Version Description
- Feature: You can now block POST requests to your WordPress site that have an empty User-Agent and Referer header. This is a common pattern among badly written brute force bots.
- Feature: Added cron viewer at bottom of Wordfence options page. The plugin we were using to help diagnose customer issues is broken. Use this instead.
- Feature: Added DB table viewer at bottom of Wordfence options page. This is a read-only utility to view table names and detailed status. Also for customer diagnostic purposes.
- Improvement: Code cleanup after in-depth code analysis. Removed unused functions and variables and re-indented selected code.
- Fix: Fixed issue that appeared after last release where raw HTML tags were appearing in email alerts.
- Fix: Tour behaved inconsistently under some conditions. Fixed.
- Fix: Mismatched HTML tags in some presentation code. Fixed.
- Fix: When fetching theme list the interator had the same name as the array. Fixed.
- Fix: Detection for malware URLs in comments had a partial description in the issue. Was being overwritten when it should have been appended. Fixed.
- Fix: Check if dns_get_record() exists before using it to avoid warnings.
- Fix: If you have the wordfence security network disabled, the _wfVulnScanners table may have grown indefinitely. Fixed so it's regularly truncated.
- Fix: wordfence::getLog() was private and should be public. Fixed.
- Fix: Removed warning about wfsf not being an element of GET params. Usually hidden, but in case something checks errorget_last()
Download this release
Release Info
Developer | mmaunder |
Plugin | Wordfence Security – Firewall & Malware Scan |
Version | 5.3.6 |
Comparing to | |
See all releases |
Code changes from version 5.3.5 to 5.3.6
- js/admin.js +51 -63
- js/tourTip.js +18 -4
- lib/Diff/SequenceMatcher.php +0 -50
- lib/IPTraf.php +1 -1
- lib/conntest.php +1 -1
- lib/cronview.php +30 -0
- lib/dbview.php +31 -0
- lib/diffResult.php +1 -1
- lib/email_genericAlert.php +14 -14
- lib/menu_options.php +1114 -375
- lib/menu_scan.php +4 -4
- lib/menu_sitePerfStats.php +1 -1
- lib/sysinfo.php +1 -1
- lib/wfAPI.php +1 -3
- lib/wfCache.php +1 -2
- lib/wfConfig.php +5 -4
- lib/wfCrawl.php +0 -1
- lib/wfDB.php +0 -6
- lib/wfIssues.php +0 -2
- lib/wfLog.php +5 -14
- lib/wfScan.php +0 -2
- lib/wfScanEngine.php +10 -19
- lib/wfUtils.php +3 -6
- lib/wfViewResult.php +1 -1
- lib/wordfenceClass.php +27 -22
- lib/wordfenceHash.php +0 -1
- lib/wordfenceScanner.php +0 -14
- lib/wordfenceURLHoover.php +0 -2
- readme.txt +17 -2
- wordfence.php +3 -2
js/admin.js
CHANGED
@@ -11,7 +11,6 @@ window['wordfenceAdmin'] = {
|
|
11 |
iconErrorMsgs: [],
|
12 |
scanIDLoaded: 0,
|
13 |
colorboxQueue: [],
|
14 |
-
colorboxOpen: false,
|
15 |
mode: '',
|
16 |
visibleIssuesPanel: 'new',
|
17 |
preFirstScanMsgsLoaded: false,
|
@@ -35,11 +34,15 @@ window['wordfenceAdmin'] = {
|
|
35 |
countryCodesToSave: "",
|
36 |
performanceScale: 3,
|
37 |
performanceMinWidth: 20,
|
|
|
|
|
38 |
init: function(){
|
39 |
this.nonce = WordfenceAdminVars.firstNonce;
|
40 |
this.debugOn = WordfenceAdminVars.debugOn == '1' ? true : false;
|
41 |
this.tourClosed = WordfenceAdminVars.tourClosed == '1' ? true : false;
|
|
|
42 |
var startTicker = false;
|
|
|
43 |
if(jQuery('#wordfenceMode_scan').length > 0){
|
44 |
this.mode = 'scan';
|
45 |
jQuery('#wfALogViewLink').prop('href', WordfenceAdminVars.siteBaseURL + '?_wfsf=viewActivityLog&nonce=' + this.nonce);
|
@@ -48,13 +51,12 @@ window['wordfenceAdmin'] = {
|
|
48 |
this.noScanHTML = jQuery('#wfNoScanYetTmpl').tmpl().html();
|
49 |
this.loadIssues();
|
50 |
this.startActivityLogUpdates();
|
51 |
-
if(
|
52 |
this.scanTourStart();
|
53 |
}
|
54 |
} else if(jQuery('#wordfenceMode_activity').length > 0){
|
55 |
this.mode = 'activity';
|
56 |
-
|
57 |
-
this.setupSwitches('wfLiveTrafficOnOff', 'liveTrafficEnabled', function(){});
|
58 |
jQuery('#wfLiveTrafficOnOff').change(function(){
|
59 |
if(/^(?:falcon|php)$/.test(WordfenceAdminVars.cacheType) ){
|
60 |
jQuery('#wfLiveTrafficOnOff').attr('checked', false);
|
@@ -71,8 +73,7 @@ window['wordfenceAdmin'] = {
|
|
71 |
this.switchTab(jQuery('#wfLoginLogoutTab'), 'wfTab1', 'wfDataPanel', 'wfActivity_loginLogout', function(){ WFAD.activityTabChanged(); });
|
72 |
}
|
73 |
startTicker = true;
|
74 |
-
if(
|
75 |
-
var self = this;
|
76 |
this.tour('wfWelcomeContent3', 'wfHeading', 'top', 'left', "Learn about Site Performance", function(){ self.tourRedir('WordfenceSitePerf'); });
|
77 |
}
|
78 |
} else if(jQuery('#wordfenceMode_options').length > 0){
|
@@ -80,9 +81,8 @@ window['wordfenceAdmin'] = {
|
|
80 |
jQuery('.wfConfigElem').change(function(){ jQuery('#securityLevel').val('CUSTOM'); });
|
81 |
this.updateTicker(true);
|
82 |
startTicker = true;
|
83 |
-
if(
|
84 |
-
|
85 |
-
this.tour('wfContentBasicOptions', 'wfMarkerBasicOptions', 'top', 'left', "Learn about Live Traffic Options", function(){
|
86 |
self.tour('wfContentLiveTrafficOptions', 'wfMarkerLiveTrafficOptions', 'bottom', 'left', "Learn about Scanning Options", function(){
|
87 |
self.tour('wfContentScansToInclude', 'wfMarkerScansToInclude', 'bottom', 'left', "Learn about Firewall Rules", function(){
|
88 |
self.tour('wfContentFirewallRules', 'wfMarkerFirewallRules', 'bottom', 'left', "Learn about Login Security", function(){
|
@@ -99,15 +99,13 @@ window['wordfenceAdmin'] = {
|
|
99 |
this.staticTabChanged();
|
100 |
this.updateTicker(true);
|
101 |
startTicker = true;
|
102 |
-
if(
|
103 |
-
var self = this;
|
104 |
this.tour('wfWelcomeContent4', 'wfHeading', 'top', 'left', "Learn about Cellphone Sign-in", function(){ self.tourRedir('WordfenceTwoFactor'); });
|
105 |
}
|
106 |
} else if(jQuery('#wordfenceMode_twoFactor').length > 0){
|
107 |
this.mode = 'twoFactor';
|
108 |
startTicker = false;
|
109 |
-
if(
|
110 |
-
var self = this;
|
111 |
this.tour('wfWelcomeTwoFactor', 'wfHeading', 'top', 'left', "Learn how to Block Countries", function(){ self.tourRedir('WordfenceCountryBlocking'); });
|
112 |
}
|
113 |
this.loadTwoFactor();
|
@@ -115,15 +113,13 @@ window['wordfenceAdmin'] = {
|
|
115 |
} else if(jQuery('#wordfenceMode_countryBlocking').length > 0){
|
116 |
this.mode = 'countryBlocking';
|
117 |
startTicker = false;
|
118 |
-
if(
|
119 |
-
var self = this;
|
120 |
this.tour('wfWelcomeContentCntBlk', 'wfHeading', 'top', 'left', "Learn how to Schedule Scans", function(){ self.tourRedir('WordfenceScanSchedule'); });
|
121 |
}
|
122 |
} else if(jQuery('#wordfenceMode_rangeBlocking').length > 0){
|
123 |
this.mode = 'rangeBlocking';
|
124 |
startTicker = false;
|
125 |
-
if(
|
126 |
-
var self = this;
|
127 |
this.tour('wfWelcomeContentRangeBlocking', 'wfHeading', 'top', 'left', "Learn how to Customize Wordfence", function(){ self.tourRedir('WordfenceSecOpt'); });
|
128 |
}
|
129 |
this.calcRangeTotal();
|
@@ -131,8 +127,7 @@ window['wordfenceAdmin'] = {
|
|
131 |
} else if(jQuery('#wordfenceMode_whois').length > 0){
|
132 |
this.mode = 'whois';
|
133 |
startTicker = false;
|
134 |
-
if(
|
135 |
-
var self = this;
|
136 |
this.tour('wfWelcomeContentWhois', 'wfHeading', 'top', 'left', "Learn how to use Advanced Blocking", function(){ self.tourRedir('WordfenceRangeBlocking'); });
|
137 |
}
|
138 |
this.calcRangeTotal();
|
@@ -142,34 +137,20 @@ window['wordfenceAdmin'] = {
|
|
142 |
this.mode = 'scanScheduling';
|
143 |
startTicker = false;
|
144 |
this.sched_modeChange();
|
145 |
-
if(
|
146 |
-
var self = this;
|
147 |
this.tour('wfWelcomeContentScanSched', 'wfHeading', 'top', 'left', "Learn about WHOIS", function(){ self.tourRedir('WordfenceWhois'); });
|
148 |
}
|
149 |
} else if(jQuery('#wordfenceMode_caching').length > 0){
|
150 |
this.mode = 'caching';
|
151 |
startTicker = false;
|
152 |
-
if(
|
153 |
-
var self = this;
|
154 |
this.tour('wfWelcomeContentCaching', 'wfHeading', 'top', 'left', "Learn about IP Blocking", function(){ self.tourRedir('WordfenceBlockedIPs'); });
|
155 |
}
|
156 |
this.loadCacheExclusions();
|
157 |
-
// } else if(jQuery('#wordfenceMode_perfStats').length > 0){
|
158 |
-
// var self = this;
|
159 |
-
// this.loadAvgSitePerf();
|
160 |
-
// this.setupSwitches('wfPerfOnOff', 'perfLoggingEnabled', function(){});
|
161 |
-
// jQuery('#wfPerfOnOff').change(function(){ self.updateSwitch('wfPerfOnOff', 'perfLoggingEnabled', function(){}); });
|
162 |
-
// this.mode = 'perfStats';
|
163 |
-
// startTicker = true;
|
164 |
-
// if(! this.tourClosed){
|
165 |
-
// var self = this;
|
166 |
-
// this.tour('wfWelcomeContentCaching', 'wfHeading', 'top', 'left', "Learn about IP Blocking", function(){ self.tourRedir('WordfenceBlockedIPs'); });
|
167 |
-
// }
|
168 |
} else {
|
169 |
this.mode = false;
|
170 |
}
|
171 |
if(this.mode){ //We are in a Wordfence page
|
172 |
-
var self = this;
|
173 |
if(startTicker){
|
174 |
this.updateTicker();
|
175 |
this.liveInt = setInterval(function(){ self.updateTicker(); }, WordfenceAdminVars.actUpdateInterval);
|
@@ -177,6 +158,13 @@ window['wordfenceAdmin'] = {
|
|
177 |
jQuery(document).bind('cbox_closed', function(){ self.colorboxIsOpen = false; self.colorboxServiceQueue(); });
|
178 |
}
|
179 |
},
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
180 |
sendTestEmail: function(email){
|
181 |
var self = this;
|
182 |
this.ajax('wordfence_sendTestEmail', { email: email }, function(res){
|
@@ -275,9 +263,11 @@ window['wordfenceAdmin'] = {
|
|
275 |
}
|
276 |
},
|
277 |
startTourAgain: function(){
|
278 |
-
|
279 |
-
this.
|
280 |
-
|
|
|
|
|
281 |
},
|
282 |
showLoading: function(){
|
283 |
this.loadingCount++;
|
@@ -381,46 +371,47 @@ window['wordfenceAdmin'] = {
|
|
381 |
}
|
382 |
},
|
383 |
processSummaryLine: function(item){
|
|
|
384 |
if(item.msg.indexOf('SUM_START:') != -1){
|
385 |
-
|
386 |
jQuery('#consoleSummary').append('<div class="wfSummaryLine"><div class="wfSummaryDate">[' + item.date + ']</div><div class="wfSummaryMsg">' + msg + '</div><div class="wfSummaryResult"><div class="wfSummaryLoading"></div></div><div class="wfClear"></div>');
|
387 |
summaryUpdated = true;
|
388 |
} else if(item.msg.indexOf('SUM_ENDBAD') != -1){
|
389 |
-
|
390 |
jQuery('div.wfSummaryMsg:contains("' + msg + '")').next().addClass('wfSummaryBad').html('Problems found.');
|
391 |
summaryUpdated = true;
|
392 |
} else if(item.msg.indexOf('SUM_ENDFAILED') != -1){
|
393 |
-
|
394 |
jQuery('div.wfSummaryMsg:contains("' + msg + '")').next().addClass('wfSummaryBad').html('Failed.');
|
395 |
summaryUpdated = true;
|
396 |
} else if(item.msg.indexOf('SUM_ENDOK') != -1){
|
397 |
-
|
398 |
jQuery('div.wfSummaryMsg:contains("' + msg + '")').next().addClass('wfSummaryOK').html('Secure.');
|
399 |
summaryUpdated = true;
|
400 |
} else if(item.msg.indexOf('SUM_ENDSUCCESS') != -1){
|
401 |
-
|
402 |
jQuery('div.wfSummaryMsg:contains("' + msg + '")').next().addClass('wfSummaryOK').html('Success.');
|
403 |
summaryUpdated = true;
|
404 |
} else if(item.msg.indexOf('SUM_ENDERR') != -1){
|
405 |
-
|
406 |
jQuery('div.wfSummaryMsg:contains("' + msg + '")').next().addClass('wfSummaryErr').html('An error occurred.');
|
407 |
summaryUpdated = true;
|
408 |
} else if(item.msg.indexOf('SUM_DISABLED:') != -1){
|
409 |
-
|
410 |
jQuery('#consoleSummary').append('<div class="wfSummaryLine"><div class="wfSummaryDate">[' + item.date + ']</div><div class="wfSummaryMsg">' + msg + '</div><div class="wfSummaryResult">Disabled [<a href="admin.php?page=WordfenceSecOpt">Visit Options to Enable</a>]</div><div class="wfClear"></div>');
|
411 |
summaryUpdated = true;
|
412 |
} else if(item.msg.indexOf('SUM_PAIDONLY:') != -1){
|
413 |
-
|
414 |
jQuery('#consoleSummary').append('<div class="wfSummaryLine"><div class="wfSummaryDate">[' + item.date + ']</div><div class="wfSummaryMsg">' + msg + '</div><div class="wfSummaryResult"><a href="https://www.wordfence.com/wordfence-signup/" target="_blank">Paid Members Only</a></div><div class="wfClear"></div>');
|
415 |
summaryUpdated = true;
|
416 |
} else if(item.msg.indexOf('SUM_FINAL:') != -1){
|
417 |
-
|
418 |
jQuery('#consoleSummary').append('<div class="wfSummaryLine"><div class="wfSummaryDate">[' + item.date + ']</div><div class="wfSummaryMsg wfSummaryFinal">' + msg + '</div><div class="wfSummaryResult wfSummaryOK">Scan Complete.</div><div class="wfClear"></div>');
|
419 |
} else if(item.msg.indexOf('SUM_PREP:') != -1){
|
420 |
-
|
421 |
jQuery('#consoleSummary').empty().html('<div class="wfSummaryLine"><div class="wfSummaryDate">[' + item.date + ']</div><div class="wfSummaryMsg">' + msg + '</div><div class="wfSummaryResult" id="wfStartingScan"><div class="wfSummaryLoading"></div></div><div class="wfClear"></div>');
|
422 |
} else if(item.msg.indexOf('SUM_KILLED:') != -1){
|
423 |
-
|
424 |
jQuery('#consoleSummary').empty().html('<div class="wfSummaryLine"><div class="wfSummaryDate">[' + item.date + ']</div><div class="wfSummaryMsg">' + msg + '</div><div class="wfSummaryResult wfSummaryOK">Scan Complete.</div><div class="wfClear"></div>');
|
425 |
}
|
426 |
},
|
@@ -470,13 +461,13 @@ window['wordfenceAdmin'] = {
|
|
470 |
if(newMsg && newMsg != oldMsg){
|
471 |
jQuery('#wfLiveStatus').hide().html(newMsg).fadeIn(200);
|
472 |
}
|
473 |
-
|
474 |
if(this.mode == 'activity'){
|
475 |
if(res.alsoGet != 'logList_' + this.activityMode){ return; } //user switched panels since ajax request started
|
476 |
if(res.events.length > 0){
|
477 |
this.newestActivityTime = res.events[0]['ctime'];
|
478 |
}
|
479 |
-
|
480 |
if(jQuery('#wfActivity_' + this.activityMode + ' .wfActEvent').length > 0){
|
481 |
haveEvents = true;
|
482 |
}
|
@@ -488,7 +479,6 @@ window['wordfenceAdmin'] = {
|
|
488 |
var elemID = '#wfActEvent_' + res.events[i].id;
|
489 |
if(jQuery(elemID).length < 1){
|
490 |
res.events[i]['activityMode'] = this.activityMode;
|
491 |
-
var newElem;
|
492 |
if(this.activityMode == 'loginLogout'){
|
493 |
newElem = jQuery('#wfLoginLogoutEventTmpl').tmpl(res.events[i]);
|
494 |
} else {
|
@@ -509,7 +499,7 @@ window['wordfenceAdmin'] = {
|
|
509 |
jQuery(elem).html(self.makeTimeAgo(res.serverTime - jQuery(elem).data('wfctime')) + ' ago');
|
510 |
});
|
511 |
} else if(this.mode == 'perfStats'){
|
512 |
-
|
513 |
if(jQuery('#wfPerfStats .wfPerfEvent').length > 0){
|
514 |
haveEvents = true;
|
515 |
}
|
@@ -525,7 +515,7 @@ window['wordfenceAdmin'] = {
|
|
525 |
for(var i = res.events.length - 1; i >= 0; i--){
|
526 |
res.events[i]['scale'] = this.performanceScale;
|
527 |
res.events[i]['min'] = this.performanceMinWidth;
|
528 |
-
|
529 |
jQuery(newElem).find('.wfTimeAgo').data('wfctime', res.events[i].ctime);
|
530 |
newElem.prependTo('#wfPerfStats').fadeIn();
|
531 |
}
|
@@ -534,7 +524,6 @@ window['wordfenceAdmin'] = {
|
|
534 |
jQuery('#wfPerfStats').html('<p>No events to report yet.</p>');
|
535 |
}
|
536 |
}
|
537 |
-
var self = this;
|
538 |
jQuery('.wfTimeAgo').each(function(idx, elem){
|
539 |
jQuery(elem).html(self.makeTimeAgo(res.serverTime - jQuery(elem).data('wfctime')) + ' ago');
|
540 |
});
|
@@ -565,7 +554,7 @@ window['wordfenceAdmin'] = {
|
|
565 |
if(res.ok){
|
566 |
jQuery('.wfReverseLookup').each(function(idx, elem){
|
567 |
var txt = jQuery(elem).text();
|
568 |
-
for(ip in res.ips){
|
569 |
if(txt == ip){
|
570 |
if(res.ips[ip]){
|
571 |
jQuery(elem).html('<strong>Hostname:</strong> ' + res.ips[ip]);
|
@@ -591,7 +580,7 @@ window['wordfenceAdmin'] = {
|
|
591 |
startScan: function(){
|
592 |
var scanReqAnimation = setInterval(function(){
|
593 |
var str = jQuery('#wfStartScanButton1').prop('value');
|
594 |
-
ch = str.charAt(str.length - 1);
|
595 |
if(ch == '/'){ ch = '-'; }
|
596 |
else if(ch == '-'){ ch = '\\'; }
|
597 |
else if(ch == '\\'){ ch = '|'; }
|
@@ -631,7 +620,7 @@ window['wordfenceAdmin'] = {
|
|
631 |
res.summary['lastScanCompleted'] = 'Never';
|
632 |
}
|
633 |
jQuery('.wfIssuesContainer').hide();
|
634 |
-
for(issueStatus in res.issuesLists){
|
635 |
var containerID = 'wfIssues_dataTable_' + issueStatus;
|
636 |
var tableID = 'wfIssuesTable_' + issueStatus;
|
637 |
if(jQuery('#' + containerID).length < 1){
|
@@ -672,8 +661,7 @@ window['wordfenceAdmin'] = {
|
|
672 |
"sClass": "center",
|
673 |
"sType": 'severity',
|
674 |
"fnRender": function(obj) {
|
675 |
-
var cls =
|
676 |
-
cls = 'wfProbSev' + obj.aData.severity;
|
677 |
return '<span class="' + cls + '"></span>';
|
678 |
}
|
679 |
},
|
@@ -833,6 +821,7 @@ window['wordfenceAdmin'] = {
|
|
833 |
},
|
834 |
updateAllIssues: function(op){ // deleteIgnored, deleteNew, ignoreAllNew
|
835 |
var head = "Please confirm";
|
|
|
836 |
if(op == 'deleteIgnored'){
|
837 |
body = "You have chosen to remove all ignored issues. Once these issues are removed they will be re-scanned by Wordfence and if they have not been fixed, they will appear in the 'new issues' list. Are you sure you want to do this?";
|
838 |
} else if(op == 'deleteNew'){
|
@@ -1391,8 +1380,7 @@ window['wordfenceAdmin'] = {
|
|
1391 |
}
|
1392 |
}
|
1393 |
});
|
1394 |
-
|
1395 |
-
this.countryCodesToSave = codes;
|
1396 |
if(ownCountryBlocked){
|
1397 |
this.colorbox('400px', "Please confirm blocking yourself", "You are about to block your own country. This could lead to you being locked out. Please make sure that your user profile on this machine has a current and valid email address and make sure you know what it is. That way if you are locked out, you can send yourself an unlock email. If you're sure you want to block your own country, click 'Confirm' below, otherwise click 'Cancel'.<br />" +
|
1398 |
'<input type="button" name="but1" value="Confirm" onclick="jQuery.colorbox.close(); WFAD.confirmSaveCountryBlocking();" /> <input type="button" name="but1" value="Cancel" onclick="jQuery.colorbox.close();" />');
|
@@ -1503,7 +1491,7 @@ window['wordfenceAdmin'] = {
|
|
1503 |
}
|
1504 |
schedule[day] = hours.join(',');
|
1505 |
}
|
1506 |
-
scheduleTxt = schedule.join('|');
|
1507 |
var self = this;
|
1508 |
this.ajax('wordfence_saveScanSchedule', {
|
1509 |
schedMode: schedMode,
|
11 |
iconErrorMsgs: [],
|
12 |
scanIDLoaded: 0,
|
13 |
colorboxQueue: [],
|
|
|
14 |
mode: '',
|
15 |
visibleIssuesPanel: 'new',
|
16 |
preFirstScanMsgsLoaded: false,
|
34 |
countryCodesToSave: "",
|
35 |
performanceScale: 3,
|
36 |
performanceMinWidth: 20,
|
37 |
+
tourClosed: false,
|
38 |
+
welcomeClosed: false,
|
39 |
init: function(){
|
40 |
this.nonce = WordfenceAdminVars.firstNonce;
|
41 |
this.debugOn = WordfenceAdminVars.debugOn == '1' ? true : false;
|
42 |
this.tourClosed = WordfenceAdminVars.tourClosed == '1' ? true : false;
|
43 |
+
this.welcomeClosed = WordfenceAdminVars.welcomeClosed == '1' ? true : false;
|
44 |
var startTicker = false;
|
45 |
+
var self = this;
|
46 |
if(jQuery('#wordfenceMode_scan').length > 0){
|
47 |
this.mode = 'scan';
|
48 |
jQuery('#wfALogViewLink').prop('href', WordfenceAdminVars.siteBaseURL + '?_wfsf=viewActivityLog&nonce=' + this.nonce);
|
51 |
this.noScanHTML = jQuery('#wfNoScanYetTmpl').tmpl().html();
|
52 |
this.loadIssues();
|
53 |
this.startActivityLogUpdates();
|
54 |
+
if(this.needTour()){
|
55 |
this.scanTourStart();
|
56 |
}
|
57 |
} else if(jQuery('#wordfenceMode_activity').length > 0){
|
58 |
this.mode = 'activity';
|
59 |
+
this.setupSwitches('wfLiveTrafficOnOff', 'liveTrafficEnabled', function(){});
|
|
|
60 |
jQuery('#wfLiveTrafficOnOff').change(function(){
|
61 |
if(/^(?:falcon|php)$/.test(WordfenceAdminVars.cacheType) ){
|
62 |
jQuery('#wfLiveTrafficOnOff').attr('checked', false);
|
73 |
this.switchTab(jQuery('#wfLoginLogoutTab'), 'wfTab1', 'wfDataPanel', 'wfActivity_loginLogout', function(){ WFAD.activityTabChanged(); });
|
74 |
}
|
75 |
startTicker = true;
|
76 |
+
if(this.needTour()){
|
|
|
77 |
this.tour('wfWelcomeContent3', 'wfHeading', 'top', 'left', "Learn about Site Performance", function(){ self.tourRedir('WordfenceSitePerf'); });
|
78 |
}
|
79 |
} else if(jQuery('#wordfenceMode_options').length > 0){
|
81 |
jQuery('.wfConfigElem').change(function(){ jQuery('#securityLevel').val('CUSTOM'); });
|
82 |
this.updateTicker(true);
|
83 |
startTicker = true;
|
84 |
+
if(this.needTour()){
|
85 |
+
this.tour('wfContentBasicOptions', 'wfMarkerBasicOptions', 'top', 'left', "Learn about Live Traffic Options", function(){
|
|
|
86 |
self.tour('wfContentLiveTrafficOptions', 'wfMarkerLiveTrafficOptions', 'bottom', 'left', "Learn about Scanning Options", function(){
|
87 |
self.tour('wfContentScansToInclude', 'wfMarkerScansToInclude', 'bottom', 'left', "Learn about Firewall Rules", function(){
|
88 |
self.tour('wfContentFirewallRules', 'wfMarkerFirewallRules', 'bottom', 'left', "Learn about Login Security", function(){
|
99 |
this.staticTabChanged();
|
100 |
this.updateTicker(true);
|
101 |
startTicker = true;
|
102 |
+
if(this.needTour()){
|
|
|
103 |
this.tour('wfWelcomeContent4', 'wfHeading', 'top', 'left', "Learn about Cellphone Sign-in", function(){ self.tourRedir('WordfenceTwoFactor'); });
|
104 |
}
|
105 |
} else if(jQuery('#wordfenceMode_twoFactor').length > 0){
|
106 |
this.mode = 'twoFactor';
|
107 |
startTicker = false;
|
108 |
+
if(this.needTour()){
|
|
|
109 |
this.tour('wfWelcomeTwoFactor', 'wfHeading', 'top', 'left', "Learn how to Block Countries", function(){ self.tourRedir('WordfenceCountryBlocking'); });
|
110 |
}
|
111 |
this.loadTwoFactor();
|
113 |
} else if(jQuery('#wordfenceMode_countryBlocking').length > 0){
|
114 |
this.mode = 'countryBlocking';
|
115 |
startTicker = false;
|
116 |
+
if(this.needTour()){
|
|
|
117 |
this.tour('wfWelcomeContentCntBlk', 'wfHeading', 'top', 'left', "Learn how to Schedule Scans", function(){ self.tourRedir('WordfenceScanSchedule'); });
|
118 |
}
|
119 |
} else if(jQuery('#wordfenceMode_rangeBlocking').length > 0){
|
120 |
this.mode = 'rangeBlocking';
|
121 |
startTicker = false;
|
122 |
+
if(this.needTour()){
|
|
|
123 |
this.tour('wfWelcomeContentRangeBlocking', 'wfHeading', 'top', 'left', "Learn how to Customize Wordfence", function(){ self.tourRedir('WordfenceSecOpt'); });
|
124 |
}
|
125 |
this.calcRangeTotal();
|
127 |
} else if(jQuery('#wordfenceMode_whois').length > 0){
|
128 |
this.mode = 'whois';
|
129 |
startTicker = false;
|
130 |
+
if(this.needTour()){
|
|
|
131 |
this.tour('wfWelcomeContentWhois', 'wfHeading', 'top', 'left', "Learn how to use Advanced Blocking", function(){ self.tourRedir('WordfenceRangeBlocking'); });
|
132 |
}
|
133 |
this.calcRangeTotal();
|
137 |
this.mode = 'scanScheduling';
|
138 |
startTicker = false;
|
139 |
this.sched_modeChange();
|
140 |
+
if(this.needTour()){
|
|
|
141 |
this.tour('wfWelcomeContentScanSched', 'wfHeading', 'top', 'left', "Learn about WHOIS", function(){ self.tourRedir('WordfenceWhois'); });
|
142 |
}
|
143 |
} else if(jQuery('#wordfenceMode_caching').length > 0){
|
144 |
