
407
} else if(item.msg.indexOf('SUM_FINAL:') != -1){
408
+ msg = item.msg.replace('SUM_FINAL:', '');
409
jQuery('#consoleSummary').append('<div class="wfSummaryLine"><div class="wfSummaryDate">[' + item.date + ']</div><div class="wfSummaryMsg wfSummaryFinal">' + msg + '</div><div class="wfSummaryResult wfSummaryOK">Scan Complete.</div><div class="wfClear"></div>');
410
} else if(item.msg.indexOf('SUM_PREP:') != -1){
411
+ msg = item.msg.replace('SUM_PREP:', '');
412
jQuery('#consoleSummary').empty().html('<div class="wfSummaryLine"><div class="wfSummaryDate">[' + item.date + ']</div><div class="wfSummaryMsg">' + msg + '</div><div class="wfSummaryResult" id="wfStartingScan"><div class="wfSummaryLoading"></div></div><div class="wfClear"></div>');
413
} else if(item.msg.indexOf('SUM_KILLED:') != -1){
414
+ msg = item.msg.replace('SUM_KILLED:', '');
415
jQuery('#consoleSummary').empty().html('<div class="wfSummaryLine"><div class="wfSummaryDate">[' + item.date + ']</div><div class="wfSummaryMsg">' + msg + '</div><div class="wfSummaryResult wfSummaryOK">Scan Complete.</div><div class="wfClear"></div>');
416
}
417
},
461
if(newMsg && newMsg != oldMsg){
462
jQuery('#wfLiveStatus').hide().html(newMsg).fadeIn(200);
463
}
464
+ var haveEvents, newElem;
465
if(this.mode == 'activity'){
466
if(res.alsoGet != 'logList_' + this.activityMode){ return; } //user switched panels since ajax request started
467
if(res.events.length > 0){
468
this.newestActivityTime = res.events[0]['ctime'];
469
}
470
+ haveEvents = false;
471
if(jQuery('#wfActivity_' + this.activityMode + ' .wfActEvent').length > 0){
472
haveEvents = true;
473
}
479
var elemID = '#wfActEvent_' + res.events[i].id;
480
if(jQuery(elemID).length < 1){
481
res.events[i]['activityMode'] = this.activityMode;
482
if(this.activityMode == 'loginLogout'){
483
newElem = jQuery('#wfLoginLogoutEventTmpl').tmpl(res.events[i]);
484
} else {
499
jQuery(elem).html(self.makeTimeAgo(res.serverTime - jQuery(elem).data('wfctime')) + ' ago');
500
});
501
} else if(this.mode == 'perfStats'){
502
+ haveEvents = false;
503
if(jQuery('#wfPerfStats .wfPerfEvent').length > 0){
504
haveEvents = true;
505
}
515
for(var i = res.events.length - 1; i >= 0; i--){
516
res.events[i]['scale'] = this.performanceScale;
517
res.events[i]['min'] = this.performanceMinWidth;
518
+ newElem = jQuery('#wfPerfStatTmpl').tmpl(res.events[i]);
519
jQuery(newElem).find('.wfTimeAgo').data('wfctime', res.events[i].ctime);
520
newElem.prependTo('#wfPerfStats').fadeIn();
521
}
524
jQuery('#wfPerfStats').html('<p>No events to report yet.</p>');
525
}
526
}
527
jQuery('.wfTimeAgo').each(function(idx, elem){
528
jQuery(elem).html(self.makeTimeAgo(res.serverTime - jQuery(elem).data('wfctime')) + ' ago');
529
});
554
if(res.ok){
555
jQuery('.wfReverseLookup').each(function(idx, elem){
556
var txt = jQuery(elem).text();
557
+ for(var ip in res.ips){
558
if(txt == ip){
559
if(res.ips[ip]){
560
jQuery(elem).html('<strong>Hostname:</strong>&nbsp;' + res.ips[ip]);
580
startScan: function(){
581
var scanReqAnimation = setInterval(function(){
582
var str = jQuery('#wfStartScanButton1').prop('value');
583
+ var ch = str.charAt(str.length - 1);
584
if(ch == '/'){ ch = '-'; }
585
else if(ch == '-'){ ch = '\\'; }
586
else if(ch == '\\'){ ch = '|'; }
620
res.summary['lastScanCompleted'] = 'Never';
621
}
622
jQuery('.wfIssuesContainer').hide();
623
+ for(var issueStatus in res.issuesLists){
624
var containerID = 'wfIssues_dataTable_' + issueStatus;
625
var tableID = 'wfIssuesTable_' + issueStatus;
626
if(jQuery('#' + containerID).length < 1){
661
"sClass": "center",
662
"sType": 'severity',
663
"fnRender": function(obj) {
664
+ var cls = 'wfProbSev' + obj.aData.severity;
665
return '<span class="' + cls + '"></span>';
666
}
667
},
821
},
822
updateAllIssues: function(op){ // deleteIgnored, deleteNew, ignoreAllNew
823
var head = "Please confirm";
824
+ var body;
825
if(op == 'deleteIgnored'){
826
body = "You have chosen to remove all ignored issues. Once these issues are removed they will be re-scanned by Wordfence and if they have not been fixed, they will appear in the 'new issues' list. Are you sure you want to do this?";
827
} else if(op == 'deleteNew'){
1380
}
1381
}
1382
});
1383
+ this.countryCodesToSave = codesArr.join(',');
1384
if(ownCountryBlocked){
1385
this.colorbox('400px', "Please confirm blocking yourself", "You are about to block your own country. This could lead to you being locked out. Please make sure that your user profile on this machine has a current and valid email address and make sure you know what it is. That way if you are locked out, you can send yourself an unlock email. If you're sure you want to block your own country, click 'Confirm' below, otherwise click 'Cancel'.<br />" +
1386
'<input type="button" name="but1" value="Confirm" onclick="jQuery.colorbox.close(); WFAD.confirmSaveCountryBlocking();" />&nbsp;<input type="button" name="but1" value="Cancel" onclick="jQuery.colorbox.close();" />');
1491
}
1492
schedule[day] = hours.join(',');
1493
}
1494
+ var scheduleTxt = schedule.join('|');
1495
var self = this;
1496
this.ajax('wordfence_saveScanSchedule', {
1497
schedMode: schedMode,
js/tourTip.js CHANGED
@@ -126,7 +126,7 @@ window['wordfenceTour'] = {
126
}
127
128
jQuery(function(){
129
- if(WordfenceAdminVars.tourClosed != '1'){
130
var formHTML = '<div style="padding: 0 5px 0 15px;" id="wordfenceEmailDiv"><form target="_new" style="display: inline;" method="post" class="af-form-wrapper" action="http://www.aweber.com/scripts/addlead.pl" ><div style="display: none;"><input type="hidden" name="meta_web_form_id" value="1428034071" /><input type="hidden" name="meta_split_id" value="" /><input type="hidden" name="listname" value="wordfence" /><input type="hidden" name="redirect" value="http://www.aweber.com/thankyou-coi.htm?m=text" id="redirect_ae9f0882518768f447c80ea8f3b7afde" /><input type="hidden" name="meta_adtracking" value="widgetForm" /><input type="hidden" name="meta_message" value="1" /><input type="hidden" name="meta_required" value="email" /><input type="hidden" name="meta_tooltip" value="" /></div><input class="text" id="wfListEmail" type="text" name="email" value="Enter your email" tabindex="500" onclick="wordfenceTour.wfClearEmailField(); return false;" /><input name="submit" type="submit" value="Get Alerted" tabindex="501" onclick="var evt = event || window.event; try { return wordfenceTour.processEmailClick(evt); } catch(err){ evt.returnValue = false; evt.preventDefault(); }" /><div style="display: none;"><img src="http://forms.aweber.com/form/displays.htm?id=jCxMHAzMLAzsjA==" alt="" /></div><div style="padding: 5px; font-size: 10px;"><input type="checkbox" id="wfJoinListCheck" value="1" checked /><span style="font-size: 10px;">Also join our WordPress Security email list to receive WordPress Security Alerts and Wordfence news.</span></div></form></div>';
131
var elem = '#toplevel_page_Wordfence';
132
jQuery(elem).pointer({
@@ -137,10 +137,10 @@ if(WordfenceAdminVars.tourClosed != '1'){
137
pointerWidth: 300,
138
position: { edge: 'bottom', align: 'left' },
139
buttons: function(event, t){
140
- buttonElem = jQuery('<a id="pointer-close" style="margin-left:5px" class="button-secondary">Close</a>');
141
buttonElem.bind('click.pointer', function(){ t.element.pointer('close');
142
var ajaxData = {
143
- action: 'wordfence_tourClosed',
144
nonce: WordfenceAdminVars.firstNonce
145
};
146
jQuery.ajax({
@@ -156,7 +156,21 @@ if(WordfenceAdminVars.tourClosed != '1'){
156
}
157
}).pointer('open');
158
jQuery('#pointer-close').after('<a id="pointer-primary" class="button-primary">Start Tour</a>');
159
- jQuery('#pointer-primary').click(function(){ window.location.href = 'admin.php?page=Wordfence'; });
160
}
161
});
162
126
}
127
128
jQuery(function(){
129
+ if(WordfenceAdminVars.tourClosed != '1' && WordfenceAdminVars.welcomeClosed != '1'){
130
var formHTML = '<div style="padding: 0 5px 0 15px;" id="wordfenceEmailDiv"><form target="_new" style="display: inline;" method="post" class="af-form-wrapper" action="http://www.aweber.com/scripts/addlead.pl" ><div style="display: none;"><input type="hidden" name="meta_web_form_id" value="1428034071" /><input type="hidden" name="meta_split_id" value="" /><input type="hidden" name="listname" value="wordfence" /><input type="hidden" name="redirect" value="http://www.aweber.com/thankyou-coi.htm?m=text" id="redirect_ae9f0882518768f447c80ea8f3b7afde" /><input type="hidden" name="meta_adtracking" value="widgetForm" /><input type="hidden" name="meta_message" value="1" /><input type="hidden" name="meta_required" value="email" /><input type="hidden" name="meta_tooltip" value="" /></div><input class="text" id="wfListEmail" type="text" name="email" value="Enter your email" tabindex="500" onclick="wordfenceTour.wfClearEmailField(); return false;" /><input name="submit" type="submit" value="Get Alerted" tabindex="501" onclick="var evt = event || window.event; try { return wordfenceTour.processEmailClick(evt); } catch(err){ evt.returnValue = false; evt.preventDefault(); }" /><div style="display: none;"><img src="http://forms.aweber.com/form/displays.htm?id=jCxMHAzMLAzsjA==" alt="" /></div><div style="padding: 5px; font-size: 10px;"><input type="checkbox" id="wfJoinListCheck" value="1" checked /><span style="font-size: 10px;">Also join our WordPress Security email list to receive WordPress Security Alerts and Wordfence news.</span></div></form></div>';
131
var elem = '#toplevel_page_Wordfence';
132
jQuery(elem).pointer({
137
pointerWidth: 300,
138
position: { edge: 'bottom', align: 'left' },
139
buttons: function(event, t){
140
+ var buttonElem = jQuery('<a id="pointer-close" style="margin-left:5px" class="button-secondary">Close</a>');
141
buttonElem.bind('click.pointer', function(){ t.element.pointer('close');
142
var ajaxData = {
143
+ action: 'wordfence_welcomeClosed',
144
nonce: WordfenceAdminVars.firstNonce
145
};
146
jQuery.ajax({
156
}
157
}).pointer('open');
158
jQuery('#pointer-close').after('<a id="pointer-primary" class="button-primary">Start Tour</a>');
159
+ jQuery('#pointer-primary').click(function(){
160
+ var ajaxData = {
161
+ action: 'wordfence_welcomeClosed',
162
+ nonce: WordfenceAdminVars.firstNonce
163
+ };
164
+ jQuery.ajax({
165
+ type: 'POST',
166
+ url: WordfenceAdminVars.ajaxURL,
167
+ dataType: "json",
168
+ data: ajaxData,
169
+ success: function(json){ window.location.href = 'admin.php?page=Wordfence'; },
170
+ error: function(){ window.location.href = 'admin.php?page=Wordfence'; }
171
+ });
172
+
173
+ });
174
}
175
});
176
lib/Diff/SequenceMatcher.php CHANGED
@@ -621,56 +621,6 @@ class Diff_SequenceMatcher
621
return $sum + ($triple[count($triple) - 1]);
622
}
623
624
- /**
625
- * Quickly return an upper bound ratio for the similarity of the strings.
626
- * This is quicker to compute than Ratio().
627
- *
628
- * @return float The calculated ratio.
629
- */
630
- private function quickRatio()
631
- {
632
- if($this->fullBCount === null) {
633
- $this->fullBCount = array();
634
- $bLength = count ($b);
635
- for($i = 0; $i < $bLength; ++$i) {
636
- $char = $this->b[$i];
637
- $this->fullBCount[$char] = $this->arrayGetDefault($this->fullBCount, $char, 0) + 1;
638
- }
639
- }
640
-
641
- $avail = array();
642
- $matches = 0;
643
- $aLength = count ($this->a);
644
- for($i = 0; $i < $aLength; ++$i) {
645
- $char = $this->a[$i];
646
- if(isset($avail[$char])) {
647
- $numb = $avail[$char];
648
- }
649
- else {
650
- $numb = $this->arrayGetDefault($this->fullBCount, $char, 0);
651
- }
652
- $avail[$char] = $numb - 1;
653
- if($numb > 0) {
654
- ++$matches;
655
- }
656
- }
657
-
658
- $this->calculateRatio($matches, count ($this->a) + count ($this->b));
659
- }
660
-
661
- /**
662
- * Return an upper bound ratio really quickly for the similarity of the strings.
663
- * This is quicker to compute than Ratio() and quickRatio().
664
- *
665
- * @return float The calculated ratio.
666
- */
667
- private function realquickRatio()
668
- {
669
- $aLength = count ($this->a);
670
- $bLength = count ($this->b);
671
-
672
- return $this->calculateRatio(min($aLength, $bLength), $aLength + $bLength);
673
- }
674
675
/**
676
* Helper function for calculating the ratio to measure similarity for the strings.
621
return $sum + ($triple[count($triple) - 1]);
622
}
623
624
625
/**
626
* Helper function for calculating the ratio to measure similarity for the strings.
