Wordfence Security – Firewall & Malware Scan - Version 6.0.16

Version Description

  • Fix: Resolved issue with some variations of author=N scans not being caught.
  • Fix: Updated typo in author=N option.
  • Fix: Resolved issue with Falcon not writing to .htaccess with WP installed in subdirectory.
  • Fix: Added width to logo in activity report email.
  • Fix: Resolved issue with Live Traffic endpoint in cases where WordPress is installed into a subdirectory.
  • Improvement: Optimized database query with in unlocking user email routine.
  • Improvement: Moved firewall logic into 'wp_loaded' hook.
Download this release

Release Info

Developer wfmatt
Plugin Icon 128x128 Wordfence Security – Firewall & Malware Scan
Version 6.0.16
Comparing to
See all releases

Code changes from version 6.0.15 to 6.0.16

lib/GeoIP.dat CHANGED
Binary file
lib/cronview.php CHANGED
@@ -19,7 +19,9 @@ $cron = _get_cron_array();
19
foreach ( $cron as $timestamp => $values ) {
20
if ( is_array( $values ) ) {
21
foreach ( $values as $cron_job => $v ) {
22
- echo date( 'r', $timestamp ) . " : " . $cron_job . "<br />";
23
}
24
}
25
}
19
foreach ( $cron as $timestamp => $values ) {
20
if ( is_array( $values ) ) {
21
foreach ( $values as $cron_job => $v ) {
22
+ if (is_numeric($timestamp)) {
23
+ echo date( 'r', $timestamp ) . " : " . $cron_job . "<br />";
24
+ }
25
}
26
}
27
}
lib/menu_options.php CHANGED
@@ -782,7 +782,7 @@ $w = new wfConfig();
782
name="loginSec_blockAdminReg" <?php $w->cb( 'loginSec_blockAdminReg' ); ?> /></td>
783
</tr>
784
<tr>
785
- <th>Prevent discovery of usernames through '?/author=N' scans<a
786
href="http://docs.wordfence.com/en/Wordfence_options#Prevent_discovery_of_usernames_through_.27.3F.2Fauthor.3DN.27_scans"
787
target="_blank" class="wfhelp"></a></th>
788
<td><input type="checkbox" id="loginSec_disableAuthorScan" class="wfConfigElem"
782
name="loginSec_blockAdminReg" <?php $w->cb( 'loginSec_blockAdminReg' ); ?> /></td>
783
</tr>
784
<tr>
785
+ <th>Prevent discovery of usernames through '/?author=N' scans<a
786
href="http://docs.wordfence.com/en/Wordfence_options#Prevent_discovery_of_usernames_through_.27.3F.2Fauthor.3DN.27_scans"
787
target="_blank" class="wfhelp"></a></th>
788
<td><input type="checkbox" id="loginSec_disableAuthorScan" class="wfConfigElem"
lib/wfCache.php CHANGED
@@ -710,14 +710,14 @@ EOT;
710
return false;
711
}
712
public static function getHtaccessPath(){
713
- if(file_exists(ABSPATH . '/.htaccess')){
714
- return ABSPATH . '/.htaccess';
715
}
716
- if(preg_match('/^https?:\/\/[^\/]+\/?#x2F;i', home_url()) && preg_match('/^https?:\/\/[^\/]+\/.+/i', site_url())){
717
- $path = realpath(ABSPATH . '/../.htaccess');
718
- if(file_exists($path)){
719
- return $path;
720
- }
721
}
722
return false;
723
}
710
return false;
711
}
712
public static function getHtaccessPath(){
713
+ if (!function_exists('get_home_path')) {
714
+ include_once ABSPATH . 'wp-admin/includes/file.php';
715
}
716
+
717
+ $homePath = get_home_path();
718
+ $htaccessFile = $homePath.'.htaccess';
719
+ if (file_exists($htaccessFile)) {
720
+ return $htaccessFile;
721
}
722
return false;
723
}
lib/wfLog.php CHANGED
@@ -712,7 +712,6 @@ class wfLog {
712
}
713
}
714
public function logHitOK(){
715
- if(stristr($_SERVER['REQUEST_URI'], 'wp-admin/admin-ajax.php')){ return false; } //Don't log wordpress ajax requests.