this.mode = 'caching';
|
145 |
startTicker = false;
|
146 |
+
if(this.needTour()){
|
|
|
147 |
this.tour('wfWelcomeContentCaching', 'wfHeading', 'top', 'left', "Learn about IP Blocking", function(){ self.tourRedir('WordfenceBlockedIPs'); });
|
148 |
}
|
149 |
this.loadCacheExclusions();
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
150 |
} else {
|
151 |
this.mode = false;
|
152 |
}
|
153 |
if(this.mode){ //We are in a Wordfence page
|
|
|
154 |
if(startTicker){
|
155 |
this.updateTicker();
|
156 |
this.liveInt = setInterval(function(){ self.updateTicker(); }, WordfenceAdminVars.actUpdateInterval);
|
158 |
jQuery(document).bind('cbox_closed', function(){ self.colorboxIsOpen = false; self.colorboxServiceQueue(); });
|
159 |
}
|
160 |
},
|
161 |
+
needTour: function(){
|
162 |
+
if( (! this.tourClosed) && this.welcomeClosed) {
|
163 |
+
return true;
|
164 |
+
} else {
|
165 |
+
return false;
|
166 |
+
}
|
167 |
+
},
|
168 |
sendTestEmail: function(email){
|
169 |
var self = this;
|
170 |
this.ajax('wordfence_sendTestEmail', { email: email }, function(res){
|
263 |
}
|
264 |
},
|
265 |
startTourAgain: function(){
|
266 |
+
var self = this;
|
267 |
+
this.ajax('wordfence_startTourAgain', {}, function(res){
|
268 |
+
self.tourClosed = false;
|
269 |
+
self.scanTourStart();
|
270 |
+
});
|
271 |
},
|
272 |
showLoading: function(){
|
273 |
this.loadingCount++;
|
371 |
}
|
372 |
},
|
373 |
processSummaryLine: function(item){
|
374 |
+
var msg, summaryUpdated;
|
375 |
if(item.msg.indexOf('SUM_START:') != -1){
|
376 |
+
msg = item.msg.replace('SUM_START:', '');
|
377 |
jQuery('#consoleSummary').append('<div class="wfSummaryLine"><div class="wfSummaryDate">[' + item.date + ']</div><div class="wfSummaryMsg">' + msg + '</div><div class="wfSummaryResult"><div class="wfSummaryLoading"></div></div><div class="wfClear"></div>');
|
378 |
summaryUpdated = true;
|
379 |
} else if(item.msg.indexOf('SUM_ENDBAD') != -1){
|
380 |
+
msg = item.msg.replace('SUM_ENDBAD:', '');
|
381 |
jQuery('div.wfSummaryMsg:contains("' + msg + '")').next().addClass('wfSummaryBad').html('Problems found.');
|
382 |
summaryUpdated = true;
|
383 |
} else if(item.msg.indexOf('SUM_ENDFAILED') != -1){
|
384 |
+
msg = item.msg.replace('SUM_ENDFAILED:', '');
|
385 |
jQuery('div.wfSummaryMsg:contains("' + msg + '")').next().addClass('wfSummaryBad').html('Failed.');
|
386 |
summaryUpdated = true;
|
387 |
} else if(item.msg.indexOf('SUM_ENDOK') != -1){
|
388 |
+
msg = item.msg.replace('SUM_ENDOK:', '');
|
389 |
jQuery('div.wfSummaryMsg:contains("' + msg + '")').next().addClass('wfSummaryOK').html('Secure.');
|
390 |
summaryUpdated = true;
|
391 |
} else if(item.msg.indexOf('SUM_ENDSUCCESS') != -1){
|
392 |
+
msg = item.msg.replace('SUM_ENDSUCCESS:', '');
|
393 |
jQuery('div.wfSummaryMsg:contains("' + msg + '")').next().addClass('wfSummaryOK').html('Success.');
|
394 |
summaryUpdated = true;
|
395 |
} else if(item.msg.indexOf('SUM_ENDERR') != -1){
|
396 |
+
msg = item.msg.replace('SUM_ENDERR:', '');
|
397 |
jQuery('div.wfSummaryMsg:contains("' + msg + '")').next().addClass('wfSummaryErr').html('An error occurred.');
|
398 |
summaryUpdated = true;
|
399 |
} else if(item.msg.indexOf('SUM_DISABLED:') != -1){
|
400 |
+
msg = item.msg.replace('SUM_DISABLED:', '');
|
401 |
jQuery('#consoleSummary').append('<div class="wfSummaryLine"><div class="wfSummaryDate">[' + item.date + ']</div><div class="wfSummaryMsg">' + msg + '</div><div class="wfSummaryResult">Disabled [<a href="admin.php?page=WordfenceSecOpt">Visit Options to Enable</a>]</div><div class="wfClear"></div>');
|
402 |
summaryUpdated = true;
|
403 |
} else if(item.msg.indexOf('SUM_PAIDONLY:') != -1){
|
404 |
+
msg = item.msg.replace('SUM_PAIDONLY:', '');
|
405 |
jQuery('#consoleSummary').append('<div class="wfSummaryLine"><div class="wfSummaryDate">[' + item.date + ']</div><div class="wfSummaryMsg">' + msg + '</div><div class="wfSummaryResult"><a href="https://www.wordfence.com/wordfence-signup/" target="_blank">Paid Members Only</a></div><div class="wfClear"></div>');
|
406 |
summaryUpdated = true;
|
407 |
} else if(item.msg.indexOf('SUM_FINAL:') != -1){
|
408 |
+
msg = item.msg.replace('SUM_FINAL:', '');
|
409 |
jQuery('#consoleSummary').append('<div class="wfSummaryLine"><div class="wfSummaryDate">[' + item.date + ']</div><div class="wfSummaryMsg wfSummaryFinal">' + msg + '</div><div class="wfSummaryResult wfSummaryOK">Scan Complete.</div><div class="wfClear"></div>');
|
410 |
} else if(item.msg.indexOf('SUM_PREP:') != -1){
|
411 |
+
msg = item.msg.replace('SUM_PREP:', '');
|
412 |
jQuery('#consoleSummary').empty().html('<div class="wfSummaryLine"><div class="wfSummaryDate">[' + item.date + ']</div><div class="wfSummaryMsg">' + msg + '</div><div class="wfSummaryResult" id="wfStartingScan"><div class="wfSummaryLoading"></div></div><div class="wfClear"></div>');
|
413 |
} else if(item.msg.indexOf('SUM_KILLED:') != -1){
|
414 |
+
msg = item.msg.replace('SUM_KILLED:', '');
|
415 |
jQuery('#consoleSummary').empty().html('<div class="wfSummaryLine"><div class="wfSummaryDate">[' + item.date + ']</div><div class="wfSummaryMsg">' + msg + '</div><div class="wfSummaryResult wfSummaryOK">Scan Complete.</div><div class="wfClear"></div>');
|
416 |
}
|
417 |
},
|
461 |
if(newMsg && newMsg != oldMsg){
|
462 |
jQuery('#wfLiveStatus').hide().html(newMsg).fadeIn(200);
|
463 |
}
|
464 |
+
var haveEvents, newElem;
|
465 |
if(this.mode == 'activity'){
|
466 |
if(res.alsoGet != 'logList_' + this.activityMode){ return; } //user switched panels since ajax request started
|
467 |
if(res.events.length > 0){
|
468 |
this.newestActivityTime = res.events[0]['ctime'];
|
469 |
}
|
470 |
+
haveEvents = false;
|
471 |
if(jQuery('#wfActivity_' + this.activityMode + ' .wfActEvent').length > 0){
|
472 |
haveEvents = true;
|
473 |
}
|
479 |
var elemID = '#wfActEvent_' + res.events[i].id;
|
480 |
if(jQuery(elemID).length < 1){
|
481 |
res.events[i]['activityMode'] = this.activityMode;
|
|
|
482 |
if(this.activityMode == 'loginLogout'){
|
483 |
newElem = jQuery('#wfLoginLogoutEventTmpl').tmpl(res.events[i]);
|
484 |
} else {
|
499 |
jQuery(elem).html(self.makeTimeAgo(res.serverTime - jQuery(elem).data('wfctime')) + ' ago');
|
500 |
});
|
501 |
} else if(this.mode == 'perfStats'){
|
502 |
+
haveEvents = false;
|
503 |
if(jQuery('#wfPerfStats .wfPerfEvent').length > 0){
|
504 |
haveEvents = true;
|
505 |
}
|
515 |
for(var i = res.events.length - 1; i >= 0; i--){
|
516 |
res.events[i]['scale'] = this.performanceScale;
|
517 |
res.events[i]['min'] = this.performanceMinWidth;
|
518 |
+
newElem = jQuery('#wfPerfStatTmpl').tmpl(res.events[i]);
|
519 |
jQuery(newElem).find('.wfTimeAgo').data('wfctime', res.events[i].ctime);
|
520 |
newElem.prependTo('#wfPerfStats').fadeIn();
|
521 |
}
|
524 |
jQuery('#wfPerfStats').html('<p>No events to report yet.</p>');
|
525 |
}
|
526 |
}
|
|
|
527 |
jQuery('.wfTimeAgo').each(function(idx, elem){
|
528 |
jQuery(elem).html(self.makeTimeAgo(res.serverTime - jQuery(elem).data('wfctime')) + ' ago');
|
529 |
});
|
554 |
if(res.ok){
|
555 |
jQuery('.wfReverseLookup').each(function(idx, elem){
|
556 |
var txt = jQuery(elem).text();
|
557 |
+
for(var ip in res.ips){
|
558 |
if(txt == ip){
|
559 |
if(res.ips[ip]){
|
560 |
jQuery(elem).html('<strong>Hostname:</strong> ' + res.ips[ip]);
|
580 |
startScan: function(){
|
581 |
var scanReqAnimation = setInterval(function(){
|
582 |
var str = jQuery('#wfStartScanButton1').prop('value');
|
583 |
+
var ch = str.charAt(str.length - 1);
|
584 |
if(ch == '/'){ ch = '-'; }
|
585 |
else if(ch == '-'){ ch = '\\'; }
|
586 |
else if(ch == '\\'){ ch = '|'; }
|
620 |
res.summary['lastScanCompleted'] = 'Never';
|
621 |
}
|
622 |
jQuery('.wfIssuesContainer').hide();
|
623 |
+
for(var issueStatus in res.issuesLists){
|
624 |
var containerID = 'wfIssues_dataTable_' + issueStatus;
|
625 |
var tableID = 'wfIssuesTable_' + issueStatus;
|
626 |
if(jQuery('#' + containerID).length < 1){
|
661 |
"sClass": "center",
|
662 |
"sType": 'severity',
|
663 |
"fnRender": function(obj) {
|
664 |
+
var cls = 'wfProbSev' + obj.aData.severity;
|
|
|
665 |
return '<span class="' + cls + '"></span>';
|
666 |
}
|
667 |
},
|
821 |
},
|
822 |
updateAllIssues: function(op){ // deleteIgnored, deleteNew, ignoreAllNew
|
823 |
var head = "Please confirm";
|
824 |
+
var body;
|
825 |
if(op == 'deleteIgnored'){
|
826 |
body = "You have chosen to remove all ignored issues. Once these issues are removed they will be re-scanned by Wordfence and if they have not been fixed, they will appear in the 'new issues' list. Are you sure you want to do this?";
|
827 |
} else if(op == 'deleteNew'){
|
1380 |
}
|
1381 |
}
|
1382 |
});
|
1383 |
+
this.countryCodesToSave = codesArr.join(',');
|
|
|
1384 |
if(ownCountryBlocked){
|
1385 |
this.colorbox('400px', "Please confirm blocking yourself", "You are about to block your own country. This could lead to you being locked out. Please make sure that your user profile on this machine has a current and valid email address and make sure you know what it is. That way if you are locked out, you can send yourself an unlock email. If you're sure you want to block your own country, click 'Confirm' below, otherwise click 'Cancel'.<br />" +
|
1386 |
'<input type="button" name="but1" value="Confirm" onclick="jQuery.colorbox.close(); WFAD.confirmSaveCountryBlocking();" /> <input type="button" name="but1" value="Cancel" onclick="jQuery.colorbox.close();" />');
|
1491 |
}
|
1492 |
schedule[day] = hours.join(',');
|
1493 |
}
|
1494 |
+
var scheduleTxt = schedule.join('|');
|
1495 |
var self = this;
|
1496 |
this.ajax('wordfence_saveScanSchedule', {
|
1497 |
schedMode: schedMode,
|
js/tourTip.js
CHANGED
@@ -126,7 +126,7 @@ window['wordfenceTour'] = {
|
|
126 |
}
|
127 |
|
128 |
jQuery(function(){
|
129 |
-
if(WordfenceAdminVars.tourClosed != '1'){
|
130 |
var formHTML = '<div style="padding: 0 5px 0 15px;" id="wordfenceEmailDiv"><form target="_new" style="display: inline;" method="post" class="af-form-wrapper" action="http://www.aweber.com/scripts/addlead.pl" ><div style="display: none;"><input type="hidden" name="meta_web_form_id" value="1428034071" /><input type="hidden" name="meta_split_id" value="" /><input type="hidden" name="listname" value="wordfence" /><input type="hidden" name="redirect" value="http://www.aweber.com/thankyou-coi.htm?m=text" id="redirect_ae9f0882518768f447c80ea8f3b7afde" /><input type="hidden" name="meta_adtracking" value="widgetForm" /><input type="hidden" name="meta_message" value="1" /><input type="hidden" name="meta_required" value="email" /><input type="hidden" name="meta_tooltip" value="" /></div><input class="text" id="wfListEmail" type="text" name="email" value="Enter your email" tabindex="500" onclick="wordfenceTour.wfClearEmailField(); return false;" /><input name="submit" type="submit" value="Get Alerted" tabindex="501" onclick="var evt = event || window.event; try { return wordfenceTour.processEmailClick(evt); } catch(err){ evt.returnValue = false; evt.preventDefault(); }" /><div style="display: none;"><img src="http://forms.aweber.com/form/displays.htm?id=jCxMHAzMLAzsjA==" alt="" /></div><div style="padding: 5px; font-size: 10px;"><input type="checkbox" id="wfJoinListCheck" value="1" checked /><span style="font-size: 10px;">Also join our WordPress Security email list to receive WordPress Security Alerts and Wordfence news.</span></div></form></div>';
|
131 |
var elem = '#toplevel_page_Wordfence';
|
132 |
jQuery(elem).pointer({
|
@@ -137,10 +137,10 @@ if(WordfenceAdminVars.tourClosed != '1'){
|
|
137 |
pointerWidth: 300,
|
138 |
position: { edge: 'bottom', align: 'left' },
|
139 |
buttons: function(event, t){
|
140 |
-
buttonElem = jQuery('<a id="pointer-close" style="margin-left:5px" class="button-secondary">Close</a>');
|
141 |
buttonElem.bind('click.pointer', function(){ t.element.pointer('close');
|
142 |
var ajaxData = {
|
143 |
-
action: '
|
144 |
nonce: WordfenceAdminVars.firstNonce
|
145 |
};
|
146 |
jQuery.ajax({
|
@@ -156,7 +156,21 @@ if(WordfenceAdminVars.tourClosed != '1'){
|
|
156 |
}
|
157 |
}).pointer('open');
|
158 |
jQuery('#pointer-close').after('<a id="pointer-primary" class="button-primary">Start Tour</a>');
|
159 |
-
jQuery('#pointer-primary').click(function(){
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
160 |
}
|
161 |
});
|
162 |
|
126 |
}
|
127 |
|
128 |
jQuery(function(){
|
129 |
+
if(WordfenceAdminVars.tourClosed != '1' && WordfenceAdminVars.welcomeClosed != '1'){
|
130 |
var formHTML = '<div style="padding: 0 5px 0 15px;" id="wordfenceEmailDiv"><form target="_new" style="display: inline;" method="post" class="af-form-wrapper" action="http://www.aweber.com/scripts/addlead.pl" ><div style="display: none;"><input type="hidden" name="meta_web_form_id" value="1428034071" /><input type="hidden" name="meta_split_id" value="" /><input type="hidden" name="listname" value="wordfence" /><input type="hidden" name="redirect" value="http://www.aweber.com/thankyou-coi.htm?m=text" id="redirect_ae9f0882518768f447c80ea8f3b7afde" /><input type="hidden" name="meta_adtracking" value="widgetForm" /><input type="hidden" name="meta_message" value="1" /><input type="hidden" name="meta_required" value="email" /><input type="hidden" name="meta_tooltip" value="" /></div><input class="text" id="wfListEmail" type="text" name="email" value="Enter your email" tabindex="500" onclick="wordfenceTour.wfClearEmailField(); return false;" /><input name="submit" type="submit" value="Get Alerted" tabindex="501" onclick="var evt = event || window.event; try { return wordfenceTour.processEmailClick(evt); } catch(err){ evt.returnValue = false; evt.preventDefault(); }" /><div style="display: none;"><img src="http://forms.aweber.com/form/displays.htm?id=jCxMHAzMLAzsjA==" alt="" /></div><div style="padding: 5px; font-size: 10px;"><input type="checkbox" id="wfJoinListCheck" value="1" checked /><span style="font-size: 10px;">Also join our WordPress Security email list to receive WordPress Security Alerts and Wordfence news.</span></div></form></div>';
|
131 |
var elem = '#toplevel_page_Wordfence';
|
132 |
jQuery(elem).pointer({
|
137 |
pointerWidth: 300,
|
138 |
position: { edge: 'bottom', align: 'left' },
|
139 |
buttons: function(event, t){
|
140 |
+
var buttonElem = jQuery('<a id="pointer-close" style="margin-left:5px" class="button-secondary">Close</a>');
|
141 |
buttonElem.bind('click.pointer', function(){ t.element.pointer('close');
|
142 |
var ajaxData = {
|
143 |
+
action: 'wordfence_welcomeClosed',
|
144 |
nonce: WordfenceAdminVars.firstNonce
|
145 |
};
|
146 |
jQuery.ajax({
|
156 |
}
|
157 |
}).pointer('open');
|
158 |
jQuery('#pointer-close').after('<a id="pointer-primary" class="button-primary">Start Tour</a>');
|
159 |
+
jQuery('#pointer-primary').click(function(){
|
160 |
+
var ajaxData = {
|
161 |
+
action: 'wordfence_welcomeClosed',
|
162 |
+
nonce: WordfenceAdminVars.firstNonce
|
163 |
+
};
|
164 |
+
jQuery.ajax({
|
165 |
+
type: 'POST',
|
166 |
+
url: WordfenceAdminVars.ajaxURL,
|
167 |
+
dataType: "json",
|
168 |
+
data: ajaxData,
|
169 |
+
success: function(json){ window.location.href = 'admin.php?page=Wordfence'; },
|
170 |
+
error: function(){ window.location.href = 'admin.php?page=Wordfence'; }
|
171 |
+
});
|
172 |
+
|
173 |
+
});
|
174 |
}
|
175 |
});
|
176 |
|
lib/Diff/SequenceMatcher.php
CHANGED
@@ -621,56 +621,6 @@ class Diff_SequenceMatcher
|
|
621 |
return $sum + ($triple[count($triple) - 1]);
|
622 |
}
|
623 |
|
624 |
-
/**
|
625 |
-
* Quickly return an upper bound ratio for the similarity of the strings.
|
626 |
-
* This is quicker to compute than Ratio().
|
627 |
-
*
|
628 |
-
* @return float The calculated ratio.
|
629 |
-
*/
|
630 |
-
private function quickRatio()
|
631 |
-
{
|
632 |
-
if($this->fullBCount === null) {
|
633 |
-
$this->fullBCount = array();
|
634 |
-
$bLength = count ($b);
|
635 |
-
for($i = 0; $i < $bLength; ++$i) {
|
636 |
-
$char = $this->b[$i];
|
637 |
-
$this->fullBCount[$char] = $this->arrayGetDefault($this->fullBCount, $char, 0) + 1;
|
638 |
-
}
|
639 |
-
}
|
640 |
-
|
641 |
-
$avail = array();
|
642 |
-
$matches = 0;
|
643 |
-
$aLength = count ($this->a);
|
644 |
-
for($i = 0; $i < $aLength; ++$i) {
|
645 |
-
$char = $this->a[$i];
|
646 |
-
if(isset($avail[$char])) {
|
647 |
-
$numb = $avail[$char];
|
648 |
-
}
|
649 |
-
else {
|
650 |
-
$numb = $this->arrayGetDefault($this->fullBCount, $char, 0);
|
651 |
-
}
|
652 |
-
$avail[$char] = $numb - 1;
|
653 |
-
if($numb > 0) {
|
654 |
-
++$matches;
|
655 |
-
}
|
656 |
-
}
|
657 |
-
|
658 |
-
$this->calculateRatio($matches, count ($this->a) + count ($this->b));
|
659 |
-
}
|
660 |
-
|
661 |
-
/**
|
662 |
-
* Return an upper bound ratio really quickly for the similarity of the strings.
|
663 |
-
* This is quicker to compute than Ratio() and quickRatio().
|
664 |
-
*
|
665 |
-
* @return float The calculated ratio.
|
666 |
-
*/
|
667 |
-
private function realquickRatio()
|
668 |
-
{
|
669 |
-
$aLength = count ($this->a);
|
670 |
-
$bLength = count ($this->b);
|
671 |
-
|
672 |
-
return $this->calculateRatio(min($aLength, $bLength), $aLength + $bLength);
|
673 |
-
}
|
674 |
|
675 |
/**
|
676 |
* Helper function for calculating the ratio to measure similarity for the strings.
|
621 |
return $sum + ($triple[count($triple) - 1]);
|
622 |
}
|
623 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
624 |
|
625 |
/**
|
626 |
* Helper function for calculating the ratio to measure similarity for the strings.
|
lib/IPTraf.php
CHANGED
@@ -31,6 +31,6 @@
|
|
31 |
|
32 |
</table>
|
33 |
|
34 |
-
<div class="footer">© 2011 to 2015 Wordfence — Visit <a href="http://wordfence.com/">Wordfence.com</a> for help, security updates and more.</
|
35 |
</body>
|
36 |
</html>
|
31 |
|
32 |
</table>
|
33 |
|
34 |
+
<div class="footer">© 2011 to 2015 Wordfence — Visit <a href="http://wordfence.com/">Wordfence.com</a> for help, security updates and more.</div>
|
35 |
</body>
|
36 |
</html>
|
lib/conntest.php
CHANGED
@@ -63,7 +63,7 @@ function doCurlTest($protocol){
|
|
63 |
curl_setopt ($curl, CURLOPT_SSL_VERIFYPEER, false);
|
64 |
curl_setopt ($curl, CURLOPT_SSL_VERIFYHOST, false);
|
65 |
curl_setopt ($curl, CURLOPT_WRITEFUNCTION, 'curlWrite');
|
66 |
-
|
67 |
$httpStatus = curl_getinfo($curl, CURLINFO_HTTP_CODE);
|
68 |
if(strpos($curlContent, 'Your site did not send an API key') !== false){
|
69 |
echo "Curl connectivity test passed.<br /><br />\n";
|
63 |
curl_setopt ($curl, CURLOPT_SSL_VERIFYPEER, false);
|
64 |
curl_setopt ($curl, CURLOPT_SSL_VERIFYHOST, false);
|
65 |
curl_setopt ($curl, CURLOPT_WRITEFUNCTION, 'curlWrite');
|
66 |
+
curl_exec($curl);
|
67 |
$httpStatus = curl_getinfo($curl, CURLINFO_HTTP_CODE);
|
68 |
if(strpos($curlContent, 'Your site did not send an API key') !== false){
|
69 |
echo "Curl connectivity test passed.<br /><br />\n";
|
lib/cronview.php
ADDED
@@ -0,0 +1,30 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php if ( ! wfUtils::isAdmin() ) {
|
2 |
+
exit();
|
3 |
+
} ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
4 |
+
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
5 |
+
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
|
6 |
+
<head>
|
7 |
+
<title>Wordfence Cron Viewer</title>
|
8 |
+
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
|
9 |
+
<link rel='stylesheet' id='wordfence-main-style-css'
|
10 |
+
href='<?php echo wfUtils::getBaseURL(); ?>/css/phpinfo.css?ver=<?php echo WORDFENCE_VERSION; ?>'
|
11 |
+
type='text/css' media='all'/>
|
12 |
+
<body>
|
13 |
+
<h1>Wordfence Cron Viewer</h1>
|
14 |
+
<p style="width: 400px;">This page is used for debugging and shows a list of scheduled jobs on your system. Our staff may ask you to send them the
|
15 |
+
data on this page as part of a troubleshooting process.</p>
|
16 |
+
<?php
|
17 |
+
$cron = _get_cron_array();
|
18 |
+
|
19 |
+
foreach ( $cron as $timestamp => $values ) {
|
20 |
+
if ( is_array( $values ) ) {
|
21 |
+
foreach ( $values as $cron_job => $v ) {
|
22 |
+
echo date( 'r', $timestamp ) . " : " . $cron_job . "<br />";
|
23 |
+
}
|
24 |
+
}
|
25 |
+
}
|
26 |
+
?>
|
27 |
+
|
28 |
+
<div class="diffFooter">© 2011 to 2015 Wordfence — Visit <a href="http://wordfence.com/">Wordfence.com</a> for help, security updates and more.</div>
|
29 |
+
</body>
|
30 |
+
</html>
|
lib/dbview.php
ADDED
@@ -0,0 +1,31 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php if ( ! wfUtils::isAdmin() ) {
|
2 |
+
exit();
|
3 |
+
} ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
4 |
+
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
5 |
+
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
|
6 |
+
<head>
|
7 |
+
<title>Wordfence DB Table Viewer</title>
|
8 |
+
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
|
9 |
+
<link rel='stylesheet' id='wordfence-main-style-css'
|
10 |
+
href='<?php echo wfUtils::getBaseURL(); ?>/css/phpinfo.css?ver=<?php echo WORDFENCE_VERSION; ?>'
|
11 |
+
type='text/css' media='all'/>
|
12 |
+
<body>
|
13 |
+
<h1>Wordfence Database Table Viewer</h1>
|
14 |
+
<p style="width: 400px;">This page is used for debugging and shows a list of database tables and their status on your system. Our staff may ask you to send them the
|
15 |
+
data on this page as part of a troubleshooting process.</p>
|
16 |
+
<?php
|
17 |
+
$wfdb = new wfDB();
|
18 |
+
$q = $wfdb->querySelect("show table status");
|
19 |
+
foreach($q as $val){
|
20 |
+
foreach($val as $tkey => $tval){
|
21 |
+
echo '<span style="color: #999; font-style: italic;">' . $tkey . ':</span> ' . $tval . ' ';
|
22 |
+
}
|
23 |
+
echo '<br />-----------------------------------------------------------------------------------------<br />';
|
24 |
+
}
|
25 |
+
|
26 |
+
?>
|
27 |
+
|
28 |
+
<div class="diffFooter">© 2011 to 2015 Wordfence — Visit <a
|
29 |
+
href="http://wordfence.com/">Wordfence.com</a> for help, security updates and more.</div>
|
30 |
+
</body>
|
31 |
+
</html>
|
lib/diffResult.php
CHANGED
@@ -40,6 +40,6 @@
|
|
40 |
?>
|
41 |
|
42 |
|
43 |
-
<div class="diffFooter">© 2011 Wordfence — Visit <a href="http://wordfence.com/">Wordfence.com</a> for help, security updates and more.</
|
44 |
</body>
|
45 |
</html>
|
40 |
?>
|
41 |
|
42 |
|
43 |
+
<div class="diffFooter">© 2011 Wordfence — Visit <a href="http://wordfence.com/">Wordfence.com</a> for help, security updates and more.</div>
|
44 |
</body>
|
45 |
</html>
|
lib/email_genericAlert.php
CHANGED
@@ -1,31 +1,31 @@
|
|
1 |
-
|
2 |
|
3 |
-
|
4 |
|
5 |
-
|
6 |
-
<?php if($IPMsg){ echo "\n
|
7 |
|
8 |
<?php if(! $isPaid){ ?>
|
9 |
-
|
10 |
two factor authentication (sign-in via cellphone) and country blocking which are both effective methods to block attacks.