lib/IPTraf.php CHANGED
@@ -31,6 +31,6 @@
31
32
</table>
33
34
- <div class="footer">&copy;&nbsp;2011 to 2015 Wordfence &mdash; Visit <a href="http://wordfence.com/">Wordfence.com</a> for help, security updates and more.</a>
35
</body>
36
</html>
31
32
</table>
33
34
+ <div class="footer">&copy;&nbsp;2011 to 2015 Wordfence &mdash; Visit <a href="http://wordfence.com/">Wordfence.com</a> for help, security updates and more.</div>
35
</body>
36
</html>
lib/conntest.php CHANGED
@@ -63,7 +63,7 @@ function doCurlTest($protocol){
63
curl_setopt ($curl, CURLOPT_SSL_VERIFYPEER, false);
64
curl_setopt ($curl, CURLOPT_SSL_VERIFYHOST, false);
65
curl_setopt ($curl, CURLOPT_WRITEFUNCTION, 'curlWrite');
66
- $curlResult = curl_exec($curl);
67
$httpStatus = curl_getinfo($curl, CURLINFO_HTTP_CODE);
68
if(strpos($curlContent, 'Your site did not send an API key') !== false){
69
echo "Curl connectivity test passed.<br /><br />\n";
63
curl_setopt ($curl, CURLOPT_SSL_VERIFYPEER, false);
64
curl_setopt ($curl, CURLOPT_SSL_VERIFYHOST, false);
65
curl_setopt ($curl, CURLOPT_WRITEFUNCTION, 'curlWrite');
66
+ curl_exec($curl);
67
$httpStatus = curl_getinfo($curl, CURLINFO_HTTP_CODE);
68
if(strpos($curlContent, 'Your site did not send an API key') !== false){
69
echo "Curl connectivity test passed.<br /><br />\n";
lib/cronview.php ADDED
@@ -0,0 +1,30 @@
1
+ <?php if ( ! wfUtils::isAdmin() ) {
2
+ exit();
3
+ } ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
4
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
5
+ <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
6
+ <head>
7
+ <title>Wordfence Cron Viewer</title>
8
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
9
+ <link rel='stylesheet' id='wordfence-main-style-css'
10
+ href='<?php echo wfUtils::getBaseURL(); ?>/css/phpinfo.css?ver=<?php echo WORDFENCE_VERSION; ?>'
11
+ type='text/css' media='all'/>
12
+ <body>
13
+ <h1>Wordfence Cron Viewer</h1>
14
+ <p style="width: 400px;">This page is used for debugging and shows a list of scheduled jobs on your system. Our staff may ask you to send them the
15
+ data on this page as part of a troubleshooting process.</p>
16
+ <?php
17
+ $cron = _get_cron_array();
18
+
19
+ foreach ( $cron as $timestamp => $values ) {
20
+ if ( is_array( $values ) ) {
21
+ foreach ( $values as $cron_job => $v ) {
22
+ echo date( 'r', $timestamp ) . " : " . $cron_job . "<br />";
23
+ }
24
+ }
25
+ }
26
+ ?>
27
+
28
+ <div class="diffFooter">&copy;&nbsp;2011 to 2015 Wordfence &mdash; Visit <a href="http://wordfence.com/">Wordfence.com</a> for help, security updates and more.</div>
29
+ </body>
30
+ </html>
lib/dbview.php ADDED
@@ -0,0 +1,31 @@
1
+ <?php if ( ! wfUtils::isAdmin() ) {
2
+ exit();
3
+ } ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
4
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
5
+ <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
6
+ <head>
7
+ <title>Wordfence DB Table Viewer</title>
8
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
9
+ <link rel='stylesheet' id='wordfence-main-style-css'
10
+ href='<?php echo wfUtils::getBaseURL(); ?>/css/phpinfo.css?ver=<?php echo WORDFENCE_VERSION; ?>'
11
+ type='text/css' media='all'/>
12
+ <body>
13
+ <h1>Wordfence Database Table Viewer</h1>
14
+ <p style="width: 400px;">This page is used for debugging and shows a list of database tables and their status on your system. Our staff may ask you to send them the
15
+ data on this page as part of a troubleshooting process.</p>
16
+ <?php
17
+ $wfdb = new wfDB();
18
+ $q = $wfdb->querySelect("show table status");
19
+ foreach($q as $val){
20
+ foreach($val as $tkey => $tval){
21
+ echo '<span style="color: #999; font-style: italic;">' . $tkey . ':</span> ' . $tval . ' ';
22
+ }
23
+ echo '<br />-----------------------------------------------------------------------------------------<br />';
24
+ }
25
+
26
+ ?>
27
+
28
+ <div class="diffFooter">&copy;&nbsp;2011 to 2015 Wordfence &mdash; Visit <a
29
+ href="http://wordfence.com/">Wordfence.com</a> for help, security updates and more.</div>
30
+ </body>
31
+ </html>
lib/diffResult.php CHANGED
@@ -40,6 +40,6 @@
40
?>
41
42
43
- <div class="diffFooter">&copy;&nbsp;2011 Wordfence &mdash; Visit <a href="http://wordfence.com/">Wordfence.com</a> for help, security updates and more.</a>
44
</body>
45
</html>
40
?>
41
42
43
+ <div class="diffFooter">&copy;&nbsp;2011 Wordfence &mdash; Visit <a href="http://wordfence.com/">Wordfence.com</a> for help, security updates and more.</div>
44
</body>
45
</html>
lib/email_genericAlert.php CHANGED
@@ -1,31 +1,31 @@
1
- <p>This email was sent from your website "<?php echo $blogName; ?>" by the Wordfence plugin at <?php echo $date; ?></p>
2
3
- <p>The Wordfence administrative URL for this site is: <?php echo $adminURL; ?>admin.php?page=Wordfence</p>
4
5
- <p><?php echo $alertMsg; ?></p>
6
- <?php if($IPMsg){ echo "\n<p>$IPMsg</p>\n"; } ?>
7
8
<?php if(! $isPaid){ ?>
9
- <p>NOTE: You are using the free version of Wordfence. Upgrading to the paid version of Wordfence gives you
10
two factor authentication (sign-in via cellphone) and country blocking which are both effective methods to block attacks.
11
A Premium Wordfence license also includes remote scanning with each scan of your site which can detect
12
several additional website infections. Premium members can also schedule when website scans occur and
13
- can scan more than once per day.</p>
14
15
- <p>As a Premium member you also get access to our priority support system located at http://support.wordfence.com/ and can file
16
- priority support tickets using our ticketing system. </p>
17
18
- <p>Click here to sign-up for the Premium version of Wordfence now.<br>
19
- <a href="https://www.wordfence.com/wordfence-signup/">https://www.wordfence.com/wordfence-signup/<a></p>
20
21
<?php } ?>
22
23
--
24
- <p>To change your alert options for Wordfence, visit:<br>
25
- <?php echo $myOptionsURL; ?></p>
26
27
- <p>To see current Wordfence alerts, visit:<br>
28
- <?php echo $myHomeURL; ?></p>
29
30
31
1
+ This email was sent from your website "<?php echo $blogName; ?>" by the Wordfence plugin at <?php echo $date; ?>
2
3
+ The Wordfence administrative URL for this site is: <?php echo $adminURL; ?>admin.php?page=Wordfence
4
5
+ <?php echo $alertMsg; ?>
6
+ <?php if($IPMsg){ echo "\n$IPMsg\n"; } ?>
7
8
<?php if(! $isPaid){ ?>
9
+ NOTE: You are using the free version of Wordfence. Upgrading to the paid version of Wordfence gives you
10
two factor authentication (sign-in via cellphone) and country blocking which are both effective methods to block attacks.
11
A Premium Wordfence license also includes remote scanning with each scan of your site which can detect
12
several additional website infections. Premium members can also schedule when website scans occur and
13
+ can scan more than once per day.
14
15
+ As a Premium member you also get access to our priority support system located at http://support.wordfence.com/ and can file
16
+ priority support tickets using our ticketing system.
17
18
+ Click here to sign-up for the Premium version of Wordfence now.
19
+ https://www.wordfence.com/wordfence-signup/
20
21
<?php } ?>
22
23
--
24
+ To change your alert options for Wordfence, visit:
25
+ <?php echo $myOptionsURL; ?>
26
27
+ To see current Wordfence alerts, visit:
28
+ <?php echo $myHomeURL; ?>
29
30
31
lib/menu_options.php CHANGED
@@ -1,402 +1,1141 @@
1
- <?php
2
- $w = new wfConfig();
3
?>
4
<script type="text/javascript">
5
- var WFSLevels = <?php echo json_encode(wfConfig::$securityLevels); ?>;
6
</script>
7
<div class="wordfenceModeElem" id="wordfenceMode_options"></div>
8
<div class="wrap">
9
- <?php require('menuHeader.php'); ?>
10
- <?php $helpLink="http://docs.wordfence.com/en/Wordfence_options"; $helpLabel="Learn more about Wordfence Options"; $pageTitle = "Wordfence Options"; include('pageTitle.php'); ?>
11
<div class="wordfenceLive">
12
<table border="0" cellpadding="0" cellspacing="0">
13
- <tr><td><h2>Wordfence Live Activity:</h2></td><td id="wfLiveStatus"></td></tr>
14
</table>
15
</div>
16
17
<form id="wfConfigForm">
18
- <table class="wfConfigForm">
19
- <tr><td colspan="2"><h2>License</h2></td></tr>
20
-
21
- <tr><th>Your Wordfence API Key:<a href="http://docs.wordfence.com/en/Wordfence_options#Wordfence_API_Key" target="_blank" class="wfhelp"></a></th><td><input type="text" id="apiKey" name="apiKey" value="<?php $w->f('apiKey'); ?>" size="80" /></td></tr>
22
- <tr><th>Key type currently active:</th><td>
23
- <?php if(wfConfig::get('isPaid')){ ?>
24
- The currently active API Key is a Premium Key. <span style="font-weight: bold; color: #0A0;">Premium scanning enabled!</span>
25
- <?php } else {?>
26
- The currently active API Key is a <span style="color: #F00; font-weight: bold;">Free Key</a>. <a href="https://www.wordfence.com/wordfence-signup/" target="_blank">Click Here to Upgrade to Wordfence Premium now.</a>
27
- <?php } ?>
28
- </td></tr>
29
- <tr><td colspan="2">
30
- <?php if(wfConfig::get('isPaid')){ ?>
31
- <table border="0"><tr><td><a href="https://www.wordfence.com/manage-wordfence-api-keys/" target="_blank"><input type="button" value="Renew your premium license" /></a></td><td>&nbsp;</td><td><input type="button" value="Downgrade to a free license" onclick="WFAD.downgradeLicense();" /></td></tr></table>
32
- <?php } ?>
33
-
34
-
35
- <tr><td colspan="2"><h2>Basic Options<a href="http://docs.wordfence.com/en/Wordfence_options#Basic_Options" target="_blank" class="wfhelp"></a></h2></td></tr>
36
- <tr><th class="wfConfigEnable">Enable firewall<a href="http://docs.wordfence.com/en/Wordfence_options#Enable_Firewall" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="firewallEnabled" class="wfConfigElem" name="firewallEnabled" value="1" <?php $w->cb('firewallEnabled'); ?> />&nbsp;<span style="color: #F00;">NOTE:</span> This checkbox enables ALL firewall functions including IP, country and advanced blocking and the "Firewall Rules" below.</td></tr>
37
- <tr><td colspan="2">&nbsp;</td></tr>
38
- <tr><th class="wfConfigEnable">Enable login security<a href="http://docs.wordfence.com/en/Wordfence_options#Enable_login_security" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="loginSecurityEnabled" class="wfConfigElem" name="loginSecurityEnabled" value="1" <?php $w->cb('loginSecurityEnabled'); ?> />&nbsp;This option enables all "Login Security" options. You can modify individual options further down this page.</td></tr>
39
- <tr><td colspan="2">&nbsp;</td></tr>
40
- <tr><th class="wfConfigEnable">Enable Live Traffic View<a href="http://docs.wordfence.com/en/Wordfence_options#Enable_Live_Traffic_View" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="liveTrafficEnabled" class="wfConfigElem" name="liveTrafficEnabled" value="1" <?php $w->cb('liveTrafficEnabled'); ?> onclick="WFAD.reloadConfigPage = true; return true;" />&nbsp;This option enables live traffic logging.</td></tr>
41
- <tr><td colspan="2">&nbsp;</td></tr>
42
- <tr><th class="wfConfigEnable">Advanced Comment Spam Filter<a href="http://docs.wordfence.com/en/Wordfence_options#Advanced_Comment_Spam_Filter" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="advancedCommentScanning" class="wfConfigElem" name="advancedCommentScanning" value="1" <?php $w->cbp('advancedCommentScanning'); if(! wfConfig::get('isPaid')){ ?>onclick="alert('This is a paid feature because it places significant additional load on our servers.'); jQuery('#advancedCommentScanning').attr('checked', false); return false;" <?php } ?> />&nbsp;<span style="color: #F00;">Premium Feature</span> In addition to free comment filtering (see below) this option filters comments against several additional real-time lists of known spammers and infected hosts.</td></tr>
43
- <tr><th class="wfConfigEnable">Check if this website is being "Spamvertised"<a href="http://docs.wordfence.com/en/Wordfence_options#Check_if_this_website_is_being_.22Spamvertized.22" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="spamvertizeCheck" class="wfConfigElem" name="spamvertizeCheck" value="1" <?php $w->cbp('spamvertizeCheck'); if(! wfConfig::get('isPaid')){ ?>onclick="alert('This is a paid feature because it places significant additional load on our servers.'); jQuery('#spamvertizeCheck').attr('checked', false); return false;" <?php } ?> />&nbsp;<span style="color: #F00;">Premium Feature</span> When doing a scan, Wordfence will check with spam services if your site domain name is appearing as a link in spam emails.</td></tr>
44
- <tr><th class="wfConfigEnable">Check if this website IP is generating spam<a href="http://docs.wordfence.com/en/Wordfence_options#Check_if_this_website_IP_is_generating_spam" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="checkSpamIP" class="wfConfigElem" name="checkSpamIP" value="1" <?php $w->cbp('checkSpamIP'); if(! wfConfig::get('isPaid')){ ?>onclick="alert('This is a paid feature because it places significant additional load on our servers.'); jQuery('#checkSpamIP').attr('checked', false); return false;" <?php } ?> />&nbsp;<span style="color: #F00;">Premium Feature</span> When doing a scan, Wordfence will check with spam services if your website IP address is listed as a known source of spam email.</td></tr>
45
- <tr><td colspan="2">&nbsp;</td></tr>
46
- <?php /* <tr><th class="wfConfigEnable">Enable Performance Monitoring</th><td><input type="checkbox" id="perfLoggingEnabled" class="wfConfigElem" name="perfLoggingEnabled" value="1" <?php $w->cb('perfLoggingEnabled'); ?> onclick="WFAD.reloadConfigPage = true; return true;" />&nbsp;This option enables performance monitoring.</td></tr> */ ?>
47
- <tr><td colspan="2">&nbsp;</td></tr>
48
- <tr><th class="wfConfigEnable">Enable automatic scheduled scans<a href="http://docs.wordfence.com/en/Wordfence_options#Enable_automatic_scheduled_scans" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="scheduledScansEnabled" class="wfConfigElem" name="scheduledScansEnabled" value="1" <?php $w->cb('scheduledScansEnabled'); ?> />&nbsp;Regular scans ensure your site stays secure.</td></tr>
49
- <tr><td colspan="2">&nbsp;</td></tr>
50
- <tr><th class="wfConfigEnable">Update Wordfence automatically when a new version is released?<a href="http://docs.wordfence.com/en/Wordfence_options#Update_Wordfence_Automatically_when_a_new_version_is_released" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="autoUpdate" class="wfConfigElem" name="autoUpdate" value="1" <?php $w->cb('autoUpdate'); ?> />&nbsp;Automatically updates Wordfence to the newest version within 24 hours of a new release.<br />
51
- <?php if(getenv('noabort') != '1' && stristr($_SERVER['SERVER_SOFTWARE'], 'litespeed') !== false){ ?>
52
- <span style="color: #F00;">Warning: </span>You are running LiteSpeed web server and you don't have the "noabort" variable set in your .htaccess.<br />
53
- <a href="https://support.wordfence.com/solution/articles/1000129050-running-wordfence-under-litespeed-web-server-and-preventing-process-killing-or" target="_blank">Please read this article in our FAQ to make an important change that will ensure your site stability during an update.<br />
54
- <?php } ?>
55
- </td></tr>
56
- <tr><td colspan="2">&nbsp;</td></tr>
57
-
58
- <tr><th>Where to email alerts:<a href="http://docs.wordfence.com/en/Wordfence_options#Where_to_email_alerts" target="_blank" class="wfhelp"></a></th><td><input type="text" id="alertEmails" name="alertEmails" value="<?php $w->f('alertEmails'); ?>" size="50" />&nbsp;<span class="wfTipText">Separate multiple emails with commas</span></td></tr>
59
- <tr><th colspan="2">&nbsp;</th></tr>
60
- <tr><th>Security Level:<a href="http://docs.wordfence.com/en/Wordfence_options#Security_Level" target="_blank" class="wfhelp"></a></th><td>
61
- <select id="securityLevel" name="securityLevel" onchange="WFAD.changeSecurityLevel(); return true;">
62
- <option value="0"<?php $w->sel('securityLevel', '0'); ?>>Level 0: Disable all Wordfence security measures</option>
63
- <option value="1"<?php $w->sel('securityLevel', '1'); ?>>Level 1: Light protection. Just the basics</option>
64
- <option value="2"<?php $w->sel('securityLevel', '2'); ?>>Level 2: Medium protection. Suitable for most sites</option>
65
- <option value="3"<?php $w->sel('securityLevel', '3'); ?>>Level 3: High security. Use this when an attack is imminent</option>
66
- <option value="4"<?php $w->sel('securityLevel', '4'); ?>>Level 4: Lockdown. Protect the site against an attack in progress at the cost of inconveniencing some users</option>
67
- <option value="CUSTOM"<?php $w->sel('securityLevel', 'CUSTOM'); ?>>Custom settings</option>
68
- </select>
69
- </td></tr>
70
- <tr><th>How does Wordfence get IPs:<a href="http://docs.wordfence.com/en/Wordfence_options#How_does_Wordfence_get_IPs" target="_blank" class="wfhelp"></a></th><td>
71
- <select id="howGetIPs" name="howGetIPs">
72
- <option value="">Let Wordfence use the most secure method to get visitor IP addresses. Prevents spoofing and works with most sites.</option>
73
- <option value="REMOTE_ADDR"<?php $w->sel('howGetIPs', 'REMOTE_ADDR'); ?>>Use PHP's built in REMOTE_ADDR and don't use anything else. Very secure if this is compatible with your site.</option>
74
- <option value="HTTP_X_FORWARDED_FOR"<?php $w->sel('howGetIPs', 'HTTP_X_FORWARDED_FOR'); ?>>Use the X-Forwarded-For HTTP header. Only use if you have a front-end proxy or spoofing may result.</option>
75
- <option value="HTTP_X_REAL_IP"<?php $w->sel('howGetIPs', 'HTTP_X_REAL_IP'); ?>>Use the X-Real-IP HTTP header. Only use if you have a front-end proxy or spoofing may result.</option>
76
- <option value="HTTP_CF_CONNECTING_IP"<?php $w->sel('howGetIPs', 'HTTP_CF_CONNECTING_IP'); ?>>Use the Cloudflare "CF-Connecting-IP" HTTP header to get a visitor IP. Only use if you're using Cloudflare.</option>
77
- </select>
78
- </td></tr>
79
- </table>
80
- <p><table border="0" cellpadding="0" cellspacing="0"><tr><td><input type="button" id="button1" name="button1" class="button-primary" value="Save Changes" onclick="WFAD.saveConfig();" /></td><td style="height: 24px;"><div class="wfAjax24"></div><span class="wfSavedMsg">&nbsp;Your changes have been saved!</span></td></tr></table></p>
81
- <div class="wfMarker" id="wfMarkerBasicOptions"></div>
82
- <div style="margin-top: 25px;">
83
- <h2>Advanced Options:<a href="http://docs.wordfence.com/en/Wordfence_options#Advanced_Options" target="_blank" class="wfhelp"></a></h2>
84
- <p style="width: 600px;">
85
- Wordfence works great out of the box for most websites. Simply install Wordfence and your site and content is protected. For finer granularity of control, we have provided advanced options.