716
if(is_admin()){ return false; } //Don't log admin pageviews
717
if(isset($_SERVER['HTTP_USER_AGENT'])){
718
if(preg_match('/WordPress\/' . $this->wp_version . '/i', $_SERVER['HTTP_USER_AGENT'])){ return false; } //Ignore requests generated by WP UA.
712
}
713
}
714
public function logHitOK(){
715
if(is_admin()){ return false; } //Don't log admin pageviews
716
if(isset($_SERVER['HTTP_USER_AGENT'])){
717
if(preg_match('/WordPress\/' . $this->wp_version . '/i', $_SERVER['HTTP_USER_AGENT'])){ return false; } //Ignore requests generated by WP UA.
lib/wordfenceClass.php CHANGED
@@ -486,7 +486,7 @@ class wordfence {
486
add_action('wordfence_hourly_cron', 'wordfence::hourlyCron');
487
add_action('plugins_loaded', 'wordfence::veryFirstAction');
488
add_action('init', 'wordfence::initAction');
489
- add_action('template_redirect', 'wordfence::templateRedir', 0);
490
add_action('shutdown', 'wordfence::shutdownAction');
491
492
if(version_compare(PHP_VERSION, '5.4.0') >= 0){
@@ -547,6 +547,8 @@ class wordfence {
547
add_action('post_submitbox_start', 'wordfence::postSubmitboxStart');
548
}
549
}
550
}
551
/*
552
public static function cronAddSchedules($schedules){
@@ -772,7 +774,7 @@ class wordfence {
772
773
$email = trim($_POST['email']);
774
global $wpdb;
775
- $ws = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users");
776
foreach($ws as $user){
777
$userDat = get_userdata($user->ID);
778
if(wfUtils::isAdmin($userDat)){
@@ -2649,18 +2651,12 @@ class wordfence {
2649
wfScanEngine::startScan();
2650
}
2651
public static function templateRedir(){
2652
- // prevent /?author=N scans from disclosing usernames.
2653
- if (wfConfig::get('loginSec_disableAuthorScan') && is_author() && !empty($_GET['author']) && is_numeric($_GET['author'])) {
2654
- wp_redirect(home_url());
2655
- exit;
2656
- }
2657
-
2658
if (!empty($_GET['wordfence_logHuman'])) {
2659
self::ajax_logHuman_callback();
2660
exit;
2661
}
2662
2663
- $wfFunc = get_query_var('_wfsf');
2664
2665
//Logging
2666
self::doEarlyAccessLogging();
@@ -2788,7 +2784,7 @@ wfscr.src = url;
2788
EOL;
2789
}
2790
public static function wfLogHumanHeader(){
2791
- $URL = site_url('/?wordfence_logHuman=1&hid=' . wfUtils::encrypt(self::$hitID));
2792
$URL = addslashes(preg_replace('/^https?:/i', '', $URL));
2793
#Load as external script async so we don't slow page down.
