Version Description
- Enhancement: Added automatic whitelisting for Facebook crawlers.
- Improvement: Added styling to premium callouts.
- Improvement: Updated local GeoIP database.
- Improvement: Updated local browser data cache to support newer browsers and user-agents.
Download this release
Release Info
Developer | wfmatt |
Plugin | Wordfence Security – Firewall & Malware Scan |
Version | 6.0.24 |
Comparing to | |
See all releases |
Code changes from version 6.0.23 to 6.0.24
- css/main.css +31 -0
- lib/GeoIP.dat +0 -0
- lib/email_genericAlert.php +6 -10
- lib/email_newIssues.php +12 -12
- lib/menu_countryBlocking.php +15 -5
- lib/menu_options.php +20 -4
- lib/menu_passwd.php +11 -8
- lib/menu_scan.php +15 -3
- lib/menu_scanSchedule.php +17 -6
- lib/menu_twoFactor.php +22 -7
- lib/wfActivityReport.php +8 -10
- lib/wfIPWhitelist.php +220 -0
- lib/wfLog.php +7 -60
- lib/wfUtils.php +154 -29
- readme.txt +7 -1
- wordfence.php +2 -2
css/main.css
CHANGED
@@ -481,4 +481,35 @@ table.block-ranges-table tr td {
|
|
481 |
background-color: #ffffe0;
|
482 |
border: 1px solid #ffd975;
|
483 |
border-width: 1px 1px 1px 10px;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
484 |
}
|
481 |
background-color: #ffffe0;
|
482 |
border: 1px solid #ffd975;
|
483 |
border-width: 1px 1px 1px 10px;
|
484 |
+
}
|
485 |
+
|
486 |
+
.wf-premium-callout {
|
487 |
+
border: 1px solid #00709E;
|
488 |
+
background-color: #ffffff;
|
489 |
+
padding: 16px;
|
490 |
+
margin: 20px 0 0;
|
491 |
+
max-width: 860px;
|
492 |
+
}
|
493 |
+
.wf-premium-callout h3 {
|
494 |
+
margin: 0 0 8px;
|
495 |
+
color: #11967A;
|
496 |
+
}
|
497 |
+
.wf-premium-callout ul {
|
498 |
+
margin: 8px 0;
|
499 |
+
padding: 0 0 0 15px;
|
500 |
+
}
|
501 |
+
.wf-premium-callout ul li {
|
502 |
+
list-style-type: disc;
|
503 |
+
margin: 0;
|
504 |
+
padding: 0;
|
505 |
+
}
|
506 |
+
.wf-premium-callout .center {
|
507 |
+
text-align: center;
|
508 |
+
margin: 0;
|
509 |
+
}
|
510 |
+
.wf-premium-callout .button-primary {
|
511 |
+
text-align: center;
|
512 |
+
text-transform: uppercase;
|
513 |
+
font-weight: bold;
|
514 |
+
background-color: #00709E;
|
515 |
}
|
lib/GeoIP.dat
CHANGED
Binary file
|
lib/email_genericAlert.php
CHANGED
@@ -6,18 +6,14 @@ The Wordfence administrative URL for this site is: <?php echo $adminURL; ?>admin
|
|
6 |
<?php if($IPMsg){ echo "\n$IPMsg\n"; } ?>
|
7 |
|
8 |
<?php if(! $isPaid){ ?>
|
9 |
-
NOTE: You are using the free version of Wordfence.
|
10 |
-
|
11 |
-
|
12 |
-
|
13 |
-
|
14 |
|
15 |
-
|
16 |
-
priority support tickets using our ticketing system.
|
17 |
-
|
18 |
-
Click here to sign-up for the Premium version of Wordfence now.
|
19 |
https://www.wordfence.com/zz1/wordfence-signup/
|
20 |
-
|
21 |
<?php } ?>
|
22 |
|
23 |
--
|
6 |
<?php if($IPMsg){ echo "\n$IPMsg\n"; } ?>
|
7 |
|
8 |
<?php if(! $isPaid){ ?>
|
9 |
+
NOTE: You are using the free version of Wordfence. Upgrade to Premium today for less than $5 per month!
