Wordfence Security – Firewall &amp; Malware Scan

Version Description

Improvement: Removed locked out IPs from locked out list when permanently blocking all locked out IPs.
Improvement: Added admin-configured blocked IPs and blocked network ranges to import/export.
Fix: Fixed PHP warnings in activity report where an array is not returned.
Fix: Fixed PHP notice in IP spam check portion of scan.

Release Info

Developer	wfmatt
Plugin	Wordfence Security – Firewall & Malware Scan
Version	6.0.10
Comparing to
See all releases

Code changes from version 6.0.9 to 6.0.10

Files changed (5) hide show

lib/wfActivityReport.php +8 -5
lib/wfScanEngine.php +1 -1
lib/wordfenceClass.php +47 -3
readme.txt +7 -1
wordfence.php +2 -2

lib/wfActivityReport.php CHANGED Viewed

	@@ -201,10 +201,11 @@ ORDER BY blockCount DESC
201	LIMIT %d
202	SQL
203	, $limit));
204	- ~~foreach~~ ($results ~~as &$row~~) {
205	- $~~row->countryName~~ = ~~$this->getCountryNameByCode($~~row~~->countryCode~~);


206	}
207	-
208	return $results;
209	}
210
	@@ -227,8 +228,10 @@ ORDER BY totalBlockCount DESC
227	LIMIT %d
228	SQL
229	, $limit));
230	- ~~foreach~~ ($results ~~as &$row~~) {
231	- $~~row->countryName~~ = ~~$this->getCountryNameByCode($~~row~~->countryCode~~);


232	}
233	return $results;
234	}


201	LIMIT %d
202	SQL
203	, $limit));
204	+ if ($results) {
205	+ foreach ($results as &$row) {
206	+ $row->countryName = $this->getCountryNameByCode($row->countryCode);
207	+ }
208	}

209	return $results;
210	}
211

228	LIMIT %d
229	SQL
230	, $limit));
231	+ if ($results) {
232	+ foreach ($results as &$row) {
233	+ $row->countryName = $this->getCountryNameByCode($row->countryCode);
234	+ }
235	}
236	return $results;
237	}

lib/wfScanEngine.php CHANGED Viewed

	@@ -200,7 +200,7 @@ class wfScanEngine {
200	'siteURL' => site_url()
201	));
202	$haveIssues = false;
203	- if($result['haveIssues'] && is_array($result['issues']) ){
204	foreach($result['issues'] as $issue){
205	$this->addIssue($issue['type'], $issue['level'], $issue['ignoreP'], $issue['ignoreC'], $issue['shortMsg'], $issue['longMsg'], $issue['data']);
206	$haveIssues = true;


200	'siteURL' => site_url()
201	));
202	$haveIssues = false;
203	+ if(!empty($result['haveIssues']) && is_array($result['issues']) ){
204	foreach($result['issues'] as $issue){
205	$this->addIssue($issue['type'], $issue['level'], $issue['ignoreP'], $issue['ignoreC'], $issue['shortMsg'], $issue['longMsg'], $issue['data']);
206	$haveIssues = true;

lib/wordfenceClass.php CHANGED Viewed

	@@ -2350,6 +2350,9 @@ class wordfence {
2350	}
2351	}
2352	public static function ajax_exportSettings_callback(){



2353	$keys = wfConfig::getExportableOptionsKeys();
2354	$export = array();
2355	foreach($keys as $key){
	@@ -2358,6 +2361,12 @@ class wordfence {
2358	$export['scanScheduleJSON'] = json_encode(wfConfig::get_ser('scanSched', array()));
2359	$export['schedMode'] = wfConfig::get('schedMode', '');
2360






2361	try {
2362	$api = new wfAPI(wfConfig::get('apiKey'), wfUtils::getWPVersion());
2363	$res = $api->call('export_options', array(), $export);
	@@ -2374,6 +2383,9 @@ class wordfence {
2374	}
2375	}
2376	public static function importSettings($token){



2377	$api = new wfAPI(wfConfig::get('apiKey'), wfUtils::getWPVersion());
2378	$res = $api->call('import_options', array(), array('token' => $token));
2379	$totalSet = 0;
	@@ -2391,6 +2403,27 @@ class wordfence {
2391	wfConfig::set('schedMode', $res['options']['schedMode']);
2392	$totalSet += 2;
2393	}





















2394	return $totalSet;
2395	} else if($res['err']){
2396	throw new Exception($res['err']);
	@@ -3428,10 +3461,21 @@ EOL;
3428	AND blockedTime + %d > UNIX_TIMESTAMP()', $blockedTime));
3429	break;
3430	}
3431	- ~~foreach~~ ($IPs as $IP) {
3432	- ~~self::getLog~~(~~)->blockIP(wfUtils::inet_ntop(~~$IP), ~~$reason, false, true);~~












3433	}
3434	-
3435	return array('ok' => 1);
3436	}
3437	}


2350	}
2351	}
2352	public static function ajax_exportSettings_callback(){
2353	+ /** @var wpdb $wpdb */
2354	+ global $wpdb;
2355	+
2356	$keys = wfConfig::getExportableOptionsKeys();
2357	$export = array();
2358	foreach($keys as $key){

2361	$export['scanScheduleJSON'] = json_encode(wfConfig::get_ser('scanSched', array()));
2362	$export['schedMode'] = wfConfig::get('schedMode', '');
2363
2364	+ // Any user supplied blocked IPs.
2365	+ $export['_blockedIPs'] = $wpdb->get_results('SELECT *, HEX(IP) as IP FROM ' . $wpdb->base_prefix . 'wfBlocks WHERE wfsn = 0 AND permanent = 1');
2366	+
2367	+ // Any advanced blocking stuff too.
2368	+ $export['_advancedBlocking'] = $wpdb->get_results('SELECT * FROM ' . $wpdb->base_prefix . 'wfBlocksAdv');
2369	+
2370	try {
2371	$api = new wfAPI(wfConfig::get('apiKey'), wfUtils::getWPVersion());
2372	$res = $api->call('export_options', array(), $export);