2794
echo <<<HTML
@@ -2966,10 +2962,6 @@ HTML;
2966
}
2967
2968
public static function initAction(){
2969
- global $wp;
2970
- if (!is_object($wp)) return; //Suggested fix for compatability with "Portable phpmyadmin"
2971
-
2972
- $wp->add_query_var('_wfsf');
2973
if(wfConfig::liveTrafficEnabled() && (! wfConfig::get('disableCookies', false)) ){
2974
self::setCookie();
2975
}
@@ -3510,5 +3502,19 @@ HTML;
3510
}
3511
return array('ok' => 1);
3512
}
3513
}
3514
?>
486
add_action('wordfence_hourly_cron', 'wordfence::hourlyCron');
487
add_action('plugins_loaded', 'wordfence::veryFirstAction');
488
add_action('init', 'wordfence::initAction');
489
+ add_action('wp_loaded', 'wordfence::templateRedir', 0);
490
add_action('shutdown', 'wordfence::shutdownAction');
491
492
if(version_compare(PHP_VERSION, '5.4.0') >= 0){
547
add_action('post_submitbox_start', 'wordfence::postSubmitboxStart');
548
}
549
}
550
+
551
+ add_action('request', 'wordfence::preventAuthorNScans');
552
}
553
/*
554
public static function cronAddSchedules($schedules){
774
775
$email = trim($_POST['email']);
776
global $wpdb;
777
+ $ws = $wpdb->get_results($wpdb->prepare("SELECT ID, user_login FROM $wpdb->users WHERE user_email = %s", $email));
778
foreach($ws as $user){
779
$userDat = get_userdata($user->ID);
780
if(wfUtils::isAdmin($userDat)){
2651
wfScanEngine::startScan();
2652
}
2653
public static function templateRedir(){
2654
if (!empty($_GET['wordfence_logHuman'])) {
2655
self::ajax_logHuman_callback();
2656
exit;
2657
}
2658
2659
+ $wfFunc = !empty($_GET['_wfsf']) && is_string($_GET['_wfsf']) ? $_GET['_wfsf'] : '';
2660
2661
//Logging
2662
self::doEarlyAccessLogging();
2784
EOL;
2785
}
2786
public static function wfLogHumanHeader(){
2787
+ $URL = home_url('/?wordfence_logHuman=1&hid=' . wfUtils::encrypt(self::$hitID));
2788
$URL = addslashes(preg_replace('/^https?:/i', '', $URL));
2789
#Load as external script async so we don't slow page down.
2790
echo <<<HTML
2962
}
2963
2964
public static function initAction(){
2965
if(wfConfig::liveTrafficEnabled() && (! wfConfig::get('disableCookies', false)) ){
2966
self::setCookie();
2967
}
3502
}
3503
return array('ok' => 1);
3504
}
3505
+
3506
+
3507
+ /**
3508
+ * Modify the query to look for scenarios
3509
+ *
3510
+ * @param array $query_vars
3511
+ * @return array
3512
+ */
3513
+ public static function preventAuthorNScans($query_vars) {
3514
+ if (wfConfig::get('loginSec_disableAuthorScan') && !empty($query_vars['author']) && is_numeric(preg_replace('/[^0-9]/', '', $query_vars['author']))) {
3515
+ $query_vars['author'] = -1;
3516
+ }
3517
+ return $query_vars;
3518
+ }
3519
}
3520
?>
readme.txt CHANGED
@@ -2,8 +2,8 @@
2
Contributors: mmaunder
3
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching, IPv6, IP version 6
4
Requires at least: 3.9
5
- Tested up to: 4.2.3
6
- Stable tag: 6.0.15
7
8
The Wordfence WordPress security plugin provides free enterprise-class WordPress security, protecting your website from hacks and malware.
9
== Description ==
@@ -183,6 +183,15 @@ fully compatible with both IPv4 and IPv6 whether you run both or only one addres
183
184
== Changelog ==
185
186
= 6.0.15 =
187
* Fix: Resolved issue with GoogleBot being erroneously flagged as human in Live Traffic.
188
* Fix: Added better handling of human/bot detection.
2
Contributors: mmaunder
3
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching, IPv6, IP version 6
4
Requires at least: 3.9
5
+ Tested up to: 4.3
6
+ Stable tag: 6.0.16
7
8
The Wordfence WordPress security plugin provides free enterprise-class WordPress security, protecting your website from hacks and malware.
9
== Description ==
183
184
== Changelog ==
185
186
+ = 6.0.16 =
187
+ * Fix: Resolved issue with some variations of author=N scans not being caught.
188
+ * Fix: Updated typo in author=N option.
189
+ * Fix: Resolved issue with Falcon not writing to .htaccess with WP installed in subdirectory.
190
+ * Fix: Added width to logo in activity report email.
191
+ * Fix: Resolved issue with Live Traffic endpoint in cases where WordPress is installed into a subdirectory.
192
+ * Improvement: Optimized database query with in unlocking user email routine.
193
+ * Improvement: Moved firewall logic into 'wp_loaded' hook.
