Version Description
- Improvement: Updated country blocking database to the newest version (March 2015)
- Improvement: Added detection for many new samples we received (thanks all!) including a nasty polymorphic infection.
- Fix: Changed the way we find the plugin directory to fix a possible issue that would cause alerts to return blank plugin names.
- Fix: Improved Nginx detection so that we don't accidentally detect Nginx if you're running Apache.
Download this release
Release Info
| Developer | mmaunder |
| Plugin |  Wordfence Security – Firewall & Malware Scan |
| Version | 5.3.7 |
| Comparing to | |
| See all releases | |
Code changes from version 5.3.6 to 5.3.7
- lib/GeoIP.dat +0 -0
- lib/wfUtils.php +6 -3
- readme.txt +7 -1
- wordfence.php +2 -2
lib/GeoIP.dat
CHANGED
|
Binary file
|
lib/wfUtils.php
CHANGED
|
@@ -102,8 +102,11 @@ class wfUtils {
|
|
| 102 |
return plugins_url() . '/wordfence/';
|
| 103 |
}
|
| 104 |
public static function getPluginBaseDir(){
|
| 105 |
-
|
| 106 |
-
|
|
|
|
|
|
|
|
|
|
| 107 |
}
|
| 108 |
public static function makeRandomIP(){
|
| 109 |
return rand(11,230) . '.' . rand(0,255) . '.' . rand(0,255) . '.' . rand(0,255);
|
|
@@ -612,7 +615,7 @@ class wfUtils {
|
|
| 612 |
public static function isNginx(){
|
| 613 |
$sapi = php_sapi_name();
|
| 614 |
$serverSoft = $_SERVER['SERVER_SOFTWARE'];
|
| 615 |
-
if($sapi == 'fpm-fcgi'
|
| 616 |
return true;
|
| 617 |
}
|
| 618 |
}
|
| 102 |
return plugins_url() . '/wordfence/';
|
| 103 |
}
|
| 104 |
public static function getPluginBaseDir(){
|
| 105 |
+
if(defined('WP_PLUGIN_DIR')) {
|
| 106 |
+
return wp_normalize_path(WP_PLUGIN_DIR . '/');
|
| 107 |
+
}
|
| 108 |
+
return wp_normalize_path(WP_CONTENT_DIR . '/plugins/');
|
| 109 |
+
|
| 110 |
}
|
| 111 |
public static function makeRandomIP(){
|
| 112 |
return rand(11,230) . '.' . rand(0,255) . '.' . rand(0,255) . '.' . rand(0,255);
|
| 615 |
public static function isNginx(){
|
| 616 |
$sapi = php_sapi_name();
|
| 617 |
$serverSoft = $_SERVER['SERVER_SOFTWARE'];
|
| 618 |
+
if($sapi == 'fpm-fcgi' && stripos($serverSoft, 'nginx') !== false){
|
| 619 |
return true;
|
| 620 |
}
|
| 621 |
}
|
readme.txt
CHANGED
|
@@ -3,7 +3,7 @@ Contributors: mmaunder
|
|
| 3 |
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching
|
| 4 |
Requires at least: 3.3.1
|
| 5 |
Tested up to: 4.1
|
| 6 |
-
Stable tag: 5.3.
|
| 7 |
|
| 8 |
Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
|
| 9 |
|
|
@@ -165,6 +165,12 @@ cause a security hole on your site.
|
|
| 165 |
|
| 166 |
== Changelog ==
|
| 167 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 168 |
= 5.3.6 =
|
| 169 |
* Feature: You can now block POST requests to your WordPress site that have an empty User-Agent and Referer header. This is a common pattern among badly written brute force bots.
|
| 170 |
* Feature: Added cron viewer at bottom of Wordfence options page. The plugin we were using to help diagnose customer issues is broken. Use this instead.
|
| 3 |
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching
|
| 4 |
Requires at least: 3.3.1
|
| 5 |
Tested up to: 4.1
|
| 6 |
+
Stable tag: 5.3.7
|
| 7 |
|
| 8 |
Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
|
| 9 |
|
| 165 |
|
| 166 |
== Changelog ==
|
| 167 |
|
| 168 |
+
= 5.3.7 =
|
| 169 |
+
* Improvement: Updated country blocking database to the newest version (March 2015)
|
| 170 |
+
* Improvement: Added detection for many new samples we received (thanks all!) including a nasty polymorphic infection.
|
| 171 |
+
* Fix: Changed the way we find the plugin directory to fix a possible issue that would cause alerts to return blank plugin names.
|
| 172 |
+
* Fix: Improved Nginx detection so that we don't accidentally detect Nginx if you're running Apache.
|
| 173 |
+
|
| 174 |
= 5.3.6 =
|
| 175 |
* Feature: You can now block POST requests to your WordPress site that have an empty User-Agent and Referer header. This is a common pattern among badly written brute force bots.
|
| 176 |
* Feature: Added cron viewer at bottom of Wordfence options page. The plugin we were using to help diagnose customer issues is broken. Use this instead.
|
wordfence.php
CHANGED
|
@@ -4,13 +4,13 @@ Plugin Name: Wordfence Security
|
|
| 4 |
Plugin URI: http://www.wordfence.com/
|
| 5 |
Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
|
| 6 |
Author: Wordfence
|
| 7 |
-
Version: 5.3.
|
| 8 |
Author URI: http://www.wordfence.com/
|
| 9 |
*/
|
| 10 |
if(defined('WP_INSTALLING') && WP_INSTALLING){
|
| 11 |
return;
|
| 12 |
}
|
| 13 |
-
define('WORDFENCE_VERSION', '5.3.
|
| 14 |
if(get_option('wordfenceActivated') != 1){
|
| 15 |
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
|
| 16 |
}
|
| 4 |
Plugin URI: http://www.wordfence.com/
|
| 5 |
Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
|
| 6 |
Author: Wordfence
|
| 7 |
+
Version: 5.3.7
|
| 8 |
Author URI: http://www.wordfence.com/
|
| 9 |
*/
|
| 10 |
if(defined('WP_INSTALLING') && WP_INSTALLING){
|
| 11 |
return;
|
| 12 |
}
|
| 13 |
+
define('WORDFENCE_VERSION', '5.3.7');
|
| 14 |
if(get_option('wordfenceActivated') != 1){
|
| 15 |
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
|
| 16 |
}
|