86
</p>
87
- </div>
88
- <div id="wfConfigAdvanced">
89
- <table class="wfConfigForm">
90
- <tr><td colspan="2"><h3 class="wfConfigHeading">Alerts<a href="http://docs.wordfence.com/en/Wordfence_options#Alerts" target="_blank" class="wfhelp"></a></h3></td></tr>
91
- <?php
92
- $emails = wfConfig::getAlertEmails();
93
- if(sizeof($emails) < 1){
94
- echo "<tr><th colspan=\"2\" style=\"color: #F00;\">You have not configured an email to receive alerts yet. Set this up under \"Basic Options\" above.</th></tr>\n";
95
- }
96
- ?>
97
- <tr><th>Email me when Wordfence is automatically updated</th><td><input type="checkbox" id="alertOn_update" class="wfConfigElem" name="alertOn_update" value="1" <?php $w->cb('alertOn_update'); ?>/>&nbsp;If you have automatic updates enabled (see above), you'll get an email when an update occurs.</td></tr>
98
- <tr><th>Alert on critical problems</th><td><input type="checkbox" id="alertOn_critical" class="wfConfigElem" name="alertOn_critical" value="1" <?php $w->cb('alertOn_critical'); ?>/></td></tr>
99
- <tr><th>Alert on warnings</th><td><input type="checkbox" id="alertOn_warnings" class="wfConfigElem" name="alertOn_warnings" value="1" <?php $w->cb('alertOn_warnings'); ?>/></td></tr>
100
- <tr><th>Alert when an IP address is blocked</th><td><input type="checkbox" id="alertOn_block" class="wfConfigElem" name="alertOn_block" value="1" <?php $w->cb('alertOn_block'); ?>/></td></tr>
101
- <tr><th>Alert when someone is locked out from login</th><td><input type="checkbox" id="alertOn_loginLockout" class="wfConfigElem" name="alertOn_loginLockout" value="1" <?php $w->cb('alertOn_loginLockout'); ?>/></td></tr>
102
- <tr><th>Alert when the "lost password" form is used for a valid user</th><td><input type="checkbox" id="alertOn_lostPasswdForm" class="wfConfigElem" name="alertOn_lostPasswdForm" value="1" <?php $w->cb('alertOn_lostPasswdForm'); ?>/></td></tr>
103
- <tr><th>Alert me when someone with administrator access signs in</th><td><input type="checkbox" id="alertOn_adminLogin" class="wfConfigElem" name="alertOn_adminLogin" value="1" <?php $w->cb('alertOn_adminLogin'); ?>/></td></tr>
104
- <tr><th>Alert me when a non-admin user signs in</th><td><input type="checkbox" id="alertOn_nonAdminLogin" class="wfConfigElem" name="alertOn_nonAdminLogin" value="1" <?php $w->cb('alertOn_nonAdminLogin'); ?>/></td></tr>
105
- <tr><th>Maximum email alerts to send per hour</th><td>&nbsp;<input type="text" id="alert_maxHourly" name="alert_maxHourly" value="<?php $w->f('alert_maxHourly'); ?>" size="4" />0 or empty means unlimited alerts will be sent.</td></tr>
106
- <tr><td colspan="2">
107
- <div class="wfMarker" id="wfMarkerLiveTrafficOptions"></div>
108
- <h3 class="wfConfigHeading">Live Traffic View<a href="http://docs.wordfence.com/en/Wordfence_options#Live_Traffic_View" target="_blank" class="wfhelp"></a></h3>
109
- </td></tr>
110
- <tr><th>Don't log signed-in users with publishing access:</th><td><input type="checkbox" id="liveTraf_ignorePublishers" name="liveTraf_ignorePublishers" value="1" <?php $w->cb('liveTraf_ignorePublishers'); ?> /></td></tr>
111
- <tr><th>List of comma separated usernames to ignore:</th><td><input type="text" name="liveTraf_ignoreUsers" id="liveTraf_ignoreUsers" value="<?php echo $w->getHTML('liveTraf_ignoreUsers'); ?>" /></td></tr>
112
- <tr><th>List of comma separated IP addresses to ignore:</th><td><input type="text" name="liveTraf_ignoreIPs" id="liveTraf_ignoreIPs" value="<?php echo $w->getHTML('liveTraf_ignoreIPs'); ?>" /></td></tr>
113
- <tr><th>Browser user-agent to ignore:</th><td><input type="text" name="liveTraf_ignoreUA" id="liveTraf_ignoreUA" value="<?php echo $w->getHTML('liveTraf_ignoreUA'); ?>" /></td></tr>
114
- <tr><td colspan="2">
115
- <div class="wfMarker" id="wfMarkerScansToInclude"></div>
116
- <h3 class="wfConfigHeading">Scans to include<a href="http://docs.wordfence.com/en/Wordfence_options#Scans_to_Include" target="_blank" class="wfhelp"></a></h3></td></tr>
117
- <?php if(wfConfig::get('isPaid')){ ?>
118
- <tr><th>Scan public facing site for vulnerabilities?<a href="http://docs.wordfence.com/en/Wordfence_options#Scan_public_facing_site" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="scansEnabled_public" class="wfConfigElem" name="scansEnabled_public" value="1" <?php $w->cb('scansEnabled_public'); ?></td></tr>
119
- <?php } else { ?>
120
- <tr><th style="color: #F00;">Scan public facing site for vulnerabilities?<a href="http://docs.wordfence.com/en/Wordfence_options#Scan_public_facing_site" target="_blank" class="wfhelp"></a>(<a href="https://www.wordfence.com/wordfence-signup/" target="_blank">Paid members only</a>)</th><td><input type="checkbox" id="scansEnabled_public" class="wfConfigElem" name="scansEnabled_public" value="1" DISABLED ?></td></tr>
121
- <?php } ?>
122
- <tr><th>Scan for the HeartBleed vulnerability?<a href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_the_HeartBleed_vulnerability" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="scansEnabled_heartbleed" class="wfConfigElem" name="scansEnabled_heartbleed" value="1" <?php $w->cb('scansEnabled_heartbleed'); ?></td></tr>
123
- <tr><th>Scan core files against repository versions for changes<a href="http://docs.wordfence.com/en/Wordfence_options#Scan_core_files_against_repository_version_for_changes" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="scansEnabled_core" class="wfConfigElem" name="scansEnabled_core" value="1" <?php $w->cb('scansEnabled_core'); ?>/></td></tr>
124
-
125
- <tr><th>Scan theme files against repository versions for changes<a href="http://docs.wordfence.com/en/Wordfence_options#Scan_theme_files_against_repository_versions_for_changes" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="scansEnabled_themes" class="wfConfigElem" name="scansEnabled_themes" value="1" <?php $w->cb('scansEnabled_themes'); ?>/></td></tr>
126
- <tr><th>Scan plugin files against repository versions for changes<a href="http://docs.wordfence.com/en/Wordfence_options#Scan_plugin_files_against_repository_versions_for_changes" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="scansEnabled_plugins" class="wfConfigElem" name="scansEnabled_plugins" value="1" <?php $w->cb('scansEnabled_plugins'); ?>/></td></tr>
127
- <tr><th>Scan for signatures of known malicious files<a href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_signatures_of_known_malicious_files" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="scansEnabled_malware" class="wfConfigElem" name="scansEnabled_malware" value="1" <?php $w->cb('scansEnabled_malware'); ?>/></td></tr>
128
- <tr><th>Scan file contents for backdoors, trojans and suspicious code<a href="http://docs.wordfence.com/en/Wordfence_options#Scan_file_contents_for_backdoors.2C_trojans_and_suspicious_code" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="scansEnabled_fileContents" class="wfConfigElem" name="scansEnabled_fileContents" value="1" <?php $w->cb('scansEnabled_fileContents'); ?>/></td></tr>
129
- <tr><th>Scan posts for known dangerous URLs and suspicious content<a href="http://docs.wordfence.com/en/Wordfence_options#Scan_posts_for_known_dangerous_URLs_and_suspicious_content" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="scansEnabled_posts" class="wfConfigElem" name="scansEnabled_posts" value="1" <?php $w->cb('scansEnabled_posts'); ?>/></td></tr>
130
- <tr><th>Scan comments for known dangerous URLs and suspicious content<a href="http://docs.wordfence.com/en/Wordfence_options#Scan_comments_for_known_dangerous_URLs_and_suspicious_content" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="scansEnabled_comments" class="wfConfigElem" name="scansEnabled_comments" value="1" <?php $w->cb('scansEnabled_comments'); ?>/></td></tr>
131
- <tr><th>Scan for out of date plugins, themes and WordPress versions<a href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_out_of_date_plugins.2C_themes_and_WordPress_versions" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="scansEnabled_oldVersions" class="wfConfigElem" name="scansEnabled_oldVersions" value="1" <?php $w->cb('scansEnabled_oldVersions'); ?>/></td></tr>
132
- <tr><th>Check the strength of passwords<a href="http://docs.wordfence.com/en/Wordfence_options#Check_the_strength_of_passwords" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="scansEnabled_passwds" class="wfConfigElem" name="scansEnabled_passwds" value="1" <?php $w->cb('scansEnabled_passwds'); ?>/></td></tr>
133
- <tr><th>Scan options table<a href="http://docs.wordfence.com/en/Wordfence_options#Scan_options_table" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="scansEnabled_options" class="wfConfigElem" name="scansEnabled_options" value="1" <?php $w->cb('scansEnabled_options'); ?>/></td></tr>
134
- <tr><th>Monitor disk space<a href="http://docs.wordfence.com/en/Wordfence_options#Monitor_disk_space" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="scansEnabled_diskSpace" class="wfConfigElem" name="scansEnabled_diskSpace" value="1" <?php $w->cb('scansEnabled_diskSpace'); ?>/></td></tr>
135
- <tr><th>Scan for unauthorized DNS changes<a href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_unauthorized_DNS_changes" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="scansEnabled_dns" class="wfConfigElem" name="scansEnabled_dns" value="1" <?php $w->cb('scansEnabled_dns'); ?>/></td></tr>
136
- <tr><th>Scan files outside your WordPress installation<a href="http://docs.wordfence.com/en/Wordfence_options#Scan_files_outside_your_WordPress_installation" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="other_scanOutside" class="wfConfigElem" name="other_scanOutside" value="1" <?php $w->cb('other_scanOutside'); ?> /></td></tr>
137
- <tr><th>Scan image files as if they were executable<a href="http://docs.wordfence.com/en/Wordfence_options#Scan_image_files_as_if_they_were_executable" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="scansEnabled_scanImages" class="wfConfigElem" name="scansEnabled_scanImages" value="1" <?php $w->cb('scansEnabled_scanImages'); ?> /></td></tr>
138
- <tr><th>Enable HIGH SENSITIVITY scanning. May give false positives.<a href="http://docs.wordfence.com/en/Wordfence_options#Enable_HIGH_SENSITIVITY_scanning" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="scansEnabled_highSense" class="wfConfigElem" name="scansEnabled_highSense" value="1" <?php $w->cb('scansEnabled_highSense'); ?> /></td></tr>
139
- <tr><th>Exclude files from scan that match these wildcard patterns. Comma separated.<a href="http://docs.wordfence.com/en/Wordfence_options#Exclude_files_from_scan_that_match_these_wildcard_patterns." target="_blank" class="wfhelp"></a></th><td><input type="text" id="scan_exclude" class="wfConfigElem" name="scan_exclude" size="20" value="<?php echo $w->getHTML('scan_exclude'); ?>" />e.g. *.sql,*.tar,backup*.zip</td></tr>
140
- <tr><td colspan="2">
141
- <div class="wfMarker" id="wfMarkerFirewallRules"></div>
142
- <h3 class="wfConfigHeading">Firewall Rules<a href="http://docs.wordfence.com/en/Wordfence_options#Firewall_Rules" target="_blank" class="wfhelp"></a></h3>
143
- </td></tr>
144
- <tr><th>Immediately block fake Google crawlers:<a href="http://docs.wordfence.com/en/Wordfence_options#Immediately_block_fake_Google_crawlers:" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="blockFakeBots" class="wfConfigElem" name="blockFakeBots" value="1" <?php $w->cb('blockFakeBots'); ?>/></td></tr>
145
- <tr><th>How should we treat Google's crawlers<a href="http://docs.wordfence.com/en/Wordfence_options#How_should_we_treat_Google.27s_crawlers" target="_blank" class="wfhelp"></a></th><td>
146
- <select id="neverBlockBG" class="wfConfigElem" name="neverBlockBG">
147
- <option value="neverBlockVerified"<?php $w->sel('neverBlockBG', 'neverBlockVerified'); ?>>Verified Google crawlers have unlimited access to this site</option>
148
- <option value="neverBlockUA"<?php $w->sel('neverBlockBG', 'neverBlockUA'); ?>>Anyone claiming to be Google has unlimited access</option>
149
- <option value="treatAsOtherCrawlers"<?php $w->sel('neverBlockBG', 'treatAsOtherCrawlers'); ?>>Treat Google like any other Crawler</option>
150
- </select></td></tr>
151
- <tr><th>If anyone's requests exceed:<a href="http://docs.wordfence.com/en/Wordfence_options#If_anyone.27s_requests_exceed:" target="_blank" class="wfhelp"></a></th><td><?php $rateName='maxGlobalRequests'; require('wfRate.php'); ?> then <?php $throtName='maxGlobalRequests_action'; require('wfAction.php'); ?></td></tr>
152
- <tr><th>If a crawler's page views exceed:<a href="http://docs.wordfence.com/en/Wordfence_options#If_a_crawler.27s_page_views_exceed" target="_blank" class="wfhelp"></a></th><td><?php $rateName='maxRequestsCrawlers'; require('wfRate.php'); ?> then <?php $throtName='maxRequestsCrawlers_action'; require('wfAction.php'); ?></td></tr>
153
- <tr><th>If a crawler's pages not found (404s) exceed:<a href="http://docs.wordfence.com/en/Wordfence_options#If_a_crawler.27s_pages_not_found_.28404s.29_exceed" target="_blank" class="wfhelp"></a></th><td><?php $rateName='max404Crawlers'; require('wfRate.php'); ?> then <?php $throtName='max404Crawlers_action'; require('wfAction.php'); ?></td></tr>
154
- <tr><th>If a human's page views exceed:<a href="http://docs.wordfence.com/en/Wordfence_options#If_a_human.27s_page_views_exceed" target="_blank" class="wfhelp"></a></th><td><?php $rateName='maxRequestsHumans'; require('wfRate.php'); ?> then <?php $throtName='maxRequestsHumans_action'; require('wfAction.php'); ?></td></tr>
155
- <tr><th>If a human's pages not found (404s) exceed:<a href="http://docs.wordfence.com/en/Wordfence_options#If_a_human.27s_pages_not_found_.28404s.29_exceed" target="_blank" class="wfhelp"></a></th><td><?php $rateName='max404Humans'; require('wfRate.php'); ?> then <?php $throtName='max404Humans_action'; require('wfAction.php'); ?></td></tr>
156
- <tr><th>If 404's for known vulnerable URL's exceed:<a href="http://docs.wordfence.com/en/Wordfence_options#If_404.27s_for_known_vulnerable_URL.27s_exceed" target="_blank" class="wfhelp"></a></th><td><?php $rateName='maxScanHits'; require('wfRate.php'); ?> then <?php $throtName='maxScanHits_action'; require('wfAction.php'); ?></td></tr>
157
- <tr><th>How long is an IP address blocked when it breaks a rule:<a href="http://docs.wordfence.com/en/Wordfence_options#How_long_is_an_IP_address_blocked_when_it_breaks_a_rule" target="_blank" class="wfhelp"></a></th><td>
158
- <select id="blockedTime" class="wfConfigElem" name="blockedTime">
159
- <option value="60"<?php $w->sel('blockedTime', '60'); ?>>1 minute</option>
160
- <option value="300"<?php $w->sel('blockedTime', '300'); ?>>5 minutes</option>
161
- <option value="1800"<?php $w->sel('blockedTime', '1800'); ?>>30 minutes</option>
162
- <option value="3600"<?php $w->sel('blockedTime', '3600'); ?>>1 hour</option>
163
- <option value="7200"<?php $w->sel('blockedTime', '7200'); ?>>2 hours</option>