|
11 |
A Premium Wordfence license also includes remote scanning with each scan of your site which can detect
|
12 |
several additional website infections. Premium members can also schedule when website scans occur and
|
13 |
-
can scan more than once per day
|
14 |
|
15 |
-
|
16 |
-
priority support tickets using our ticketing system.
|
17 |
|
18 |
-
|
19 |
-
|
20 |
|
21 |
<?php } ?>
|
22 |
|
23 |
--
|
24 |
-
|
25 |
-
<?php echo $myOptionsURL;
|
26 |
|
27 |
-
|
28 |
-
<?php echo $myHomeURL;
|
29 |
|
30 |
|
31 |
|
1 |
+
This email was sent from your website "<?php echo $blogName; ?>" by the Wordfence plugin at <?php echo $date; ?>
|
2 |
|
3 |
+
The Wordfence administrative URL for this site is: <?php echo $adminURL; ?>admin.php?page=Wordfence
|
4 |
|
5 |
+
<?php echo $alertMsg; ?>
|
6 |
+
<?php if($IPMsg){ echo "\n$IPMsg\n"; } ?>
|
7 |
|
8 |
<?php if(! $isPaid){ ?>
|
9 |
+
NOTE: You are using the free version of Wordfence. Upgrading to the paid version of Wordfence gives you
|
10 |
two factor authentication (sign-in via cellphone) and country blocking which are both effective methods to block attacks.
|
11 |
A Premium Wordfence license also includes remote scanning with each scan of your site which can detect
|
12 |
several additional website infections. Premium members can also schedule when website scans occur and
|
13 |
+
can scan more than once per day.
|
14 |
|
15 |
+
As a Premium member you also get access to our priority support system located at http://support.wordfence.com/ and can file
|
16 |
+
priority support tickets using our ticketing system.
|
17 |
|
18 |
+
Click here to sign-up for the Premium version of Wordfence now.
|
19 |
+
https://www.wordfence.com/wordfence-signup/
|
20 |
|
21 |
<?php } ?>
|
22 |
|
23 |
--
|
24 |
+
To change your alert options for Wordfence, visit:
|
25 |
+
<?php echo $myOptionsURL; ?>
|
26 |
|
27 |
+
To see current Wordfence alerts, visit:
|
28 |
+
<?php echo $myHomeURL; ?>
|
29 |
|
30 |
|
31 |
|
lib/menu_options.php
CHANGED
@@ -1,402 +1,1141 @@
|
|
1 |
-
<?php
|
2 |
-
$w = new wfConfig();
|
3 |
?>
|
4 |
<script type="text/javascript">
|
5 |
-
var WFSLevels = <?php echo json_encode(wfConfig::$securityLevels); ?>;
|
6 |
</script>
|
7 |
<div class="wordfenceModeElem" id="wordfenceMode_options"></div>
|
8 |
<div class="wrap">
|
9 |
-
<?php require('menuHeader.php'); ?>
|
10 |
-
<?php $helpLink="http://docs.wordfence.com/en/Wordfence_options";
|
|
|
|
|
|
|
11 |
<div class="wordfenceLive">
|
12 |
<table border="0" cellpadding="0" cellspacing="0">
|
13 |
-
|
|
|
|
|
|
|
14 |
</table>
|
15 |
</div>
|
16 |
|
17 |
<form id="wfConfigForm">
|
18 |
-
|
19 |
-
|
20 |
-
|
21 |
-
|
22 |
-
|
23 |
-
|
24 |
-
|
25 |
-
|
26 |
-
|
27 |
-
|
28 |
-
|
29 |
-
|
30 |
-
|
31 |
-
|
32 |
-
|
33 |
-
|
34 |
-
|
35 |
-
|
36 |
-
|
37 |
-
|
38 |
-
|
39 |
-
|
40 |
-
|
41 |
-
|
42 |
-
|
43 |
-
|
44 |
-
|
45 |
-
|
46 |
-
|
47 |
-
|
48 |
-
|
49 |
-
|
50 |
-
|
51 |
-
|
52 |
-
|
53 |
-
|
54 |
-
|
55 |
-
|
56 |
-
|
57 |
-
|
58 |
-
|
59 |
-
|
60 |
-
|
61 |
-
|
62 |
-
|
63 |
-
|
64 |
-
|
65 |
-
|
66 |
-
|
67 |
-
|
68 |
-
|
69 |
-
|
70 |
-
|
71 |
-
|
72 |
-
|
73 |
-
<
|
74 |
-
|
75 |
-
|
76 |
-
|
77 |
-
|
78 |
-
|
79 |
-
|
80 |
-
|
81 |
-
|
82 |
-
|
83 |
-
|
84 |
-
|
85 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
86 |
</p>
|
87 |
-
|
88 |
-
|
89 |
-
|
90 |
-
|
91 |
-
|
92 |
-
|
93 |
-
|
94 |
-
|
95 |
-
|
96 |
-
|
97 |
-
|
98 |
-
|
99 |
-
|
100 |
-
|
101 |
-
|
102 |
-
|
103 |
-
|
104 |
-
|
105 |
-
|
106 |
-
|
107 |
-
|
108 |
-
|
109 |
-
|
110 |
-
|
111 |
-
|
112 |
-
|
113 |
-
|
114 |
-
|
115 |
-
|
116 |
-
|
117 |
-
|
118 |
-
|
119 |
-
|
120 |
-
|
121 |
-
|
122 |
-
|
123 |
-
|
124 |
-
|
125 |
-
|
126 |
-
|
127 |
-
|
128 |
-
|
129 |
-
|
130 |
-
|
131 |
-
|
132 |
-
|
133 |
-
|
134 |
-
|
135 |
-
|
136 |
-
|
137 |
-
|
138 |
-
|
139 |
-
|
140 |
-
|
141 |
-
|
142 |
-
|
143 |
-
|
144 |
-
|
145 |
-
|
146 |
-
|
147 |
-
|
148 |
-
|
149 |
-
|
150 |
-
|
151 |
-
|
152 |
-
|
153 |
-
|
154 |
-
|
155 |
-
|
156 |
-
|
157 |
-
|
158 |
-
|
159 |
-
|
160 |
-
|
161 |
-
|
162 |
-
|
163 |
-
|
164 |
-
|
165 |
-
|
166 |
-
|
167 |
-
|
168 |
-
|
169 |
-
|
170 |
-
|
171 |
-
|
172 |
-
|
173 |
-
|
174 |
-
|
175 |
-
|
176 |
-
|
177 |
-
|
178 |
-
|
179 |
-
|
180 |
-
|
181 |
-
|
182 |
-
|
183 |
-
|
184 |
-
|
185 |
-
|
186 |
-
|
187 |
-
|
188 |
-
|
189 |
-
|
190 |
-
|
191 |
-
|
192 |
-
|
193 |
-
|
194 |
-
|
195 |
-
|
196 |
-
|
197 |
-
|
198 |
-
|
199 |
-
|
200 |
-
|
201 |
-
|
202 |
-
|
203 |
-
|
204 |
-
|
205 |
-
|
206 |
-
|
207 |
-
|
208 |
-
|
209 |
-
|
210 |
-
|
211 |
-
|
212 |
-
|
213 |
-
|
214 |
-
|
215 |
-
|
216 |
-
|
217 |
-
|
218 |
-
|
219 |
-
|
220 |
-
|
221 |
-
|
222 |
-
|
223 |
-
|
224 |
-
|
225 |
-
|
226 |
-
|
227 |
-
|
228 |
-
|
229 |
-
|
230 |
-
|
231 |
-
|
232 |
-
|
233 |
-
|
234 |
-
|
235 |
-
|
236 |
-
|
237 |
-
|
238 |
-
|
239 |
-
|
240 |
-
|
241 |
-
|
242 |
-
|
243 |
-
|
244 |
-
|
245 |
-
|
246 |
-
|
247 |
-
|
248 |
-
|
249 |
-
|
250 |
-
|
251 |
-
|
252 |
-
|
253 |
-
|
254 |
-
|
255 |
-
|
256 |
-
|
257 |
-
|
258 |
-
|
259 |
-
|
260 |
-
|
261 |
-
|
262 |
-
|
263 |
-
|
264 |
-
|
265 |
-
|
266 |
-
|
267 |
-
|
268 |
-
|
269 |
-
|
270 |
-
|
271 |
-
|
272 |
-
|
273 |
-
|
274 |
-
|
275 |
-
|
276 |
-
|
277 |
-
|
278 |
-
|
279 |
-
|
280 |
-
|
281 |
-
|
282 |
-
|
283 |
-
|
284 |
-
|
285 |
-
|
286 |
-
|
287 |
-
|
288 |
-
|
289 |
-
|
290 |
-
|
291 |
-
|
292 |
-
|
293 |
-
|
294 |
-
|
295 |
-
|
296 |
-
|
297 |
-
|
298 |
-
|
299 |
-
|
300 |
-
|
301 |
-
|
302 |
-
|
303 |
-
|
304 |
-
|
305 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
306 |
</form>
|
307 |
</div>
|
308 |
<script type="text/x-jquery-template" id="wfContentBasicOptions">
|
309 |
-
<div>
|
310 |
-
<h3>Basic Options</h3>
|
311 |
-
|
312 |
-
|
313 |
-
|
314 |
-
|
315 |
-
|
316 |
-
|
317 |
-
|
318 |
-
|
319 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
320 |
</script>
|
321 |
<script type="text/x-jquery-template" id="wfContentLiveTrafficOptions">
|
322 |
-
<div>
|
323 |
-
<h3>Live Traffic Options</h3>
|
324 |
-
|
325 |
-
|
326 |
-
|
327 |
-
|
328 |
-
|
|
|
|
|
|
|
329 |
</script>
|
330 |
<script type="text/x-jquery-template" id="wfContentScansToInclude">
|
331 |
-
<div>
|
332 |
-
<h3>Scans to Include</h3>
|
333 |
-
|
334 |
-
|
335 |
-
|
336 |
-
|
337 |
-
|
338 |
-
|
339 |
-
|
340 |
-
|
341 |
-
|
342 |
-
|
343 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
344 |
</script>
|
345 |
<script type="text/x-jquery-template" id="wfContentFirewallRules">
|
346 |
-
<div>
|
347 |
-
<h3>Firewall Rules</h3>
|
348 |
-
|
349 |
-
|
350 |
-
|
351 |
-
|
352 |
-
|
353 |
-
|
354 |
-
|
355 |
-
|
356 |
-
|
357 |
-
|
358 |
-
|
359 |
-
|
360 |
-
|
361 |
-
|
362 |
-
|
363 |
-
|
364 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
365 |
</script>
|
366 |
<script type="text/x-jquery-template" id="wfContentLoginSecurity">
|
367 |
-
<div>
|
368 |
-
<h3>Login Security</h3>
|
369 |
-
|
370 |
-
|
371 |
-
|
372 |
-
|
373 |
-
|
374 |
-
|
375 |
-
|
|
|
|
|
|
|
376 |
</script>
|
377 |
<script type="text/x-jquery-template" id="wfContentOtherOptions">
|
378 |
-
<div>
|
379 |
-
<h3>Other Options</h3>
|
380 |
-
|
381 |
-
|
382 |
-
|
383 |
-
|
384 |
-
|
385 |
-
|
386 |
-
|
387 |
-
|
388 |
-
|
389 |
-
</p>
|
390 |
-
|
391 |
-
|
392 |
-
|
393 |
-
|
394 |
-
|
395 |
-
|
396 |
-
|
397 |
-
|
398 |
-
|
399 |
-
|
400 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
401 |
</script>
|
402 |
|
1 |
+
<?php
|
2 |
+
$w = new wfConfig();
|
3 |
?>
|
4 |
<script type="text/javascript">
|
5 |
+
var WFSLevels = <?php echo json_encode(wfConfig::$securityLevels); ?>;
|
6 |
</script>
|
7 |
<div class="wordfenceModeElem" id="wordfenceMode_options"></div>
|
8 |
<div class="wrap">
|
9 |
+
<?php require( 'menuHeader.php' ); ?>
|
10 |
+
<?php $helpLink = "http://docs.wordfence.com/en/Wordfence_options";
|
11 |
+
$helpLabel = "Learn more about Wordfence Options";
|
12 |
+
$pageTitle = "Wordfence Options";
|
13 |
+
include( 'pageTitle.php' ); ?>
|
14 |
<div class="wordfenceLive">
|
15 |
<table border="0" cellpadding="0" cellspacing="0">
|
16 |
+
<tr>
|
17 |
+
<td><h2>Wordfence Live Activity:</h2></td>
|
18 |
+
<td id="wfLiveStatus"></td>
|
19 |
+
</tr>
|
20 |
</table>
|
21 |
</div>
|
22 |
|
23 |
<form id="wfConfigForm">
|
24 |
+
<table class="wfConfigForm">
|
25 |
+
<tr>
|
26 |
+
<td colspan="2"><h2>License</h2></td>
|
27 |
+
</tr>
|
28 |
+
|
29 |
+
<tr>
|
30 |
+
<th>Your Wordfence API Key:<a href="http://docs.wordfence.com/en/Wordfence_options#Wordfence_API_Key"
|
31 |
+
target="_blank" class="wfhelp"></a></th>
|
32 |
+
<td><input type="text" id="apiKey" name="apiKey" value="<?php $w->f( 'apiKey' ); ?>" size="80"/></td>
|
33 |
+
</tr>
|
34 |
+
<tr>
|
35 |
+
<th>Key type currently active:</th>
|
36 |
+
<td>
|
37 |
+
<?php if (wfConfig::get( 'isPaid' )){ ?>
|
38 |
+
The currently active API Key is a Premium Key. <span style="font-weight: bold; color: #0A0;">Premium scanning enabled!</span>
|
39 |
+
<?php } else { ?>
|
40 |
+
The currently active API Key is a <span style="color: #F00; font-weight: bold;">Free Key</span>. <a
|
41 |
+
href="https://www.wordfence.com/wordfence-signup/" target="_blank">Click Here to Upgrade to
|
42 |
+
Wordfence Premium now.</a>
|
43 |
+
<?php } ?>
|
44 |
+
</td>
|
45 |
+
</tr>
|
46 |
+
<tr>
|
47 |
+
<td colspan="2">
|
48 |
+
<?php if ( wfConfig::get( 'isPaid' ) ) { ?>
|
49 |
+
<table border="0">
|
50 |
+
<tr>
|
51 |
+
<td><a href="https://www.wordfence.com/manage-wordfence-api-keys/"
|
52 |
+
target="_blank"><input type="button" value="Renew your premium license"/></a>
|
53 |
+
</td>
|
54 |
+
<td> </td>
|
55 |
+
<td><input type="button" value="Downgrade to a free license"
|
56 |
+
onclick="WFAD.downgradeLicense();"/></td>
|
57 |
+
</tr>
|
58 |
+
</table>
|
59 |
+
<?php } ?>
|
60 |
+
|
61 |
+
|
62 |
+
<tr>
|
63 |
+
<td colspan="2"><h2>Basic Options<a href="http://docs.wordfence.com/en/Wordfence_options#Basic_Options"
|
64 |
+
target="_blank" class="wfhelp"></a></h2></td>
|
65 |
+
</tr>
|
66 |
+
<tr>
|
67 |
+
<th class="wfConfigEnable">Enable firewall<a
|
68 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Enable_Firewall" target="_blank"
|
69 |
+
class="wfhelp"></a></th>
|
70 |
+
<td><input type="checkbox" id="firewallEnabled" class="wfConfigElem" name="firewallEnabled"
|
71 |
+
value="1" <?php $w->cb( 'firewallEnabled' ); ?> /> <span
|
72 |
+
style="color: #F00;">NOTE:</span> This checkbox enables ALL firewall functions including IP,
|
73 |
+
country and advanced blocking and the "Firewall Rules" below.
|
74 |
+
</td>
|
75 |
+
</tr>
|
76 |
+
<tr>
|
77 |
+
<td colspan="2"> </td>
|
78 |
+
</tr>
|
79 |
+
<tr>
|
80 |
+
<th class="wfConfigEnable">Enable login security<a
|
81 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Enable_login_security" target="_blank"
|
82 |
+
class="wfhelp"></a></th>
|
83 |
+
<td><input type="checkbox" id="loginSecurityEnabled" class="wfConfigElem" name="loginSecurityEnabled"
|
84 |
+
value="1" <?php $w->cb( 'loginSecurityEnabled' ); ?> /> This option enables all "Login
|
85 |
+
Security" options. You can modify individual options further down this page.
|
86 |
+
</td>
|
87 |
+
</tr>
|
88 |
+
<tr>
|
89 |
+
<td colspan="2"> </td>
|
90 |
+
</tr>
|
91 |
+
<tr>
|
92 |
+
<th class="wfConfigEnable">Enable Live Traffic View<a
|
93 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Enable_Live_Traffic_View" target="_blank"
|
94 |
+
class="wfhelp"></a></th>
|
95 |
+
<td><input type="checkbox" id="liveTrafficEnabled" class="wfConfigElem" name="liveTrafficEnabled"
|
96 |
+
value="1" <?php $w->cb( 'liveTrafficEnabled' ); ?>
|
97 |
+
onclick="WFAD.reloadConfigPage = true; return true;"/> This option enables live traffic
|
98 |
+
logging.
|
99 |
+
</td>
|
100 |
+
</tr>
|
101 |
+
<tr>
|
102 |
+
<td colspan="2"> </td>
|
103 |
+
</tr>
|
104 |
+
<tr>
|
105 |
+
<th class="wfConfigEnable">Advanced Comment Spam Filter<a
|
106 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Advanced_Comment_Spam_Filter"
|
107 |
+
target="_blank" class="wfhelp"></a></th>
|
108 |
+
<td><input type="checkbox" id="advancedCommentScanning" class="wfConfigElem"
|
109 |
+
name="advancedCommentScanning" value="1" <?php $w->cbp( 'advancedCommentScanning' );
|
110 |
+
if ( ! wfConfig::get( 'isPaid' )){ ?>onclick="alert('This is a paid feature because it places significant additional load on our servers.'); jQuery('#advancedCommentScanning').attr('checked', false); return false;" <?php } ?> /> <span
|
111 |
+
style="color: #F00;">Premium Feature</span> In addition to free comment filtering (see below)
|
112 |
+
this option filters comments against several additional real-time lists of known spammers and
|
113 |
+
infected hosts.
|
114 |
+
</td>
|
115 |
+
</tr>
|
116 |
+
<tr>
|
117 |
+
<th class="wfConfigEnable">Check if this website is being "Spamvertised"<a
|
118 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Check_if_this_website_is_being_.22Spamvertized.22"
|
119 |
+
target="_blank" class="wfhelp"></a></th>
|
120 |
+
<td><input type="checkbox" id="spamvertizeCheck" class="wfConfigElem" name="spamvertizeCheck" value="1"
|
121 |
+
<?php $w->cbp( 'spamvertizeCheck' );
|
122 |
+
if ( ! wfConfig::get( 'isPaid' )){ ?>onclick="alert('This is a paid feature because it places significant additional load on our servers.'); jQuery('#spamvertizeCheck').attr('checked', false); return false;" <?php } ?> /> <span
|
123 |
+
style="color: #F00;">Premium Feature</span> When doing a scan, Wordfence will check with spam
|
124 |
+
services if your site domain name is appearing as a link in spam emails.
|
125 |
+
</td>
|
126 |
+
</tr>
|
127 |
+
<tr>
|
128 |
+
<th class="wfConfigEnable">Check if this website IP is generating spam<a
|
129 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Check_if_this_website_IP_is_generating_spam"
|
130 |
+
target="_blank" class="wfhelp"></a></th>
|
131 |
+
<td><input type="checkbox" id="checkSpamIP" class="wfConfigElem" name="checkSpamIP" value="1"
|
132 |
+
<?php $w->cbp( 'checkSpamIP' );
|
133 |
+
if ( ! wfConfig::get( 'isPaid' )){ ?>onclick="alert('This is a paid feature because it places significant additional load on our servers.'); jQuery('#checkSpamIP').attr('checked', false); return false;" <?php } ?> /> <span
|
134 |
+
style="color: #F00;">Premium Feature</span> When doing a scan, Wordfence will check with spam
|
135 |
+
services if your website IP address is listed as a known source of spam email.
|
136 |
+
</td>
|
137 |
+
</tr>
|
138 |
+
<tr>
|
139 |
+
<td colspan="2"> </td>
|
140 |
+
</tr>
|
141 |
+
<?php /* <tr><th class="wfConfigEnable">Enable Performance Monitoring</th><td><input type="checkbox" id="perfLoggingEnabled" class="wfConfigElem" name="perfLoggingEnabled" value="1" <?php $w->cb('perfLoggingEnabled'); ?> onclick="WFAD.reloadConfigPage = true; return true;" /> This option enables performance monitoring.</td></tr> */ ?>
|
142 |
+
<tr>
|
143 |
+
<td colspan="2"> </td>
|
144 |
+
</tr>
|
145 |
+
<tr>
|
146 |
+
<th class="wfConfigEnable">Enable automatic scheduled scans<a
|
147 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Enable_automatic_scheduled_scans"
|
148 |
+
target="_blank" class="wfhelp"></a></th>
|
149 |
+
<td><input type="checkbox" id="scheduledScansEnabled" class="wfConfigElem" name="scheduledScansEnabled"
|
150 |
+
value="1" <?php $w->cb( 'scheduledScansEnabled' ); ?> /> Regular scans ensure your site
|
151 |
+
stays secure.
|
152 |
+
</td>
|
153 |
+
</tr>
|
154 |
+
<tr>
|
155 |
+
<td colspan="2"> </td>
|
156 |
+
</tr>
|
157 |
+
<tr>
|
158 |
+
<th class="wfConfigEnable">Update Wordfence automatically when a new version is released?<a
|
159 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Update_Wordfence_Automatically_when_a_new_version_is_released"
|
160 |
+
target="_blank" class="wfhelp"></a></th>
|
161 |
+
<td><input type="checkbox" id="autoUpdate" class="wfConfigElem" name="autoUpdate"
|
162 |
+
value="1" <?php $w->cb( 'autoUpdate' ); ?> /> Automatically updates Wordfence to the
|
163 |
+
newest version within 24 hours of a new release.<br/>
|
164 |
+
<?php if (getenv( 'noabort' ) != '1' && stristr( $_SERVER['SERVER_SOFTWARE'], 'litespeed' ) !== false){ ?>
|
165 |
+
<span style="color: #F00;">Warning: </span>You are running LiteSpeed web server and you don't have
|
166 |
+
the "noabort" variable set in your .htaccess.<br/>
|
167 |
+
<a href="https://support.wordfence.com/solution/articles/1000129050-running-wordfence-under-litespeed-web-server-and-preventing-process-killing-or"
|
168 |
+
target="_blank">Please read this article in our FAQ to make an important change that will ensure
|
169 |
+
your site stability during an update.<br/>
|
170 |
+
<?php } ?>
|
171 |
+
</td>
|
172 |
+
</tr>
|
173 |
+
<tr>
|
174 |
+
<td colspan="2"> </td>
|
175 |
+
</tr>
|
176 |
+
|
177 |
+
<tr>
|
178 |
+
<th>Where to email alerts:<a href="http://docs.wordfence.com/en/Wordfence_options#Where_to_email_alerts"
|
179 |
+
target="_blank" class="wfhelp"></a></th>
|
180 |
+
<td><input type="text" id="alertEmails" name="alertEmails" value="<?php $w->f( 'alertEmails' ); ?>"
|
181 |
+
size="50"/> <span class="wfTipText">Separate multiple emails with commas</span></td>
|
182 |
+
</tr>
|
183 |
+
<tr>
|
184 |
+
<th colspan="2"> </th>
|
185 |
+
</tr>
|
186 |
+
<tr>
|
187 |
+
<th>Security Level:<a href="http://docs.wordfence.com/en/Wordfence_options#Security_Level"
|
188 |
+
target="_blank" class="wfhelp"></a></th>
|
189 |
+
<td>
|
190 |
+
<select id="securityLevel" name="securityLevel" onchange="WFAD.changeSecurityLevel(); return true;">
|
191 |
+
<option value="0"<?php $w->sel( 'securityLevel', '0' ); ?>>Level 0: Disable all Wordfence
|
192 |
+
security measures
|
193 |
+
</option>
|
194 |
+
<option value="1"<?php $w->sel( 'securityLevel', '1' ); ?>>Level 1: Light protection. Just the
|
195 |
+
basics
|
196 |
+
</option>
|
197 |
+
<option value="2"<?php $w->sel( 'securityLevel', '2' ); ?>>Level 2: Medium protection. Suitable
|
198 |
+
for most sites
|
199 |
+
</option>
|
200 |
+
<option value="3"<?php $w->sel( 'securityLevel', '3' ); ?>>Level 3: High security. Use this when
|
201 |
+
an attack is imminent
|
202 |
+
</option>
|
203 |
+
<option value="4"<?php $w->sel( 'securityLevel', '4' ); ?>>Level 4: Lockdown. Protect the site
|
204 |
+
against an attack in progress at the cost of inconveniencing some users
|
205 |
+
</option>
|
206 |
+
<option value="CUSTOM"<?php $w->sel( 'securityLevel', 'CUSTOM' ); ?>>Custom settings</option>
|
207 |
+
</select>
|
208 |
+
</td>
|
209 |
+
</tr>
|
210 |
+
<tr>
|
211 |
+
<th>How does Wordfence get IPs:<a
|
212 |
+
href="http://docs.wordfence.com/en/Wordfence_options#How_does_Wordfence_get_IPs" target="_blank"
|
213 |
+
class="wfhelp"></a></th>
|
214 |
+
<td>
|
215 |
+
<select id="howGetIPs" name="howGetIPs">
|
216 |
+
<option value="">Let Wordfence use the most secure method to get visitor IP addresses. Prevents
|
217 |
+
spoofing and works with most sites.
|
218 |
+
</option>
|
219 |
+
<option value="REMOTE_ADDR"<?php $w->sel( 'howGetIPs', 'REMOTE_ADDR' ); ?>>Use PHP's built in
|
220 |
+
REMOTE_ADDR and don't use anything else. Very secure if this is compatible with your site.
|
221 |
+
</option>
|
222 |
+
<option value="HTTP_X_FORWARDED_FOR"<?php $w->sel( 'howGetIPs', 'HTTP_X_FORWARDED_FOR' ); ?>>Use
|
223 |
+
the X-Forwarded-For HTTP header. Only use if you have a front-end proxy or spoofing may
|
224 |
+
result.