|
10 |
+
- Advanced features like IP reputation monitoring, country blocking, an advanced comment spam filter and cell phone sign-in give you the best protection available
|
11 |
+
- Remote, frequent and scheduled scans
|
12 |
+
- Access to Premium Support
|
13 |
+
- Discounts of up to 90% for multiyear and multi-license purchases
|
14 |
|
15 |
+
Click here to upgrade to Wordfence Premium:
|
|
|
|
|
|
|
16 |
https://www.wordfence.com/zz1/wordfence-signup/
|
|
|
17 |
<?php } ?>
|
18 |
|
19 |
--
|
lib/email_newIssues.php
CHANGED
@@ -32,18 +32,18 @@
|
|
32 |
|
33 |
|
34 |
<?php if(! $isPaid){ ?>
|
35 |
-
<p>NOTE: You are using the free version of Wordfence.
|
36 |
-
|
37 |
-
|
38 |
-
|
39 |
-
|
40 |
-
|
41 |
-
|
42 |
-
|
43 |
-
|
44 |
-
|
45 |
-
<a href="https://www.wordfence.com/zz2/wordfence-signup/">https://www.wordfence.com/zz2/wordfence-signup/</a
|
46 |
-
|
47 |
<?php } ?>
|
48 |
|
49 |
|
32 |
|
33 |
|
34 |
<?php if(! $isPaid){ ?>
|
35 |
+
<p>NOTE: You are using the free version of Wordfence. Upgrade to Premium today for less than $5 per month!</p>
|
36 |
+
<ul>
|
37 |
+
<li>Advanced features like IP reputation monitoring, country blocking, an advanced comment spam filter and cell phone sign-in give you the best protection available</li>
|
38 |
+
<li>Remote, frequent and scheduled scans</li>
|
39 |
+
<li>Access to Premium Support</li>
|
40 |
+
<li>Discounts of up to 90% for multiyear and multi-license purchases</li>
|
41 |
+
</ul>
|
42 |
+
|
43 |
+
<p>
|
44 |
+
Click here to upgrade to Wordfence Premium:<br>
|
45 |
+
<a href="https://www.wordfence.com/zz2/wordfence-signup/">https://www.wordfence.com/zz2/wordfence-signup/</a>
|
46 |
+
</p>
|
47 |
<?php } ?>
|
48 |
|
49 |
|
lib/menu_countryBlocking.php
CHANGED
@@ -9,11 +9,21 @@ WFAD.countryMap = <?php echo json_encode($wfBulkCountries); ?>;
|
|
9 |
<?php require('menuHeader.php'); ?>
|
10 |
<?php $pageTitle = "Block Selected Countries from Accessing your Site"; $helpLink="http://docs.wordfence.com/en/Country_blocking"; $helpLabel="Learn more about Country Blocking"; include('pageTitle.php'); ?>
|
11 |
<?php if(! wfConfig::get('isPaid')){ ?>
|
12 |
-
|
13 |
-
|
14 |
-
|
15 |
-
|
16 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
17 |
<?php } ?>
|
18 |
<?php if(wfConfig::get('cacheType') == 'falcon'){ ?>
|
19 |
<div class="wfFalconNotice">
|
9 |
<?php require('menuHeader.php'); ?>
|
10 |
<?php $pageTitle = "Block Selected Countries from Accessing your Site"; $helpLink="http://docs.wordfence.com/en/Country_blocking"; $helpLabel="Learn more about Country Blocking"; include('pageTitle.php'); ?>
|
11 |
<?php if(! wfConfig::get('isPaid')){ ?>
|
12 |
+
<div class="wf-premium-callout" style="margin: 20px">
|
13 |
+
<h3>Country Blocking is only available to Premium Members</h3>
|
14 |
+
<p>Country Blocking is a premium feature because we have licensed a very accurate commercial geolocation
|
15 |
+
database to provide this feature. Upgrade to Premium today:</p>
|
16 |
+
<ul>
|
17 |
+
