Version Description
- Fix: Resolved issue with GoogleBot being erroneously flagged as human in Live Traffic.
- Fix: Added better handling of human/bot detection.
- Improvement: Verified humans are flagged via cookie to prevent false positives.
Download this release
Release Info
| Developer | wfmatt |
| Plugin |  Wordfence Security – Firewall & Malware Scan |
| Version | 6.0.15 |
| Comparing to | |
| See all releases | |
Code changes from version 6.0.14 to 6.0.15
- lib/wfLog.php +4 -2
- lib/wordfenceClass.php +35 -9
- readme.txt +6 -1
- wordfence.php +2 -2
lib/wfLog.php
CHANGED
|
@@ -496,7 +496,8 @@ class wfLog {
|
|
| 496 |
$headers[$matches[1]] = $v;
|
| 497 |
}
|
| 498 |
}
|
| 499 |
-
$
|
|
|
|
| 500 |
sprintf('%.6f', microtime(true)),
|
| 501 |
(is_404() ? 1 : 0),
|
| 502 |
(wfCrawl::isGoogleCrawler() ? 1 : 0),
|
|
@@ -505,7 +506,8 @@ class wfLog {
|
|
| 505 |
(wordfence::$newVisit ? 1 : 0),
|
| 506 |
wfUtils::getRequestedURL(),
|
| 507 |
(isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''),
|
| 508 |
-
|
|
|
|
| 509 |
);
|
| 510 |
return $this->getDB()->querySingle("select last_insert_id()");
|
| 511 |
}
|
| 496 |
$headers[$matches[1]] = $v;
|
| 497 |
}
|
| 498 |
}
|
| 499 |
+
$ua = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
|
| 500 |
+
$this->getDB()->queryWrite("insert into " . $this->hitsTable . " (ctime, is404, isGoogle, IP, userID, newVisit, URL, referer, UA, jsRun) values (%f, %d, %d, %s, %s, %d, '%s', '%s', '%s', %d)",
|
| 501 |
sprintf('%.6f', microtime(true)),
|
| 502 |
(is_404() ? 1 : 0),
|
| 503 |
(wfCrawl::isGoogleCrawler() ? 1 : 0),
|
| 506 |
(wordfence::$newVisit ? 1 : 0),
|
| 507 |
wfUtils::getRequestedURL(),
|
| 508 |
(isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''),
|
| 509 |
+
$ua,
|
| 510 |
+
(int) (isset($_COOKIE['wordfence_verifiedHuman']) && wp_verify_nonce($_COOKIE['wordfence_verifiedHuman'], 'wordfence_verifiedHuman' . $ua . wfUtils::getIP()))
|
| 511 |
);
|
| 512 |
return $this->getDB()->querySingle("select last_insert_id()");
|
| 513 |
}
|
lib/wordfenceClass.php
CHANGED
|
@@ -603,7 +603,7 @@ class wordfence {
|
|
| 603 |
$isCrawler = false;
|
| 604 |
if($UA){
|
| 605 |
$b = $browscap->getBrowser($UA);
|
| 606 |
-
if(!empty($b['Crawler'])){
|
| 607 |
$isCrawler = true;
|
| 608 |
}
|
| 609 |
}
|
|
@@ -614,6 +614,9 @@ class wordfence {
|
|
| 614 |
header("Connection: close");
|
| 615 |
header("Content-Length: 0");
|
| 616 |
header("X-Robots-Tag: noindex");
|
|
|
|
|
|
|
|
|
|
| 617 |
}
|
| 618 |
flush();
|
| 619 |
if(! $isCrawler){
|
|
@@ -2788,18 +2791,41 @@ EOL;
|
|
| 2788 |
$URL = site_url('/?wordfence_logHuman=1&hid=' . wfUtils::encrypt(self::$hitID));
|
| 2789 |
$URL = addslashes(preg_replace('/^https?:/i', '', $URL));
|
| 2790 |
#Load as external script async so we don't slow page down.
|
| 2791 |
-
echo <<<
|
| 2792 |
<script type="text/javascript">
|
| 2793 |
(function(url){
|
| 2794 |
-
if(/(?:Chrome\/26\.0\.1410\.63 Safari\/537\.31|WordfenceTestMonBot)/.test(navigator.userAgent)){ return; }
|
| 2795 |
-
var
|
| 2796 |
-
|
| 2797 |
-
|
| 2798 |
-
|
| 2799 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2800 |
})('$URL');
|
| 2801 |
</script>
|
| 2802 |
-
|
| 2803 |
}
|
| 2804 |
public static function shutdownAction(){
|
| 2805 |
}
|
| 603 |
$isCrawler = false;
|
| 604 |
if($UA){
|
| 605 |
$b = $browscap->getBrowser($UA);
|
| 606 |
+
if(!empty($b['Crawler']) || wfCrawl::isGoogleCrawler()){
|
| 607 |
$isCrawler = true;
|
| 608 |
}
|
| 609 |
}
|
| 614 |
header("Connection: close");
|
| 615 |
header("Content-Length: 0");
|
| 616 |
header("X-Robots-Tag: noindex");
|
| 617 |
+
if (!$isCrawler) {
|
| 618 |
+
setcookie('wordfence_verifiedHuman', wp_create_nonce('wordfence_verifiedHuman' . $UA . wfUtils::getIP()), time() + 86400, '/');
|
| 619 |
+
}
|
| 620 |
}
|
| 621 |
flush();
|
| 622 |
if(! $isCrawler){
|
| 2791 |
$URL = site_url('/?wordfence_logHuman=1&hid=' . wfUtils::encrypt(self::$hitID));
|
| 2792 |
$URL = addslashes(preg_replace('/^https?:/i', '', $URL));
|
| 2793 |
#Load as external script async so we don't slow page down.