|
225 |
+
</option>
|
226 |
+
<option value="HTTP_X_REAL_IP"<?php $w->sel( 'howGetIPs', 'HTTP_X_REAL_IP' ); ?>>Use the
|
227 |
+
X-Real-IP HTTP header. Only use if you have a front-end proxy or spoofing may result.
|
228 |
+
</option>
|
229 |
+
<option value="HTTP_CF_CONNECTING_IP"<?php $w->sel( 'howGetIPs', 'HTTP_CF_CONNECTING_IP' ); ?>>
|
230 |
+
Use the Cloudflare "CF-Connecting-IP" HTTP header to get a visitor IP. Only use if you're
|
231 |
+
using Cloudflare.
|
232 |
+
</option>
|
233 |
+
</select>
|
234 |
+
</td>
|
235 |
+
</tr>
|
236 |
+
</table>
|
237 |
+
<p>
|
238 |
+
<table border="0" cellpadding="0" cellspacing="0">
|
239 |
+
<tr>
|
240 |
+
<td><input type="button" id="button1" name="button1" class="button-primary" value="Save Changes"
|
241 |
+
onclick="WFAD.saveConfig();"/></td>
|
242 |
+
<td style="height: 24px;">
|
243 |
+
<div class="wfAjax24"></div>
|
244 |
+
<span class="wfSavedMsg"> Your changes have been saved!</span></td>
|
245 |
+
</tr>
|
246 |
+
</table>
|
247 |
</p>
|
248 |
+
<div class="wfMarker" id="wfMarkerBasicOptions"></div>
|
249 |
+
<div style="margin-top: 25px;">
|
250 |
+
<h2>Advanced Options:<a href="http://docs.wordfence.com/en/Wordfence_options#Advanced_Options"
|
251 |
+
target="_blank" class="wfhelp"></a></h2>
|
252 |
+
|
253 |
+
<p style="width: 600px;">
|
254 |
+
Wordfence works great out of the box for most websites. Simply install Wordfence and your site and
|
255 |
+
content is protected. For finer granularity of control, we have provided advanced options.
|
256 |
+
</p>
|
257 |
+
</div>
|
258 |
+
<div id="wfConfigAdvanced">
|
259 |
+
<table class="wfConfigForm">
|
260 |
+
<tr>
|
261 |
+
<td colspan="2"><h3 class="wfConfigHeading">Alerts<a
|
262 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Alerts" target="_blank"
|
263 |
+
class="wfhelp"></a></h3></td>
|
264 |
+
</tr>
|
265 |
+
<?php
|
266 |
+
$emails = wfConfig::getAlertEmails();
|
267 |
+
if ( sizeof( $emails ) < 1 ) {
|
268 |
+
echo "<tr><th colspan=\"2\" style=\"color: #F00;\">You have not configured an email to receive alerts yet. Set this up under \"Basic Options\" above.</th></tr>\n";
|
269 |
+
}
|
270 |
+
?>
|
271 |
+
<tr>
|
272 |
+
<th>Email me when Wordfence is automatically updated</th>
|
273 |
+
<td><input type="checkbox" id="alertOn_update" class="wfConfigElem" name="alertOn_update"
|
274 |
+
value="1" <?php $w->cb( 'alertOn_update' ); ?>/> If you have automatic updates
|
275 |
+
enabled (see above), you'll get an email when an update occurs.
|
276 |
+
</td>
|
277 |
+
</tr>
|
278 |
+
<tr>
|
279 |
+
<th>Alert on critical problems</th>
|
280 |
+
<td><input type="checkbox" id="alertOn_critical" class="wfConfigElem" name="alertOn_critical"
|
281 |
+
value="1" <?php $w->cb( 'alertOn_critical' ); ?>/></td>
|
282 |
+
</tr>
|
283 |
+
<tr>
|
284 |
+
<th>Alert on warnings</th>
|
285 |
+
<td><input type="checkbox" id="alertOn_warnings" class="wfConfigElem" name="alertOn_warnings"
|
286 |
+
value="1" <?php $w->cb( 'alertOn_warnings' ); ?>/></td>
|
287 |
+
</tr>
|
288 |
+
<tr>
|
289 |
+
<th>Alert when an IP address is blocked</th>
|
290 |
+
<td><input type="checkbox" id="alertOn_block" class="wfConfigElem" name="alertOn_block"
|
291 |
+
value="1" <?php $w->cb( 'alertOn_block' ); ?>/></td>
|
292 |
+
</tr>
|
293 |
+
<tr>
|
294 |
+
<th>Alert when someone is locked out from login</th>
|
295 |
+
<td><input type="checkbox" id="alertOn_loginLockout" class="wfConfigElem"
|
296 |
+
name="alertOn_loginLockout" value="1" <?php $w->cb( 'alertOn_loginLockout' ); ?>/></td>
|
297 |
+
</tr>
|
298 |
+
<tr>
|
299 |
+
<th>Alert when the "lost password" form is used for a valid user</th>
|
300 |
+
<td><input type="checkbox" id="alertOn_lostPasswdForm" class="wfConfigElem"
|
301 |
+
name="alertOn_lostPasswdForm" value="1" <?php $w->cb( 'alertOn_lostPasswdForm' ); ?>/>
|
302 |
+
</td>
|
303 |
+
</tr>
|
304 |
+
<tr>
|
305 |
+
<th>Alert me when someone with administrator access signs in</th>
|
306 |
+
<td><input type="checkbox" id="alertOn_adminLogin" class="wfConfigElem" name="alertOn_adminLogin"
|
307 |
+
value="1" <?php $w->cb( 'alertOn_adminLogin' ); ?>/></td>
|
308 |
+
</tr>
|
309 |
+
<tr>
|
310 |
+
<th>Alert me when a non-admin user signs in</th>
|
311 |
+
<td><input type="checkbox" id="alertOn_nonAdminLogin" class="wfConfigElem"
|
312 |
+
name="alertOn_nonAdminLogin" value="1" <?php $w->cb( 'alertOn_nonAdminLogin' ); ?>/></td>
|
313 |
+
</tr>
|
314 |
+
<tr>
|
315 |
+
<th>Maximum email alerts to send per hour</th>
|
316 |
+
<td> <input type="text" id="alert_maxHourly" name="alert_maxHourly"
|
317 |
+
value="<?php $w->f( 'alert_maxHourly' ); ?>" size="4"/>0 or empty means unlimited
|
318 |
+
alerts will be sent.
|
319 |
+
</td>
|
320 |
+
</tr>
|
321 |
+
<tr>
|
322 |
+
<td colspan="2">
|
323 |
+
<div class="wfMarker" id="wfMarkerLiveTrafficOptions"></div>
|
324 |
+
<h3 class="wfConfigHeading">Live Traffic View<a
|
325 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Live_Traffic_View" target="_blank"
|
326 |
+
class="wfhelp"></a></h3>
|
327 |
+
</td>
|
328 |
+
</tr>
|
329 |
+
<tr>
|
330 |
+
<th>Don't log signed-in users with publishing access:</th>
|
331 |
+
<td><input type="checkbox" id="liveTraf_ignorePublishers" name="liveTraf_ignorePublishers"
|
332 |
+
value="1" <?php $w->cb( 'liveTraf_ignorePublishers' ); ?> /></td>
|
333 |
+
</tr>
|
334 |
+
<tr>
|
335 |
+
<th>List of comma separated usernames to ignore:</th>
|
336 |
+
<td><input type="text" name="liveTraf_ignoreUsers" id="liveTraf_ignoreUsers"
|
337 |
+
value="<?php echo $w->getHTML( 'liveTraf_ignoreUsers' ); ?>"/></td>
|
338 |
+
</tr>
|
339 |
+
<tr>
|
340 |
+
<th>List of comma separated IP addresses to ignore:</th>
|
341 |
+
<td><input type="text" name="liveTraf_ignoreIPs" id="liveTraf_ignoreIPs"
|
342 |
+
value="<?php echo $w->getHTML( 'liveTraf_ignoreIPs' ); ?>"/></td>
|
343 |
+
</tr>
|
344 |
+
<tr>
|
345 |
+
<th>Browser user-agent to ignore:</th>
|
346 |
+
<td><input type="text" name="liveTraf_ignoreUA" id="liveTraf_ignoreUA"
|
347 |
+
value="<?php echo $w->getHTML( 'liveTraf_ignoreUA' ); ?>"/></td>
|
348 |
+
</tr>
|
349 |
+
<tr>
|
350 |
+
<td colspan="2">
|
351 |
+
<div class="wfMarker" id="wfMarkerScansToInclude"></div>
|
352 |
+
<h3 class="wfConfigHeading">Scans to include<a
|
353 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Scans_to_Include" target="_blank"
|
354 |
+
class="wfhelp"></a></h3></td>
|
355 |
+
</tr>
|
356 |
+
<?php if ( wfConfig::get( 'isPaid' ) ) { ?>
|
357 |
+
<tr>
|
358 |
+
<th>Scan public facing site for vulnerabilities?<a
|
359 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Scan_public_facing_site"
|
360 |
+
target="_blank" class="wfhelp"></a></th>
|
361 |
+
<td><input type="checkbox" id="scansEnabled_public" class="wfConfigElem"
|
362 |
+
name="scansEnabled_public" value="1" <?php $w->cb( 'scansEnabled_public' ); ?></td>
|
363 |
+
</tr>
|
364 |
+
<?php } else { ?>
|
365 |
+
<tr>
|
366 |
+
<th style="color: #F00;">Scan public facing site for vulnerabilities?<a
|
367 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Scan_public_facing_site"
|
368 |
+
target="_blank" class="wfhelp"></a>(<a
|
369 |
+
href="https://www.wordfence.com/wordfence-signup/" target="_blank">Paid members only</a>)
|
370 |
+
</th>
|
371 |
+
<td><input type="checkbox" id="scansEnabled_public" class="wfConfigElem"
|
372 |
+
name="scansEnabled_public" value="1" DISABLED /></td>
|
373 |
+
</tr>
|
374 |
+
<?php } ?>
|
375 |
+
<tr>
|
376 |
+
<th>Scan for the HeartBleed vulnerability?<a
|
377 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_the_HeartBleed_vulnerability"
|
378 |
+
target="_blank" class="wfhelp"></a></th>
|
379 |
+
<td><input type="checkbox" id="scansEnabled_heartbleed" class="wfConfigElem"
|
380 |
+
name="scansEnabled_heartbleed" value="1" <?php $w->cb( 'scansEnabled_heartbleed' ); ?>
|
381 |
+
</td>
|
382 |
+
</tr>
|
383 |
+
<tr>
|
384 |
+
<th>Scan core files against repository versions for changes<a
|
385 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Scan_core_files_against_repository_version_for_changes"
|
386 |
+
target="_blank" class="wfhelp"></a></th>
|
387 |
+
<td><input type="checkbox" id="scansEnabled_core" class="wfConfigElem" name="scansEnabled_core"
|
388 |
+
value="1" <?php $w->cb( 'scansEnabled_core' ); ?>/></td>
|
389 |
+
</tr>
|
390 |
+
|
391 |
+
<tr>
|
392 |
+
<th>Scan theme files against repository versions for changes<a
|
393 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Scan_theme_files_against_repository_versions_for_changes"
|
394 |
+
target="_blank" class="wfhelp"></a></th>
|
395 |
+
<td><input type="checkbox" id="scansEnabled_themes" class="wfConfigElem" name="scansEnabled_themes"
|
396 |
+
value="1" <?php $w->cb( 'scansEnabled_themes' ); ?>/></td>
|
397 |
+
</tr>
|
398 |
+
<tr>
|
399 |
+
<th>Scan plugin files against repository versions for changes<a
|
400 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Scan_plugin_files_against_repository_versions_for_changes"
|
401 |
+
target="_blank" class="wfhelp"></a></th>
|
402 |
+
<td><input type="checkbox" id="scansEnabled_plugins" class="wfConfigElem"
|
403 |
+
name="scansEnabled_plugins" value="1" <?php $w->cb( 'scansEnabled_plugins' ); ?>/></td>
|
404 |
+
</tr>
|
405 |
+
<tr>
|
406 |
+
<th>Scan for signatures of known malicious files<a
|
407 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_signatures_of_known_malicious_files"
|
408 |
+
target="_blank" class="wfhelp"></a></th>
|
409 |
+
<td><input type="checkbox" id="scansEnabled_malware" class="wfConfigElem"
|
410 |
+
name="scansEnabled_malware" value="1" <?php $w->cb( 'scansEnabled_malware' ); ?>/></td>
|
411 |
+
</tr>
|
412 |
+
<tr>
|
413 |
+
<th>Scan file contents for backdoors, trojans and suspicious code<a
|
414 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Scan_file_contents_for_backdoors.2C_trojans_and_suspicious_code"
|
415 |
+
target="_blank" class="wfhelp"></a></th>
|
416 |
+
<td><input type="checkbox" id="scansEnabled_fileContents" class="wfConfigElem"
|
417 |
+
name="scansEnabled_fileContents"
|
418 |
+
value="1" <?php $w->cb( 'scansEnabled_fileContents' ); ?>/></td>
|
419 |
+
</tr>
|
420 |
+
<tr>
|
421 |
+
<th>Scan posts for known dangerous URLs and suspicious content<a
|
422 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Scan_posts_for_known_dangerous_URLs_and_suspicious_content"
|
423 |
+
target="_blank" class="wfhelp"></a></th>
|
424 |
+
<td><input type="checkbox" id="scansEnabled_posts" class="wfConfigElem" name="scansEnabled_posts"
|
425 |
+
value="1" <?php $w->cb( 'scansEnabled_posts' ); ?>/></td>
|
426 |
+
</tr>
|
427 |
+
<tr>
|
428 |
+
<th>Scan comments for known dangerous URLs and suspicious content<a
|
429 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Scan_comments_for_known_dangerous_URLs_and_suspicious_content"
|
430 |
+
target="_blank" class="wfhelp"></a></th>
|
431 |
+
<td><input type="checkbox" id="scansEnabled_comments" class="wfConfigElem"
|
432 |
+
name="scansEnabled_comments" value="1" <?php $w->cb( 'scansEnabled_comments' ); ?>/></td>
|
433 |
+
</tr>
|
434 |
+
<tr>
|
435 |
+
<th>Scan for out of date plugins, themes and WordPress versions<a
|
436 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_out_of_date_plugins.2C_themes_and_WordPress_versions"
|
437 |
+
target="_blank" class="wfhelp"></a></th>
|
438 |
+
<td><input type="checkbox" id="scansEnabled_oldVersions" class="wfConfigElem"
|
439 |
+
name="scansEnabled_oldVersions"
|
440 |
+
value="1" <?php $w->cb( 'scansEnabled_oldVersions' ); ?>/></td>
|
441 |
+
</tr>
|
442 |
+
<tr>
|
443 |
+
<th>Check the strength of passwords<a
|
444 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Check_the_strength_of_passwords"
|
445 |
+
target="_blank" class="wfhelp"></a></th>
|
446 |
+
<td><input type="checkbox" id="scansEnabled_passwds" class="wfConfigElem"
|
447 |
+
name="scansEnabled_passwds" value="1" <?php $w->cb( 'scansEnabled_passwds' ); ?>/></td>
|
448 |
+
</tr>
|
449 |
+
<tr>
|
450 |
+
<th>Scan options table<a href="http://docs.wordfence.com/en/Wordfence_options#Scan_options_table"
|
451 |
+
target="_blank" class="wfhelp"></a></th>
|
452 |
+
<td><input type="checkbox" id="scansEnabled_options" class="wfConfigElem"
|
453 |
+
name="scansEnabled_options" value="1" <?php $w->cb( 'scansEnabled_options' ); ?>/></td>
|
454 |
+
</tr>
|
455 |
+
<tr>
|
456 |
+
<th>Monitor disk space<a href="http://docs.wordfence.com/en/Wordfence_options#Monitor_disk_space"
|
457 |
+
target="_blank" class="wfhelp"></a></th>
|
458 |
+
<td><input type="checkbox" id="scansEnabled_diskSpace" class="wfConfigElem"
|
459 |
+
name="scansEnabled_diskSpace" value="1" <?php $w->cb( 'scansEnabled_diskSpace' ); ?>/>
|
460 |
+
</td>
|
461 |
+
</tr>
|
462 |
+
<tr>
|
463 |
+
<th>Scan for unauthorized DNS changes<a
|
464 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_unauthorized_DNS_changes"
|
465 |
+
target="_blank" class="wfhelp"></a></th>
|
466 |
+
<td><input type="checkbox" id="scansEnabled_dns" class="wfConfigElem" name="scansEnabled_dns"
|
467 |
+
value="1" <?php $w->cb( 'scansEnabled_dns' ); ?>/></td>
|
468 |
+
</tr>
|
469 |
+
<tr>
|
470 |
+
<th>Scan files outside your WordPress installation<a
|
471 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Scan_files_outside_your_WordPress_installation"
|
472 |
+
target="_blank" class="wfhelp"></a></th>
|
473 |
+
<td><input type="checkbox" id="other_scanOutside" class="wfConfigElem" name="other_scanOutside"
|
474 |
+
value="1" <?php $w->cb( 'other_scanOutside' ); ?> /></td>
|
475 |
+
</tr>
|
476 |
+
<tr>
|
477 |
+
<th>Scan image files as if they were executable<a
|
478 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Scan_image_files_as_if_they_were_executable"
|
479 |
+
target="_blank" class="wfhelp"></a></th>
|
480 |
+
<td><input type="checkbox" id="scansEnabled_scanImages" class="wfConfigElem"
|
481 |
+
name="scansEnabled_scanImages" value="1" <?php $w->cb( 'scansEnabled_scanImages' ); ?> />
|
482 |
+
</td>
|
483 |
+
</tr>
|
484 |
+
<tr>
|
485 |
+
<th>Enable HIGH SENSITIVITY scanning. May give false positives.<a
|
486 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Enable_HIGH_SENSITIVITY_scanning"
|
487 |
+
target="_blank" class="wfhelp"></a></th>
|
488 |
+
<td><input type="checkbox" id="scansEnabled_highSense" class="wfConfigElem"
|
489 |
+
name="scansEnabled_highSense" value="1" <?php $w->cb( 'scansEnabled_highSense' ); ?> />
|
490 |
+
</td>
|
491 |
+
</tr>
|
492 |
+
<tr>
|
493 |
+
<th>Exclude files from scan that match these wildcard patterns. Comma separated.<a
|
494 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Exclude_files_from_scan_that_match_these_wildcard_patterns."
|
495 |
+
target="_blank" class="wfhelp"></a></th>
|
496 |
+
<td><input type="text" id="scan_exclude" class="wfConfigElem" name="scan_exclude" size="20"
|
497 |
+
value="<?php echo $w->getHTML( 'scan_exclude' ); ?>"/>e.g. *.sql,*.tar,backup*.zip
|
498 |
+
</td>
|
499 |
+
</tr>
|
500 |
+
<tr>
|
501 |
+
<td colspan="2">
|
502 |
+
<div class="wfMarker" id="wfMarkerFirewallRules"></div>
|
503 |
+
<h3 class="wfConfigHeading">Firewall Rules<a
|
504 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Firewall_Rules" target="_blank"
|
505 |
+
class="wfhelp"></a></h3>
|
506 |
+
</td>
|
507 |
+
</tr>
|
508 |
+
<tr>
|
509 |
+
<th>Immediately block fake Google crawlers:<a
|
510 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Immediately_block_fake_Google_crawlers:"
|
511 |
+
target="_blank" class="wfhelp"></a></th>
|
512 |
+
<td><input type="checkbox" id="blockFakeBots" class="wfConfigElem" name="blockFakeBots"
|
513 |
+
value="1" <?php $w->cb( 'blockFakeBots' ); ?>/></td>
|
514 |
+
</tr>
|
515 |
+
<tr>
|
516 |
+
<th>How should we treat Google's crawlers<a
|
517 |
+
href="http://docs.wordfence.com/en/Wordfence_options#How_should_we_treat_Google.27s_crawlers"
|
518 |
+
target="_blank" class="wfhelp"></a></th>
|
519 |
+
<td>
|
520 |
+
<select id="neverBlockBG" class="wfConfigElem" name="neverBlockBG">
|
521 |
+
<option value="neverBlockVerified"<?php $w->sel( 'neverBlockBG', 'neverBlockVerified' ); ?>>
|
522 |
+
Verified Google crawlers have unlimited access to this site
|
523 |
+
</option>
|
524 |
+
<option value="neverBlockUA"<?php $w->sel( 'neverBlockBG', 'neverBlockUA' ); ?>>Anyone
|
525 |
+
claiming to be Google has unlimited access
|
526 |
+
</option>
|
527 |
+
<option
|
528 |
+
value="treatAsOtherCrawlers"<?php $w->sel( 'neverBlockBG', 'treatAsOtherCrawlers' ); ?>>
|
529 |
+
Treat Google like any other Crawler
|
530 |
+
</option>
|
531 |
+
</select></td>
|
532 |
+
</tr>
|
533 |
+
<tr>
|
534 |
+
<th>If anyone's requests exceed:<a
|
535 |
+
href="http://docs.wordfence.com/en/Wordfence_options#If_anyone.27s_requests_exceed:"
|
536 |
+
target="_blank" class="wfhelp"></a></th>
|
537 |
+
<td><?php $rateName = 'maxGlobalRequests';
|
538 |
+
require( 'wfRate.php' ); ?> then <?php $throtName = 'maxGlobalRequests_action';
|
539 |
+
require( 'wfAction.php' ); ?></td>
|
540 |
+
</tr>
|
541 |
+
<tr>
|
542 |
+
<th>If a crawler's page views exceed:<a
|
543 |
+
href="http://docs.wordfence.com/en/Wordfence_options#If_a_crawler.27s_page_views_exceed"
|
544 |
+
target="_blank" class="wfhelp"></a></th>
|
545 |
+
<td><?php $rateName = 'maxRequestsCrawlers';
|
546 |
+
require( 'wfRate.php' ); ?> then <?php $throtName = 'maxRequestsCrawlers_action';
|
547 |
+
require( 'wfAction.php' ); ?></td>
|
548 |
+
</tr>
|
549 |
+
<tr>
|
550 |
+
<th>If a crawler's pages not found (404s) exceed:<a
|
551 |
+
href="http://docs.wordfence.com/en/Wordfence_options#If_a_crawler.27s_pages_not_found_.28404s.29_exceed"
|
552 |
+
target="_blank" class="wfhelp"></a></th>
|
553 |
+
<td><?php $rateName = 'max404Crawlers';
|
554 |
+
require( 'wfRate.php' ); ?> then <?php $throtName = 'max404Crawlers_action';
|
555 |
+
require( 'wfAction.php' ); ?></td>
|
556 |
+
</tr>
|
557 |
+
<tr>
|
558 |
+
<th>If a human's page views exceed:<a
|
559 |
+
href="http://docs.wordfence.com/en/Wordfence_options#If_a_human.27s_page_views_exceed"
|
560 |
+
target="_blank" class="wfhelp"></a></th>
|
561 |
+
<td><?php $rateName = 'maxRequestsHumans';
|
562 |
+
require( 'wfRate.php' ); ?> then <?php $throtName = 'maxRequestsHumans_action';
|
563 |
+
require( 'wfAction.php' ); ?></td>
|
564 |
+
</tr>
|
565 |
+
<tr>
|
566 |
+
<th>If a human's pages not found (404s) exceed:<a
|
567 |
+
href="http://docs.wordfence.com/en/Wordfence_options#If_a_human.27s_pages_not_found_.28404s.29_exceed"
|
568 |
+
target="_blank" class="wfhelp"></a></th>
|
569 |
+
<td><?php $rateName = 'max404Humans';
|
570 |
+
require( 'wfRate.php' ); ?> then <?php $throtName = 'max404Humans_action';
|
571 |
+
require( 'wfAction.php' ); ?></td>
|
572 |
+
</tr>
|
573 |
+
<tr>
|
574 |
+
<th>If 404's for known vulnerable URL's exceed:<a
|
575 |
+
href="http://docs.wordfence.com/en/Wordfence_options#If_404.27s_for_known_vulnerable_URL.27s_exceed"
|
576 |
+
target="_blank" class="wfhelp"></a></th>
|
577 |
+
<td><?php $rateName = 'maxScanHits';
|
578 |
+
require( 'wfRate.php' ); ?> then <?php $throtName = 'maxScanHits_action';
|
579 |
+
require( 'wfAction.php' ); ?></td>
|
580 |
+
</tr>
|
581 |
+
<tr>
|
582 |
+
<th>How long is an IP address blocked when it breaks a rule:<a
|
583 |
+
href="http://docs.wordfence.com/en/Wordfence_options#How_long_is_an_IP_address_blocked_when_it_breaks_a_rule"
|
584 |
+
target="_blank" class="wfhelp"></a></th>
|
585 |
+
<td>
|
586 |
+
<select id="blockedTime" class="wfConfigElem" name="blockedTime">
|
587 |
+
<option value="60"<?php $w->sel( 'blockedTime', '60' ); ?>>1 minute</option>
|
588 |
+
<option value="300"<?php $w->sel( 'blockedTime', '300' ); ?>>5 minutes</option>
|
589 |
+
<option value="1800"<?php $w->sel( 'blockedTime', '1800' ); ?>>30 minutes</option>
|
590 |
+
<option value="3600"<?php $w->sel( 'blockedTime', '3600' ); ?>>1 hour</option>
|
591 |
+
<option value="7200"<?php $w->sel( 'blockedTime', '7200' ); ?>>2 hours</option>
|
592 |
+
<option value="21600"<?php $w->sel( 'blockedTime', '21600' ); ?>>6 hours</option>
|
593 |
+
<option value="43200"<?php $w->sel( 'blockedTime', '43200' ); ?>>12 hours</option>
|
594 |
+
<option value="86400"<?php $w->sel( 'blockedTime', '86400' ); ?>>1 day</option>
|
595 |
+
<option value="172800"<?php $w->sel( 'blockedTime', '172800' ); ?>>2 days</option>
|
596 |
+
<option value="432000"<?php $w->sel( 'blockedTime', '432000' ); ?>>5 days</option>
|
597 |
+
<option value="864000"<?php $w->sel( 'blockedTime', '864000' ); ?>>10 days</option>
|
598 |
+
<option value="2592000"<?php $w->sel( 'blockedTime', '2592000' ); ?>>1 month</option>
|
599 |
+
</select></td>
|
600 |
+
</tr>
|
601 |
+
|
602 |
+
<tr>
|
603 |
+
<td colspan="2">
|
604 |
+
<div class="wfMarker" id="wfMarkerLoginSecurity"></div>
|
605 |
+
<h3 class="wfConfigHeading">Login Security Options<a
|
606 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Login_Security_Options"
|
607 |
+
target="_blank" class="wfhelp"></a></h3>
|
608 |
+
</td>
|
609 |
+
</tr>
|
610 |
+
<tr>
|
611 |
+
<th>Enforce strong passwords?<a
|
612 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Enforce_strong_passwords.3F"
|
613 |
+
target="_blank" class="wfhelp"></a></th>
|
614 |
+
<td>
|
615 |
+
<select class="wfConfigElem" id="loginSec_strongPasswds" name="loginSec_strongPasswds">
|
616 |
+
<option value="">Do not force users to use strong passwords</option>
|
617 |
+
<option value="pubs"<?php $w->sel( 'loginSec_strongPasswds', 'pubs' ); ?>>Force admins and
|
618 |
+
publishers to use strong passwords (recommended)
|
619 |
+
</option>
|
620 |
+
<option value="all"<?php $w->sel( 'loginSec_strongPasswds', 'all' ); ?>>Force all members to
|
621 |
+
use strong passwords
|
622 |
+
</option>
|
623 |
+
</select>
|
624 |
+
<tr>
|
625 |
+
<th>Lock out after how many login failures<a
|
626 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Lock_out_after_how_many_login_failures"
|
627 |
+
target="_blank" class="wfhelp"></a></th>
|
628 |
+
<td>
|
629 |
+
<select id="loginSec_maxFailures" class="wfConfigElem" name="loginSec_maxFailures">
|
630 |
+
<option value="1"<?php $w->sel( 'loginSec_maxFailures', '1' ); ?>>1</option>
|
631 |
+
<option value="2"<?php $w->sel( 'loginSec_maxFailures', '2' ); ?>>2</option>
|
632 |
+
<option value="3"<?php $w->sel( 'loginSec_maxFailures', '3' ); ?>>3</option>
|
633 |
+
<option value="4"<?php $w->sel( 'loginSec_maxFailures', '4' ); ?>>4</option>
|
634 |
+