<li>You can upgrade now for less than $5 per month</li>
|
18 |
+
<li>Other advanced features like IP reputation monitoring, an advanced comment spam filter, advanced
|
19 |
+
scanning options and cell phone sign-in give you the best protection available
|
20 |
+
</li>
|
21 |
+
<li>Access to Premium Support</li>
|
22 |
+
<li>Discounts of up to 90% available for multiyear and multi-license purchases</li>
|
23 |
+
</ul>
|
24 |
+
<p class="center"><a class="button button-primary"
|
25 |
+
href="https://www.wordfence.com/gnl1countryBlock1/wordfence-signup/">Get Premium</a></p>
|
26 |
+
</div>
|
27 |
<?php } ?>
|
28 |
<?php if(wfConfig::get('cacheType') == 'falcon'){ ?>
|
29 |
<div class="wfFalconNotice">
|
lib/menu_options.php
CHANGED
@@ -45,7 +45,7 @@ $w = new wfConfig();
|
|
45 |
</tr>
|
46 |
<tr>
|
47 |
<td colspan="2">
|
48 |
-
<?php if (
|
49 |
<table border="0">
|
50 |
<tr>
|
51 |
<td><a href="https://www.wordfence.com/gnl1optMngKys/manage-wordfence-api-keys/"
|
@@ -56,9 +56,25 @@ $w = new wfConfig();
|
|
56 |
onclick="WFAD.downgradeLicense();"/></td>
|
57 |
</tr>
|
58 |
</table>
|
59 |
-
<?php
|
60 |
-
|
61 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
62 |
<tr>
|
63 |
<td colspan="2"><h2>Basic Options<a href="http://docs.wordfence.com/en/Wordfence_options#Basic_Options"
|
64 |
target="_blank" class="wfhelp"></a></h2></td>
|
45 |
</tr>
|
46 |
<tr>
|
47 |
<td colspan="2">
|
48 |
+
<?php if (wfConfig::get('isPaid')): ?>
|
49 |
<table border="0">
|
50 |
<tr>
|
51 |
<td><a href="https://www.wordfence.com/gnl1optMngKys/manage-wordfence-api-keys/"
|
56 |
onclick="WFAD.downgradeLicense();"/></td>
|
57 |
</tr>
|
58 |
</table>
|
59 |
+
<?php else: ?>
|
60 |
+
<div class="wf-premium-callout">
|
61 |
+
<h3>Upgrade to Wordfence Premium today for less than $5 per month</h3>
|
62 |
+
<ul>
|
63 |
+
<li>Advanced features like IP reputation monitoring, country blocking, an advanced
|
64 |
+
comment spam filter and cell phone sign-in give you the best protection available
|
65 |
+
</li>
|
66 |
+
<li>Remote, frequent and scheduled scans</li>
|
67 |
+
<li>Access to Premium Support</li>
|
68 |
+
<li>Discounts of up to 90% for multiyear and multi-license purchases</li>
|
69 |
+
</ul>
|
70 |
+
<p class="center">
|
71 |
+
<a class="button button-primary"
|
72 |
+
href="https://www.wordfence.com/gnl1optCallout1/wordfence-signup/">
|
73 |
+
Get Premium</a></p>
|
74 |
+
</div>
|
75 |
+
<?php endif ?>
|
76 |
+
</td>
|
77 |
+
</tr>
|
78 |
<tr>
|
79 |
<td colspan="2"><h2>Basic Options<a href="http://docs.wordfence.com/en/Wordfence_options#Basic_Options"
|
80 |
target="_blank" class="wfhelp"></a></h2></td>
|
lib/menu_passwd.php
CHANGED
@@ -6,14 +6,17 @@
|
|
6 |
$helpLabel = "Learn more about Password Auditing";
|
7 |
include('pageTitle.php'); ?>
|
8 |
<?php if (!wfConfig::get('isPaid')) { ?>
|
9 |
-
<div class="
|
10 |
-
<
|
11 |
-
Wordfence Password Auditing uses our high performance password auditing cluster to test the strength of your admin and user passwords.