164
- <option value="21600"<?php $w->sel('blockedTime', '21600'); ?>>6 hours</option>
165
- <option value="43200"<?php $w->sel('blockedTime', '43200'); ?>>12 hours</option>
166
- <option value="86400"<?php $w->sel('blockedTime', '86400'); ?>>1 day</option>
167
- <option value="172800"<?php $w->sel('blockedTime', '172800'); ?>>2 days</option>
168
- <option value="432000"<?php $w->sel('blockedTime', '432000'); ?>>5 days</option>
169
- <option value="864000"<?php $w->sel('blockedTime', '864000'); ?>>10 days</option>
170
- <option value="2592000"<?php $w->sel('blockedTime', '2592000'); ?>>1 month</option>
171
- </select></td></tr>
172
-
173
- <tr><td colspan="2">
174
- <div class="wfMarker" id="wfMarkerLoginSecurity"></div>
175
- <h3 class="wfConfigHeading">Login Security Options<a href="http://docs.wordfence.com/en/Wordfence_options#Login_Security_Options" target="_blank" class="wfhelp"></a></h3>
176
- </td></tr>
177
- <tr><th>Enforce strong passwords?<a href="http://docs.wordfence.com/en/Wordfence_options#Enforce_strong_passwords.3F" target="_blank" class="wfhelp"></a></th><td>
178
- <select class="wfConfigElem" id="loginSec_strongPasswds" name="loginSec_strongPasswds">
179
- <option value="">Do not force users to use strong passwords</option>
180
- <option value="pubs"<?php $w->sel('loginSec_strongPasswds', 'pubs'); ?>>Force admins and publishers to use strong passwords (recommended)</option>
181
- <option value="all"<?php $w->sel('loginSec_strongPasswds', 'all'); ?>>Force all members to use strong passwords</option>
182
- </select>
183
- <tr><th>Lock out after how many login failures<a href="http://docs.wordfence.com/en/Wordfence_options#Lock_out_after_how_many_login_failures" target="_blank" class="wfhelp"></a></th><td>
184
- <select id="loginSec_maxFailures" class="wfConfigElem" name="loginSec_maxFailures">
185
- <option value="1"<?php $w->sel('loginSec_maxFailures', '1'); ?>>1</option>
186
- <option value="2"<?php $w->sel('loginSec_maxFailures', '2'); ?>>2</option>
187
- <option value="3"<?php $w->sel('loginSec_maxFailures', '3'); ?>>3</option>
188
- <option value="4"<?php $w->sel('loginSec_maxFailures', '4'); ?>>4</option>
189
- <option value="5"<?php $w->sel('loginSec_maxFailures', '5'); ?>>5</option>
190
- <option value="6"<?php $w->sel('loginSec_maxFailures', '6'); ?>>6</option>
191
- <option value="7"<?php $w->sel('loginSec_maxFailures', '7'); ?>>7</option>
192
- <option value="8"<?php $w->sel('loginSec_maxFailures', '8'); ?>>8</option>
193
- <option value="9"<?php $w->sel('loginSec_maxFailures', '9'); ?>>9</option>
194
- <option value="10"<?php $w->sel('loginSec_maxFailures', '10'); ?>>10</option>
195
- <option value="20"<?php $w->sel('loginSec_maxFailures', '20'); ?>>20</option>
196
- <option value="30"<?php $w->sel('loginSec_maxFailures', '30'); ?>>30</option>
197
- <option value="40"<?php $w->sel('loginSec_maxFailures', '40'); ?>>40</option>
198
- <option value="50"<?php $w->sel('loginSec_maxFailures', '50'); ?>>50</option>
199
- <option value="100"<?php $w->sel('loginSec_maxFailures', '100'); ?>>100</option>
200
- <option value="200"<?php $w->sel('loginSec_maxFailures', '200'); ?>>200</option>
201
- <option value="500"<?php $w->sel('loginSec_maxFailures', '500'); ?>>500</option>
202
- </select>
203
- </td></tr>
204
- <tr><th>Lock out after how many forgot password attempts<a href="http://docs.wordfence.com/en/Wordfence_options#Lock_out_after_how_many_forgot_password_attempts" target="_blank" class="wfhelp"></a></th><td>
205
- <select id="loginSec_maxForgotPasswd" class="wfConfigElem" name="loginSec_maxForgotPasswd">
206
- <option value="1"<?php $w->sel('loginSec_maxForgotPasswd', '1'); ?>>1</option>
207
- <option value="2"<?php $w->sel('loginSec_maxForgotPasswd', '2'); ?>>2</option>
208
- <option value="3"<?php $w->sel('loginSec_maxForgotPasswd', '3'); ?>>3</option>
209
- <option value="4"<?php $w->sel('loginSec_maxForgotPasswd', '4'); ?>>4</option>
210
- <option value="5"<?php $w->sel('loginSec_maxForgotPasswd', '5'); ?>>5</option>
211
- <option value="6"<?php $w->sel('loginSec_maxForgotPasswd', '6'); ?>>6</option>
212
- <option value="7"<?php $w->sel('loginSec_maxForgotPasswd', '7'); ?>>7</option>
213
- <option value="8"<?php $w->sel('loginSec_maxForgotPasswd', '8'); ?>>8</option>
214
- <option value="9"<?php $w->sel('loginSec_maxForgotPasswd', '9'); ?>>9</option>
215
- <option value="10"<?php $w->sel('loginSec_maxForgotPasswd', '10'); ?>>10</option>
216
- <option value="20"<?php $w->sel('loginSec_maxForgotPasswd', '20'); ?>>20</option>
217
- <option value="30"<?php $w->sel('loginSec_maxForgotPasswd', '30'); ?>>30</option>
218
- <option value="40"<?php $w->sel('loginSec_maxForgotPasswd', '40'); ?>>40</option>
219
- <option value="50"<?php $w->sel('loginSec_maxForgotPasswd', '50'); ?>>50</option>
220
- <option value="100"<?php $w->sel('loginSec_maxForgotPasswd', '100'); ?>>100</option>
221
- <option value="200"<?php $w->sel('loginSec_maxForgotPasswd', '200'); ?>>200</option>
222
- <option value="500"<?php $w->sel('loginSec_maxForgotPasswd', '500'); ?>>500</option>
223
- </select>
224
- </td></tr>
225
- <tr><th>Count failures over what time period<a href="http://docs.wordfence.com/en/Wordfence_options#Count_failures_over_what_time_period" target="_blank" class="wfhelp"></a></th><td>
226
- <select id="loginSec_countFailMins" class="wfConfigElem" name="loginSec_countFailMins">
227
- <option value="5"<?php $w->sel('loginSec_countFailMins', '5'); ?>>5 minutes</option>
228
- <option value="10"<?php $w->sel('loginSec_countFailMins', '10'); ?>>10 minutes</option>
229
- <option value="30"<?php $w->sel('loginSec_countFailMins', '30'); ?>>30 minutes</option>
230
- <option value="60"<?php $w->sel('loginSec_countFailMins', '60'); ?>>1 hour</option>
231
- <option value="120"<?php $w->sel('loginSec_countFailMins', '120'); ?>>2 hours</option>
232
- <option value="360"<?php $w->sel('loginSec_countFailMins', '360'); ?>>6 hours</option>
233
- <option value="720"<?php $w->sel('loginSec_countFailMins', '720'); ?>>12 hours</option>
234
- <option value="1440"<?php $w->sel('loginSec_countFailMins', '1440'); ?>>1 day</option>
235
- </select>
236
- </td></tr>
237
- <tr><th>Amount of time a user is locked out<a href="http://docs.wordfence.com/en/Wordfence_options#Amount_of_time_a_user_is_locked_out" target="_blank" class="wfhelp"></a></th><td>
238
- <select id="loginSec_lockoutMins" class="wfConfigElem" name="loginSec_lockoutMins">
239
- <option value="5"<?php $w->sel('loginSec_lockoutMins', '5'); ?>>5 minutes</option>
240
- <option value="10"<?php $w->sel('loginSec_lockoutMins', '10'); ?>>10 minutes</option>
241
- <option value="30"<?php $w->sel('loginSec_lockoutMins', '30'); ?>>30 minutes</option>
242
- <option value="60"<?php $w->sel('loginSec_lockoutMins', '60'); ?>>1 hour</option>
243
- <option value="120"<?php $w->sel('loginSec_lockoutMins', '120'); ?>>2 hours</option>
244
- <option value="360"<?php $w->sel('loginSec_lockoutMins', '360'); ?>>6 hours</option>
245
- <option value="720"<?php $w->sel('loginSec_lockoutMins', '720'); ?>>12 hours</option>
246
- <option value="1440"<?php $w->sel('loginSec_lockoutMins', '1440'); ?>>1 day</option>
247
- <option value="2880"<?php $w->sel('loginSec_lockoutMins', '2880'); ?>>2 days</option>
248
- <option value="7200"<?php $w->sel('loginSec_lockoutMins', '7200'); ?>>5 days</option>
249
- <option value="14400"<?php $w->sel('loginSec_lockoutMins', '14400'); ?>>10 days</option>
250
- <option value="28800"<?php $w->sel('loginSec_lockoutMins', '28800'); ?>>20 days</option>
251
- <option value="43200"<?php $w->sel('loginSec_lockoutMins', '43200'); ?>>30 days</option>
252
- <option value="86400"<?php $w->sel('loginSec_lockoutMins', '86400'); ?>>60 days</option>
253
- </select>
254
- </td></tr>
255
- <tr><th>Immediately lock out invalid usernames<a href="http://docs.wordfence.com/en/Wordfence_options#Immediately_lock_out_invalid_usernames" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="loginSec_lockInvalidUsers" class="wfConfigElem" name="loginSec_lockInvalidUsers" <?php $w->cb('loginSec_lockInvalidUsers'); ?> /></td></tr>
256
- <tr><th>Don't let WordPress reveal valid users in login errors<a href="http://docs.wordfence.com/en/Wordfence_options#Don.27t_let_WordPress_reveal_valid_users_in_login_errors" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="loginSec_maskLoginErrors" class="wfConfigElem" name="loginSec_maskLoginErrors" <?php $w->cb('loginSec_maskLoginErrors'); ?> /></td></tr>
257
- <tr><th>Prevent users registering 'admin' username if it doesn't exist<a href="http://docs.wordfence.com/en/Wordfence_options#Prevent_users_registering_.27admin.27_username_if_it_doesn.27t_exist" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="loginSec_blockAdminReg" class="wfConfigElem" name="loginSec_blockAdminReg" <?php $w->cb('loginSec_blockAdminReg'); ?> /></td></tr>
258
- <tr><th>Prevent discovery of usernames through '?/author=N' scans<a href="http://docs.wordfence.com/en/Wordfence_options#Prevent_discovery_of_usernames_through_.27.3F.2Fauthor.3DN.27_scans" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="loginSec_disableAuthorScan" class="wfConfigElem" name="loginSec_disableAuthorScan" <?php $w->cb('loginSec_disableAuthorScan'); ?> /></td></tr>
259
- <tr><th>Immediately block the IP of users who try to sign in as these usernames<a href="http://docs.wordfence.com/en/Wordfence_options#Immediately_block_the_IP_of_users_who_try_to_sign_in_as_these_usernames" target="_blank" class="wfhelp"></a></th><td><input type="text" name="loginSec_userBlacklist" id="loginSec_userBlacklist" value="<?php echo $w->getHTML('loginSec_userBlacklist'); ?>" size="40" />&nbsp;(Comma separated. Existing users won't be blocked.)</td></tr>
260
- <tr><td colspan="2">
261
- <div class="wfMarker" id="wfMarkerOtherOptions"></div>
262
- <h3 class="wfConfigHeading">Other Options<a href="http://docs.wordfence.com/en/Wordfence_options#Other_Options" target="_blank" class="wfhelp"></a></h3>
263
- </td></tr>
264
-
265
- <tr><th>Whitelisted IP addresses that bypass all rules:<a href="http://docs.wordfence.com/en/Wordfence_options#Whitelisted_IP_addresses_that_bypass_all_rules" target="_blank" class="wfhelp"></a></th><td><input type="text" name="whitelisted" id="whitelisted" value="<?php echo $w->getHTML('whitelisted'); ?>" size="40" /></td></tr>
266
- <tr><th colspan="2" style="color: #999;">Whitelisted IP's must be separated by commas. You can specify ranges using the following format: 123.23.34.[1-50]<br />Wordfence automatically whitelists <a href="http://en.wikipedia.org/wiki/Private_network" target="_blank">private networks</a> because these are not routable on the public Internet.<br /><br /></th></tr>
267
-
268
- <tr><th>Immediately block IP's that access these URLs:<a href="http://docs.wordfence.com/en/Wordfence_options#Immediately_block_IP.27s_that_access_these_URLs" target="_blank" class="wfhelp"></a></th><td><input type="text" name="bannedURLs" id="bannedURLs" value="<?php echo $w->getHTML('bannedURLs'); ?>" size="40" /></td></tr>
269
- <tr><th colspan="2" style="color: #999;">Separate multiple URL's with commas. If you see an attacker repeatedly probing your site for a known vulnerability you can use this to immediately block them.<br />
270
- All URL's must start with a '/' without quotes and must be relative. e.g. /badURLone/, /bannedPage.html, /dont-access/this/URL/
271
- <br /><br /></th></tr>
272
-
273
- <tr><th>Hide WordPress version<a href="http://docs.wordfence.com/en/Wordfence_options#Hide_WordPress_version" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="other_hideWPVersion" class="wfConfigElem" name="other_hideWPVersion" value="1" <?php $w->cb('other_hideWPVersion'); ?> /></td></tr>
274
- <tr><th>Hold anonymous comments using member emails for moderation<a href="http://docs.wordfence.com/en/Wordfence_options#Hold_anonymous_comments_using_member_emails_for_moderation" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="other_noAnonMemberComments" class="wfConfigElem" name="other_noAnonMemberComments" value="1" <?php $w->cb('other_noAnonMemberComments'); ?> /></td></tr>
275
- <tr><th>Filter comments for malware and phishing URL's<a href="http://docs.wordfence.com/en/Wordfence_options#Filter_comments_for_malware_and_phishing_URL.27s" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="other_scanComments" class="wfConfigElem" name="other_scanComments" value="1" <?php $w->cb('other_scanComments'); ?> /></td></tr>
276
- <tr><th>Check password strength on profile update<a href="http://docs.wordfence.com/en/Wordfence_options#Check_password_strength_on_profile_update" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="other_pwStrengthOnUpdate" class="wfConfigElem" name="other_pwStrengthOnUpdate" value="1" <?php $w->cb('other_pwStrengthOnUpdate'); ?> /></td></tr>
277
- <tr><th>Participate in the Real-Time WordPress Security Network<a href="http://docs.wordfence.com/en/Wordfence_options#Participate_in_the_Real-Time_WordPress_Security_Network" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="other_WFNet" class="wfConfigElem" name="other_WFNet" value="1" <?php $w->cb('other_WFNet'); ?> /></td></tr>
278
- <tr><th>How much memory should Wordfence request when scanning<a href="http://docs.wordfence.com/en/Wordfence_options#How_much_memory_should_Wordfence_request_when_scanning" target="_blank" class="wfhelp"></a></th><td><input type="text" id="maxMem" name="maxMem" value="<?php $w->f('maxMem'); ?>" size="4" />Megabytes</td></tr>
279
- <tr><th>Maximum execution time for each scan stage<a href="http://docs.wordfence.com/en/Wordfence_options#Maximum_execution_time_for_each_scan_stage" target="_blank" class="wfhelp"></a></th><td><input type="text" id="maxExecutionTime" name="maxExecutionTime" value="<?php $w->f('maxExecutionTime'); ?>" size="4" />Blank for default. Must be greater than 9.</td></tr>
280
- <tr><th>Update interval in seconds (2 is default)<a href="http://docs.wordfence.com/en/Wordfence_options#Update_interval_in_seconds" target="_blank" class="wfhelp"></a></th><td><input type="text" id="actUpdateInterval" name="actUpdateInterval" value="<?php $w->f('actUpdateInterval'); ?>" size="4" />Setting higher will reduce browser traffic but slow scan starts, live traffic &amp; status updates.</td></tr>
281
- <tr><th>Enable debugging mode (increases database load)<a href="http://docs.wordfence.com/en/Wordfence_options#Enable_debugging_mode_.28increases_database_load.29" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="debugOn" class="wfConfigElem" name="debugOn" value="1" <?php $w->cb('debugOn'); ?> /></td></tr>
282
- <tr><th>Delete Wordfence tables and data on deactivation?<a href="http://docs.wordfence.com/en/Wordfence_options#Delete_Wordfence_tables_and_data_on_deactivation.3F" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="deleteTablesOnDeact" class="wfConfigElem" name="deleteTablesOnDeact" value="1" <?php $w->cb('deleteTablesOnDeact'); ?> /></td></tr>