|
| 2794 |
+
echo <<<HTML
|
| 2795 |
<script type="text/javascript">
|
| 2796 |
(function(url){
|
| 2797 |
+
if(/(?:Chrome\/26\.0\.1410\.63 Safari\/537\.31|WordfenceTestMonBot)/.test(navigator.userAgent)){ return; }
|
| 2798 |
+
var addEvent = function(evt, handler) {
|
| 2799 |
+
if (window.addEventListener) {
|
| 2800 |
+
document.addEventListener(evt, handler, false);
|
| 2801 |
+
} else if (window.attachEvent) {
|
| 2802 |
+
document.attachEvent('on' + evt, handler);
|
| 2803 |
+
}
|
| 2804 |
+
};
|
| 2805 |
+
var removeEvent = function(evt, handler) {
|
| 2806 |
+
if (window.removeEventListener) {
|
| 2807 |
+
document.removeEventListener(evt, handler, false);
|
| 2808 |
+
} else if (window.detachEvent) {
|
| 2809 |
+
document.detachEvent('on' + evt, handler);
|
| 2810 |
+
}
|
| 2811 |
+
};
|
| 2812 |
+
var evts = 'contextmenu dblclick drag dragend dragenter dragleave dragover dragstart drop keydown keypress keyup mousedown mousemove mouseout mouseover mouseup mousewheel scroll'.split(' ');
|
| 2813 |
+
var logHuman = function() {
|
| 2814 |
+
var wfscr = document.createElement('script');
|
| 2815 |
+
wfscr.type = 'text/javascript';
|
| 2816 |
+
wfscr.async = true;
|
| 2817 |
+
wfscr.src = url + '&r=' + Math.random();
|
| 2818 |
+
(document.getElementsByTagName('head')[0]||document.getElementsByTagName('body')[0]).appendChild(wfscr);
|
| 2819 |
+
for (var i = 0; i < evts.length; i++) {
|
| 2820 |
+
removeEvent(evts[i], logHuman);
|
| 2821 |
+
}
|
| 2822 |
+
};
|
| 2823 |
+
for (var i = 0; i < evts.length; i++) {
|
| 2824 |
+
addEvent(evts[i], logHuman);
|
| 2825 |
+
}
|
| 2826 |
})('$URL');
|
| 2827 |
</script>
|
| 2828 |
+
HTML;
|
| 2829 |
}
|
| 2830 |
public static function shutdownAction(){
|
| 2831 |
}
|
readme.txt
CHANGED
|
@@ -3,7 +3,7 @@ Contributors: mmaunder
|
|
| 3 |
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching, IPv6, IP version 6
|
| 4 |
Requires at least: 3.9
|
| 5 |
Tested up to: 4.2.3
|
| 6 |
-
Stable tag: 6.0.
|
| 7 |
|
| 8 |
The Wordfence WordPress security plugin provides free enterprise-class WordPress security, protecting your website from hacks and malware.
|
| 9 |
== Description ==
|
|
@@ -183,6 +183,11 @@ fully compatible with both IPv4 and IPv6 whether you run both or only one addres
|
|
| 183 |
|
| 184 |
== Changelog ==
|
| 185 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 186 |
= 6.0.14 =
|
| 187 |
* Fix: Live Traffic endpoint moved to site root to prevent issues with GoogleBot.
|
| 188 |
|
| 3 |
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching, IPv6, IP version 6
|
| 4 |
Requires at least: 3.9
|
| 5 |
Tested up to: 4.2.3
|
| 6 |
+
Stable tag: 6.0.15
|
| 7 |
|
| 8 |
The Wordfence WordPress security plugin provides free enterprise-class WordPress security, protecting your website from hacks and malware.
|
| 9 |
== Description ==
|
| 183 |
|
| 184 |
== Changelog ==
|
| 185 |
|
| 186 |
+
= 6.0.15 =
|
| 187 |
+
* Fix: Resolved issue with GoogleBot being erroneously flagged as human in Live Traffic.
|
| 188 |
+
* Fix: Added better handling of human/bot detection.
|
| 189 |
+
* Improvement: Verified humans are flagged via cookie to prevent false positives.
|
| 190 |
+
|
| 191 |
= 6.0.14 =
|
| 192 |
* Fix: Live Traffic endpoint moved to site root to prevent issues with GoogleBot.
|
| 193 |
|
wordfence.php
CHANGED
|
@@ -4,13 +4,13 @@ Plugin Name: Wordfence Security
|
|
| 4 |
Plugin URI: http://www.wordfence.com/
|
| 5 |
Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
|
| 6 |
Author: Wordfence
|
| 7 |
-
Version: 6.0.
|
| 8 |
Author URI: http://www.wordfence.com/
|
| 9 |
*/
|
| 10 |
if(defined('WP_INSTALLING') && WP_INSTALLING){
|
| 11 |
return;
|
| 12 |
}
|
| 13 |
-
define('WORDFENCE_VERSION', '6.0.
|
| 14 |
if(get_option('wordfenceActivated') != 1){
|
| 15 |
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
|
| 16 |
}
|
| 4 |
Plugin URI: http://www.wordfence.com/
|
| 5 |
Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
|
| 6 |
Author: Wordfence
|
| 7 |
+
Version: 6.0.15
|
| 8 |
Author URI: http://www.wordfence.com/
|
| 9 |
*/
|
| 10 |
if(defined('WP_INSTALLING') && WP_INSTALLING){
|
| 11 |
return;
|
| 12 |
}
|
| 13 |
+
define('WORDFENCE_VERSION', '6.0.15');
|
| 14 |
if(get_option('wordfenceActivated') != 1){
|
| 15 |
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
|
| 16 |
}
|