|
12 |
-
|
13 |
-
|
14 |
-
|
15 |
-
|
16 |
-
|
|
|
|
|
|
|
17 |
</div>
|
18 |
<?php } ?>
|
19 |
|
6 |
$helpLabel = "Learn more about Password Auditing";
|
7 |
include('pageTitle.php'); ?>
|
8 |
<?php if (!wfConfig::get('isPaid')) { ?>
|
9 |
+
<div class="wf-premium-callout" style="margin: 20px 0 20px 20px; width: 700px;">
|
10 |
+
<h3>Password Auditing is only available to Premium Members</h3>
|
11 |
+
<p>Wordfence Password Auditing uses our high performance password auditing cluster to test the strength of your admin and user passwords. We securely simulate a high-performance password cracking attack on your password database and will alert you to weak passwords. We then provide a way to change weak passwords or alert members that they need to improve their password strength. Upgrade to Premium today:</p>
|
12 |
+
<ul>
|
13 |
+
<li>You can upgrade now for less than $5 per month</li>
|
14 |
+
<li>Other advanced features like IP reputation monitoring, an advanced comment spam filter, advanced scanning options, cell phone sign-in and country blocking give you the best protection available</li>
|
15 |
+
<li>Access to Premium Support</li>
|
16 |
+
<li>Discounts of up to 90% available for multiyear and multi-license purchases</li>
|
17 |
+
</ul>
|
18 |
+
|
19 |
+
<p class="center"><a class="button button-primary" href="https://www.wordfence.com/gnl1pwAuditUp1/wordfence-signup/">Get Premium</a></p>
|
20 |
</div>
|
21 |
<?php } ?>
|
22 |
|
lib/menu_scan.php
CHANGED
@@ -38,9 +38,21 @@
|
|
38 |
Premium scanning enabled.
|
39 |
</div>
|
40 |
<?php } else { ?>
|
41 |
-
|
42 |
-
|
43 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44 |
|
45 |
<?php } ?>
|
46 |
<div class="consoleHead" style="margin-top: 20px;">
|
38 |
Premium scanning enabled.
|
39 |
</div>
|
40 |
<?php } else { ?>
|
41 |
+
<div class="wf-premium-callout" style="margin: 20px 0 20px 2px;width: 765px;">
|
42 |
+
<h3>Upgrade to Wordfence Premium today for less than $5 per month</h3>
|
43 |
+
<ul>
|
44 |
+
<li>Advanced features like IP reputation monitoring, country blocking, an advanced comment spam
|
45 |
+
filter and cell phone sign-in give you the best protection available
|
46 |
+
</li>
|
47 |
+
<li>Remote, frequent and scheduled scans</li>
|
48 |
+
<li>Access to Premium Support</li>
|
49 |
+
<li>Discounts of up to 90% for multiyear and multi-license purchases</li>
|
50 |
+
</ul>
|
51 |
+
<p class="center"><a class="button button-primary"
|
52 |
+
href="https://www.wordfence.com/gnl1scanUpgrade/wordfence-signup/">
|
53 |
+
Get Premium</a></p>
|
54 |
+
</div>
|
55 |
+
|
56 |
|
57 |
<?php } ?>
|
58 |
<div class="consoleHead" style="margin-top: 20px;">
|
lib/menu_scanSchedule.php
CHANGED
@@ -3,12 +3,23 @@
|
|
3 |
<?php require('menuHeader.php'); ?>
|
4 |
<?php $pageTitle = "Schedule when Wordfence Scans Occur"; $helpLink="http://docs.wordfence.com/en/Wordfence_scan_scheduling"; $helpLabel="Learn more about Scheduling Wordfence Scans"; include('pageTitle.php'); ?>
|
5 |
<?php if(! wfConfig::get('isPaid')){ ?>
|
6 |
-
|
7 |
-
|
8 |
-
|
9 |
-
|
10 |
-
|
11 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
12 |
<?php } ?>
|
13 |
|
14 |
<div class="wordfenceWrap" style="margin: 20px 20px 20px 30px;">
|
3 |
<?php require('menuHeader.php'); ?>
|
4 |
<?php $pageTitle = "Schedule when Wordfence Scans Occur"; $helpLink="http://docs.wordfence.com/en/Wordfence_scan_scheduling"; $helpLabel="Learn more about Scheduling Wordfence Scans"; include('pageTitle.php'); ?>
|
5 |
<?php if(! wfConfig::get('isPaid')){ ?>
|
6 |
+
<div class="wf-premium-callout" style="margin: 20px;">
|
7 |
+
<h3>Scan Scheduling is only available to Premium Members</h3>
|
8 |
+
<p>Scan Scheduling is a premium feature because it places additional load on our scanning servers. Premium users