194
+
195
= 6.0.15 =
196
* Fix: Resolved issue with GoogleBot being erroneously flagged as human in Live Traffic.
197
* Fix: Added better handling of human/bot detection.
views/reports/activity-report-email-inline.php CHANGED
@@ -119,7 +119,7 @@ h6 a:visited { color: purple !important; }
119
<div style="float: right; text-align: right; line-height: 1.1; color: #666666; font-size: 100%; vertical-align: baseline; margin: 20px 0 0; padding: 0; border: 0;" align="right">
120
<?php echo $title ?>
121
</div>
122
- <a href="http://www.wordfence.com/zz5/" style="font-size: 100%; vertical-align: baseline; outline: none; color: orange; text-decoration: none; margin: 0; padding: 0; border: 0;"><img src="http://www.wordfence.com/wp-content/themes/wordfence/img/logo.png" alt="" style="font-size: 100%; vertical-align: baseline; -ms-interpolation-mode: bicubic; outline: none; text-decoration: none; margin: 0; padding: 0; border: 0 none;" /></a>
123
124
<p style="font-size: 100%; vertical-align: baseline; margin: 1em 0; padding: 0; border: 0;">
125
This email was sent from your website <a href="<?php echo site_url() ?>"><?php echo site_url() ?></a> and is a summary of security related activity that Wordfence monitors for the period <?php printf('%s to %s', $report_start, $report_end) ?>. <?php if (!wfConfig::get('isPaid')): ?>NOTE: You are using the free version of Wordfence and are missing out on features like cellphone sign-in, country blocking and detecting if your site IP is sending spam. <a href="http://www.wordfence.com/zz6/">Click here to upgrade to Wordfence Premium now</a>.<?php endif ?>
119
<div style="float: right; text-align: right; line-height: 1.1; color: #666666; font-size: 100%; vertical-align: baseline; margin: 20px 0 0; padding: 0; border: 0;" align="right">
120
<?php echo $title ?>
121
</div>
122
+ <a href="http://www.wordfence.com/zz5/" style="font-size: 100%; vertical-align: baseline; outline: none; color: orange; text-decoration: none; margin: 0; padding: 0; border: 0;"><img src="http://www.wordfence.com/wp-content/themes/wordfence/img/logo.png" alt="" style="font-size: 100%; vertical-align: baseline; -ms-interpolation-mode: bicubic; outline: none; text-decoration: none; margin: 0; padding: 0; border: 0 none; width: 560px;" /></a>
123
124
<p style="font-size: 100%; vertical-align: baseline; margin: 1em 0; padding: 0; border: 0;">
125
This email was sent from your website <a href="<?php echo site_url() ?>"><?php echo site_url() ?></a> and is a summary of security related activity that Wordfence monitors for the period <?php printf('%s to %s', $report_start, $report_end) ?>. <?php if (!wfConfig::get('isPaid')): ?>NOTE: You are using the free version of Wordfence and are missing out on features like cellphone sign-in, country blocking and detecting if your site IP is sending spam. <a href="http://www.wordfence.com/zz6/">Click here to upgrade to Wordfence Premium now</a>.<?php endif ?>
wordfence.php CHANGED
@@ -4,13 +4,13 @@ Plugin Name: Wordfence Security
4
Plugin URI: http://www.wordfence.com/
5
Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
6
Author: Wordfence
7
- Version: 6.0.15
8
Author URI: http://www.wordfence.com/
9
*/
10
if(defined('WP_INSTALLING') && WP_INSTALLING){
11
return;
12
}
13
- define('WORDFENCE_VERSION', '6.0.15');
14
if(get_option('wordfenceActivated') != 1){
15
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
16
}
4
Plugin URI: http://www.wordfence.com/
5
Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
6
Author: Wordfence
7
+ Version: 6.0.16
8
Author URI: http://www.wordfence.com/
9
*/
10
if(defined('WP_INSTALLING') && WP_INSTALLING){
11
return;
12
}
13
+ define('WORDFENCE_VERSION', '6.0.16');
14
if(get_option('wordfenceActivated') != 1){
15
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
16
}