283
-
284
-
285
- <tr><th>Disable Wordfence Cookies<a href="http://docs.wordfence.com/en/Wordfence_options#Disable_Wordfence_Cookies" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="disableCookies" class="wfConfigElem" name="disableCookies" value="1" <?php $w->cb('disableCookies'); ?> />(when enabled all visits in live traffic will appear to be new visits)</td></tr>
286
- <tr><th>Start all scans remotely<a href="http://docs.wordfence.com/en/Wordfence_options#Start_all_scans_remotely" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="startScansRemotely" class="wfConfigElem" name="startScansRemotely" value="1" <?php $w->cb('startScansRemotely'); ?> />(Try this if your scans aren't starting and your site is publicly accessible)</td></tr>
287
- <tr><th>Disable config caching<a href="http://docs.wordfence.com/en/Wordfence_options#Disable_config_caching" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="disableConfigCaching" class="wfConfigElem" name="disableConfigCaching" value="1" <?php $w->cb('disableConfigCaching'); ?> />(Try this if your options aren't saving)</td></tr>
288
- <tr><th>Add a debugging comment to HTML source of cached pages.<a href="http://docs.wordfence.com/en/Wordfence_options#Add_a_debugging_comment_to_HTML_source_of_cached_pages" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="addCacheComment" class="wfConfigElem" name="addCacheComment" value="1" <?php $w->cb('addCacheComment'); ?> /></td></tr>
289
- <tr><th><label for="disableCodeExecutionUploads">Disable Code Execution for Uploads directory</label><a href="http://docs.wordfence.com/en/Wordfence_options#Disable_Code_Execution_for_Uploads_directory" target="_blank" class="wfhelp"></a></th><td><input type="checkbox" id="disableCodeExecutionUploads" class="wfConfigElem" name="disableCodeExecutionUploads" value="1" <?php $w->cb('disableCodeExecutionUploads'); ?> /></td></tr>
290
- <tr><th colspan="2"><a href="<?php echo wfUtils::siteURLRelative(); ?>?_wfsf=conntest&nonce=<?php echo wp_create_nonce('wp-ajax'); ?>" target="_blank">Click to test connectivity to the Wordfence API servers</a><a href="http://docs.wordfence.com/en/Wordfence_options#Click_to_test_connectivity_to_the_Wordfence_API_servers" target="_blank" class="wfhelp"></a></th></tr>
291
- <tr><th colspan="2"><a href="<?php echo wfUtils::siteURLRelative(); ?>?_wfsf=sysinfo&nonce=<?php echo wp_create_nonce('wp-ajax'); ?>" target="_blank">Click to view your system's configuration in a new window</a><a href="http://docs.wordfence.com/en/Wordfence_options#Click_to_view_your_system.27s_configuration_in_a_new_window" target="_blank" class="wfhelp"></a></th></tr>
292
- <tr><th colspan="2"><a href="<?php echo wfUtils::siteURLRelative(); ?>?_wfsf=testmem&nonce=<?php echo wp_create_nonce('wp-ajax'); ?>" target="_blank">Test your WordPress host's available memory</a><a href="http://docs.wordfence.com/en/Wordfence_options#Test_your_WordPress_host.27s_available_memory" target="_blank" class="wfhelp"></a></th></tr>
293
- <tr><th>Send a test email from this WordPress server to an email address:<a href="http://docs.wordfence.com/en/Wordfence_options#Send_a_test_email_from_this_WordPress_server_to_an_email_address" target="_blank" class="wfhelp"></a></th><td><input type="text" id="testEmailDest" value="" size="20" maxlength="255" class="wfConfigElem" />
294
- <input type="button" value="Send Test Email" onclick="WFAD.sendTestEmail(jQuery('#testEmailDest').val());" /></td></tr>
295
-
296
- <tr><td colspan="2">
297
- <div class="wfMarker" id="wfMarkerExportOptions"></div>
298
- <h3 class="wfConfigHeading">Exporting and Importing Wordfence Settings<a href="http://docs.wordfence.com/en/Wordfence_options#Exporting_and_Importing_Wordfence_Settings" target="_blank" class="wfhelp"></a></h3>
299
- </td></tr>
300
-
301
- <tr><th>Export this site's Wordfence settings for import on another site:</th><td><input type="button" id="exportSettingsBut" value="Export Wordfence Settings" onclick="WFAD.exportSettings(); return false;" /></td></tr>
302
- <tr><th>Import Wordfence settings from another site using a token:</th><td><input type="text" size="20" value="" id="importToken" />&nbsp;<input type="button" name="importSettingsButton" value="Import Settings" onclick="WFAD.importSettings(jQuery('#importToken').val()); return false;" /></td></tr>
303
- </table>
304
- <p><table border="0" cellpadding="0" cellspacing="0"><tr><td><input type="button" id="button1" name="button1" class="button-primary" value="Save Changes" onclick="WFAD.saveConfig();" /></td><td style="height: 24px;"><div class="wfAjax24"></div><span class="wfSavedMsg">&nbsp;Your changes have been saved!</span></td></tr></table></p>
305
- </div>
306
</form>
307
</div>
308
<script type="text/x-jquery-template" id="wfContentBasicOptions">
309
- <div>
310
- <h3>Basic Options</h3>
311
- <p>
312
- Using Wordfence is simple. Install Wordfence, enter an email address on this page to send alerts to, and then do your first scan and work through the security alerts we provide.
313
- We give you a few basic security levels to choose from, depending on your needs. Remember to hit the "Save" button to save any changes you make.
314
- </p>
315
- <p>
316
- If you use the free edition of Wordfence, you don't need to worry about entering an API key in the "API Key" field above. One is automatically created for you. If you choose to <a href="https://www.wordfence.com/wordfence-signup/" target="_blank">upgrade to Wordfence Premium edition</a>, you will receive an API key. You will need to copy and paste that key into the "API Key"
317
- field above and hit "Save" to activate your key.
318
- </p>
319
- </div>
320
</script>
321
<script type="text/x-jquery-template" id="wfContentLiveTrafficOptions">
322
- <div>
323
- <h3>Live Traffic Options</h3>
324
- <p>
325
- These options let you ignore certain types of visitors, based on their level of access, usernames, IP address or browser type.
326
- If you run a very high traffic website where it is not feasible to see your visitors in real-time, simply un-check the live traffic option and nothing will be written to the Wordfence tracking tables.
327
- </p>
328
- </div>
329
</script>
330
<script type="text/x-jquery-template" id="wfContentScansToInclude">
331
- <div>
332
- <h3>Scans to Include</h3>
333
- <p>
334
- This section gives you the ability to fine-tune what we scan.
335
- If you use many themes or plugins from the public WordPress directory we recommend you
336
- enable theme and plugin scanning. This will verify the integrity of all these themes and plugins and alert you of any changes.
337
- <p>
338
- <p>
339
- The option to "scan files outside your WordPress installation" will cause Wordfence to do a much wider security scan
340
- that is not limited to your base WordPress directory and known WordPress subdirectories. This scan may take longer
341
- but can be very useful if you have other infected files outside this WordPress installation that you would like us to look for.
342
- </p>
343
- </div>
344
</script>
345
<script type="text/x-jquery-template" id="wfContentFirewallRules">
346
- <div>
347
- <h3>Firewall Rules</h3>
348
- <p>
349
- <strong>NOTE:</strong> Before modifying these rules, make sure you have access to the email address associated with this site's administrator account. If you accidentally lock yourself out, you will be given the option
350
- to enter that email address and receive an "unlock email" which will allow you to regain access.
351
- </p>
352
- <p>
353
- <strong>Tips:</strong>
354
- <p>&#8226; If you choose to limit the rate at which your site can be accessed, you need to customize the settings for your site.</p>
355
- <p>&#8226; If your users usually skip quickly between pages, you should set the values for human visitors to be high.</p>
356
- <p>&#8226; If you are aggressively crawled by non-Google crawlers like Baidu, you should set the page view limit for crawlers to a high value.</p>
357
- <p>&#8226; If you are currently under attack and want to aggressively protect your site or your content, you can set low values for most options.</p>
358
- <p>&#8226; In general we recommend you don't block fake Google crawlers unless you have a specific problem with someone stealing your content.</p>
359
- </p>
360
- <p>
361
- Remember that as long as you have your administrator email set correctly in this site's user administration, and you are able to receive email at that address,
362
- you will be able to regain access if you are accidentally locked out because your rules are too strict.
363
- </p>
364
- </div>
365
</script>
366
<script type="text/x-jquery-template" id="wfContentLoginSecurity">
367
- <div>
368
- <h3>Login Security</h3>
369
- <p>
370
- We have found that real brute force login attacks make hundreds or thousands of requests trying to guess passwords or user login names.
371
- So in general you can leave the number of failed logins before a user is locked out as a fairly high number.
372
- We have found that blocking after 20 failed attempts is sufficient for most sites and it allows your real site users enough
373
- attempts to guess their forgotten passwords without getting locked out.
374
- </p>
375
- </div>
376
</script>
377
<script type="text/x-jquery-template" id="wfContentOtherOptions">
378
- <div>
379
- <h3>Other Options</h3>
380
- <p>
381
- We have worked hard to make Wordfence memory efficient and much of the heavy lifting is done for your site by our cloud scanning servers in our Seattle data center.
382
- On most sites Wordfence will only use about 8 megabytes of additional memory when doing a scan, even if you have large files or a large number of files.
383
- You should not have to adjust the maximum memory that Wordfence can use, but we have provided the option. Remember that this does not affect the actual memory usage of Wordfence, simply the maximum Wordfence can use if it needs to.
384
- </p>
385
- <p>
386
- You may find debugging mode helpful if Wordfence is not able to start a scan on your site or
387
- if you are experiencing some other problem. Enable debugging by checking the box, save your options
388
- and then try to do a scan. You will notice a lot more output on the "Scan" page.
389
- </p>
390
- <p>
391
- If you decide to permanently remove Wordfence, you can choose the option to delete all data on deactivation.
392
- We also provide helpful links at the bottom of this page which lets you see your systems configuration and test how
393
- much memory your host really allows you to use.
394
- </p>
395
- <p>
396
- Thanks for completing this tour and I'm very happy to have you as our newest Wordfence customer. Don't forget to <a href="http://wordpress.org/extend/plugins/wordfence/" target="_blank">rate us 5 stars if you love Wordfence</a>.<br />
397
- <br />
398
- <strong>Mark Maunder</strong> - Wordfence Creator.
399
- </p>
400
- </div>
401
</script>
402
1
+ <?php
2
+ $w = new wfConfig();
3
?>
4
<script type="text/javascript">
5
+ var WFSLevels = <?php echo json_encode(wfConfig::$securityLevels); ?>;
6
</script>
7
<div class="wordfenceModeElem" id="wordfenceMode_options"></div>
8
<div class="wrap">
9
+ <?php require( 'menuHeader.php' ); ?>
10
+ <?php $helpLink = "http://docs.wordfence.com/en/Wordfence_options";
11
+ $helpLabel = "Learn more about Wordfence Options";
12
+ $pageTitle = "Wordfence Options";
13
+ include( 'pageTitle.php' ); ?>
14
<div class="wordfenceLive">
15
<table border="0" cellpadding="0" cellspacing="0">
16
+ <tr>
17
+ <td><h2>Wordfence Live Activity:</h2></td>
18
+ <td id="wfLiveStatus"></td>
19
+ </tr>
20
</table>
21
</div>
22
23
<form id="wfConfigForm">
24
+ <table class="wfConfigForm">
25
+ <tr>
26
+ <td colspan="2"><h2>License</h2></td>
27
+ </tr>
28
+
29
+ <tr>
30
+ <th>Your Wordfence API Key:<a href="http://docs.wordfence.com/en/Wordfence_options#Wordfence_API_Key"
31
+ target="_blank" class="wfhelp"></a></th>
32
+ <td><input type="text" id="apiKey" name="apiKey" value="<?php $w->f( 'apiKey' ); ?>" size="80"/></td>
33
+ </tr>
34
+ <tr>
35
+ <th>Key type currently active:</th>
36
+ <td>
37
+ <?php if (wfConfig::get( 'isPaid' )){ ?>
38
+ The currently active API Key is a Premium Key. <span style="font-weight: bold; color: #0A0;">Premium scanning enabled!</span>
39
+ <?php } else { ?>
40
+ The currently active API Key is a <span style="color: #F00; font-weight: bold;">Free Key</span>. <a
41
+ href="https://www.wordfence.com/wordfence-signup/" target="_blank">Click Here to Upgrade to
42
+ Wordfence Premium now.</a>
43
+ <?php } ?>
44
+ </td>
45
+ </tr>
46
+ <tr>
47
+ <td colspan="2">
48
+ <?php if ( wfConfig::get( 'isPaid' ) ) { ?>
49
+ <table border="0">
50
+ <tr>
51
+ <td><a href="https://www.wordfence.com/manage-wordfence-api-keys/"
52
+ target="_blank"><input type="button" value="Renew your premium license"/></a>
53
+ </td>
54
+ <td>&nbsp;</td>
55
+ <td><input type="button" value="Downgrade to a free license"
56
+ onclick="WFAD.downgradeLicense();"/></td>
57
+ </tr>
58
+ </table>
59
+ <?php } ?>
60
+
61
+
62
+ <tr>
63
+ <td colspan="2"><h2>Basic Options<a href="http://docs.wordfence.com/en/Wordfence_options#Basic_Options"
64
+ target="_blank" class="wfhelp"></a></h2></td>
65
+ </tr>
66
+ <tr>
67
+ <th class="wfConfigEnable">Enable firewall<a
68
+ href="http://docs.wordfence.com/en/Wordfence_options#Enable_Firewall" target="_blank"
69
+ class="wfhelp"></a></th>
70
+ <td><input type="checkbox" id="firewallEnabled" class="wfConfigElem" name="firewallEnabled"
71
+ value="1" <?php $w->cb( 'firewallEnabled' ); ?> />&nbsp;<span
72
+ style="color: #F00;">NOTE:</span> This checkbox enables ALL firewall functions including IP,
73
+ country and advanced blocking and the "Firewall Rules" below.
74
+ </td>
75
+ </tr>
76
+ <tr>
77
+ <td colspan="2">&nbsp;</td>
78
+ </tr>
79
+ <tr>
80
+ <th class="wfConfigEnable">Enable login security<a
81
+ href="http://docs.wordfence.com/en/Wordfence_options#Enable_login_security" target="_blank"
82
+ class="wfhelp"></a></th>
83
+ <td><input type="checkbox" id="loginSecurityEnabled" class="wfConfigElem" name="loginSecurityEnabled"
84
+ value="1" <?php $w->cb( 'loginSecurityEnabled' ); ?> />&nbsp;This option enables all "Login
85
+ Security" options. You can modify individual options further down this page.
86
+ </td>
87
+ </tr>
88
+ <tr>
89
+ <td colspan="2">&nbsp;</td>
90
+ </tr>
91
+ <tr>
92
+ <th class="wfConfigEnable">Enable Live Traffic View<a
93
+ href="http://docs.wordfence.com/en/Wordfence_options#Enable_Live_Traffic_View" target="_blank"
94
+ class="wfhelp"></a></th>
95
+ <td><input type="checkbox" id="liveTrafficEnabled" class="wfConfigElem" name="liveTrafficEnabled"
96
+ value="1" <?php $w->cb( 'liveTrafficEnabled' ); ?>
97
+ onclick="WFAD.reloadConfigPage = true; return true;"/>&nbsp;This option enables live traffic
98
+ logging.