<option value="5"<?php $w->sel( 'loginSec_maxFailures', '5' ); ?>>5</option>
|
635 |
+
<option value="6"<?php $w->sel( 'loginSec_maxFailures', '6' ); ?>>6</option>
|
636 |
+
<option value="7"<?php $w->sel( 'loginSec_maxFailures', '7' ); ?>>7</option>
|
637 |
+
<option value="8"<?php $w->sel( 'loginSec_maxFailures', '8' ); ?>>8</option>
|
638 |
+
<option value="9"<?php $w->sel( 'loginSec_maxFailures', '9' ); ?>>9</option>
|
639 |
+
<option value="10"<?php $w->sel( 'loginSec_maxFailures', '10' ); ?>>10</option>
|
640 |
+
<option value="20"<?php $w->sel( 'loginSec_maxFailures', '20' ); ?>>20</option>
|
641 |
+
<option value="30"<?php $w->sel( 'loginSec_maxFailures', '30' ); ?>>30</option>
|
642 |
+
<option value="40"<?php $w->sel( 'loginSec_maxFailures', '40' ); ?>>40</option>
|
643 |
+
<option value="50"<?php $w->sel( 'loginSec_maxFailures', '50' ); ?>>50</option>
|
644 |
+
<option value="100"<?php $w->sel( 'loginSec_maxFailures', '100' ); ?>>100</option>
|
645 |
+
<option value="200"<?php $w->sel( 'loginSec_maxFailures', '200' ); ?>>200</option>
|
646 |
+
<option value="500"<?php $w->sel( 'loginSec_maxFailures', '500' ); ?>>500</option>
|
647 |
+
</select>
|
648 |
+
</td>
|
649 |
+
</tr>
|
650 |
+
<tr>
|
651 |
+
<th>Lock out after how many forgot password attempts<a
|
652 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Lock_out_after_how_many_forgot_password_attempts"
|
653 |
+
target="_blank" class="wfhelp"></a></th>
|
654 |
+
<td>
|
655 |
+
<select id="loginSec_maxForgotPasswd" class="wfConfigElem" name="loginSec_maxForgotPasswd">
|
656 |
+
<option value="1"<?php $w->sel( 'loginSec_maxForgotPasswd', '1' ); ?>>1</option>
|
657 |
+
<option value="2"<?php $w->sel( 'loginSec_maxForgotPasswd', '2' ); ?>>2</option>
|
658 |
+
<option value="3"<?php $w->sel( 'loginSec_maxForgotPasswd', '3' ); ?>>3</option>
|
659 |
+
<option value="4"<?php $w->sel( 'loginSec_maxForgotPasswd', '4' ); ?>>4</option>
|
660 |
+
<option value="5"<?php $w->sel( 'loginSec_maxForgotPasswd', '5' ); ?>>5</option>
|
661 |
+
<option value="6"<?php $w->sel( 'loginSec_maxForgotPasswd', '6' ); ?>>6</option>
|
662 |
+
<option value="7"<?php $w->sel( 'loginSec_maxForgotPasswd', '7' ); ?>>7</option>
|
663 |
+
<option value="8"<?php $w->sel( 'loginSec_maxForgotPasswd', '8' ); ?>>8</option>
|
664 |
+
<option value="9"<?php $w->sel( 'loginSec_maxForgotPasswd', '9' ); ?>>9</option>
|
665 |
+
<option value="10"<?php $w->sel( 'loginSec_maxForgotPasswd', '10' ); ?>>10</option>
|
666 |
+
<option value="20"<?php $w->sel( 'loginSec_maxForgotPasswd', '20' ); ?>>20</option>
|
667 |
+
<option value="30"<?php $w->sel( 'loginSec_maxForgotPasswd', '30' ); ?>>30</option>
|
668 |
+
<option value="40"<?php $w->sel( 'loginSec_maxForgotPasswd', '40' ); ?>>40</option>
|
669 |
+
<option value="50"<?php $w->sel( 'loginSec_maxForgotPasswd', '50' ); ?>>50</option>
|
670 |
+
<option value="100"<?php $w->sel( 'loginSec_maxForgotPasswd', '100' ); ?>>100</option>
|
671 |
+
<option value="200"<?php $w->sel( 'loginSec_maxForgotPasswd', '200' ); ?>>200</option>
|
672 |
+
<option value="500"<?php $w->sel( 'loginSec_maxForgotPasswd', '500' ); ?>>500</option>
|
673 |
+
</select>
|
674 |
+
</td>
|
675 |
+
</tr>
|
676 |
+
<tr>
|
677 |
+
<th>Count failures over what time period<a
|
678 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Count_failures_over_what_time_period"
|
679 |
+
target="_blank" class="wfhelp"></a></th>
|
680 |
+
<td>
|
681 |
+
<select id="loginSec_countFailMins" class="wfConfigElem" name="loginSec_countFailMins">
|
682 |
+
<option value="5"<?php $w->sel( 'loginSec_countFailMins', '5' ); ?>>5 minutes</option>
|
683 |
+
<option value="10"<?php $w->sel( 'loginSec_countFailMins', '10' ); ?>>10 minutes</option>
|
684 |
+
<option value="30"<?php $w->sel( 'loginSec_countFailMins', '30' ); ?>>30 minutes</option>
|
685 |
+
<option value="60"<?php $w->sel( 'loginSec_countFailMins', '60' ); ?>>1 hour</option>
|
686 |
+
<option value="120"<?php $w->sel( 'loginSec_countFailMins', '120' ); ?>>2 hours</option>
|
687 |
+
<option value="360"<?php $w->sel( 'loginSec_countFailMins', '360' ); ?>>6 hours</option>
|
688 |
+
<option value="720"<?php $w->sel( 'loginSec_countFailMins', '720' ); ?>>12 hours</option>
|
689 |
+
<option value="1440"<?php $w->sel( 'loginSec_countFailMins', '1440' ); ?>>1 day</option>
|
690 |
+
</select>
|
691 |
+
</td>
|
692 |
+
</tr>
|
693 |
+
<tr>
|
694 |
+
<th>Amount of time a user is locked out<a
|
695 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Amount_of_time_a_user_is_locked_out"
|
696 |
+
target="_blank" class="wfhelp"></a></th>
|
697 |
+
<td>
|
698 |
+
<select id="loginSec_lockoutMins" class="wfConfigElem" name="loginSec_lockoutMins">
|
699 |
+
<option value="5"<?php $w->sel( 'loginSec_lockoutMins', '5' ); ?>>5 minutes</option>
|
700 |
+
<option value="10"<?php $w->sel( 'loginSec_lockoutMins', '10' ); ?>>10 minutes</option>
|
701 |
+
<option value="30"<?php $w->sel( 'loginSec_lockoutMins', '30' ); ?>>30 minutes</option>
|
702 |
+
<option value="60"<?php $w->sel( 'loginSec_lockoutMins', '60' ); ?>>1 hour</option>
|
703 |
+
<option value="120"<?php $w->sel( 'loginSec_lockoutMins', '120' ); ?>>2 hours</option>
|
704 |
+
<option value="360"<?php $w->sel( 'loginSec_lockoutMins', '360' ); ?>>6 hours</option>
|
705 |
+
<option value="720"<?php $w->sel( 'loginSec_lockoutMins', '720' ); ?>>12 hours</option>
|
706 |
+
<option value="1440"<?php $w->sel( 'loginSec_lockoutMins', '1440' ); ?>>1 day</option>
|
707 |
+
<option value="2880"<?php $w->sel( 'loginSec_lockoutMins', '2880' ); ?>>2 days</option>
|
708 |
+
<option value="7200"<?php $w->sel( 'loginSec_lockoutMins', '7200' ); ?>>5 days</option>
|
709 |
+
<option value="14400"<?php $w->sel( 'loginSec_lockoutMins', '14400' ); ?>>10 days</option>
|
710 |
+
<option value="28800"<?php $w->sel( 'loginSec_lockoutMins', '28800' ); ?>>20 days</option>
|
711 |
+
<option value="43200"<?php $w->sel( 'loginSec_lockoutMins', '43200' ); ?>>30 days</option>
|
712 |
+
<option value="86400"<?php $w->sel( 'loginSec_lockoutMins', '86400' ); ?>>60 days</option>
|
713 |
+
</select>
|
714 |
+
</td>
|
715 |
+
</tr>
|
716 |
+
<tr>
|
717 |
+
<th>Immediately lock out invalid usernames<a
|
718 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Immediately_lock_out_invalid_usernames"
|
719 |
+
target="_blank" class="wfhelp"></a></th>
|
720 |
+
<td><input type="checkbox" id="loginSec_lockInvalidUsers" class="wfConfigElem"
|
721 |
+
name="loginSec_lockInvalidUsers" <?php $w->cb( 'loginSec_lockInvalidUsers' ); ?> /></td>
|
722 |
+
</tr>
|
723 |
+
<tr>
|
724 |
+
<th>Don't let WordPress reveal valid users in login errors<a
|
725 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Don.27t_let_WordPress_reveal_valid_users_in_login_errors"
|
726 |
+
target="_blank" class="wfhelp"></a></th>
|
727 |
+
<td><input type="checkbox" id="loginSec_maskLoginErrors" class="wfConfigElem"
|
728 |
+
name="loginSec_maskLoginErrors" <?php $w->cb( 'loginSec_maskLoginErrors' ); ?> /></td>
|
729 |
+
</tr>
|
730 |
+
<tr>
|
731 |
+
<th>Prevent users registering 'admin' username if it doesn't exist<a
|
732 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Prevent_users_registering_.27admin.27_username_if_it_doesn.27t_exist"
|
733 |
+
target="_blank" class="wfhelp"></a></th>
|
734 |
+
<td><input type="checkbox" id="loginSec_blockAdminReg" class="wfConfigElem"
|
735 |
+
name="loginSec_blockAdminReg" <?php $w->cb( 'loginSec_blockAdminReg' ); ?> /></td>
|
736 |
+
</tr>
|
737 |
+
<tr>
|
738 |
+
<th>Prevent discovery of usernames through '?/author=N' scans<a
|
739 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Prevent_discovery_of_usernames_through_.27.3F.2Fauthor.3DN.27_scans"
|
740 |
+
target="_blank" class="wfhelp"></a></th>
|
741 |
+
<td><input type="checkbox" id="loginSec_disableAuthorScan" class="wfConfigElem"
|
742 |
+
name="loginSec_disableAuthorScan" <?php $w->cb( 'loginSec_disableAuthorScan' ); ?> />
|
743 |
+
</td>
|
744 |
+
</tr>
|
745 |
+
<tr>
|
746 |
+
<th>Immediately block the IP of users who try to sign in as these usernames<a
|
747 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Immediately_block_the_IP_of_users_who_try_to_sign_in_as_these_usernames"
|
748 |
+
target="_blank" class="wfhelp"></a></th>
|
749 |
+
<td><input type="text" name="loginSec_userBlacklist" id="loginSec_userBlacklist"
|
750 |
+
value="<?php echo $w->getHTML( 'loginSec_userBlacklist' ); ?>" size="40"/> (Comma
|
751 |
+
separated. Existing users won't be blocked.)
|
752 |
+
</td>
|
753 |
+
</tr>
|
754 |
+
<tr>
|
755 |
+
<td colspan="2">
|
756 |
+
<div class="wfMarker" id="wfMarkerOtherOptions"></div>
|
757 |
+
<h3 class="wfConfigHeading">Other Options<a
|
758 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Other_Options" target="_blank"
|
759 |
+
class="wfhelp"></a></h3>
|
760 |
+
</td>
|
761 |
+
</tr>
|
762 |
+
|
763 |
+
<tr>
|
764 |
+
<th>Whitelisted IP addresses that bypass all rules:<a
|
765 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Whitelisted_IP_addresses_that_bypass_all_rules"
|
766 |
+
target="_blank" class="wfhelp"></a></th>
|
767 |
+
<td><input type="text" name="whitelisted" id="whitelisted"
|
768 |
+
value="<?php echo $w->getHTML( 'whitelisted' ); ?>" size="40"/></td>
|
769 |
+
</tr>
|
770 |
+
<tr>
|
771 |
+
<th colspan="2" style="color: #999;">Whitelisted IP's must be separated by commas. You can specify
|
772 |
+
ranges using the following format: 123.23.34.[1-50]<br/>Wordfence automatically whitelists <a
|
773 |
+
href="http://en.wikipedia.org/wiki/Private_network" target="_blank">private networks</a>
|
774 |
+
because these are not routable on the public Internet.<br/><br/></th>
|
775 |
+
</tr>
|
776 |
+
|
777 |
+
<tr>
|
778 |
+
<th>Immediately block IP's that access these URLs:<a
|
779 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Immediately_block_IP.27s_that_access_these_URLs"
|
780 |
+
target="_blank" class="wfhelp"></a></th>
|
781 |
+
<td><input type="text" name="bannedURLs" id="bannedURLs"
|
782 |
+
value="<?php echo $w->getHTML( 'bannedURLs' ); ?>" size="40"/></td>
|
783 |
+
</tr>
|
784 |
+
<tr>
|
785 |
+
<th colspan="2" style="color: #999;">Separate multiple URL's with commas. If you see an attacker
|
786 |
+
repeatedly probing your site for a known vulnerability you can use this to immediately block
|
787 |
+
them.<br/>
|
788 |
+
All URL's must start with a '/' without quotes and must be relative. e.g. /badURLone/,
|
789 |
+
/bannedPage.html, /dont-access/this/URL/
|
790 |
+
<br/><br/></th>
|
791 |
+
</tr>
|
792 |
+
|
793 |
+
<tr>
|
794 |
+
<th>Hide WordPress version<a
|
795 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Hide_WordPress_version" target="_blank"
|
796 |
+
class="wfhelp"></a></th>
|
797 |
+
<td><input type="checkbox" id="other_hideWPVersion" class="wfConfigElem" name="other_hideWPVersion"
|
798 |
+
value="1" <?php $w->cb( 'other_hideWPVersion' ); ?> /></td>
|
799 |
+
</tr>
|
800 |
+
<tr>
|
801 |
+
<th>Block IP's who send POST requests with blank User-Agent and Referer<a
|
802 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Block_IP.27s_who_send_POST_requests_with_blank_User-Agent_and_Referer" target="_blank"
|
803 |
+
class="wfhelp"></a></th>
|
804 |
+
<td><input type="checkbox" id="other_blockBadPOST" class="wfConfigElem" name="other_blockBadPOST"
|
805 |
+
value="1" <?php $w->cb( 'other_blockBadPOST' ); ?> /></td>
|
806 |
+
</tr>
|
807 |
+
<tr>
|
808 |
+
<th>Hold anonymous comments using member emails for moderation<a
|
809 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Hold_anonymous_comments_using_member_emails_for_moderation"
|
810 |
+
target="_blank" class="wfhelp"></a></th>
|
811 |
+
<td><input type="checkbox" id="other_noAnonMemberComments" class="wfConfigElem"
|
812 |
+
name="other_noAnonMemberComments"
|
813 |
+
value="1" <?php $w->cb( 'other_noAnonMemberComments' ); ?> /></td>
|
814 |
+
</tr>
|
815 |
+
<tr>
|
816 |
+
<th>Filter comments for malware and phishing URL's<a
|
817 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Filter_comments_for_malware_and_phishing_URL.27s"
|
818 |
+
target="_blank" class="wfhelp"></a></th>
|
819 |
+
<td><input type="checkbox" id="other_scanComments" class="wfConfigElem" name="other_scanComments"
|
820 |
+
value="1" <?php $w->cb( 'other_scanComments' ); ?> /></td>
|
821 |
+
</tr>
|
822 |
+
<tr>
|
823 |
+
<th>Check password strength on profile update<a
|
824 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Check_password_strength_on_profile_update"
|
825 |
+
target="_blank" class="wfhelp"></a></th>
|
826 |
+
<td><input type="checkbox" id="other_pwStrengthOnUpdate" class="wfConfigElem"
|
827 |
+
name="other_pwStrengthOnUpdate"
|
828 |
+
value="1" <?php $w->cb( 'other_pwStrengthOnUpdate' ); ?> /></td>
|
829 |
+
</tr>
|
830 |
+
<tr>
|
831 |
+
<th>Participate in the Real-Time WordPress Security Network<a
|
832 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Participate_in_the_Real-Time_WordPress_Security_Network"
|
833 |
+
target="_blank" class="wfhelp"></a></th>
|
834 |
+
<td><input type="checkbox" id="other_WFNet" class="wfConfigElem" name="other_WFNet"
|
835 |
+
value="1" <?php $w->cb( 'other_WFNet' ); ?> /></td>
|
836 |
+
</tr>
|
837 |
+
<tr>
|
838 |
+
<th>How much memory should Wordfence request when scanning<a
|
839 |
+
href="http://docs.wordfence.com/en/Wordfence_options#How_much_memory_should_Wordfence_request_when_scanning"
|
840 |
+
target="_blank" class="wfhelp"></a></th>
|
841 |
+
<td><input type="text" id="maxMem" name="maxMem" value="<?php $w->f( 'maxMem' ); ?>" size="4"/>Megabytes
|
842 |
+
</td>
|
843 |
+
</tr>
|
844 |
+
<tr>
|
845 |
+
<th>Maximum execution time for each scan stage<a
|
846 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Maximum_execution_time_for_each_scan_stage"
|
847 |
+
target="_blank" class="wfhelp"></a></th>
|
848 |
+
<td><input type="text" id="maxExecutionTime" name="maxExecutionTime"
|
849 |
+
value="<?php $w->f( 'maxExecutionTime' ); ?>" size="4"/>Blank for default. Must be
|
850 |
+
greater than 9.
|
851 |
+
</td>
|
852 |
+
</tr>
|
853 |
+
<tr>
|
854 |
+
<th>Update interval in seconds (2 is default)<a
|
855 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Update_interval_in_seconds"
|
856 |
+
target="_blank" class="wfhelp"></a></th>
|
857 |
+
<td><input type="text" id="actUpdateInterval" name="actUpdateInterval"
|
858 |
+
value="<?php $w->f( 'actUpdateInterval' ); ?>" size="4"/>Setting higher will reduce
|
859 |
+
browser traffic but slow scan starts, live traffic & status updates.
|
860 |
+
</td>
|
861 |
+
</tr>
|
862 |
+
<tr>
|
863 |
+
<th>Enable debugging mode (increases database load)<a
|
864 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Enable_debugging_mode_.28increases_database_load.29"
|
865 |
+
target="_blank" class="wfhelp"></a></th>
|
866 |
+
<td><input type="checkbox" id="debugOn" class="wfConfigElem" name="debugOn"
|
867 |
+
value="1" <?php $w->cb( 'debugOn' ); ?> /></td>
|
868 |
+
</tr>
|
869 |
+
<tr>
|
870 |
+
<th>Delete Wordfence tables and data on deactivation?<a
|
871 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Delete_Wordfence_tables_and_data_on_deactivation.3F"
|
872 |
+
target="_blank" class="wfhelp"></a></th>
|
873 |
+
<td><input type="checkbox" id="deleteTablesOnDeact" class="wfConfigElem" name="deleteTablesOnDeact"
|
874 |
+
value="1" <?php $w->cb( 'deleteTablesOnDeact' ); ?> /></td>
|
875 |
+
</tr>
|
876 |
+
|
877 |
+
|
878 |
+
<tr>
|
879 |
+
<th>Disable Wordfence Cookies<a
|
880 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Disable_Wordfence_Cookies"
|
881 |
+
target="_blank" class="wfhelp"></a></th>
|
882 |
+
<td><input type="checkbox" id="disableCookies" class="wfConfigElem" name="disableCookies"
|
883 |
+
value="1" <?php $w->cb( 'disableCookies' ); ?> />(when enabled all visits in live traffic
|
884 |
+
will appear to be new visits)
|
885 |
+
</td>
|
886 |
+
</tr>
|
887 |
+
<tr>
|
888 |
+
<th>Start all scans remotely<a
|
889 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Start_all_scans_remotely"
|
890 |
+
target="_blank" class="wfhelp"></a></th>
|
891 |
+
<td><input type="checkbox" id="startScansRemotely" class="wfConfigElem" name="startScansRemotely"
|
892 |
+
value="1" <?php $w->cb( 'startScansRemotely' ); ?> />(Try this if your scans aren't
|
893 |
+
starting and your site is publicly accessible)
|
894 |
+
</td>
|
895 |
+
</tr>
|
896 |
+
<tr>
|
897 |
+
<th>Disable config caching<a
|
898 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Disable_config_caching" target="_blank"
|
899 |
+
class="wfhelp"></a></th>
|
900 |
+
<td><input type="checkbox" id="disableConfigCaching" class="wfConfigElem"
|
901 |
+
name="disableConfigCaching" value="1" <?php $w->cb( 'disableConfigCaching' ); ?> />(Try
|
902 |
+
this if your options aren't saving)
|
903 |
+
</td>
|
904 |
+
</tr>
|
905 |
+
<tr>
|
906 |
+
<th>Add a debugging comment to HTML source of cached pages.<a
|
907 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Add_a_debugging_comment_to_HTML_source_of_cached_pages"
|
908 |
+
target="_blank" class="wfhelp"></a></th>
|
909 |
+
<td><input type="checkbox" id="addCacheComment" class="wfConfigElem" name="addCacheComment"
|
910 |
+
value="1" <?php $w->cb( 'addCacheComment' ); ?> /></td>
|
911 |
+
</tr>
|
912 |
+
<tr>
|
913 |
+
<th><label for="disableCodeExecutionUploads">Disable Code Execution for Uploads directory</label><a
|
914 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Disable_Code_Execution_for_Uploads_directory"
|
915 |
+
target="_blank" class="wfhelp"></a></th>
|
916 |
+
<td><input type="checkbox" id="disableCodeExecutionUploads" class="wfConfigElem"
|
917 |
+
name="disableCodeExecutionUploads"
|
918 |
+
value="1" <?php $w->cb( 'disableCodeExecutionUploads' ); ?> /></td>
|
919 |
+
</tr>
|
920 |
+
<tr>
|
921 |
+
<th colspan="2"><a
|
922 |
+
href="<?php echo wfUtils::siteURLRelative(); ?>?_wfsf=conntest&nonce=<?php echo wp_create_nonce( 'wp-ajax' ); ?>"
|
923 |
+
target="_blank">Click to test connectivity to the Wordfence API servers</a><a
|
924 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Click_to_test_connectivity_to_the_Wordfence_API_servers"
|
925 |
+
target="_blank" class="wfhelp"></a></th>
|
926 |
+
</tr>
|
927 |
+
<tr>
|
928 |
+
<th colspan="2"><a
|
929 |
+
href="<?php echo wfUtils::siteURLRelative(); ?>?_wfsf=sysinfo&nonce=<?php echo wp_create_nonce( 'wp-ajax' ); ?>"
|
930 |
+
target="_blank">Click to view your system's configuration in a new window</a><a
|
931 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Click_to_view_your_system.27s_configuration_in_a_new_window"
|
932 |
+
target="_blank" class="wfhelp"></a></th>
|
933 |
+
</tr>
|
934 |
+
<tr>
|
935 |
+
<th colspan="2"><a
|
936 |
+
href="<?php echo wfUtils::siteURLRelative(); ?>?_wfsf=cronview&nonce=<?php echo wp_create_nonce( 'wp-ajax' ); ?>"
|
937 |
+
target="_blank">Click to view your systems scheduled jobs in a new window</a><a
|
938 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Click_to_view_your_system.27s_scheduled_jobs_in_a_new_window"
|
939 |
+
target="_blank" class="wfhelp"></a></th>
|
940 |
+
</tr>
|
941 |
+
<tr>
|
942 |
+
<th colspan="2"><a
|
943 |
+
href="<?php echo wfUtils::siteURLRelative(); ?>?_wfsf=dbview&nonce=<?php echo wp_create_nonce( 'wp-ajax' ); ?>"
|
944 |
+
target="_blank">Click to see a list of your system's database tables in a new window</a><a
|
945 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Click_to_see_a_list_of_your_system.27s_database_tables_in_a_new_window"
|
946 |
+
target="_blank" class="wfhelp"></a></th>
|
947 |
+
</tr>
|
948 |
+
<tr>
|
949 |
+
<th colspan="2"><a
|
950 |
+
href="<?php echo wfUtils::siteURLRelative(); ?>?_wfsf=testmem&nonce=<?php echo wp_create_nonce( 'wp-ajax' ); ?>"
|
951 |
+
target="_blank">Test your WordPress host's available memory</a><a
|
952 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Test_your_WordPress_host.27s_available_memory"
|
953 |
+
target="_blank" class="wfhelp"></a></th>
|
954 |
+
</tr>
|
955 |
+
<tr>
|
956 |
+
<th>Send a test email from this WordPress server to an email address:<a
|
957 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Send_a_test_email_from_this_WordPress_server_to_an_email_address"
|
958 |
+
target="_blank" class="wfhelp"></a></th>
|
959 |
+
<td><input type="text" id="testEmailDest" value="" size="20" maxlength="255" class="wfConfigElem"/>
|
960 |
+
<input type="button" value="Send Test Email"
|
961 |
+
onclick="WFAD.sendTestEmail(jQuery('#testEmailDest').val());"/></td>
|
962 |
+
</tr>
|
963 |
+
|
964 |
+
<tr>
|
965 |
+
<td colspan="2">
|
966 |
+
<div class="wfMarker" id="wfMarkerExportOptions"></div>
|
967 |
+
<h3 class="wfConfigHeading">Exporting and Importing Wordfence Settings<a
|
968 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Exporting_and_Importing_Wordfence_Settings"
|
969 |
+
target="_blank" class="wfhelp"></a></h3>
|
970 |
+
</td>
|
971 |
+
</tr>
|
972 |
+
|
973 |
+
<tr>
|
974 |
+
<th>Export this site's Wordfence settings for import on another site:</th>
|
975 |
+
<td><input type="button" id="exportSettingsBut" value="Export Wordfence Settings"
|
976 |
+
onclick="WFAD.exportSettings(); return false;"/></td>
|
977 |
+
</tr>
|
978 |
+
<tr>
|
979 |
+
<th>Import Wordfence settings from another site using a token:</th>
|
980 |
+
<td><input type="text" size="20" value="" id="importToken"/> <input type="button"
|
981 |
+
name="importSettingsButton"
|
982 |
+
value="Import Settings"
|
983 |
+
onclick="WFAD.importSettings(jQuery('#importToken').val()); return false;"/>
|
984 |
+
</td>
|
985 |
+
</tr>
|
986 |
+
</table>
|
987 |
+
<p>
|
988 |
+
<table border="0" cellpadding="0" cellspacing="0">
|
989 |
+
<tr>
|
990 |
+
<td><input type="button" id="button1" name="button1" class="button-primary" value="Save Changes"
|
991 |
+
onclick="WFAD.saveConfig();"/></td>
|
992 |
+
<td style="height: 24px;">
|
993 |
+
<div class="wfAjax24"></div>
|
994 |
+
<span class="wfSavedMsg"> Your changes have been saved!</span></td>
|
995 |
+
</tr>
|
996 |
+
</table>
|
997 |
+
</p>
|
998 |
+
</div>
|
999 |
</form>
|
1000 |
</div>
|
1001 |
<script type="text/x-jquery-template" id="wfContentBasicOptions">
|
1002 |
+
<div>
|
1003 |
+
<h3>Basic Options</h3>
|
1004 |
+
|
1005 |
+
<p>
|
1006 |
+
Using Wordfence is simple. Install Wordfence, enter an email address on this page to send alerts to, and
|
1007 |
+
then do your first scan and work through the security alerts we provide.