2383	}
2384	}
2385	public static function importSettings($token){
2386	+ /** @var wpdb $wpdb */
2387	+ global $wpdb;
2388	+
2389	$api = new wfAPI(wfConfig::get('apiKey'), wfUtils::getWPVersion());
2390	$res = $api->call('import_options', array(), array('token' => $token));
2391	$totalSet = 0;

2403	wfConfig::set('schedMode', $res['options']['schedMode']);
2404	$totalSet += 2;
2405	}
2406	+
2407	+ if (!empty($res['options']['_blockedIPs']) && is_array($res['options']['_blockedIPs'])) {
2408	+ foreach ($res['options']['_blockedIPs'] as $row) {
2409	+ if (!empty($row['IP'])) {
2410	+ $row['IP'] = pack('H*', $row['IP']);
2411	+ if (!$wpdb->get_var($wpdb->prepare('SELECT COUNT(*) FROM ' . $wpdb->base_prefix . 'wfBlocks WHERE IP = %s', $row['IP']))) {
2412	+ $wpdb->insert($wpdb->base_prefix . 'wfBlocks', $row);
2413	+ }
2414	+ }
2415	+ }
2416	+ }
2417	+
2418	+ if (!empty($res['options']['_advancedBlocking']) && is_array($res['options']['_advancedBlocking'])) {
2419	+ foreach ($res['options']['_advancedBlocking'] as $row) {
2420	+ if (!empty($row['blockString']) && !$wpdb->get_var($wpdb->prepare('SELECT COUNT(*) FROM ' . $wpdb->base_prefix . 'wfBlocksAdv WHERE blockString = %s', $row['blockString']))) {
2421	+ unset($row['id']);
2422	+ $wpdb->insert($wpdb->base_prefix . 'wfBlocksAdv', $row);
2423	+ }
2424	+ }
2425	+ }
2426	+
2427	return $totalSet;
2428	} else if($res['err']){
2429	throw new Exception($res['err']);

3461	AND blockedTime + %d > UNIX_TIMESTAMP()', $blockedTime));
3462	break;
3463	}
3464	+ if ($IPs && is_array($IPs)) {
3465	+ foreach ($IPs as $IP) {
3466	+ self::getLog()->blockIP(wfUtils::inet_ntop($IP), $reason, false, true);
3467	+ }
3468	+ }
3469	+ switch ($type) {
3470	+ case 'lockedOut':
3471	+ if ($IPs) {
3472	+ foreach ($IPs as &$IP) {
3473	+ $IP = $wpdb->prepare('%s', $IP);
3474	+ }
3475	+ $wpdb->query('DELETE FROM ' . $wpdb->base_prefix . 'wfLockedOut WHERE IP IN ('. join(', ', $IPs).')');
3476	+ }
3477	+ break;
3478	}

3479	return array('ok' => 1);
3480	}
3481	}

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: mmaunder
3	Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching, IPv6, IP version 6
4	Requires at least: 3.9
5	Tested up to: 4.2.2
6	- Stable tag: 6.0.9
7
8	Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
9
	@@ -172,6 +172,12 @@ fully compatible with both IPv4 and IPv6 whether you run both or only one addres
172
173	== Changelog ==
174






175	= 6.0.9 =
176	* Fix: Fixed bug in Live Traffic where v5 style blocked ranges generated PHP warning breaking the JSON response.
177	* Fix: Fixed invalid date bug in Live Traffic: Top Consumers and Top 404s.


3	Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching, IPv6, IP version 6
4	Requires at least: 3.9
5	Tested up to: 4.2.2
6	+ Stable tag: 6.0.10
7
8	Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
9

172
173	== Changelog ==
174
175	+ = 6.0.10 =
176	+ * Improvement: Removed locked out IPs from locked out list when permanently blocking all locked out IPs.
177	+ * Improvement: Added admin-configured blocked IPs and blocked network ranges to import/export.
178	+ * Fix: Fixed PHP warnings in activity report where an array is not returned.
179	+ * Fix: Fixed PHP notice in IP spam check portion of scan.
180	+
181	= 6.0.9 =
182	* Fix: Fixed bug in Live Traffic where v5 style blocked ranges generated PHP warning breaking the JSON response.
183	* Fix: Fixed invalid date bug in Live Traffic: Top Consumers and Top 404s.

wordfence.php CHANGED Viewed

	@@ -4,13 +4,13 @@ Plugin Name: Wordfence Security
4	Plugin URI: http://www.wordfence.com/
5	Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
6	Author: Wordfence
7	- Version: 6.0.9
8	Author URI: http://www.wordfence.com/
9	*/
10	if(defined('WP_INSTALLING') && WP_INSTALLING){
11	return;
12	}
13	- define('WORDFENCE_VERSION', '6.0.9');
14	if(get_option('wordfenceActivated') != 1){
15	add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
16	}


4	Plugin URI: http://www.wordfence.com/
5	Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
6	Author: Wordfence
7	+ Version: 6.0.10
8	Author URI: http://www.wordfence.com/
9	*/
10	if(defined('WP_INSTALLING') && WP_INSTALLING){
11	return;
12	}
13	+ define('WORDFENCE_VERSION', '6.0.10');
14	if(get_option('wordfenceActivated') != 1){
15	add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
16	}

Wordfence Security – Firewall & Malware Scan - Version 6.0.10

Version Description

Release Info

Code changes from version 6.0.9 to 6.0.10