99
+ </td>
100
+ </tr>
101
+ <tr>
102
+ <td colspan="2">&nbsp;</td>
103
+ </tr>
104
+ <tr>
105
+ <th class="wfConfigEnable">Advanced Comment Spam Filter<a
106
+ href="http://docs.wordfence.com/en/Wordfence_options#Advanced_Comment_Spam_Filter"
107
+ target="_blank" class="wfhelp"></a></th>
108
+ <td><input type="checkbox" id="advancedCommentScanning" class="wfConfigElem"
109
+ name="advancedCommentScanning" value="1" <?php $w->cbp( 'advancedCommentScanning' );
110
+ if ( ! wfConfig::get( 'isPaid' )){ ?>onclick="alert('This is a paid feature because it places significant additional load on our servers.'); jQuery('#advancedCommentScanning').attr('checked', false); return false;" <?php } ?> />&nbsp;<span
111
+ style="color: #F00;">Premium Feature</span> In addition to free comment filtering (see below)
112
+ this option filters comments against several additional real-time lists of known spammers and
113
+ infected hosts.
114
+ </td>
115
+ </tr>
116
+ <tr>
117
+ <th class="wfConfigEnable">Check if this website is being "Spamvertised"<a
118
+ href="http://docs.wordfence.com/en/Wordfence_options#Check_if_this_website_is_being_.22Spamvertized.22"
119
+ target="_blank" class="wfhelp"></a></th>
120
+ <td><input type="checkbox" id="spamvertizeCheck" class="wfConfigElem" name="spamvertizeCheck" value="1"
121
+ <?php $w->cbp( 'spamvertizeCheck' );
122
+ if ( ! wfConfig::get( 'isPaid' )){ ?>onclick="alert('This is a paid feature because it places significant additional load on our servers.'); jQuery('#spamvertizeCheck').attr('checked', false); return false;" <?php } ?> />&nbsp;<span
123
+ style="color: #F00;">Premium Feature</span> When doing a scan, Wordfence will check with spam
124
+ services if your site domain name is appearing as a link in spam emails.
125
+ </td>
126
+ </tr>
127
+ <tr>
128
+ <th class="wfConfigEnable">Check if this website IP is generating spam<a
129
+ href="http://docs.wordfence.com/en/Wordfence_options#Check_if_this_website_IP_is_generating_spam"
130
+ target="_blank" class="wfhelp"></a></th>
131
+ <td><input type="checkbox" id="checkSpamIP" class="wfConfigElem" name="checkSpamIP" value="1"
132
+ <?php $w->cbp( 'checkSpamIP' );
133
+ if ( ! wfConfig::get( 'isPaid' )){ ?>onclick="alert('This is a paid feature because it places significant additional load on our servers.'); jQuery('#checkSpamIP').attr('checked', false); return false;" <?php } ?> />&nbsp;<span
134
+ style="color: #F00;">Premium Feature</span> When doing a scan, Wordfence will check with spam
135
+ services if your website IP address is listed as a known source of spam email.
136
+ </td>
137
+ </tr>
138
+ <tr>
139
+ <td colspan="2">&nbsp;</td>
140
+ </tr>
141
+ <?php /* <tr><th class="wfConfigEnable">Enable Performance Monitoring</th><td><input type="checkbox" id="perfLoggingEnabled" class="wfConfigElem" name="perfLoggingEnabled" value="1" <?php $w->cb('perfLoggingEnabled'); ?> onclick="WFAD.reloadConfigPage = true; return true;" />&nbsp;This option enables performance monitoring.</td></tr> */ ?>
142
+ <tr>
143
+ <td colspan="2">&nbsp;</td>
144
+ </tr>
145
+ <tr>
146
+ <th class="wfConfigEnable">Enable automatic scheduled scans<a
147
+ href="http://docs.wordfence.com/en/Wordfence_options#Enable_automatic_scheduled_scans"
148
+ target="_blank" class="wfhelp"></a></th>
149
+ <td><input type="checkbox" id="scheduledScansEnabled" class="wfConfigElem" name="scheduledScansEnabled"
150
+ value="1" <?php $w->cb( 'scheduledScansEnabled' ); ?> />&nbsp;Regular scans ensure your site
151
+ stays secure.
152
+ </td>
153
+ </tr>
154
+ <tr>
155
+ <td colspan="2">&nbsp;</td>
156
+ </tr>
157
+ <tr>
158
+ <th class="wfConfigEnable">Update Wordfence automatically when a new version is released?<a
159
+ href="http://docs.wordfence.com/en/Wordfence_options#Update_Wordfence_Automatically_when_a_new_version_is_released"
160
+ target="_blank" class="wfhelp"></a></th>
161
+ <td><input type="checkbox" id="autoUpdate" class="wfConfigElem" name="autoUpdate"
162
+ value="1" <?php $w->cb( 'autoUpdate' ); ?> />&nbsp;Automatically updates Wordfence to the
163
+ newest version within 24 hours of a new release.<br/>
164
+ <?php if (getenv( 'noabort' ) != '1' && stristr( $_SERVER['SERVER_SOFTWARE'], 'litespeed' ) !== false){ ?>
165
+ <span style="color: #F00;">Warning: </span>You are running LiteSpeed web server and you don't have
166
+ the "noabort" variable set in your .htaccess.<br/>
167
+ <a href="https://support.wordfence.com/solution/articles/1000129050-running-wordfence-under-litespeed-web-server-and-preventing-process-killing-or"
168
+ target="_blank">Please read this article in our FAQ to make an important change that will ensure
169
+ your site stability during an update.<br/>
170
+ <?php } ?>
171
+ </td>
172
+ </tr>
173
+ <tr>
174
+ <td colspan="2">&nbsp;</td>
175
+ </tr>
176
+
177
+ <tr>
178
+ <th>Where to email alerts:<a href="http://docs.wordfence.com/en/Wordfence_options#Where_to_email_alerts"
179
+ target="_blank" class="wfhelp"></a></th>
180
+ <td><input type="text" id="alertEmails" name="alertEmails" value="<?php $w->f( 'alertEmails' ); ?>"
181
+ size="50"/>&nbsp;<span class="wfTipText">Separate multiple emails with commas</span></td>
182
+ </tr>
183
+ <tr>
184
+ <th colspan="2">&nbsp;</th>
185
+ </tr>
186
+ <tr>
187
+ <th>Security Level:<a href="http://docs.wordfence.com/en/Wordfence_options#Security_Level"
188
+ target="_blank" class="wfhelp"></a></th>
189
+ <td>
190
+ <select id="securityLevel" name="securityLevel" onchange="WFAD.changeSecurityLevel(); return true;">
191
+ <option value="0"<?php $w->sel( 'securityLevel', '0' ); ?>>Level 0: Disable all Wordfence
192
+ security measures
193
+ </option>
194
+ <option value="1"<?php $w->sel( 'securityLevel', '1' ); ?>>Level 1: Light protection. Just the
195
+ basics
196
+ </option>
197
+ <option value="2"<?php $w->sel( 'securityLevel', '2' ); ?>>Level 2: Medium protection. Suitable
198
+ for most sites
199
+ </option>
200
+ <option value="3"<?php $w->sel( 'securityLevel', '3' ); ?>>Level 3: High security. Use this when
201
+ an attack is imminent
202
+ </option>
203
+ <option value="4"<?php $w->sel( 'securityLevel', '4' ); ?>>Level 4: Lockdown. Protect the site
204
+ against an attack in progress at the cost of inconveniencing some users
205
+ </option>
206
+ <option value="CUSTOM"<?php $w->sel( 'securityLevel', 'CUSTOM' ); ?>>Custom settings</option>
207
+ </select>
208
+ </td>
209
+ </tr>
210
+ <tr>
211
+ <th>How does Wordfence get IPs:<a
212
+ href="http://docs.wordfence.com/en/Wordfence_options#How_does_Wordfence_get_IPs" target="_blank"
213
+ class="wfhelp"></a></th>
214
+ <td>
215
+ <select id="howGetIPs" name="howGetIPs">
216
+ <option value="">Let Wordfence use the most secure method to get visitor IP addresses. Prevents
217
+ spoofing and works with most sites.
218
+ </option>
219
+ <option value="REMOTE_ADDR"<?php $w->sel( 'howGetIPs', 'REMOTE_ADDR' ); ?>>Use PHP's built in
220
+ REMOTE_ADDR and don't use anything else. Very secure if this is compatible with your site.
221
+ </option>
222
+ <option value="HTTP_X_FORWARDED_FOR"<?php $w->sel( 'howGetIPs', 'HTTP_X_FORWARDED_FOR' ); ?>>Use
223
+ the X-Forwarded-For HTTP header. Only use if you have a front-end proxy or spoofing may
224
+ result.
225
+ </option>
226
+ <option value="HTTP_X_REAL_IP"<?php $w->sel( 'howGetIPs', 'HTTP_X_REAL_IP' ); ?>>Use the
227
+ X-Real-IP HTTP header. Only use if you have a front-end proxy or spoofing may result.
228
+ </option>
229
+ <option value="HTTP_CF_CONNECTING_IP"<?php $w->sel( 'howGetIPs', 'HTTP_CF_CONNECTING_IP' ); ?>>
230
+ Use the Cloudflare "CF-Connecting-IP" HTTP header to get a visitor IP. Only use if you're
231
+ using Cloudflare.
232
+ </option>
233
+ </select>
234
+ </td>
235
+ </tr>
236
+ </table>
237
+ <p>
238
+ <table border="0" cellpadding="0" cellspacing="0">
239
+ <tr>
240
+ <td><input type="button" id="button1" name="button1" class="button-primary" value="Save Changes"
241
+ onclick="WFAD.saveConfig();"/></td>
242
+ <td style="height: 24px;">
243
+ <div class="wfAjax24"></div>
244
+ <span class="wfSavedMsg">&nbsp;Your changes have been saved!</span></td>
245
+ </tr>
246
+ </table>
247
</p>
248
+ <div class="wfMarker" id="wfMarkerBasicOptions"></div>
249
+ <div style="margin-top: 25px;">
250
+ <h2>Advanced Options:<a href="http://docs.wordfence.com/en/Wordfence_options#Advanced_Options"
251
+ target="_blank" class="wfhelp"></a></h2>
252
+
253
+ <p style="width: 600px;">
254
+ Wordfence works great out of the box for most websites. Simply install Wordfence and your site and
255
+ content is protected. For finer granularity of control, we have provided advanced options.
256
+ </p>
257
+ </div>
258
+ <div id="wfConfigAdvanced">
259
+ <table class="wfConfigForm">
260
+ <tr>
261
+ <td colspan="2"><h3 class="wfConfigHeading">Alerts<a
262
+ href="http://docs.wordfence.com/en/Wordfence_options#Alerts" target="_blank"
263
+ class="wfhelp"></a></h3></td>
264
+ </tr>
265
+ <?php
266
+ $emails = wfConfig::getAlertEmails();
267
+ if ( sizeof( $emails ) < 1 ) {
268
+ echo "<tr><th colspan=\"2\" style=\"color: #F00;\">You have not configured an email to receive alerts yet. Set this up under \"Basic Options\" above.</th></tr>\n";
269
+ }
270
+ ?>
271
+ <tr>
272
+ <th>Email me when Wordfence is automatically updated</th>
273
+ <td><input type="checkbox" id="alertOn_update" class="wfConfigElem" name="alertOn_update"
274
+ value="1" <?php $w->cb( 'alertOn_update' ); ?>/>&nbsp;If you have automatic updates
275
+ enabled (see above), you'll get an email when an update occurs.
276
+ </td>
277
+ </tr>
278
+ <tr>
279
+ <th>Alert on critical problems</th>
280
+ <td><input type="checkbox" id="alertOn_critical" class="wfConfigElem" name="alertOn_critical"
281
+ value="1" <?php $w->cb( 'alertOn_critical' ); ?>/></td>
282
+ </tr>
283
+ <tr>
284
+ <th>Alert on warnings</th>
285
+ <td><input type="checkbox" id="alertOn_warnings" class="wfConfigElem" name="alertOn_warnings"
286
+ value="1" <?php $w->cb( 'alertOn_warnings' ); ?>/></td>
287
+ </tr>
288
+ <tr>
289
+ <th>Alert when an IP address is blocked</th>
290
+ <td><input type="checkbox" id="alertOn_block" class="wfConfigElem" name="alertOn_block"
291
+ value="1" <?php $w->cb( 'alertOn_block' ); ?>/></td>
292
+ </tr>
293
+ <tr>
294
+ <th>Alert when someone is locked out from login</th>
295
+ <td><input type="checkbox" id="alertOn_loginLockout" class="wfConfigElem"
296
+ name="alertOn_loginLockout" value="1" <?php $w->cb( 'alertOn_loginLockout' ); ?>/></td>
297
+ </tr>
298
+ <tr>
299
+ <th>Alert when the "lost password" form is used for a valid user</th>
300
+ <td><input type="checkbox" id="alertOn_lostPasswdForm" class="wfConfigElem"
301
+ name="alertOn_lostPasswdForm" value="1" <?php $w->cb( 'alertOn_lostPasswdForm' ); ?>/>
302
+ </td>
303
+ </tr>
304
+ <tr>
305
+ <th>Alert me when someone with administrator access signs in</th>
306
+ <td><input type="checkbox" id="alertOn_adminLogin" class="wfConfigElem" name="alertOn_adminLogin"
307
+ value="1" <?php $w->cb( 'alertOn_adminLogin' ); ?>/></td>
308
+ </tr>
309
+ <tr>
310
+ <th>Alert me when a non-admin user signs in</th>
311
+ <td><input type="checkbox" id="alertOn_nonAdminLogin" class="wfConfigElem"
312
+ name="alertOn_nonAdminLogin" value="1" <?php $w->cb( 'alertOn_nonAdminLogin' ); ?>/></td>
313
+ </tr>
314
+ <tr>
315
+ <th>Maximum email alerts to send per hour</th>
316
+ <td>&nbsp;<input type="text" id="alert_maxHourly" name="alert_maxHourly"
317
+ value="<?php $w->f( 'alert_maxHourly' ); ?>" size="4"/>0 or empty means unlimited
318
+ alerts will be sent.