|
1008 |
+
We give you a few basic security levels to choose from, depending on your needs. Remember to hit the "Save"
|
1009 |
+
button to save any changes you make.
|
1010 |
+
</p>
|
1011 |
+
|
1012 |
+
<p>
|
1013 |
+
If you use the free edition of Wordfence, you don't need to worry about entering an API key in the "API Key"
|
1014 |
+
field above. One is automatically created for you. If you choose to <a
|
1015 |
+
href="https://www.wordfence.com/wordfence-signup/" target="_blank">upgrade to Wordfence Premium
|
1016 |
+
edition</a>, you will receive an API key. You will need to copy and paste that key into the "API Key"
|
1017 |
+
field above and hit "Save" to activate your key.
|
1018 |
+
</p>
|
1019 |
+
</div>
|
1020 |
</script>
|
1021 |
<script type="text/x-jquery-template" id="wfContentLiveTrafficOptions">
|
1022 |
+
<div>
|
1023 |
+
<h3>Live Traffic Options</h3>
|
1024 |
+
|
1025 |
+
<p>
|
1026 |
+
These options let you ignore certain types of visitors, based on their level of access, usernames, IP
|
1027 |
+
address or browser type.
|
1028 |
+
If you run a very high traffic website where it is not feasible to see your visitors in real-time, simply
|
1029 |
+
un-check the live traffic option and nothing will be written to the Wordfence tracking tables.
|
1030 |
+
</p>
|
1031 |
+
</div>
|
1032 |
</script>
|
1033 |
<script type="text/x-jquery-template" id="wfContentScansToInclude">
|
1034 |
+
<div>
|
1035 |
+
<h3>Scans to Include</h3>
|
1036 |
+
|
1037 |
+
<p>
|
1038 |
+
This section gives you the ability to fine-tune what we scan.
|
1039 |
+
If you use many themes or plugins from the public WordPress directory we recommend you
|
1040 |
+
enable theme and plugin scanning. This will verify the integrity of all these themes and plugins and alert
|
1041 |
+
you of any changes.
|
1042 |
+
|
1043 |
+
<p>
|
1044 |
+
|
1045 |
+
<p>
|
1046 |
+
The option to "scan files outside your WordPress installation" will cause Wordfence to do a much wider
|
1047 |
+
security scan
|
1048 |
+
that is not limited to your base WordPress directory and known WordPress subdirectories. This scan may take
|
1049 |
+
longer
|
1050 |
+
but can be very useful if you have other infected files outside this WordPress installation that you would
|
1051 |
+
like us to look for.
|
1052 |
+
</p>
|
1053 |
+
</div>
|
1054 |
</script>
|
1055 |
<script type="text/x-jquery-template" id="wfContentFirewallRules">
|
1056 |
+
<div>
|
1057 |
+
<h3>Firewall Rules</h3>
|
1058 |
+
|
1059 |
+
<p>
|
1060 |
+
<strong>NOTE:</strong> Before modifying these rules, make sure you have access to the email address
|
1061 |
+
associated with this site's administrator account. If you accidentally lock yourself out, you will be given
|
1062 |
+
the option
|
1063 |
+
to enter that email address and receive an "unlock email" which will allow you to regain access.
|
1064 |
+
</p>
|
1065 |
+
|
1066 |
+
<p>
|
1067 |
+
<strong>Tips:</strong>
|
1068 |
+
|
1069 |
+
<p>• If you choose to limit the rate at which your site can be accessed, you need to customize the
|
1070 |
+
settings for your site.</p>
|
1071 |
+
|
1072 |
+
<p>• If your users usually skip quickly between pages, you should set the values for human visitors to be
|
1073 |
+
high.</p>
|
1074 |
+
|
1075 |
+
<p>• If you are aggressively crawled by non-Google crawlers like Baidu, you should set the page view limit
|
1076 |
+
for crawlers to a high value.</p>
|
1077 |
+
|
1078 |
+
<p>• If you are currently under attack and want to aggressively protect your site or your content, you can
|
1079 |
+
set low values for most options.</p>
|
1080 |
+
|
1081 |
+
<p>• In general we recommend you don't block fake Google crawlers unless you have a specific problem with
|
1082 |
+
someone stealing your content.</p>
|
1083 |
+
|
1084 |
+
<p>
|
1085 |
+
Remember that as long as you have your administrator email set correctly in this site's user administration,
|
1086 |
+
and you are able to receive email at that address,
|
1087 |
+
you will be able to regain access if you are accidentally locked out because your rules are too strict.
|
1088 |
+
</p>
|
1089 |
+
</div>
|
1090 |
</script>
|
1091 |
<script type="text/x-jquery-template" id="wfContentLoginSecurity">
|
1092 |
+
<div>
|
1093 |
+
<h3>Login Security</h3>
|
1094 |
+
|
1095 |
+
<p>
|
1096 |
+
We have found that real brute force login attacks make hundreds or thousands of requests trying to guess
|
1097 |
+
passwords or user login names.
|
1098 |
+
So in general you can leave the number of failed logins before a user is locked out as a fairly high number.
|
1099 |
+
We have found that blocking after 20 failed attempts is sufficient for most sites and it allows your real
|
1100 |
+
site users enough
|
1101 |
+
attempts to guess their forgotten passwords without getting locked out.
|
1102 |
+
</p>
|
1103 |
+
</div>
|
1104 |
</script>
|
1105 |
<script type="text/x-jquery-template" id="wfContentOtherOptions">
|
1106 |
+
<div>
|
1107 |
+
<h3>Other Options</h3>
|
1108 |
+
|
1109 |
+
<p>
|
1110 |
+
We have worked hard to make Wordfence memory efficient and much of the heavy lifting is done for your site
|
1111 |
+
by our cloud scanning servers in our Seattle data center.
|
1112 |
+
On most sites Wordfence will only use about 8 megabytes of additional memory when doing a scan, even if you
|
1113 |
+
have large files or a large number of files.
|
1114 |
+
You should not have to adjust the maximum memory that Wordfence can use, but we have provided the option.
|
1115 |
+
Remember that this does not affect the actual memory usage of Wordfence, simply the maximum Wordfence can
|
1116 |
+
use if it needs to.
|
1117 |
+
</p>
|
1118 |
+
|
1119 |
+
<p>
|
1120 |
+
You may find debugging mode helpful if Wordfence is not able to start a scan on your site or
|
1121 |
+
if you are experiencing some other problem. Enable debugging by checking the box, save your options
|
1122 |
+
and then try to do a scan. You will notice a lot more output on the "Scan" page.
|
1123 |
+
</p>
|
1124 |
+
|
1125 |
+
<p>
|
1126 |
+
If you decide to permanently remove Wordfence, you can choose the option to delete all data on deactivation.
|
1127 |
+
We also provide helpful links at the bottom of this page which lets you see your systems configuration and
|
1128 |
+
test how
|
1129 |
+
much memory your host really allows you to use.
|
1130 |
+
</p>
|
1131 |
+
|
1132 |
+
<p>
|
1133 |
+
Thanks for completing this tour and I'm very happy to have you as our newest Wordfence customer. Don't
|
1134 |
+
forget to <a href="http://wordpress.org/extend/plugins/wordfence/" target="_blank">rate us 5 stars if you
|
1135 |
+
love Wordfence</a>.<br/>
|
1136 |
+
<br/>
|
1137 |
+
<strong>Mark Maunder</strong> - Wordfence Creator.
|
1138 |
+
</p>
|
1139 |
+
</div>
|
1140 |
</script>
|
1141 |
|
lib/menu_scan.php
CHANGED
@@ -278,8 +278,8 @@
|
|
278 |
</p>
|
279 |
<div class="wfIssueOptions">
|
280 |
{{if (status == 'new')}}
|
281 |
-
<a href="#" onclick="WFAD.updateIssueStatus('${id}', 'delete'); return false;">I have fixed this issue</
|
282 |
-
<a href="#" onclick="WFAD.updateIssueStatus('${id}', 'ignoreP'); return false;">Ignore issues related to this option</
|
283 |
{{/if}}
|
284 |
{{if status == 'ignoreP' || status == 'ignoreC'}}
|
285 |
<a href="#" onclick="WFAD.updateIssueStatus('${id}', 'delete'); return false;">Stop ignoring issues related to this option</a>
|
@@ -309,8 +309,8 @@
|
|
309 |
</p>
|
310 |
<div class="wfIssueOptions">
|
311 |
{{if (status == 'new')}}
|
312 |
-
<a href="#" onclick="WFAD.updateIssueStatus('${id}', 'delete'); return false;">I have fixed this issue</
|
313 |
-
<a href="#" onclick="WFAD.updateIssueStatus('${id}', 'ignoreP'); return false;">Ignore disk space alerts</
|
314 |
{{/if}}
|
315 |
{{if status == 'ignoreP' || status == 'ignoreC'}}
|
316 |
<a href="#" onclick="WFAD.updateIssueStatus('${id}', 'delete'); return false;">Stop ignoring disk space alerts</a>
|
278 |
</p>
|
279 |
<div class="wfIssueOptions">
|
280 |
{{if (status == 'new')}}
|
281 |
+
<a href="#" onclick="WFAD.updateIssueStatus('${id}', 'delete'); return false;">I have fixed this issue</a>
|
282 |
+
<a href="#" onclick="WFAD.updateIssueStatus('${id}', 'ignoreP'); return false;">Ignore issues related to this option</a>
|
283 |
{{/if}}
|
284 |
{{if status == 'ignoreP' || status == 'ignoreC'}}
|
285 |
<a href="#" onclick="WFAD.updateIssueStatus('${id}', 'delete'); return false;">Stop ignoring issues related to this option</a>
|
309 |
</p>
|
310 |
<div class="wfIssueOptions">
|
311 |
{{if (status == 'new')}}
|
312 |
+
<a href="#" onclick="WFAD.updateIssueStatus('${id}', 'delete'); return false;">I have fixed this issue</a>
|
313 |
+
<a href="#" onclick="WFAD.updateIssueStatus('${id}', 'ignoreP'); return false;">Ignore disk space alerts</a>
|
314 |
{{/if}}
|
315 |
{{if status == 'ignoreP' || status == 'ignoreC'}}
|
316 |
<a href="#" onclick="WFAD.updateIssueStatus('${id}', 'delete'); return false;">Stop ignoring disk space alerts</a>
|
lib/menu_sitePerfStats.php
CHANGED
@@ -110,7 +110,7 @@
|
|
110 |
visited
|
111 |
<a href="${URL}" target="_blank">${URL}</a>
|
112 |
</div>
|
113 |
-
<div
|
114 |
<span class="wfTimeAgo">${timeAgo} ago</span> <strong>IP:</strong> <a href="${WFAD.makeIPTrafLink(IP)}" target="_blank">${IP}</a>
|
115 |
</div>
|
116 |
{{if browser && browser.browser != 'Default Browser'}}<div class="wfPerfLine"><strong>Browser:</strong> ${browser.browser}{{if browser.version}} version ${browser.version}{{/if}}{{if browser.platform && browser.platform != 'unknown'}} running on ${browser.platform}{{/if}}</div>{{/if}}
|
110 |
visited
|
111 |
<a href="${URL}" target="_blank">${URL}</a>
|
112 |
</div>
|
113 |
+
<div class="wfPerfLine">
|
114 |
<span class="wfTimeAgo">${timeAgo} ago</span> <strong>IP:</strong> <a href="${WFAD.makeIPTrafLink(IP)}" target="_blank">${IP}</a>
|
115 |
</div>
|
116 |
{{if browser && browser.browser != 'Default Browser'}}<div class="wfPerfLine"><strong>Browser:</strong> ${browser.browser}{{if browser.version}} version ${browser.version}{{/if}}{{if browser.platform && browser.platform != 'unknown'}} running on ${browser.platform}{{/if}}</div>{{/if}}
|
lib/sysinfo.php
CHANGED
@@ -16,6 +16,6 @@ $out = preg_replace('/<\/a>/', '', $out);
|
|
16 |
$out = preg_replace('/<title>[^<]*<\/title>/','', $out);
|
17 |
echo $out;
|
18 |
?>
|
19 |
-
<div class="diffFooter">© 2011 to 2015 Wordfence — Visit <a href="http://wordfence.com/">Wordfence.com</a> for help, security updates and more.</
|
20 |
</body>
|
21 |
</html>
|
16 |
$out = preg_replace('/<title>[^<]*<\/title>/','', $out);
|
17 |
echo $out;
|
18 |
?>
|
19 |
+
<div class="diffFooter">© 2011 to 2015 Wordfence — Visit <a href="http://wordfence.com/">Wordfence.com</a> for help, security updates and more.</div>
|
20 |
</body>
|
21 |
</html>
|
lib/wfAPI.php
CHANGED
@@ -7,7 +7,6 @@ class wfAPI {
|
|
7 |
private $curlContent = 0;
|
8 |
private $APIKey = '';
|
9 |
private $wordpressVersion = '';
|
10 |
-
private static $maintMsg = "The Wordfence scanning server could not be contacted.";
|
11 |
public function __construct($apiKey, $wordpressVersion){
|
12 |
$this->APIKey = $apiKey;
|
13 |
$this->wordpressVersion = $wordpressVersion;
|
@@ -69,7 +68,7 @@ class wfAPI {
|
|
69 |
curl_setopt($curl, CURLOPT_POST, true);
|
70 |
curl_setopt($curl, CURLOPT_POSTFIELDS, $postParams);
|
71 |
wordfence::status(4, 'info', "CURL fetching URL: " . $url);
|
72 |
-
|
73 |
|
74 |
$httpStatus = curl_getinfo($curl, CURLINFO_HTTP_CODE);
|
75 |
$this->lastCurlErrorNo = curl_errno($curl);
|
@@ -97,7 +96,6 @@ class wfAPI {
|
|
97 |
|
98 |
}
|
99 |
private function fileGet($url, $postParams){
|
100 |
-
$body = "";
|
101 |
if(is_array($postParams)){
|
102 |
$bodyArr = array();
|
103 |
foreach($postParams as $key => $val){
|
7 |
private $curlContent = 0;
|
8 |
private $APIKey = '';
|
9 |
private $wordpressVersion = '';
|
|
|
10 |
public function __construct($apiKey, $wordpressVersion){
|
11 |
$this->APIKey = $apiKey;
|
12 |
$this->wordpressVersion = $wordpressVersion;
|
68 |
curl_setopt($curl, CURLOPT_POST, true);
|
69 |
curl_setopt($curl, CURLOPT_POSTFIELDS, $postParams);
|
70 |
wordfence::status(4, 'info', "CURL fetching URL: " . $url);
|
71 |
+
curl_exec($curl);
|
72 |
|
73 |
$httpStatus = curl_getinfo($curl, CURLINFO_HTTP_CODE);
|
74 |
$this->lastCurlErrorNo = curl_errno($curl);
|
96 |
|
97 |
}
|
98 |
private function fileGet($url, $postParams){
|
|
|
99 |
if(is_array($postParams)){
|
100 |
$bodyArr = array();
|
101 |
foreach($postParams as $key => $val){
|
lib/wfCache.php
CHANGED
@@ -383,7 +383,7 @@ class wfCache {
|
|
383 |
if(strpos($dir, 'wfcache/') === false){
|
384 |
self::$lastRecursiveDeleteError = "Not deleting directory $dir because it appears to be in the wrong path.";
|
385 |
self::$cacheStats['totalErrors']++;
|
386 |
-
return; //Safety check that we're in a subdir of the cache
|
387 |
}
|
388 |
if(@rmdir($dir)){
|
389 |
self::$cacheStats['dirsDeleted']++;
|
@@ -396,7 +396,6 @@ class wfCache {
|
|
396 |
} else {
|
397 |
return true;
|
398 |
}
|
399 |
-
return true;
|
400 |
}
|
401 |
public static function addHtaccessCode($action){
|
402 |
if($action != 'add' && $action != 'remove'){
|
383 |
if(strpos($dir, 'wfcache/') === false){
|
384 |
self::$lastRecursiveDeleteError = "Not deleting directory $dir because it appears to be in the wrong path.";
|
385 |
self::$cacheStats['totalErrors']++;
|
386 |
+
return false; //Safety check that we're in a subdir of the cache
|
387 |
}
|
388 |
if(@rmdir($dir)){
|
389 |
self::$cacheStats['dirsDeleted']++;
|
396 |
} else {
|
397 |
return true;
|
398 |
}
|
|
|
399 |
}
|
400 |
public static function addHtaccessCode($action){
|
401 |
if($action != 'add' && $action != 'remove'){
|
lib/wfConfig.php
CHANGED
@@ -53,6 +53,7 @@ class wfConfig {
|
|
53 |
"loginSec_disableAuthorScan" => false,
|
54 |
"other_hideWPVersion" => false,
|
55 |
"other_noAnonMemberComments" => false,
|
|
|
56 |
"other_scanComments" => false,
|
57 |
"other_pwStrengthOnUpdate" => false,
|
58 |
"other_WFNet" => true,
|
@@ -134,6 +135,7 @@ class wfConfig {
|
|
134 |
"loginSec_disableAuthorScan" => true,
|
135 |
"other_hideWPVersion" => true,
|
136 |
"other_noAnonMemberComments" => true,
|
|
|
137 |
"other_scanComments" => true,
|
138 |
"other_pwStrengthOnUpdate" => true,
|
139 |
"other_WFNet" => true,
|
@@ -215,6 +217,7 @@ class wfConfig {
|
|
215 |
"loginSec_disableAuthorScan" => true,
|
216 |
"other_hideWPVersion" => true,
|
217 |
"other_noAnonMemberComments" => true,
|
|
|
218 |
"other_scanComments" => true,
|
219 |
"other_pwStrengthOnUpdate" => true,
|
220 |
"other_WFNet" => true,
|
@@ -297,6 +300,7 @@ class wfConfig {
|
|
297 |
"loginSec_disableAuthorScan" => true,
|
298 |
"other_hideWPVersion" => true,
|
299 |
"other_noAnonMemberComments" => true,
|
|
|
300 |
"other_scanComments" => true,
|
301 |
"other_pwStrengthOnUpdate" => true,
|
302 |
"other_WFNet" => true,
|
@@ -378,6 +382,7 @@ class wfConfig {
|
|
378 |
"loginSec_disableAuthorScan" => true,
|
379 |
"other_hideWPVersion" => true,
|
380 |
"other_noAnonMemberComments" => true,
|
|
|
381 |
"other_scanComments" => true,
|
382 |
"other_pwStrengthOnUpdate" => true,
|
383 |
"other_WFNet" => true,
|
@@ -586,7 +591,6 @@ class wfConfig {
|
|
586 |
$dir = self::getTempDir();
|
587 |
if($dir){
|
588 |
$obj = false;
|
589 |
-
$foundFiles = false;
|
590 |
$fullFile = $dir . $filename;
|
591 |
if(file_exists($fullFile)){
|
592 |
wordfence::status(4, 'info', "Loading serialized data from file $fullFile");
|
@@ -613,14 +617,12 @@ class wfConfig {
|
|
613 |
//We serialize some very big values so this is memory efficient. We don't make any copies of $val and don't use ON DUPLICATE KEY UPDATE
|
614 |
// because we would have to concatenate $val twice into the query which could also exceed max packet for the mysql server
|
615 |
$serialized = serialize($val);
|
616 |
-
$val = '';
|
617 |
$tempFilename = 'wordfence_tmpfile_' . $key . '.php';
|
618 |
if((strlen($serialized) * 1.1) > self::getDB()->getMaxAllowedPacketBytes()){ //If it's greater than max_allowed_packet + 10% for escaping and SQL
|
619 |
if($canUseDisk){
|
620 |
$dir = self::getTempDir();
|
621 |
$potentialDirs = self::getPotentialTempDirs();
|
622 |
if($dir){
|
623 |
-
$fh = false;
|
624 |
$fullFile = $dir . $tempFilename;
|
625 |
self::deleteOldTempFile($fullFile);
|
626 |
$fh = fopen($fullFile, 'w');
|
@@ -710,7 +712,6 @@ class wfConfig {
|
|
710 |
if(self::get($key) == $val){ echo ' selected '; }
|
711 |
}
|
712 |
public static function getArray(){
|
713 |
-
$ret = array();
|
714 |
$q = self::getDB()->querySelect("select name, val from " . self::table());
|
715 |
foreach($q as $row){
|
716 |
self::$cache[$row['name']] = $row['val'];
|
53 |
"loginSec_disableAuthorScan" => false,
|
54 |
"other_hideWPVersion" => false,
|
55 |
"other_noAnonMemberComments" => false,
|
56 |
+
"other_blockBadPOST" => false,
|
57 |
"other_scanComments" => false,
|
58 |
"other_pwStrengthOnUpdate" => false,
|
59 |
"other_WFNet" => true,
|
135 |
"loginSec_disableAuthorScan" => true,
|
136 |
"other_hideWPVersion" => true,
|
137 |
"other_noAnonMemberComments" => true,
|
138 |
+
"other_blockBadPOST" => false,
|
139 |
"other_scanComments" => true,
|
140 |
"other_pwStrengthOnUpdate" => true,
|
141 |
"other_WFNet" => true,
|
217 |
"loginSec_disableAuthorScan" => true,
|
218 |
"other_hideWPVersion" => true,
|
219 |
"other_noAnonMemberComments" => true,
|
220 |
+
"other_blockBadPOST" => false,
|
221 |
"other_scanComments" => true,
|
222 |
"other_pwStrengthOnUpdate" => true,
|
223 |
"other_WFNet" => true,
|
300 |
"loginSec_disableAuthorScan" => true,
|
301 |
"other_hideWPVersion" => true,
|
302 |
"other_noAnonMemberComments" => true,
|
303 |
+
"other_blockBadPOST" => false,
|
304 |
"other_scanComments" => true,
|
305 |
"other_pwStrengthOnUpdate" => true,
|
306 |
"other_WFNet" => true,
|
382 |
"loginSec_disableAuthorScan" => true,
|
383 |
"other_hideWPVersion" => true,
|
384 |
"other_noAnonMemberComments" => true,
|
385 |
+
"other_blockBadPOST" => false,
|
386 |
"other_scanComments" => true,
|
387 |
"other_pwStrengthOnUpdate" => true,
|
388 |
"other_WFNet" => true,
|
591 |
$dir = self::getTempDir();
|
592 |
if($dir){
|
593 |
$obj = false;
|
|
|
594 |
$fullFile = $dir . $filename;
|
595 |
if(file_exists($fullFile)){
|
596 |
wordfence::status(4, 'info', "Loading serialized data from file $fullFile");
|
617 |
//We serialize some very big values so this is memory efficient. We don't make any copies of $val and don't use ON DUPLICATE KEY UPDATE
|
618 |
// because we would have to concatenate $val twice into the query which could also exceed max packet for the mysql server
|
619 |
$serialized = serialize($val);
|
|
|
620 |
$tempFilename = 'wordfence_tmpfile_' . $key . '.php';
|
621 |
if((strlen($serialized) * 1.1) > self::getDB()->getMaxAllowedPacketBytes()){ //If it's greater than max_allowed_packet + 10% for escaping and SQL
|
622 |
if($canUseDisk){
|
623 |
$dir = self::getTempDir();
|
624 |
$potentialDirs = self::getPotentialTempDirs();
|
625 |
if($dir){
|
|
|
626 |
$fullFile = $dir . $tempFilename;
|
627 |
self::deleteOldTempFile($fullFile);
|
628 |
$fh = fopen($fullFile, 'w');
|
712 |
if(self::get($key) == $val){ echo ' selected '; }
|
713 |
}
|
714 |
public static function getArray(){
|
|
|
715 |
$q = self::getDB()->querySelect("select name, val from " . self::table());
|
716 |
foreach($q as $row){
|
717 |
self::$cache[$row['name']] = $row['val'];
|
lib/wfCrawl.php
CHANGED
@@ -21,7 +21,6 @@ class wfCrawl {
|
|
21 |
return false;
|
22 |
}
|
23 |
}
|
24 |
-
$wfLog = new wfLog(wfConfig::get('apiKey'), wfUtils::getWPVersion());
|
25 |
$host = wfUtils::reverseLookup($IP);
|
26 |
if(! $host){
|
27 |
$db->queryWrite("insert into $table (IP, patternSig, status, lastUpdate, PTR) values (%s, UNHEX(MD5('%s')), '%s', unix_timestamp(), '%s') ON DUPLICATE KEY UPDATE status='%s', lastUpdate=unix_timestamp(), PTR='%s'", $IPn, $hostPattern, 'noPTR', '', 'noPTR', '');
|
21 |
return false;
|
22 |
}
|
23 |
}
|
|
|
24 |
$host = wfUtils::reverseLookup($IP);
|
25 |
if(! $host){
|
26 |
$db->queryWrite("insert into $table (IP, patternSig, status, lastUpdate, PTR) values (%s, UNHEX(MD5('%s')), '%s', unix_timestamp(), '%s') ON DUPLICATE KEY UPDATE status='%s', lastUpdate=unix_timestamp(), PTR='%s'", $IPn, $hostPattern, 'noPTR', '', 'noPTR', '');
|
lib/wfDB.php
CHANGED
@@ -1,11 +1,5 @@
|
|
1 |
<?php
|
2 |
class wfDB {
|
3 |
-
private $dbh = false;
|
4 |
-
private static $dbhCache = array();
|
5 |
-
private $dbhost = false;
|
6 |
-
private $dbpassword = false;
|
7 |
-
private $dbname = false;
|
8 |
-
private $dbuser = false;
|
9 |
public $errorMsg = false;
|
10 |
public function __construct(){
|
11 |
}
|
1 |
<?php
|
2 |
class wfDB {
|
|
|
|
|
|
|
|
|
|
|
|
|
3 |
public $errorMsg = false;
|
4 |
public function __construct(){
|
5 |
}
|
lib/wfIssues.php
CHANGED
@@ -161,7 +161,6 @@ class wfIssues {
|
|
161 |
$this->getDB()->queryWrite("delete from " . $this->issuesTable . " where id=%d", $id);
|
162 |
}
|
163 |
public function updateIssue($id, $status){ //ignoreC, ignoreP, delete or new
|
164 |
-
$currentStatus = $this->getDB()->querySingle("select status from " . $this->issuesTable . " where id=%d", $id);
|
165 |
if($status == 'delete'){
|
166 |
$this->getDB()->queryWrite("delete from " . $this->issuesTable . " where id=%d", $id);
|
167 |
} else if($status == 'ignoreC' || $status == 'ignoreP' || $status == 'new'){
|
@@ -174,7 +173,6 @@ class wfIssues {
|
|
174 |
return $rec;
|
175 |
}
|
176 |
public function getIssues(){
|
177 |
-
$issues = wfConfig::get('wf_issues', array());
|
178 |
$ret = array(
|
179 |
'new' => array(),
|
180 |
'ignored' => array()
|
161 |
$this->getDB()->queryWrite("delete from " . $this->issuesTable . " where id=%d", $id);
|
162 |
}
|
163 |
public function updateIssue($id, $status){ //ignoreC, ignoreP, delete or new
|
|
|
164 |
if($status == 'delete'){
|
165 |
$this->getDB()->queryWrite("delete from " . $this->issuesTable . " where id=%d", $id);
|
166 |
} else if($status == 'ignoreC' || $status == 'ignoreP' || $status == 'new'){
|
173 |
return $rec;
|
174 |
}
|
175 |
public function getIssues(){
|
|
|
176 |
$ret = array(
|
177 |
'new' => array(),
|
178 |
'ignored' => array()
|
lib/wfLog.php
CHANGED
@@ -70,12 +70,6 @@ class wfLog {
|
|
70 |
$id = get_current_user_id();
|
71 |
return $id ? $id : 0;
|
72 |
}
|
73 |
-
private function getPagename(){
|
74 |
-
global $wp_query;
|
75 |
-
$post = $wp_query->get_queried_object();
|
76 |
-
$pagename = $post->post_name;
|
77 |
-
return $pagename;
|
78 |
-
}
|
79 |
public function logLeechAndBlock($type){ //404 or hit
|
80 |
if(wfConfig::get('firewallEnabled')){
|
81 |
//Moved the following block into the "is fw enabled section" for optimization.