319
+ </td>
320
+ </tr>
321
+ <tr>
322
+ <td colspan="2">
323
+ <div class="wfMarker" id="wfMarkerLiveTrafficOptions"></div>
324
+ <h3 class="wfConfigHeading">Live Traffic View<a
325
+ href="http://docs.wordfence.com/en/Wordfence_options#Live_Traffic_View" target="_blank"
326
+ class="wfhelp"></a></h3>
327
+ </td>
328
+ </tr>
329
+ <tr>
330
+ <th>Don't log signed-in users with publishing access:</th>
331
+ <td><input type="checkbox" id="liveTraf_ignorePublishers" name="liveTraf_ignorePublishers"
332
+ value="1" <?php $w->cb( 'liveTraf_ignorePublishers' ); ?> /></td>
333
+ </tr>
334
+ <tr>
335
+ <th>List of comma separated usernames to ignore:</th>
336
+ <td><input type="text" name="liveTraf_ignoreUsers" id="liveTraf_ignoreUsers"
337
+ value="<?php echo $w->getHTML( 'liveTraf_ignoreUsers' ); ?>"/></td>
338
+ </tr>
339
+ <tr>
340
+ <th>List of comma separated IP addresses to ignore:</th>
341
+ <td><input type="text" name="liveTraf_ignoreIPs" id="liveTraf_ignoreIPs"
342
+ value="<?php echo $w->getHTML( 'liveTraf_ignoreIPs' ); ?>"/></td>
343
+ </tr>
344
+ <tr>
345
+ <th>Browser user-agent to ignore:</th>
346
+ <td><input type="text" name="liveTraf_ignoreUA" id="liveTraf_ignoreUA"
347
+ value="<?php echo $w->getHTML( 'liveTraf_ignoreUA' ); ?>"/></td>
348
+ </tr>
349
+ <tr>
350
+ <td colspan="2">
351
+ <div class="wfMarker" id="wfMarkerScansToInclude"></div>
352
+ <h3 class="wfConfigHeading">Scans to include<a
353
+ href="http://docs.wordfence.com/en/Wordfence_options#Scans_to_Include" target="_blank"
354
+ class="wfhelp"></a></h3></td>
355
+ </tr>
356
+ <?php if ( wfConfig::get( 'isPaid' ) ) { ?>
357
+ <tr>
358
+ <th>Scan public facing site for vulnerabilities?<a
359
+ href="http://docs.wordfence.com/en/Wordfence_options#Scan_public_facing_site"
360
+ target="_blank" class="wfhelp"></a></th>
361
+ <td><input type="checkbox" id="scansEnabled_public" class="wfConfigElem"
362
+ name="scansEnabled_public" value="1" <?php $w->cb( 'scansEnabled_public' ); ?></td>
363
+ </tr>
364
+ <?php } else { ?>
365
+ <tr>
366
+ <th style="color: #F00;">Scan public facing site for vulnerabilities?<a
367
+ href="http://docs.wordfence.com/en/Wordfence_options#Scan_public_facing_site"
368
+ target="_blank" class="wfhelp"></a>(<a
369
+ href="https://www.wordfence.com/wordfence-signup/" target="_blank">Paid members only</a>)
370
+ </th>
371
+ <td><input type="checkbox" id="scansEnabled_public" class="wfConfigElem"
372
+ name="scansEnabled_public" value="1" DISABLED /></td>
373
+ </tr>
374
+ <?php } ?>
375
+ <tr>
376
+ <th>Scan for the HeartBleed vulnerability?<a
377
+ href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_the_HeartBleed_vulnerability"
378
+ target="_blank" class="wfhelp"></a></th>
379
+ <td><input type="checkbox" id="scansEnabled_heartbleed" class="wfConfigElem"
380
+ name="scansEnabled_heartbleed" value="1" <?php $w->cb( 'scansEnabled_heartbleed' ); ?>
381
+ </td>
382
+ </tr>
383
+ <tr>
384
+ <th>Scan core files against repository versions for changes<a
385
+ href="http://docs.wordfence.com/en/Wordfence_options#Scan_core_files_against_repository_version_for_changes"
386
+ target="_blank" class="wfhelp"></a></th>
387
+ <td><input type="checkbox" id="scansEnabled_core" class="wfConfigElem" name="scansEnabled_core"
388
+ value="1" <?php $w->cb( 'scansEnabled_core' ); ?>/></td>
389
+ </tr>
390
+
391
+ <tr>
392
+ <th>Scan theme files against repository versions for changes<a
393
+ href="http://docs.wordfence.com/en/Wordfence_options#Scan_theme_files_against_repository_versions_for_changes"
394
+ target="_blank" class="wfhelp"></a></th>
395
+ <td><input type="checkbox" id="scansEnabled_themes" class="wfConfigElem" name="scansEnabled_themes"
396
+ value="1" <?php $w->cb( 'scansEnabled_themes' ); ?>/></td>
397
+ </tr>
398
+ <tr>
399
+ <th>Scan plugin files against repository versions for changes<a
400
+ href="http://docs.wordfence.com/en/Wordfence_options#Scan_plugin_files_against_repository_versions_for_changes"
401
+ target="_blank" class="wfhelp"></a></th>
402
+ <td><input type="checkbox" id="scansEnabled_plugins" class="wfConfigElem"
403
+ name="scansEnabled_plugins" value="1" <?php $w->cb( 'scansEnabled_plugins' ); ?>/></td>
404
+ </tr>
405
+ <tr>
406
+ <th>Scan for signatures of known malicious files<a
407
+ href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_signatures_of_known_malicious_files"
408
+ target="_blank" class="wfhelp"></a></th>
409
+ <td><input type="checkbox" id="scansEnabled_malware" class="wfConfigElem"
410
+ name="scansEnabled_malware" value="1" <?php $w->cb( 'scansEnabled_malware' ); ?>/></td>
411
+ </tr>
412
+ <tr>
413
+ <th>Scan file contents for backdoors, trojans and suspicious code<a
414
+ href="http://docs.wordfence.com/en/Wordfence_options#Scan_file_contents_for_backdoors.2C_trojans_and_suspicious_code"
415
+ target="_blank" class="wfhelp"></a></th>
416
+ <td><input type="checkbox" id="scansEnabled_fileContents" class="wfConfigElem"
417
+ name="scansEnabled_fileContents"
418
+ value="1" <?php $w->cb( 'scansEnabled_fileContents' ); ?>/></td>
419
+ </tr>
420
+ <tr>
421
+ <th>Scan posts for known dangerous URLs and suspicious content<a
422
+ href="http://docs.wordfence.com/en/Wordfence_options#Scan_posts_for_known_dangerous_URLs_and_suspicious_content"
423
+ target="_blank" class="wfhelp"></a></th>
424
+ <td><input type="checkbox" id="scansEnabled_posts" class="wfConfigElem" name="scansEnabled_posts"
425
+ value="1" <?php $w->cb( 'scansEnabled_posts' ); ?>/></td>
426
+ </tr>
427
+ <tr>
428
+ <th>Scan comments for known dangerous URLs and suspicious content<a
429
+ href="http://docs.wordfence.com/en/Wordfence_options#Scan_comments_for_known_dangerous_URLs_and_suspicious_content"
430
+ target="_blank" class="wfhelp"></a></th>
431
+ <td><input type="checkbox" id="scansEnabled_comments" class="wfConfigElem"
432
+ name="scansEnabled_comments" value="1" <?php $w->cb( 'scansEnabled_comments' ); ?>/></td>
433
+ </tr>
434
+ <tr>
435
+ <th>Scan for out of date plugins, themes and WordPress versions<a
436
+ href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_out_of_date_plugins.2C_themes_and_WordPress_versions"
437
+ target="_blank" class="wfhelp"></a></th>
438
+ <td><input type="checkbox" id="scansEnabled_oldVersions" class="wfConfigElem"
439
+ name="scansEnabled_oldVersions"
440
+ value="1" <?php $w->cb( 'scansEnabled_oldVersions' ); ?>/></td>
441
+ </tr>
442
+ <tr>
443
+ <th>Check the strength of passwords<a
444
+ href="http://docs.wordfence.com/en/Wordfence_options#Check_the_strength_of_passwords"
445
+ target="_blank" class="wfhelp"></a></th>
446
+ <td><input type="checkbox" id="scansEnabled_passwds" class="wfConfigElem"
447
+ name="scansEnabled_passwds" value="1" <?php $w->cb( 'scansEnabled_passwds' ); ?>/></td>
448
+ </tr>
449
+ <tr>
450
+ <th>Scan options table<a href="http://docs.wordfence.com/en/Wordfence_options#Scan_options_table"
451
+ target="_blank" class="wfhelp"></a></th>
452
+ <td><input type="checkbox" id="scansEnabled_options" class="wfConfigElem"
453
+ name="scansEnabled_options" value="1" <?php $w->cb( 'scansEnabled_options' ); ?>/></td>
454
+ </tr>
455
+ <tr>
456
+ <th>Monitor disk space<a href="http://docs.wordfence.com/en/Wordfence_options#Monitor_disk_space"
457
+ target="_blank" class="wfhelp"></a></th>
458
+ <td><input type="checkbox" id="scansEnabled_diskSpace" class="wfConfigElem"
459
+ name="scansEnabled_diskSpace" value="1" <?php $w->cb( 'scansEnabled_diskSpace' ); ?>/>
460
+ </td>
461
+ </tr>
462
+ <tr>
463
+ <th>Scan for unauthorized DNS changes<a
464
+ href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_unauthorized_DNS_changes"
465
+ target="_blank" class="wfhelp"></a></th>
466
+ <td><input type="checkbox" id="scansEnabled_dns" class="wfConfigElem" name="scansEnabled_dns"
467
+ value="1" <?php $w->cb( 'scansEnabled_dns' ); ?>/></td>
468
+ </tr>
469
+ <tr>
470
+ <th>Scan files outside your WordPress installation<a
471
+ href="http://docs.wordfence.com/en/Wordfence_options#Scan_files_outside_your_WordPress_installation"
472
+ target="_blank" class="wfhelp"></a></th>
473
+ <td><input type="checkbox" id="other_scanOutside" class="wfConfigElem" name="other_scanOutside"
474
+ value="1" <?php $w->cb( 'other_scanOutside' ); ?> /></td>
475
+ </tr>
476
+ <tr>
477
+ <th>Scan image files as if they were executable<a
478
+ href="http://docs.wordfence.com/en/Wordfence_options#Scan_image_files_as_if_they_were_executable"
479
+ target="_blank" class="wfhelp"></a></th>
480
+ <td><input type="checkbox" id="scansEnabled_scanImages" class="wfConfigElem"
481
+ name="scansEnabled_scanImages" value="1" <?php $w->cb( 'scansEnabled_scanImages' ); ?> />
482
+ </td>
483
+ </tr>
484
+ <tr>
485
+ <th>Enable HIGH SENSITIVITY scanning. May give false positives.<a
486
+ href="http://docs.wordfence.com/en/Wordfence_options#Enable_HIGH_SENSITIVITY_scanning"
487
+ target="_blank" class="wfhelp"></a></th>
488
+ <td><input type="checkbox" id="scansEnabled_highSense" class="wfConfigElem"
489
+ name="scansEnabled_highSense" value="1" <?php $w->cb( 'scansEnabled_highSense' ); ?> />
490
+ </td>
491
+ </tr>
492
+ <tr>
493
+ <th>Exclude files from scan that match these wildcard patterns. Comma separated.<a
494
+ href="http://docs.wordfence.com/en/Wordfence_options#Exclude_files_from_scan_that_match_these_wildcard_patterns."
495
+ target="_blank" class="wfhelp"></a></th>
496
+ <td><input type="text" id="scan_exclude" class="wfConfigElem" name="scan_exclude" size="20"
497
+ value="<?php echo $w->getHTML( 'scan_exclude' ); ?>"/>e.g. *.sql,*.tar,backup*.zip
498
+ </td>
499
+ </tr>
500
+ <tr>
501
+ <td colspan="2">
502
+ <div class="wfMarker" id="wfMarkerFirewallRules"></div>
503
+ <h3 class="wfConfigHeading">Firewall Rules<a
504
+ href="http://docs.wordfence.com/en/Wordfence_options#Firewall_Rules" target="_blank"
505
+ class="wfhelp"></a></h3>
506
+ </td>
507
+ </tr>
508
+ <tr>
509
+ <th>Immediately block fake Google crawlers:<a
510
+ href="http://docs.wordfence.com/en/Wordfence_options#Immediately_block_fake_Google_crawlers:"
511
+ target="_blank" class="wfhelp"></a></th>
512
+ <td><input type="checkbox" id="blockFakeBots" class="wfConfigElem" name="blockFakeBots"
513
+ value="1" <?php $w->cb( 'blockFakeBots' ); ?>/></td>
514
+ </tr>
515
+ <tr>
516
+ <th>How should we treat Google's crawlers<a
517
+ href="http://docs.wordfence.com/en/Wordfence_options#How_should_we_treat_Google.27s_crawlers"
518
+ target="_blank" class="wfhelp"></a></th>
519
+ <td>
520
+ <select id="neverBlockBG" class="wfConfigElem" name="neverBlockBG">
521
+ <option value="neverBlockVerified"<?php $w->sel( 'neverBlockBG', 'neverBlockVerified' ); ?>>
522
+ Verified Google crawlers have unlimited access to this site
523
+ </option>
524
+ <option value="neverBlockUA"<?php $w->sel( 'neverBlockBG', 'neverBlockUA' ); ?>>Anyone
525
+ claiming to be Google has unlimited access
526
+ </option>
527
+ <option
528
+ value="treatAsOtherCrawlers"<?php $w->sel( 'neverBlockBG', 'treatAsOtherCrawlers' ); ?>>
529
+ Treat Google like any other Crawler
530
+ </option>
531
+ </select></td>
532
+ </tr>
533
+ <tr>
534
+ <th>If anyone's requests exceed:<a
535
+ href="http://docs.wordfence.com/en/Wordfence_options#If_anyone.27s_requests_exceed:"
536
+ target="_blank" class="wfhelp"></a></th>
537
+ <td><?php $rateName = 'maxGlobalRequests';
538
+ require( 'wfRate.php' ); ?> then <?php $throtName = 'maxGlobalRequests_action';
539
+ require( 'wfAction.php' ); ?></td>
540
+ </tr>
541
+ <tr>
542
+ <th>If a crawler's page views exceed:<a
543
+ href="http://docs.wordfence.com/en/Wordfence_options#If_a_crawler.27s_page_views_exceed"
544
+ target="_blank" class="wfhelp"></a></th>
545
+ <td><?php $rateName = 'maxRequestsCrawlers';
546
+ require( 'wfRate.php' ); ?> then <?php $throtName = 'maxRequestsCrawlers_action';
547
+ require( 'wfAction.php' ); ?></td>
548
+ </tr>
549
+ <tr>
550
+ <th>If a crawler's pages not found (404s) exceed:<a
551
+ href="http://docs.wordfence.com/en/Wordfence_options#If_a_crawler.27s_pages_not_found_.28404s.29_exceed"
552
+ target="_blank" class="wfhelp"></a></th>
553
+ <td><?php $rateName = 'max404Crawlers';
554
+ require( 'wfRate.php' ); ?> then <?php $throtName = 'max404Crawlers_action';
555
+ require( 'wfAction.php' ); ?></td>
556
+ </tr>
557
+ <tr>
558
+ <th>If a human's page views exceed:<a
559
+ href="http://docs.wordfence.com/en/Wordfence_options#If_a_human.27s_page_views_exceed"
560
+ target="_blank" class="wfhelp"></a></th>
561
+ <td><?php $rateName = 'maxRequestsHumans';
562
+ require( 'wfRate.php' ); ?> then <?php $throtName = 'maxRequestsHumans_action';
563
+ require( 'wfAction.php' ); ?></td>
564
+ </tr>
565
+ <tr>
566
+ <th>If a human's pages not found (404s) exceed:<a
567
+ href="http://docs.wordfence.com/en/Wordfence_options#If_a_human.27s_pages_not_found_.28404s.29_exceed"
568
+ target="_blank" class="wfhelp"></a></th>
569
+ <td><?php $rateName = 'max404Humans';
570
+ require( 'wfRate.php' ); ?> then <?php $throtName = 'max404Humans_action';
571
+ require( 'wfAction.php' ); ?></td>
572
+ </tr>
573
+ <tr>
574
+ <th>If 404's for known vulnerable URL's exceed:<a
575
+ href="http://docs.wordfence.com/en/Wordfence_options#If_404.27s_for_known_vulnerable_URL.27s_exceed"
576
+ target="_blank" class="wfhelp"></a></th>
577
+ <td><?php $rateName = 'maxScanHits';
578
+ require( 'wfRate.php' ); ?> then <?php $throtName = 'maxScanHits_action';
579
+ require( 'wfAction.php' ); ?></td>
580
+ </tr>
581
+ <tr>
582
+ <th>How long is an IP address blocked when it breaks a rule:<a
583
+ href="http://docs.wordfence.com/en/Wordfence_options#How_long_is_an_IP_address_blocked_when_it_breaks_a_rule"
584
+ target="_blank" class="wfhelp"></a></th>
585
+ <td>
586
+ <select id="blockedTime" class="wfConfigElem" name="blockedTime">
587
+ <option value="60"<?php $w->sel( 'blockedTime', '60' ); ?>>1 minute</option>
588
+ <option value="300"<?php $w->sel( 'blockedTime', '300' ); ?>>5 minutes</option>
589
+ <option value="1800"<?php $w->sel( 'blockedTime', '1800' ); ?>>30 minutes</option>