|
@@ -140,6 +134,11 @@ class wfLog {
|
|
140 |
}
|
141 |
}
|
142 |
}
|
|
|
|
|
|
|
|
|
|
|
143 |
if(isset($_SERVER['HTTP_USER_AGENT']) && wfCrawl::isCrawler($_SERVER['HTTP_USER_AGENT'])){
|
144 |
if($type == 'hit' && wfConfig::get('maxRequestsCrawlers') != 'DISABLED' && $hitsPerMinute > wfConfig::get('maxRequestsCrawlers')){
|
145 |
$this->takeBlockingAction('maxRequestsCrawlers', "Exceeded the maximum number of requests per minute for crawlers."); //may not exit
|
@@ -240,12 +239,8 @@ class wfLog {
|
|
240 |
}
|
241 |
$blockDat = explode('|', $elem['blockString']);
|
242 |
$elem['ipPattern'] = "";
|
243 |
-
$haveIPBlock = false;
|
244 |
-
$haveBrowserBlock = false;
|
245 |
-
$haveRefererBlock = false;
|
246 |
$numBlockElements = 0;
|
247 |
if($blockDat[0]){
|
248 |
-
$haveIPBlock = true;
|
249 |
$numBlockElements++;
|
250 |
$ipDat = explode('-', $blockDat[0]);
|
251 |
$elem['ipPattern'] = "Block visitors with IP addresses in the range: " . wfUtils::inet_ntoa($ipDat[0]) . ' - ' . wfUtils::inet_ntoa($ipDat[1]);
|
@@ -253,14 +248,12 @@ class wfLog {
|
|
253 |
$elem['ipPattern'] = 'Allow all IP addresses';
|
254 |
}
|
255 |
if($blockDat[1]){
|
256 |
-
$haveBrowserBlock = true;
|
257 |
$numBlockElements++;
|
258 |
$elem['browserPattern'] = "Block visitors whos browsers match the pattern: " . $blockDat[1];
|
259 |
} else {
|
260 |
$elem['browserPattern'] = 'Allow all browsers';
|
261 |
}
|
262 |
if($blockDat[2]){
|
263 |
-
$haveRefererBlock = true;
|
264 |
$numBlockElements++;
|
265 |
$elem['refererPattern'] = "Block visitors from websites that match the pattern: " . $blockDat[2];
|
266 |
} else {
|
@@ -904,7 +897,6 @@ class wfLog {
|
|
904 |
}
|
905 |
}
|
906 |
$results = $this->getDB()->querySelect("select ctime, level, type, msg from " . $this->statusTable . " where ctime > %f order by ctime asc", $lastCtime);
|
907 |
-
$lastTime = false;
|
908 |
$timeOffset = 3600 * get_option('gmt_offset');
|
909 |
foreach($results as &$rec){
|
910 |
//$rec['timeAgo'] = wfUtils::makeTimeAgo(time() - $rec['ctime']);
|
@@ -915,7 +907,6 @@ class wfLog {
|
|
915 |
}
|
916 |
public function getSummaryEvents(){
|
917 |
$results = $this->getDB()->querySelect("select ctime, level, type, msg from " . $this->statusTable . " where level = 10 order by ctime desc limit 100");
|
918 |
-
$lastTime = false;
|
919 |
$timeOffset = 3600 * get_option('gmt_offset');
|
920 |
foreach($results as &$rec){
|
921 |
$rec['date'] = date('M d H:i:s', $rec['ctime'] + $timeOffset);
|
70 |
$id = get_current_user_id();
|
71 |
return $id ? $id : 0;
|
72 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
73 |
public function logLeechAndBlock($type){ //404 or hit
|
74 |
if(wfConfig::get('firewallEnabled')){
|
75 |
//Moved the following block into the "is fw enabled section" for optimization.
|
134 |
}
|
135 |
}
|
136 |
}
|
137 |
+
if(wfConfig::get('other_blockBadPOST') == '1' && $_SERVER['REQUEST_METHOD'] == 'POST' && empty($_SERVER['HTTP_USER_AGENT']) && empty($_SERVER['HTTP_REFERER'])){
|
138 |
+
$this->blockIP($IP, "POST received with blank user-agent and referer");
|
139 |
+
$this->do503(3600, "POST received with blank user-agent and referer");
|
140 |
+
//exits
|
141 |
+
}
|
142 |
if(isset($_SERVER['HTTP_USER_AGENT']) && wfCrawl::isCrawler($_SERVER['HTTP_USER_AGENT'])){
|
143 |
if($type == 'hit' && wfConfig::get('maxRequestsCrawlers') != 'DISABLED' && $hitsPerMinute > wfConfig::get('maxRequestsCrawlers')){
|
144 |
$this->takeBlockingAction('maxRequestsCrawlers', "Exceeded the maximum number of requests per minute for crawlers."); //may not exit
|
239 |
}
|
240 |
$blockDat = explode('|', $elem['blockString']);
|
241 |
$elem['ipPattern'] = "";
|
|
|
|
|
|
|
242 |
$numBlockElements = 0;
|
243 |
if($blockDat[0]){
|
|
|
244 |
$numBlockElements++;
|
245 |
$ipDat = explode('-', $blockDat[0]);
|
246 |
$elem['ipPattern'] = "Block visitors with IP addresses in the range: " . wfUtils::inet_ntoa($ipDat[0]) . ' - ' . wfUtils::inet_ntoa($ipDat[1]);
|
248 |
$elem['ipPattern'] = 'Allow all IP addresses';
|
249 |
}
|
250 |
if($blockDat[1]){
|
|
|
251 |
$numBlockElements++;
|
252 |
$elem['browserPattern'] = "Block visitors whos browsers match the pattern: " . $blockDat[1];
|
253 |
} else {
|
254 |
$elem['browserPattern'] = 'Allow all browsers';
|
255 |
}
|
256 |
if($blockDat[2]){
|
|
|
257 |
$numBlockElements++;
|
258 |
$elem['refererPattern'] = "Block visitors from websites that match the pattern: " . $blockDat[2];
|
259 |
} else {
|
897 |
}
|
898 |
}
|
899 |
$results = $this->getDB()->querySelect("select ctime, level, type, msg from " . $this->statusTable . " where ctime > %f order by ctime asc", $lastCtime);
|
|
|
900 |
$timeOffset = 3600 * get_option('gmt_offset');
|
901 |
foreach($results as &$rec){
|
902 |
//$rec['timeAgo'] = wfUtils::makeTimeAgo(time() - $rec['ctime']);
|
907 |
}
|
908 |
public function getSummaryEvents(){
|
909 |
$results = $this->getDB()->querySelect("select ctime, level, type, msg from " . $this->statusTable . " where level = 10 order by ctime desc limit 100");
|
|
|
910 |
$timeOffset = 3600 * get_option('gmt_offset');
|
911 |
foreach($results as &$rec){
|
912 |
$rec['date'] = date('M d H:i:s', $rec['ctime'] + $timeOffset);
|
lib/wfScan.php
CHANGED
@@ -66,7 +66,6 @@ class wfScan {
|
|
66 |
@error_reporting(E_ALL);
|
67 |
wfUtils::iniSet('display_errors','On');
|
68 |
self::status(4, 'info', "Setting up scanRunning and starting scan");
|
69 |
-
$scan = false;
|
70 |
if($isFork){
|
71 |
$scan = wfConfig::get_ser('wfsd_engine', false, true);
|
72 |
if($scan){
|
@@ -129,7 +128,6 @@ class wfScan {
|
|
129 |
public static function becomeAdmin(){
|
130 |
$db = new wfDB();
|
131 |
global $wpdb;
|
132 |
-
$adminUserID = false;
|
133 |
$userSource = '';
|
134 |
if(is_multisite()){
|
135 |
$users = get_users('role=super&fields=ID');
|
66 |
@error_reporting(E_ALL);
|
67 |
wfUtils::iniSet('display_errors','On');
|
68 |
self::status(4, 'info', "Setting up scanRunning and starting scan");
|
|
|
69 |
if($isFork){
|
70 |
$scan = wfConfig::get_ser('wfsd_engine', false, true);
|
71 |
if($scan){
|
128 |
public static function becomeAdmin(){
|
129 |
$db = new wfDB();
|
130 |
global $wpdb;
|
|
|
131 |
$userSource = '';
|
132 |
if(is_multisite()){
|
133 |
$users = get_users('role=super&fields=ID');
|
lib/wfScanEngine.php
CHANGED
@@ -7,19 +7,17 @@ require_once('wfIssues.php');
|
|
7 |
require_once('wfDB.php');
|
8 |
require_once('wfUtils.php');
|
9 |
class wfScanEngine {
|
10 |
-
private static $cronTestFailedURLs = array();
|
11 |
public $api = false;
|
12 |
private $dictWords = array();
|
13 |
private $forkRequested = false;
|
14 |
|
15 |
//Beginning of serialized properties on sleep
|
16 |
private $hasher = false;
|
17 |
-
private $hashes = false;
|
18 |
private $jobList = array();
|
19 |
private $i = false;
|
|
|
20 |
private $apiKey = false;
|
21 |
private $startTime = 0;
|
22 |
-
private $scanStep = 0;
|
23 |
public $maxExecTime = false; //If more than $maxExecTime has elapsed since last check, fork a new scan process and continue
|
24 |
private $publicScanEnabled = false;
|
25 |
private $fileContentsResults = false;
|
@@ -36,7 +34,7 @@ class wfScanEngine {
|
|
36 |
private $userPasswdQueue = "";
|
37 |
private $passwdHasIssues = false;
|
38 |
public function __sleep(){ //Same order here as above for properties that are included in serialization
|
39 |
-
return array('hasher', '
|
40 |
}
|
41 |
public function __construct(){
|
42 |
$this->startTime = time();
|
@@ -274,13 +272,13 @@ class wfScanEngine {
|
|
274 |
$this->status(2, 'info', "Getting theme list from WordPress");
|
275 |
$themeData = get_themes();
|
276 |
$knownFilesThemes = array();
|
277 |
-
foreach($themeData as $themeName => $
|
278 |
-
if(preg_match('/\/([^\/]+)$/', $
|
279 |
$shortDir = $matches[1]; //e.g. evo4cms
|
280 |
-
$fullDir = substr($
|
281 |
$knownFilesThemes[$themeName] = array(
|
282 |
-
'Name' => $
|
283 |
-
'Version' => $
|
284 |
'ShortDir' => $shortDir,
|
285 |
'FullDir' => $fullDir
|
286 |
);
|
@@ -539,7 +537,7 @@ class wfScanEngine {
|
|
539 |
if($email){
|
540 |
$cDesc .= "Email: $email ";
|
541 |
}
|
542 |
-
$cDesc
|
543 |
$this->status(2, 'info', "Scanning comment with $cDesc");
|
544 |
|
545 |
$h = new wordfenceURLHoover($this->apiKey, $this->wp_version);
|
@@ -625,7 +623,6 @@ class wfScanEngine {
|
|
625 |
private function scan_passwds_main(){
|
626 |
global $wpdb;
|
627 |
$wfdb = new wfDB();
|
628 |
-
$haveIssues = false;
|
629 |
while(strlen($this->userPasswdQueue) > 3){
|
630 |
$usersLeft = strlen($this->userPasswdQueue) / 4; //4 byte ints
|
631 |
if($usersLeft % 100 == 0){
|
@@ -654,9 +651,6 @@ class wfScanEngine {
|
|
654 |
$passwdHasher = new PasswordHash(8, TRUE);
|
655 |
$userDat = get_userdata($userID);
|
656 |
$this->status(4, 'info', "Checking password strength of user '" . $userDat->user_login . "'");
|
657 |
-
$shortMsg = "";
|
658 |
-
$longMsg = "";
|
659 |
-
$level = 1;
|
660 |
$highCap = $this->highestCap($userDat->wp_capabilities);
|
661 |
if($this->isEditor($userDat->wp_capabilities)){
|
662 |
$shortMsg = "User \"" . $userDat->user_login . "\" with \"" . $highCap . "\" access has an easy password.";
|
@@ -727,7 +721,6 @@ class wfScanEngine {
|
|
727 |
return;
|
728 |
}
|
729 |
$this->status(2, 'info', "Total disk space: " . sprintf('%.4f', ($total / 1024 / 1024 / 1024)) . "GB -- Free disk space: " . sprintf('%.4f', ($free / 1024 / 1024 / 1024)) . "GB");
|
730 |
-
$level = false;
|
731 |
$freeMegs = sprintf('%.2f', $free / 1024 / 1024);
|
732 |
$this->status(2, 'info', "The disk has $freeMegs MB space available");
|
733 |
if($freeMegs < 5){
|
@@ -930,7 +923,6 @@ class wfScanEngine {
|
|
930 |
public static function checkForKill(){
|
931 |
$kill = wfConfig::get('wfKillRequested', 0);
|
932 |
if($kill && time() - $kill < 600){ //Kill lasts for 10 minutes
|
933 |
-
$wfdb = new wfDB();
|
934 |
wordfence::status(10, 'info', "SUM_KILLED:Previous scan was killed successfully.");
|
935 |
throw new Exception("Scan was killed on administrator request.");
|
936 |
}
|
@@ -946,7 +938,6 @@ class wfScanEngine {
|
|
946 |
}
|
947 |
$timeout = self::getMaxExecutionTime() - 2; //2 seconds shorter than max execution time which ensures that only 2 HTTP processes are ever occupied
|
948 |
$testURL = admin_url('admin-ajax.php?action=wordfence_testAjax');
|
949 |
-
$testResults = false;
|
950 |
if(! wfConfig::get('startScansRemotely', false)){
|
951 |
$testResult = wp_remote_post($testURL, array(
|
952 |
'timeout' => $timeout,
|
@@ -964,7 +955,7 @@ class wfScanEngine {
|
|
964 |
$cronURL = admin_url($cronURL);
|
965 |
$headers = array();
|
966 |
wordfence::status(4, 'info', "Starting cron with normal ajax at URL $cronURL");
|
967 |
-
|
968 |
'timeout' => $timeout, //Must be less than max execution time or more than 2 HTTP children will be occupied by scan
|
969 |
'blocking' => true, //Non-blocking seems to block anyway, so we use blocking
|
970 |
'sslverify' => false,
|
@@ -978,7 +969,7 @@ class wfScanEngine {
|
|
978 |
$headers = array();
|
979 |
wordfence::status(4, 'info', "Starting cron via proxy at URL $cronURL");
|
980 |
|
981 |
-
|
982 |
'timeout' => $timeout, //Must be less than max execution time or more than 2 HTTP children will be occupied by scan
|
983 |
'blocking' => true, //Non-blocking seems to block anyway, so we use blocking
|
984 |
'sslverify' => false,
|
7 |
require_once('wfDB.php');
|
8 |
require_once('wfUtils.php');
|
9 |
class wfScanEngine {
|
|
|
10 |
public $api = false;
|
11 |
private $dictWords = array();
|
12 |
private $forkRequested = false;
|
13 |
|
14 |
//Beginning of serialized properties on sleep
|
15 |
private $hasher = false;
|
|
|
16 |
private $jobList = array();
|
17 |
private $i = false;
|
18 |
+
private $wp_version = false;
|
19 |
private $apiKey = false;
|
20 |
private $startTime = 0;
|
|
|
21 |
public $maxExecTime = false; //If more than $maxExecTime has elapsed since last check, fork a new scan process and continue
|
22 |
private $publicScanEnabled = false;
|
23 |
private $fileContentsResults = false;
|
34 |
private $userPasswdQueue = "";
|
35 |
private $passwdHasIssues = false;
|
36 |
public function __sleep(){ //Same order here as above for properties that are included in serialization
|
37 |
+
return array('hasher', 'jobList', 'i', 'wp_version', 'apiKey', 'startTime', 'maxExecTime', 'publicScanEnabled', 'fileContentsResults', 'scanner', 'scanQueue', 'hoover', 'scanData', 'statusIDX', 'userPasswdQueue', 'passwdHasIssues');
|
38 |
}
|
39 |
public function __construct(){
|
40 |
$this->startTime = time();
|
272 |
$this->status(2, 'info', "Getting theme list from WordPress");
|
273 |
$themeData = get_themes();
|
274 |
$knownFilesThemes = array();
|
275 |
+
foreach($themeData as $themeName => $themeVal){
|
276 |
+
if(preg_match('/\/([^\/]+)$/', $themeVal['Stylesheet Dir'], $matches)){
|
277 |
$shortDir = $matches[1]; //e.g. evo4cms
|
278 |
+
$fullDir = substr($themeVal['Stylesheet Dir'], strlen(ABSPATH)); //e.g. wp-content/themes/evo4cms
|
279 |
$knownFilesThemes[$themeName] = array(
|
280 |
+
'Name' => $themeVal['Name'],
|
281 |
+
'Version' => $themeVal['Version'],
|
282 |
'ShortDir' => $shortDir,
|
283 |
'FullDir' => $fullDir
|
284 |
);
|
537 |
if($email){
|
538 |
$cDesc .= "Email: $email ";
|
539 |
}
|
540 |
+
$cDesc .= "Source IP: $IP ";
|
541 |
$this->status(2, 'info', "Scanning comment with $cDesc");
|
542 |
|
543 |
$h = new wordfenceURLHoover($this->apiKey, $this->wp_version);
|
623 |
private function scan_passwds_main(){
|
624 |
global $wpdb;
|
625 |
$wfdb = new wfDB();
|
|
|
626 |
while(strlen($this->userPasswdQueue) > 3){
|
627 |
$usersLeft = strlen($this->userPasswdQueue) / 4; //4 byte ints
|
628 |
if($usersLeft % 100 == 0){
|
651 |
$passwdHasher = new PasswordHash(8, TRUE);
|
652 |
$userDat = get_userdata($userID);
|
653 |
$this->status(4, 'info', "Checking password strength of user '" . $userDat->user_login . "'");
|
|
|
|
|
|
|
654 |
$highCap = $this->highestCap($userDat->wp_capabilities);
|
655 |
if($this->isEditor($userDat->wp_capabilities)){
|
656 |
$shortMsg = "User \"" . $userDat->user_login . "\" with \"" . $highCap . "\" access has an easy password.";
|
721 |
return;
|
722 |
}
|
723 |
$this->status(2, 'info', "Total disk space: " . sprintf('%.4f', ($total / 1024 / 1024 / 1024)) . "GB -- Free disk space: " . sprintf('%.4f', ($free / 1024 / 1024 / 1024)) . "GB");
|
|
|
724 |
$freeMegs = sprintf('%.2f', $free / 1024 / 1024);
|
725 |
$this->status(2, 'info', "The disk has $freeMegs MB space available");
|
726 |
if($freeMegs < 5){
|
923 |
public static function checkForKill(){
|
924 |
$kill = wfConfig::get('wfKillRequested', 0);
|
925 |
if($kill && time() - $kill < 600){ //Kill lasts for 10 minutes
|
|
|
926 |
wordfence::status(10, 'info', "SUM_KILLED:Previous scan was killed successfully.");
|
927 |
throw new Exception("Scan was killed on administrator request.");
|
928 |
}
|
938 |
}
|
939 |
$timeout = self::getMaxExecutionTime() - 2; //2 seconds shorter than max execution time which ensures that only 2 HTTP processes are ever occupied
|
940 |
$testURL = admin_url('admin-ajax.php?action=wordfence_testAjax');
|
|
|
941 |
if(! wfConfig::get('startScansRemotely', false)){
|
942 |
$testResult = wp_remote_post($testURL, array(
|
943 |
'timeout' => $timeout,
|
955 |
$cronURL = admin_url($cronURL);
|
956 |
$headers = array();
|
957 |
wordfence::status(4, 'info', "Starting cron with normal ajax at URL $cronURL");
|
958 |
+
wp_remote_get( $cronURL, array(
|
959 |
'timeout' => $timeout, //Must be less than max execution time or more than 2 HTTP children will be occupied by scan
|
960 |
'blocking' => true, //Non-blocking seems to block anyway, so we use blocking
|
961 |
'sslverify' => false,
|
969 |
$headers = array();
|
970 |
wordfence::status(4, 'info', "Starting cron via proxy at URL $cronURL");
|
971 |
|
972 |
+
wp_remote_get( $cronURL, array(
|
973 |
'timeout' => $timeout, //Must be less than max execution time or more than 2 HTTP children will be occupied by scan
|
974 |
'blocking' => true, //Non-blocking seems to block anyway, so we use blocking
|
975 |
'sslverify' => false,
|
lib/wfUtils.php
CHANGED
@@ -43,7 +43,6 @@ class wfUtils {
|
|
43 |
$minutes -= $hours * 60;
|
44 |
return self::pluralize($hours, 'hour', $minutes, 'min');
|
45 |
} else if($minutes) {
|
46 |
-
$secs -= $minutes * 60;
|
47 |
return self::pluralize($minutes, 'min');
|
48 |
} else {
|
49 |
if($noSeconds){
|
@@ -106,9 +105,6 @@ class wfUtils {
|
|
106 |
return WP_CONTENT_DIR . '/plugins/';
|
107 |
//return ABSPATH . 'wp-content/plugins/';
|
108 |
}
|
109 |
-
public static function defaultGetIP(){
|
110 |
-
return $IP;
|
111 |
-
}
|
112 |
public static function makeRandomIP(){
|
113 |
return rand(11,230) . '.' . rand(0,255) . '.' . rand(0,255) . '.' . rand(0,255);
|
114 |
}
|
@@ -259,7 +255,6 @@ class wfUtils {
|
|
259 |
public static function lcmem(){
|
260 |
$trace=debug_backtrace();
|
261 |
$caller=array_shift($trace);
|
262 |
-
$c2 = array_shift($trace);
|
263 |
$mem = memory_get_usage(true);
|
264 |
error_log("$mem at " . $caller['file'] . " line " . $caller['line']);
|
265 |
}
|
@@ -464,7 +459,9 @@ class wfUtils {
|
|
464 |
$host = $db->querySingle("select host from " . $reverseTable . " where IP=%s and unix_timestamp() - lastUpdate < %d", $IPn, WORDFENCE_REVERSE_LOOKUP_CACHE_TIME);
|
465 |
if(! $host){
|
466 |
$ptr = implode(".", array_reverse(explode(".",$IP))) . ".in-addr.arpa";
|
467 |
-
|
|
|
|
|
468 |
if($host == null){
|
469 |
$host = 'NONE';
|
470 |
} else {
|
43 |
$minutes -= $hours * 60;
|
44 |
return self::pluralize($hours, 'hour', $minutes, 'min');
|
45 |
} else if($minutes) {
|
|
|
46 |
return self::pluralize($minutes, 'min');
|
47 |
} else {
|
48 |
if($noSeconds){
|
105 |
return WP_CONTENT_DIR . '/plugins/';
|
106 |
//return ABSPATH . 'wp-content/plugins/';
|
107 |
}
|
|
|
|
|
|
|
108 |
public static function makeRandomIP(){
|
109 |
return rand(11,230) . '.' . rand(0,255) . '.' . rand(0,255) . '.' . rand(0,255);
|
110 |
}
|
255 |
public static function lcmem(){
|
256 |
$trace=debug_backtrace();
|
257 |
$caller=array_shift($trace);
|
|
|
258 |
$mem = memory_get_usage(true);
|
259 |
error_log("$mem at " . $caller['file'] . " line " . $caller['line']);
|
260 |
}
|
459 |
$host = $db->querySingle("select host from " . $reverseTable . " where IP=%s and unix_timestamp() - lastUpdate < %d", $IPn, WORDFENCE_REVERSE_LOOKUP_CACHE_TIME);
|
460 |
if(! $host){
|
461 |
$ptr = implode(".", array_reverse(explode(".",$IP))) . ".in-addr.arpa";
|
462 |
+
if (function_exists('dns_get_record')) {
|
463 |
+
$host = @dns_get_record($ptr, DNS_PTR);
|
464 |
+
}
|
465 |
if($host == null){
|
466 |
$host = 'NONE';
|
467 |
} else {
|
lib/wfViewResult.php
CHANGED
@@ -21,6 +21,6 @@
|
|
21 |
|
22 |
|
23 |
|
24 |
-
<div class="diffFooter">© 2011 to 2015 Wordfence — Visit <a href="http://wordfence.com/">Wordfence.com</a> for help, security updates and more.</
|
25 |
</body>
|
26 |
</html>
|
21 |
|
22 |
|
23 |
|
24 |
+
<div class="diffFooter">© 2011 to 2015 Wordfence — Visit <a href="http://wordfence.com/">Wordfence.com</a> for help, security updates and more.</div>
|
25 |
</body>
|
26 |
</html>
|
lib/wordfenceClass.php
CHANGED
@@ -25,7 +25,6 @@ class wordfence {
|
|
25 |
public static $newVisit = false;
|
26 |
private static $wfLog = false;
|
27 |
private static $hitID = 0;
|
28 |
-
private static $statusStartMsgs = array();
|
29 |
private static $debugOn = null;
|
30 |
private static $runInstallCalled = false;
|
31 |
public static $commentSpamItems = array();
|
@@ -38,8 +37,8 @@ class wordfence {
|
|
38 |
//Check if caching is enabled and if it is, disable it and fix the .htaccess file.
|
39 |
$cacheType = wfConfig::get('cacheType', false);
|
40 |
if($cacheType == 'falcon'){
|
41 |
-
|
42 |
-
|
43 |
wfConfig::set('cacheType', false);
|
44 |
|
45 |
//We currently don't clear the cache when plugin is disabled because it will take too long if done synchronously and won't work because plugin is disabled if done asynchronously.
|
@@ -179,6 +178,11 @@ class wordfence {
|
|
179 |
$wfdb->queryWrite("delete from $p"."wfBlocks where (blockedTime + %s < unix_timestamp()) and permanent=0", wfConfig::get('blockedTime'));
|
180 |
$wfdb->queryWrite("delete from $p"."wfCrawlers where lastUpdate < unix_timestamp() - (86400 * 7)");
|
181 |
|
|
|
|
|
|
|
|
|
|
|
182 |
$count = $wfdb->querySingle("select count(*) as cnt from $p"."wfHits");
|
183 |
if($count > 20000){
|
184 |
$wfdb->truncate($p . "wfHits"); //So we don't slow down sites that have very large wfHits tables
|
@@ -470,6 +474,7 @@ class wordfence {
|
|
470 |
public static function ajax_doScan_callback(){
|
471 |
ignore_user_abort(true);
|
472 |
self::$wordfence_wp_version = false;
|
|
|
473 |
require(ABSPATH . 'wp-includes/version.php');
|
474 |
self::$wordfence_wp_version = $wp_version;
|
475 |
require('wfScan.php');
|
@@ -479,7 +484,6 @@ class wordfence {
|
|
479 |
public static function ajax_perfLog_callback(){
|
480 |
$wfLog = self::getLog();
|
481 |
$fields = array('fetchStart', 'domainLookupStart', 'domainLookupEnd', 'connectStart', 'connectEnd', 'requestStart', 'responseStart', 'responseEnd', 'domReady', 'loaded');
|
482 |
-
$lastVal = false;
|
483 |
foreach($fields as $f){
|
484 |
if(preg_match('/^\d+$/', $_POST[$f])){
|
485 |
$data[$f] = $_POST[$f];
|
@@ -543,7 +547,6 @@ class wordfence {
|
|
543 |
}
|
544 |
$returnArr['nonce'] = wp_create_nonce('wp-ajax');
|
545 |
die(json_encode($returnArr));
|
546 |
-
exit;
|
547 |
}
|
548 |
public static function publishFuturePost($id){
|
549 |
if(wfConfig::get('clearCacheSched')){
|
@@ -647,7 +650,7 @@ class wordfence {
|
|
647 |
return self::getLog()->isIPLockedOut($IP);
|
648 |
}
|
649 |
public static function veryFirstAction(){
|
650 |
-
$wfFunc = @$_GET['_wfsf'];
|
651 |
if($wfFunc == 'unlockEmail'){
|
652 |
if(! wp_verify_nonce(@$_POST['nonce'], 'wf-form')){
|
653 |
die("Sorry but your browser sent an invalid security token when trying to use this form.");
|
@@ -663,10 +666,9 @@ class wordfence {
|
|
663 |
$email = trim($_POST['email']);
|
664 |
global $wpdb;
|
665 |
$ws = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users");
|
666 |
-
$users = array();
|
667 |
foreach($ws as $user){
|
668 |
$userDat = get_userdata($user->ID);
|
669 |
-
if($userDat
|
670 |
if($email == $userDat->user_email){
|
671 |
$found = true;
|
672 |
break;
|
@@ -1317,6 +1319,10 @@ class wordfence {
|
|
1317 |
wfConfig::set('tourClosed', 1);
|
1318 |
return array('ok' => 1);
|
1319 |
}
|
|
|
|
|
|
|
|
|
1320 |
public static function postRowActions($actions, $post){
|
1321 |
if(wfUtils::isAdmin()){
|
1322 |
$actions = array_merge($actions, array(
|
@@ -1341,9 +1347,9 @@ class wordfence {
|
|
1341 |
}
|
1342 |
public static function disablePermalinksFilter($newVal, $oldVal){
|
1343 |
if(wfConfig::get('cacheType', false) == 'falcon' && $oldVal && (! $newVal) ){ //Falcon is enabled and admin is disabling permalinks
|
1344 |
-
|
1345 |
//if($err){ return $oldVal; } //We might want to not allow the user to disable permalinks if we can't disable falcon. Allowing it for now.
|
1346 |
-
|
1347 |
//if($err){ return $oldVal; } //We might want to not allow the user to disable permalinks if we can't disable falcon. Allowing it for now.
|
1348 |
wfConfig::set('cacheType', false);
|
1349 |
}
|
@@ -1783,7 +1789,7 @@ class wordfence {
|
|
1783 |
}
|
1784 |
} else {
|
1785 |
$api = new wfAPI($opts['apiKey'], wfUtils::getWPVersion());
|
1786 |
-
$
|
1787 |
}
|
1788 |
return array('ok' => 1, 'reload' => $reload, 'paidKeyMsg' => $paidKeyMsg );
|
1789 |
}
|
@@ -1961,7 +1967,6 @@ class wordfence {
|
|
1961 |
$p = $wpdb->base_prefix;
|
1962 |
|
1963 |
$serverTime = $wfdb->querySingle("select unix_timestamp()");
|
1964 |
-
$issues = new wfIssues();
|
1965 |
$jsonData = array(
|
1966 |
'serverTime' => $serverTime,
|
1967 |
'msg' => wp_kses_data( (string) $wfdb->querySingle("select msg from $p"."wfStatus where level < 3 order by ctime desc limit 1"))
|
@@ -2075,8 +2080,6 @@ class wordfence {
|
|
2075 |
$issues->updateIssue($id, 'delete');
|
2076 |
}
|
2077 |
}
|
2078 |
-
$headMsg = "";
|
2079 |
-
$bodyMsg = "";
|
2080 |
$verb = $op == 'del' ? 'Deleted' : 'Repaired';
|
2081 |
$verb2 = $op == 'del' ? 'delete' : 'repair';
|
2082 |
if($filesWorkedOn > 0 && sizeof($errors) > 0){
|
@@ -2250,7 +2253,7 @@ class wordfence {
|
|
2250 |
//End logging
|
2251 |
|
2252 |
|
2253 |
-
if(! ($wfFunc == 'diff' || $wfFunc == 'view' || $wfFunc == 'sysinfo' || $wfFunc == 'conntest' || $wfFunc == 'unknownFiles' || $wfFunc == 'IPTraf' || $wfFunc == 'viewActivityLog' || $wfFunc == 'testmem' || $wfFunc == 'testtime')){
|
2254 |
return;
|
2255 |
}
|
2256 |
if(! wfUtils::isAdmin()){
|
@@ -2266,8 +2269,12 @@ class wordfence {
|
|
2266 |
self::wfFunc_diff();
|
2267 |
} else if($wfFunc == 'view'){
|
2268 |
self::wfFunc_view();
|
2269 |
-
} else if($wfFunc == 'sysinfo'){
|
2270 |
-
require('sysinfo.php');
|
|
|
|
|
|
|
|
|
2271 |
} else if($wfFunc == 'conntest'){
|
2272 |
require('conntest.php');
|
2273 |
} else if($wfFunc == 'unknownFiles'){
|
@@ -2422,7 +2429,6 @@ EOL;
|
|
2422 |
echo "File contains illegal characters.";
|
2423 |
exit();
|
2424 |
}
|
2425 |
-
$lang = false;
|
2426 |
$cont = @file_get_contents($localFile);
|
2427 |
$isEmpty = false;
|
2428 |
if(! $cont){
|
@@ -2501,7 +2507,7 @@ EOL;
|
|
2501 |
}
|
2502 |
public static function admin_init(){
|
2503 |
if(! wfUtils::isAdmin()){ return; }
|
2504 |
-
foreach(array('activate', 'scan', 'updateAlertEmail', 'sendActivityLog', 'restoreFile', 'exportSettings', 'importSettings', 'bulkOperation', 'deleteFile', 'removeExclusion', 'activityLogUpdate', 'ticker', 'loadIssues', 'updateIssueStatus', 'deleteIssue', 'updateAllIssues', 'reverseLookup', 'unlockOutIP', 'loadBlockRanges', 'unblockRange', 'blockIPUARange', 'whois', 'unblockIP', 'blockIP', 'permBlockIP', 'loadStaticPanel', 'saveConfig', 'downloadHtaccess', 'checkFalconHtaccess', 'updateConfig', 'saveCacheConfig', 'removeFromCache', 'autoUpdateChoice', 'saveCacheOptions', 'clearPageCache', 'getCacheStats', 'clearAllBlocked', 'killScan', 'saveCountryBlocking', 'saveScanSchedule', 'tourClosed', 'startTourAgain', 'downgradeLicense', 'addTwoFactor', 'twoFacActivate', 'twoFacDel', 'loadTwoFactor', 'loadAvgSitePerf', 'sendTestEmail', 'addCacheExclusion', 'removeCacheExclusion', 'loadCacheExclusions') as $func){
|
2505 |
add_action('wp_ajax_wordfence_' . $func, 'wordfence::ajaxReceiver');
|
2506 |
}
|
2507 |
|
@@ -2543,6 +2549,7 @@ EOL;
|
|
2543 |
'debugOn' => wfConfig::get('debugOn', 0),
|
2544 |
'actUpdateInterval' => $updateInt,
|
2545 |
'tourClosed' => wfConfig::get('tourClosed', 0),
|
|
|
2546 |
'cacheType' => wfConfig::get('cacheType'),
|
2547 |
'liveTrafficEnabled' => wfConfig::liveTrafficEnabled()
|
2548 |
));
|
@@ -2719,8 +2726,6 @@ EOL;
|
|
2719 |
}
|
2720 |
}
|
2721 |
if(wfConfig::get('isPaid') && ($approved == 1 || $approved == 0) && wfConfig::get('advancedCommentScanning')){
|
2722 |
-
$IPs = array();
|
2723 |
-
$hosts = array();
|
2724 |
self::$commentSpamItems = array();
|
2725 |
preg_replace_callback('/(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/', 'wordfence::pushCommentSpamIP', $cData['comment_content']);
|
2726 |
$IPs = self::$commentSpamItems;
|
@@ -2823,7 +2828,7 @@ EOL;
|
|
2823 |
wfConfig::set('lastEmailHash', time() . ':' . $hash);
|
2824 |
wp_mail(implode(',', $emails), $subject, $content);
|
2825 |
}
|
2826 |
-
|
2827 |
if(! self::$wfLog){
|
2828 |
$wfLog = new wfLog(wfConfig::get('apiKey'), wfUtils::getWPVersion());
|
2829 |
self::$wfLog = $wfLog;
|
25 |
public static $newVisit = false;
|
26 |
private static $wfLog = false;
|
27 |
private static $hitID = 0;
|
|
|
28 |
private static $debugOn = null;
|
29 |
private static $runInstallCalled = false;
|
30 |
public static $commentSpamItems = array();
|
37 |
//Check if caching is enabled and if it is, disable it and fix the .htaccess file.
|
38 |
$cacheType = wfConfig::get('cacheType', false);
|
39 |
if($cacheType == 'falcon'){
|
40 |
+
wfCache::addHtaccessCode('remove');
|
41 |
+
wfCache::updateBlockedIPs('remove');
|
42 |
wfConfig::set('cacheType', false);
|
43 |
|
44 |
//We currently don't clear the cache when plugin is disabled because it will take too long if done synchronously and won't work because plugin is disabled if done asynchronously.
|
178 |
$wfdb->queryWrite("delete from $p"."wfBlocks where (blockedTime + %s < unix_timestamp()) and permanent=0", wfConfig::get('blockedTime'));
|
179 |
$wfdb->queryWrite("delete from $p"."wfCrawlers where lastUpdate < unix_timestamp() - (86400 * 7)");
|
180 |
|
181 |
+
$wfdb->truncate($p . "wfVulnScanners"); //We only report data within the last hour in hourlyCron.
|
182 |
+
// So if we do a once a day truncate to be safe, we'll only potentially lose the hour right before the truncate.
|
183 |
+
// Worth it to clean out the table completely once a day.
|
184 |
+
|
185 |
+
|
186 |
$count = $wfdb->querySingle("select count(*) as cnt from $p"."wfHits");
|
187 |
if($count > 20000){
|
188 |
$wfdb->truncate($p . "wfHits"); //So we don't slow down sites that have very large wfHits tables
|
474 |
public static function ajax_doScan_callback(){
|
475 |
ignore_user_abort(true);
|
476 |
self::$wordfence_wp_version = false;
|
477 |
+
//This is messy, but not sure of a better way to do this without gauranteeing we get $wp_version
|
478 |
require(ABSPATH . 'wp-includes/version.php');
|
479 |
self::$wordfence_wp_version = $wp_version;
|
480 |
require('wfScan.php');
|
484 |
public static function ajax_perfLog_callback(){
|
485 |
$wfLog = self::getLog();
|
486 |
$fields = array('fetchStart', 'domainLookupStart', 'domainLookupEnd', 'connectStart', 'connectEnd', 'requestStart', 'responseStart', 'responseEnd', 'domReady', 'loaded');
|
|
|
487 |
foreach($fields as $f){
|
488 |
if(preg_match('/^\d+$/', $_POST[$f])){
|
489 |
$data[$f] = $_POST[$f];
|
547 |
}
|
548 |
$returnArr['nonce'] = wp_create_nonce('wp-ajax');
|
549 |
die(json_encode($returnArr));
|
|
|
550 |
}
|
551 |
public static function publishFuturePost($id){
|
552 |
if(wfConfig::get('clearCacheSched')){
|
650 |
return self::getLog()->isIPLockedOut($IP);
|
651 |
}
|
652 |
public static function veryFirstAction(){
|
653 |
+
$wfFunc = isset($_GET['_wfsf']) ? @$_GET['_wfsf'] : false;
|
654 |
if($wfFunc == 'unlockEmail'){
|
655 |
if(! wp_verify_nonce(@$_POST['nonce'], 'wf-form')){
|
656 |
die("Sorry but your browser sent an invalid security token when trying to use this form.");
|
666 |
$email = trim($_POST['email']);
|
667 |
global $wpdb;
|
668 |
$ws = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users");
|
|
|
669 |
foreach($ws as $user){
|
670 |
$userDat = get_userdata($user->ID);
|
671 |
+
if(wfUtils::isAdmin($userDat)){
|
672 |
if($email == $userDat->user_email){
|
673 |
$found = true;
|
674 |
break;
|
1319 |
wfConfig::set('tourClosed', 1);
|
1320 |
return array('ok' => 1);
|
1321 |
}
|
1322 |
+
public static function ajax_welcomeClosed_callback(){
|
1323 |
+
wfConfig::set('welcomeClosed', 1);
|
1324 |
+
return array('ok' => 1);
|
1325 |
+
}
|
1326 |
public static function postRowActions($actions, $post){
|
1327 |
if(wfUtils::isAdmin()){
|
1328 |
$actions = array_merge($actions, array(
|
1347 |
}
|
1348 |
public static function disablePermalinksFilter($newVal, $oldVal){
|
1349 |
if(wfConfig::get('cacheType', false) == 'falcon' && $oldVal && (! $newVal) ){ //Falcon is enabled and admin is disabling permalinks
|
1350 |
+
wfCache::addHtaccessCode('remove');
|
1351 |
//if($err){ return $oldVal; } //We might want to not allow the user to disable permalinks if we can't disable falcon. Allowing it for now.
|
1352 |
+
wfCache::updateBlockedIPs('remove');
|
1353 |
//if($err){ return $oldVal; } //We might want to not allow the user to disable permalinks if we can't disable falcon. Allowing it for now.
|
1354 |
wfConfig::set('cacheType', false);
|
1355 |
}
|
1789 |
}
|
1790 |
} else {
|
1791 |
$api = new wfAPI($opts['apiKey'], wfUtils::getWPVersion());
|
1792 |
+
$api->call('ping_api_key', array(), array());
|
1793 |
}
|
1794 |
return array('ok' => 1, 'reload' => $reload, 'paidKeyMsg' => $paidKeyMsg );
|
1795 |
}
|
1967 |
$p = $wpdb->base_prefix;
|
1968 |
|
1969 |
$serverTime = $wfdb->querySingle("select unix_timestamp()");
|
|
|
1970 |
$jsonData = array(
|
1971 |
'serverTime' => $serverTime,
|
1972 |
'msg' => wp_kses_data( (string) $wfdb->querySingle("select msg from $p"."wfStatus where level < 3 order by ctime desc limit 1"))
|
2080 |
$issues->updateIssue($id, 'delete');
|
2081 |
}
|
2082 |
}
|
|
|
|
|
2083 |
$verb = $op == 'del' ? 'Deleted' : 'Repaired';
|
2084 |
$verb2 = $op == 'del' ? 'delete' : 'repair';
|
2085 |
if($filesWorkedOn > 0 && sizeof($errors) > 0){
|
2253 |
//End logging
|
2254 |
|
2255 |
|
2256 |
+
if(! ($wfFunc == 'diff' || $wfFunc == 'view' || $wfFunc == 'sysinfo' || $wfFunc == 'cronview' || $wfFunc == 'dbview' || $wfFunc == 'conntest' || $wfFunc == 'unknownFiles' || $wfFunc == 'IPTraf' || $wfFunc == 'viewActivityLog' || $wfFunc == 'testmem' || $wfFunc == 'testtime')){
|
2257 |
return;
|
2258 |
}
|
2259 |
if(! wfUtils::isAdmin()){
|
2269 |
self::wfFunc_diff();
|
2270 |
} else if($wfFunc == 'view'){
|
2271 |
self::wfFunc_view();
|
2272 |
+
} else if($wfFunc == 'sysinfo') {
|
2273 |
+
require( 'sysinfo.php' );
|
2274 |
+
} else if($wfFunc == 'dbview'){
|
2275 |
+
require('dbview.php');
|
2276 |
+
} else if($wfFunc == 'cronview') {
|
2277 |
+
require('cronview.php');
|
2278 |
} else if($wfFunc == 'conntest'){
|
2279 |
require('conntest.php');
|
2280 |
} else if($wfFunc == 'unknownFiles'){
|
2429 |
echo "File contains illegal characters.";
|
2430 |
exit();
|
2431 |
}
|
|
|
2432 |
$cont = @file_get_contents($localFile);
|
2433 |
$isEmpty = false;
|
2434 |
if(! $cont){
|
2507 |
}
|
2508 |
public static function admin_init(){
|
2509 |
if(! wfUtils::isAdmin()){ return; }
|
2510 |
+
foreach(array('activate', 'scan', 'updateAlertEmail', 'sendActivityLog', 'restoreFile', 'exportSettings', 'importSettings', 'bulkOperation', 'deleteFile', 'removeExclusion', 'activityLogUpdate', 'ticker', 'loadIssues', 'updateIssueStatus', 'deleteIssue', 'updateAllIssues', 'reverseLookup', 'unlockOutIP', 'loadBlockRanges', 'unblockRange', 'blockIPUARange', 'whois', 'unblockIP', 'blockIP', 'permBlockIP', 'loadStaticPanel', 'saveConfig', 'downloadHtaccess', 'checkFalconHtaccess', 'updateConfig', 'saveCacheConfig', 'removeFromCache', 'autoUpdateChoice', 'saveCacheOptions', 'clearPageCache', 'getCacheStats', 'clearAllBlocked', 'killScan', 'saveCountryBlocking', 'saveScanSchedule', 'tourClosed', 'welcomeClosed', 'startTourAgain', 'downgradeLicense', 'addTwoFactor', 'twoFacActivate', 'twoFacDel', 'loadTwoFactor', 'loadAvgSitePerf', 'sendTestEmail', 'addCacheExclusion', 'removeCacheExclusion', 'loadCacheExclusions') as $func){
|
2511 |
add_action('wp_ajax_wordfence_' . $func, 'wordfence::ajaxReceiver');
|
2512 |
}
|
2513 |
|
2549 |
'debugOn' => wfConfig::get('debugOn', 0),
|
2550 |
'actUpdateInterval' => $updateInt,
|
2551 |
'tourClosed' => wfConfig::get('tourClosed', 0),
|
2552 |
+
'welcomeClosed' => wfConfig::get('welcomeClosed', 0),
|
2553 |
'cacheType' => wfConfig::get('cacheType'),
|
2554 |
'liveTrafficEnabled' => wfConfig::liveTrafficEnabled()
|
2555 |
));
|
2726 |
}
|
2727 |
}
|
2728 |
if(wfConfig::get('isPaid') && ($approved == 1 || $approved == 0) && wfConfig::get('advancedCommentScanning')){
|
|
|
|
|
2729 |
self::$commentSpamItems = array();
|
2730 |
preg_replace_callback('/(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/', 'wordfence::pushCommentSpamIP', $cData['comment_content']);
|
2731 |
$IPs = self::$commentSpamItems;
|
2828 |
wfConfig::set('lastEmailHash', time() . ':' . $hash);
|
2829 |
wp_mail(implode(',', $emails), $subject, $content);
|
2830 |
}
|
2831 |
+
public static function getLog(){
|
2832 |
if(! self::$wfLog){
|
2833 |
$wfLog = new wfLog(wfConfig::get('apiKey'), wfUtils::getWPVersion());
|
2834 |
self::$wfLog = $wfLog;
|
lib/wordfenceHash.php
CHANGED
@@ -88,7 +88,6 @@ class wordfenceHash {
|
|
88 |
}
|
89 |
if(! is_readable($path)){
|
90 |
throw new Exception("Could not read directory " . $this->path . " to do scan.");
|
91 |
-
exit();
|
92 |
}
|
93 |
$this->haveIssues = array(
|
94 |
'core' => false,
|
88 |
}
|
89 |
if(! is_readable($path)){
|
90 |
throw new Exception("Could not read directory " . $this->path . " to do scan.");
|
|
|
91 |
}
|
92 |
$this->haveIssues = array(
|
93 |
'core' => false,
|
lib/wordfenceScanner.php
CHANGED
@@ -236,7 +236,6 @@ class wordfenceScanner {
|
|
236 |
}
|
237 |
}
|
238 |
fclose($fh);
|
239 |
-
$mtime = sprintf("%.5f", microtime(true) - $stime);
|
240 |
$this->totalFilesScanned++;
|
241 |
if(microtime(true) - $this->lastStatusTime > 1){
|
242 |
$this->lastStatusTime = microtime(true);
|
@@ -305,19 +304,6 @@ class wordfenceScanner {
|
|
305 |
private function writeScanningStatus(){
|
306 |
wordfence::status(2, 'info', "Scanned contents of " . $this->totalFilesScanned . " additional files at " . sprintf('%.2f', ($this->totalFilesScanned / (microtime(true) - $this->startTime))) . " per second");
|
307 |
}
|
308 |
-
public static function containsCode($arr){
|
309 |
-
foreach($arr as $elem){
|
310 |
-
if(preg_match($this->patterns['pat3'], $elem)){
|
311 |
-
return true;
|
312 |
-
}
|
313 |
-
}
|
314 |
-
return false;
|
315 |
-
}
|
316 |
-
|
317 |
-
private static function hostInURL($host, $url){
|
318 |
-
$host = str_replace('.', '\\.', $host);
|
319 |
-
return preg_match('/(?:^|^http:\/\/|^https:\/\/|^ftp:\/\/)' . $host . '(?:$|\/)/i', $url);
|
320 |
-
}
|
321 |
private function addResult($result){
|
322 |
for($i = 0; $i < sizeof($this->results); $i++){
|
323 |
if($this->results[$i]['type'] == 'file' && $this->results[$i]['data']['file'] == $result['data']['file']){
|
236 |
}
|
237 |
}
|
238 |
fclose($fh);
|
|
|
239 |
$this->totalFilesScanned++;
|
240 |
if(microtime(true) - $this->lastStatusTime > 1){
|
241 |
$this->lastStatusTime = microtime(true);
|
304 |
private function writeScanningStatus(){
|
305 |
wordfence::status(2, 'info', "Scanned contents of " . $this->totalFilesScanned . " additional files at " . sprintf('%.2f', ($this->totalFilesScanned / (microtime(true) - $this->startTime))) . " per second");
|
306 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
307 |
private function addResult($result){
|
308 |
for($i = 0; $i < sizeof($this->results); $i++){
|
309 |
if($this->results[$i]['type'] == 'file' && $this->results[$i]['data']['file'] == $result['data']['file']){
|
lib/wordfenceURLHoover.php
CHANGED
@@ -150,8 +150,6 @@ class wordfenceURLHoover {
|
|
150 |
}
|
151 |
}
|
152 |
public function getBaddies(){
|
153 |
-
$allHostKeys = array();
|
154 |
-
$stime = microtime(true);
|
155 |
$allHostKeys = array();
|
156 |
if($this->useDB){
|
157 |
$q1 = $this->db->querySelect("select distinct hostKey as hostKey from $this->table");
|
150 |
}
|
151 |
}
|
152 |
public function getBaddies(){
|
|
|
|
|
153 |
$allHostKeys = array();
|
154 |
if($this->useDB){
|
155 |
$q1 = $this->db->querySelect("select distinct hostKey as hostKey from $this->table");
|
readme.txt
CHANGED
@@ -3,7 +3,7 @@ Contributors: mmaunder
|
|
3 |
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching
|
4 |
Requires at least: 3.3.1
|
5 |
Tested up to: 4.1
|
6 |
-
Stable tag: 5.3.
|
7 |
|
8 |
Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
|
9 |
|
@@ -165,12 +165,27 @@ cause a security hole on your site.
|
|
165 |
|
166 |
== Changelog ==
|
167 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
168 |
= 5.3.5 =
|
169 |
* Update: Upgraded the geoIP country database to Jan 2015 version.
|
170 |
* Improvement: Added an option to disable execution of PHP code in the uploads directory as an added level of protection. Under "Other Options" on the Wordfence options page.
|
171 |
* Improvement: We now email you any malware URLs encountered and they won't be filtered by your spam filter because the URL is included in the alert email as an image.
|
172 |
* Fix: Fixed an issue that would cause multiple scans to be scheduled if the plugin was disabled and then reenabled.
|
173 |
-
* Fix: The name of malicious files detected are now included in the alert email sent containing
|
174 |
|
175 |
= 5.3.4 =
|
176 |
* Changed FAQ link when locked out and email unlock doesn't work to correct link.
|
3 |
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching
|
4 |
Requires at least: 3.3.1
|
5 |
Tested up to: 4.1
|
6 |
+
Stable tag: 5.3.6
|
7 |
|
8 |
Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
|
9 |
|
165 |
|
166 |
== Changelog ==
|
167 |
|
168 |
+
= 5.3.6 =
|
169 |
+
* Feature: You can now block POST requests to your WordPress site that have an empty User-Agent and Referer header. This is a common pattern among badly written brute force bots.
|
170 |
+
* Feature: Added cron viewer at bottom of Wordfence options page. The plugin we were using to help diagnose customer issues is broken. Use this instead.
|
171 |
+
* Feature: Added DB table viewer at bottom of Wordfence options page. This is a read-only utility to view table names and detailed status. Also for customer diagnostic purposes.
|
172 |
+
* Improvement: Code cleanup after in-depth code analysis. Removed unused functions and variables and re-indented selected code.
|
173 |
+
* Fix: Fixed issue that appeared after last release where raw HTML tags were appearing in email alerts.
|
174 |
+
* Fix: Tour behaved inconsistently under some conditions. Fixed.
|
175 |
+
* Fix: Mismatched HTML tags in some presentation code. Fixed.
|
176 |
+
* Fix: When fetching theme list the interator had the same name as the array. Fixed.
|
177 |
+
* Fix: Detection for malware URLs in comments had a partial description in the issue. Was being overwritten when it should have been appended. Fixed.
|
178 |
+
* Fix: Check if dns_get_record() exists before using it to avoid warnings.
|
179 |
+
* Fix: If you have the wordfence security network disabled, the _wfVulnScanners table may have grown indefinitely. Fixed so it's regularly truncated.
|
180 |
+
* Fix: wordfence::getLog() was private and should be public. Fixed.
|
181 |
+
* Fix: Removed warning about _wfsf not being an element of GET params. Usually hidden, but in case something checks error_get_last()
|
182 |
+
|
183 |
= 5.3.5 =
|
184 |
* Update: Upgraded the geoIP country database to Jan 2015 version.
|
185 |
* Improvement: Added an option to disable execution of PHP code in the uploads directory as an added level of protection. Under "Other Options" on the Wordfence options page.
|
186 |
* Improvement: We now email you any malware URLs encountered and they won't be filtered by your spam filter because the URL is included in the alert email as an image.
|
187 |
* Fix: Fixed an issue that would cause multiple scans to be scheduled if the plugin was disabled and then reenabled.
|
188 |
+
* Fix: The name of malicious files detected are now included in the alert email sent containing the issues.
|
189 |
|
190 |
= 5.3.4 =
|
191 |
* Changed FAQ link when locked out and email unlock doesn't work to correct link.
|
wordfence.php
CHANGED
@@ -4,13 +4,13 @@ Plugin Name: Wordfence Security
|
|
4 |
Plugin URI: http://www.wordfence.com/
|
5 |
Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
|
6 |
Author: Wordfence
|
7 |
-
Version: 5.3.
|
8 |
Author URI: http://www.wordfence.com/
|
9 |
*/
|
10 |
if(defined('WP_INSTALLING') && WP_INSTALLING){
|
11 |
return;
|
12 |
}
|
13 |
-
define('WORDFENCE_VERSION', '5.3.
|
14 |
if(get_option('wordfenceActivated') != 1){
|
15 |
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
|
16 |
}
|
@@ -25,4 +25,5 @@ if(! defined('WORDFENCE_VERSIONONLY_MODE')){ //Used to get version from file.
|
|
25 |
wordfence::install_actions();
|
26 |
}
|
27 |
|
|
|
28 |
?>
|
4 |
Plugin URI: http://www.wordfence.com/
|
5 |
Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
|
6 |
Author: Wordfence
|
7 |
+
Version: 5.3.6
|
8 |
Author URI: http://www.wordfence.com/
|
9 |
*/
|
10 |
if(defined('WP_INSTALLING') && WP_INSTALLING){
|
11 |
return;
|
12 |
}
|
13 |
+
define('WORDFENCE_VERSION', '5.3.6');
|
14 |
if(get_option('wordfenceActivated') != 1){
|
15 |
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
|
16 |
}
|
25 |
wordfence::install_actions();
|
26 |
}
|
27 |
|
28 |
+
|
29 |
?>
|