590
+ <option value="3600"<?php $w->sel( 'blockedTime', '3600' ); ?>>1 hour</option>
591
+ <option value="7200"<?php $w->sel( 'blockedTime', '7200' ); ?>>2 hours</option>
592
+ <option value="21600"<?php $w->sel( 'blockedTime', '21600' ); ?>>6 hours</option>
593
+ <option value="43200"<?php $w->sel( 'blockedTime', '43200' ); ?>>12 hours</option>
594
+ <option value="86400"<?php $w->sel( 'blockedTime', '86400' ); ?>>1 day</option>
595
+ <option value="172800"<?php $w->sel( 'blockedTime', '172800' ); ?>>2 days</option>
596
+ <option value="432000"<?php $w->sel( 'blockedTime', '432000' ); ?>>5 days</option>
597
+ <option value="864000"<?php $w->sel( 'blockedTime', '864000' ); ?>>10 days</option>
598
+ <option value="2592000"<?php $w->sel( 'blockedTime', '2592000' ); ?>>1 month</option>
599
+ </select></td>
600
+ </tr>
601
+
602
+ <tr>
603
+ <td colspan="2">
604
+ <div class="wfMarker" id="wfMarkerLoginSecurity"></div>
605
+ <h3 class="wfConfigHeading">Login Security Options<a
606
+ href="http://docs.wordfence.com/en/Wordfence_options#Login_Security_Options"
607
+ target="_blank" class="wfhelp"></a></h3>
608
+ </td>
609
+ </tr>
610
+ <tr>
611
+ <th>Enforce strong passwords?<a
612
+ href="http://docs.wordfence.com/en/Wordfence_options#Enforce_strong_passwords.3F"
613
+ target="_blank" class="wfhelp"></a></th>
614
+ <td>
615
+ <select class="wfConfigElem" id="loginSec_strongPasswds" name="loginSec_strongPasswds">
616
+ <option value="">Do not force users to use strong passwords</option>
617
+ <option value="pubs"<?php $w->sel( 'loginSec_strongPasswds', 'pubs' ); ?>>Force admins and
618
+ publishers to use strong passwords (recommended)
619
+ </option>
620
+ <option value="all"<?php $w->sel( 'loginSec_strongPasswds', 'all' ); ?>>Force all members to
621
+ use strong passwords
622
+ </option>
623
+ </select>
624
+ <tr>
625
+ <th>Lock out after how many login failures<a
626
+ href="http://docs.wordfence.com/en/Wordfence_options#Lock_out_after_how_many_login_failures"
627
+ target="_blank" class="wfhelp"></a></th>
628
+ <td>
629
+ <select id="loginSec_maxFailures" class="wfConfigElem" name="loginSec_maxFailures">
630
+ <option value="1"<?php $w->sel( 'loginSec_maxFailures', '1' ); ?>>1</option>
631
+ <option value="2"<?php $w->sel( 'loginSec_maxFailures', '2' ); ?>>2</option>
632
+ <option value="3"<?php $w->sel( 'loginSec_maxFailures', '3' ); ?>>3</option>
633
+ <option value="4"<?php $w->sel( 'loginSec_maxFailures', '4' ); ?>>4</option>
634
+ <option value="5"<?php $w->sel( 'loginSec_maxFailures', '5' ); ?>>5</option>
635
+ <option value="6"<?php $w->sel( 'loginSec_maxFailures', '6' ); ?>>6</option>
636
+ <option value="7"<?php $w->sel( 'loginSec_maxFailures', '7' ); ?>>7</option>
637
+ <option value="8"<?php $w->sel( 'loginSec_maxFailures', '8' ); ?>>8</option>
638
+ <option value="9"<?php $w->sel( 'loginSec_maxFailures', '9' ); ?>>9</option>
639
+ <option value="10"<?php $w->sel( 'loginSec_maxFailures', '10' ); ?>>10</option>
640
+ <option value="20"<?php $w->sel( 'loginSec_maxFailures', '20' ); ?>>20</option>
641
+ <option value="30"<?php $w->sel( 'loginSec_maxFailures', '30' ); ?>>30</option>
642
+ <option value="40"<?php $w->sel( 'loginSec_maxFailures', '40' ); ?>>40</option>
643
+ <option value="50"<?php $w->sel( 'loginSec_maxFailures', '50' ); ?>>50</option>
644
+ <option value="100"<?php $w->sel( 'loginSec_maxFailures', '100' ); ?>>100</option>
645
+ <option value="200"<?php $w->sel( 'loginSec_maxFailures', '200' ); ?>>200</option>
646
+ <option value="500"<?php $w->sel( 'loginSec_maxFailures', '500' ); ?>>500</option>
647
+ </select>
648
+ </td>
649
+ </tr>
650
+ <tr>
651
+ <th>Lock out after how many forgot password attempts<a
652
+ href="http://docs.wordfence.com/en/Wordfence_options#Lock_out_after_how_many_forgot_password_attempts"
653
+ target="_blank" class="wfhelp"></a></th>
654
+ <td>
655
+ <select id="loginSec_maxForgotPasswd" class="wfConfigElem" name="loginSec_maxForgotPasswd">
656
+ <option value="1"<?php $w->sel( 'loginSec_maxForgotPasswd', '1' ); ?>>1</option>
657
+ <option value="2"<?php $w->sel( 'loginSec_maxForgotPasswd', '2' ); ?>>2</option>
658
+ <option value="3"<?php $w->sel( 'loginSec_maxForgotPasswd', '3' ); ?>>3</option>
659
+ <option value="4"<?php $w->sel( 'loginSec_maxForgotPasswd', '4' ); ?>>4</option>
660
+ <option value="5"<?php $w->sel( 'loginSec_maxForgotPasswd', '5' ); ?>>5</option>
661
+ <option value="6"<?php $w->sel( 'loginSec_maxForgotPasswd', '6' ); ?>>6</option>
662
+ <option value="7"<?php $w->sel( 'loginSec_maxForgotPasswd', '7' ); ?>>7</option>
663
+ <option value="8"<?php $w->sel( 'loginSec_maxForgotPasswd', '8' ); ?>>8</option>
664
+ <option value="9"<?php $w->sel( 'loginSec_maxForgotPasswd', '9' ); ?>>9</option>
665
+ <option value="10"<?php $w->sel( 'loginSec_maxForgotPasswd', '10' ); ?>>10</option>
666
+ <option value="20"<?php $w->sel( 'loginSec_maxForgotPasswd', '20' ); ?>>20</option>
667
+ <option value="30"<?php $w->sel( 'loginSec_maxForgotPasswd', '30' ); ?>>30</option>
668
+ <option value="40"<?php $w->sel( 'loginSec_maxForgotPasswd', '40' ); ?>>40</option>
669
+ <option value="50"<?php $w->sel( 'loginSec_maxForgotPasswd', '50' ); ?>>50</option>
670
+ <option value="100"<?php $w->sel( 'loginSec_maxForgotPasswd', '100' ); ?>>100</option>
671
+ <option value="200"<?php $w->sel( 'loginSec_maxForgotPasswd', '200' ); ?>>200</option>
672
+ <option value="500"<?php $w->sel( 'loginSec_maxForgotPasswd', '500' ); ?>>500</option>
673
+ </select>
674
+ </td>
675
+ </tr>
676
+ <tr>
677
+ <th>Count failures over what time period<a
678
+ href="http://docs.wordfence.com/en/Wordfence_options#Count_failures_over_what_time_period"
679
+ target="_blank" class="wfhelp"></a></th>
680
+ <td>
681
+ <select id="loginSec_countFailMins" class="wfConfigElem" name="loginSec_countFailMins">
682
+ <option value="5"<?php $w->sel( 'loginSec_countFailMins', '5' ); ?>>5 minutes</option>
683
+ <option value="10"<?php $w->sel( 'loginSec_countFailMins', '10' ); ?>>10 minutes</option>
684
+ <option value="30"<?php $w->sel( 'loginSec_countFailMins', '30' ); ?>>30 minutes</option>
685
+ <option value="60"<?php $w->sel( 'loginSec_countFailMins', '60' ); ?>>1 hour</option>
686
+ <option value="120"<?php $w->sel( 'loginSec_countFailMins', '120' ); ?>>2 hours</option>
687
+ <option value="360"<?php $w->sel( 'loginSec_countFailMins', '360' ); ?>>6 hours</option>
688
+ <option value="720"<?php $w->sel( 'loginSec_countFailMins', '720' ); ?>>12 hours</option>
689
+ <option value="1440"<?php $w->sel( 'loginSec_countFailMins', '1440' ); ?>>1 day</option>
690
+ </select>
691
+ </td>
692
+ </tr>
693
+ <tr>
694
+ <th>Amount of time a user is locked out<a
695
+ href="http://docs.wordfence.com/en/Wordfence_options#Amount_of_time_a_user_is_locked_out"
696
+ target="_blank" class="wfhelp"></a></th>
697
+ <td>
698
+ <select id="loginSec_lockoutMins" class="wfConfigElem" name="loginSec_lockoutMins">
699
+ <option value="5"<?php $w->sel( 'loginSec_lockoutMins', '5' ); ?>>5 minutes</option>
700
+ <option value="10"<?php $w->sel( 'loginSec_lockoutMins', '10' ); ?>>10 minutes</option>
701
+ <option value="30"<?php $w->sel( 'loginSec_lockoutMins', '30' ); ?>>30 minutes</option>
702
+ <option value="60"<?php $w->sel( 'loginSec_lockoutMins', '60' ); ?>>1 hour</option>
703
+ <option value="120"<?php $w->sel( 'loginSec_lockoutMins', '120' ); ?>>2 hours</option>
704
+ <option value="360"<?php $w->sel( 'loginSec_lockoutMins', '360' ); ?>>6 hours</option>
705
+ <option value="720"<?php $w->sel( 'loginSec_lockoutMins', '720' ); ?>>12 hours</option>
706
+ <option value="1440"<?php $w->sel( 'loginSec_lockoutMins', '1440' ); ?>>1 day</option>
707
+ <option value="2880"<?php $w->sel( 'loginSec_lockoutMins', '2880' ); ?>>2 days</option>
708
+ <option value="7200"<?php $w->sel( 'loginSec_lockoutMins', '7200' ); ?>>5 days</option>
709
+ <option value="14400"<?php $w->sel( 'loginSec_lockoutMins', '14400' ); ?>>10 days</option>
710
+ <option value="28800"<?php $w->sel( 'loginSec_lockoutMins', '28800' ); ?>>20 days</option>
711
+ <option value="43200"<?php $w->sel( 'loginSec_lockoutMins', '43200' ); ?>>30 days</option>
712
+ <option value="86400"<?php $w->sel( 'loginSec_lockoutMins', '86400' ); ?>>60 days</option>
713
+ </select>
714
+ </td>
715
+ </tr>
716
+ <tr>
717
+ <th>Immediately lock out invalid usernames<a
718
+ href="http://docs.wordfence.com/en/Wordfence_options#Immediately_lock_out_invalid_usernames"
719
+ target="_blank" class="wfhelp"></a></th>
720
+ <td><input type="checkbox" id="loginSec_lockInvalidUsers" class="wfConfigElem"
721
+ name="loginSec_lockInvalidUsers" <?php $w->cb( 'loginSec_lockInvalidUsers' ); ?> /></td>
722
+ </tr>
723
+ <tr>
724
+ <th>Don't let WordPress reveal valid users in login errors<a
725
+ href="http://docs.wordfence.com/en/Wordfence_options#Don.27t_let_WordPress_reveal_valid_users_in_login_errors"
726
+ target="_blank" class="wfhelp"></a></th>
727
+ <td><input type="checkbox" id="loginSec_maskLoginErrors" class="wfConfigElem"
728
+ name="loginSec_maskLoginErrors" <?php $w->cb( 'loginSec_maskLoginErrors' ); ?> /></td>
729
+ </tr>
730
+ <tr>
731
+ <th>Prevent users registering 'admin' username if it doesn't exist<a
732
+ href="http://docs.wordfence.com/en/Wordfence_options#Prevent_users_registering_.27admin.27_username_if_it_doesn.27t_exist"
733
+ target="_blank" class="wfhelp"></a></th>
734
+ <td><input type="checkbox" id="loginSec_blockAdminReg" class="wfConfigElem"
735
+ name="loginSec_blockAdminReg" <?php $w->cb( 'loginSec_blockAdminReg' ); ?> /></td>
736
+ </tr>
737
+ <tr>
738
+ <th>Prevent discovery of usernames through '?/author=N' scans<a
739
+ href="http://docs.wordfence.com/en/Wordfence_options#Prevent_discovery_of_usernames_through_.27.3F.2Fauthor.3DN.27_scans"
740
+ target="_blank" class="wfhelp"></a></th>
741
+ <td><input type="checkbox" id="loginSec_disableAuthorScan" class="wfConfigElem"
742
+ name="loginSec_disableAuthorScan" <?php $w->cb( 'loginSec_disableAuthorScan' ); ?> />
743
+ </td>
744
+ </tr>
745
+ <tr>
746
+ <th>Immediately block the IP of users who try to sign in as these usernames<a
747
+ href="http://docs.wordfence.com/en/Wordfence_options#Immediately_block_the_IP_of_users_who_try_to_sign_in_as_these_usernames"
748
+ target="_blank" class="wfhelp"></a></th>
749
+ <td><input type="text" name="loginSec_userBlacklist" id="loginSec_userBlacklist"
750
+ value="<?php echo $w->getHTML( 'loginSec_userBlacklist' ); ?>" size="40"/>&nbsp;(Comma
751
+ separated. Existing users won't be blocked.)
752
+ </td>
753
+ </tr>
754
+ <tr>
755
+ <td colspan="2">
756
+ <div class="wfMarker" id="wfMarkerOtherOptions"></div>
757
+ <h3 class="wfConfigHeading">Other Options<a
758
+ href="http://docs.wordfence.com/en/Wordfence_options#Other_Options" target="_blank"
759
+ class="wfhelp"></a></h3>
760
+ </td>
761
+ </tr>
762
+
763
+ <tr>
764
+ <th>Whitelisted IP addresses that bypass all rules:<a
765
+ href="http://docs.wordfence.com/en/Wordfence_options#Whitelisted_IP_addresses_that_bypass_all_rules"
766
+ target="_blank" class="wfhelp"></a></th>
767
+ <td><input type="text" name="whitelisted" id="whitelisted"
768
+ value="<?php echo $w->getHTML( 'whitelisted' ); ?>" size="40"/></td>
769
+ </tr>
770
+ <tr>
771
+ <th colspan="2" style="color: #999;">Whitelisted IP's must be separated by commas. You can specify
772
+ ranges using the following format: 123.23.34.[1-50]<br/>Wordfence automatically whitelists <a
773
+ href="http://en.wikipedia.org/wiki/Private_network" target="_blank">private networks</a>
774
+ because these are not routable on the public Internet.<br/><br/></th>
775
+ </tr>
776
+
777
+ <tr>
778
+ <th>Immediately block IP's that access these URLs:<a
779
+ href="http://docs.wordfence.com/en/Wordfence_options#Immediately_block_IP.27s_that_access_these_URLs"
780
+ target="_blank" class="wfhelp"></a></th>
781
+ <td><input type="text" name="bannedURLs" id="bannedURLs"
782
+ value="<?php echo $w->getHTML( 'bannedURLs' ); ?>" size="40"/></td>
783
+ </tr>
784
+ <tr>
785
+ <th colspan="2" style="color: #999;">Separate multiple URL's with commas. If you see an attacker
786
+ repeatedly probing your site for a known vulnerability you can use this to immediately block
787
+ them.<br/>
788
+ All URL's must start with a '/' without quotes and must be relative. e.g. /badURLone/,
789
+ /bannedPage.html, /dont-access/this/URL/
790
+ <br/><br/></th>
791
+ </tr>
792
+
793
+ <tr>
794
+ <th>Hide WordPress version<a
795
+ href="http://docs.wordfence.com/en/Wordfence_options#Hide_WordPress_version" target="_blank"
796
+ class="wfhelp"></a></th>
797
+ <td><input type="checkbox" id="other_hideWPVersion" class="wfConfigElem" name="other_hideWPVersion"
798
+ value="1" <?php $w->cb( 'other_hideWPVersion' ); ?> /></td>
799
+ </tr>
800
+ <tr>
801
+ <th>Block IP's who send POST requests with blank User-Agent and Referer<a
802
+ href="http://docs.wordfence.com/en/Wordfence_options#Block_IP.27s_who_send_POST_requests_with_blank_User-Agent_and_Referer" target="_blank"
803
+ class="wfhelp"></a></th>
804
+ <td><input type="checkbox" id="other_blockBadPOST" class="wfConfigElem" name="other_blockBadPOST"
805
+ value="1" <?php $w->cb( 'other_blockBadPOST' ); ?> /></td>
806
+ </tr>
807
+ <tr>
808
+ <th>Hold anonymous comments using member emails for moderation<a
809
+ href="http://docs.wordfence.com/en/Wordfence_options#Hold_anonymous_comments_using_member_emails_for_moderation"
810
+ target="_blank" class="wfhelp"></a></th>
811
+ <td><input type="checkbox" id="other_noAnonMemberComments" class="wfConfigElem"
812
+ name="other_noAnonMemberComments"
813
+ value="1" <?php $w->cb( 'other_noAnonMemberComments' ); ?> /></td>
814
+ </tr>
815
+ <tr>
816
+ <th>Filter comments for malware and phishing URL's<a
817
+ href="http://docs.wordfence.com/en/Wordfence_options#Filter_comments_for_malware_and_phishing_URL.27s"
818
+ target="_blank" class="wfhelp"></a></th>
819
+ <td><input type="checkbox" id="other_scanComments" class="wfConfigElem" n