|
9 |
+
can increase their WordPress protection by controlling scan frequency up to once per hour. Premium also
|
10 |
+
allows you to control when Wordfence initiates a scan, selecting optimal times that don’t interfere with
|
11 |
+
high-traffic or optimal usage of your site. Upgrade to Premium today:</p>
|
12 |
+
<ul>
|
13 |
+
<li>You can upgrade now for less than $5 per month</li>
|
14 |
+
<li>Other advanced features like IP reputation monitoring, an advanced comment spam filter, country blocking
|
15 |
+
and cell phone sign-in give you the best protection available
|
16 |
+
</li>
|
17 |
+
<li>Access to Premium Support</li>
|
18 |
+
<li>Discounts of up to 90% available for multiyear and multi-license purchases</li>
|
19 |
+
</ul>
|
20 |
+
<p class="center"><a class="button button-primary"
|
21 |
+
href="https://www.wordfence.com/gnl1scanSched1/wordfence-signup/">Get Premium</a></p>
|
22 |
+
</div>
|
23 |
<?php } ?>
|
24 |
|
25 |
<div class="wordfenceWrap" style="margin: 20px 20px 20px 30px;">
|
lib/menu_twoFactor.php
CHANGED
@@ -3,13 +3,28 @@
|
|
3 |
<?php require('menuHeader.php'); ?>
|
4 |
<?php $pageTitle = "Cellphone Sign-in"; $helpLink="http://docs.wordfence.com/en/Cellphone_sign-in"; $helpLabel="Learn more about Cellphone Sign-in"; include('pageTitle.php'); ?>
|
5 |
<?php if(! wfConfig::get('isPaid')){ ?>
|
6 |
-
|
7 |
-
|
8 |
-
|
9 |
-
|
10 |
-
|
11 |
-
|
12 |
-
</
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
13 |
<?php } ?>
|
14 |
|
15 |
<div class="wordfenceWrap" style="margin: 20px 20px 20px 30px;">
|
3 |
<?php require('menuHeader.php'); ?>
|
4 |
<?php $pageTitle = "Cellphone Sign-in"; $helpLink="http://docs.wordfence.com/en/Cellphone_sign-in"; $helpLabel="Learn more about Cellphone Sign-in"; include('pageTitle.php'); ?>
|
5 |
<?php if(! wfConfig::get('isPaid')){ ?>
|
6 |
+
<div class="wf-premium-callout" style="margin: 20px 0 20px 20px; width: 700px;">
|
7 |
+
<h3>Cellphone Sign-in is only available to Premium Members</h3>
|
8 |
+
|
9 |
+
<p>This is a premium feature because we are charged per SMS we send when a user signs in. Upgrade to Premium
|
10 |
+
today:</p>
|
11 |
+
<ul>
|
12 |
+
<li>You can upgrade now for less than $5 per month</li>
|
13 |
+
<li>Other advanced features like IP reputation monitoring, an advanced comment spam filter, advanced
|
14 |
+
scanning options and country blocking give you the best protection available
|
15 |
+
</li>
|
16 |
+
<li>Access to Premium Support</li>
|
17 |
+
<li>Discounts of up to 90% available for multiyear and multi-license purchases</li>
|
18 |
+
</ul>
|
19 |
+
<p>Wordfence's Cellphone Sign-in uses a technique called "Two Factor Authentication" which is used by banks,
|
20 |
+
government agencies and military world-wide as one of the most secure forms of remote system authentication.
|
21 |
+
It's now available from Wordfence for your WordPress website. We recommend you enable Cellphone Sign-in for
|
22 |
+
all Administrator level accounts.</p>
|
23 |
+
|
24 |
+
<p class="center"><a class="button button-primary"
|
25 |
+
href="https://www.wordfence.com/gnl1twoFac1/wordfence-signup/">Get Premium</a></p>
|
26 |
+
</div>
|
27 |
+
|
28 |
<?php } ?>
|
29 |
|
30 |
<div class="wordfenceWrap" style="margin: 20px 20px 20px 30px;">
|
lib/wfActivityReport.php
CHANGED
@@ -267,30 +267,28 @@ SQL
|
|
267 |
}
|
268 |
|
269 |
/**
|
270 |
-
* Generate SQL from the whitelist.
|
271 |
*
|
272 |
-
* @see
|
273 |
* @param array $whitelisted_ips
|
274 |
* @return string
|
275 |
*/
|
276 |
public function getBlockedIPWhitelistWhereClause($whitelisted_ips = null) {
|
277 |
if ($whitelisted_ips === null) {
|
278 |
-
$whitelisted_ips =
|
279 |
}
|
280 |
if (!is_array($whitelisted_ips)) {
|
281 |
return false;
|
282 |
}
|
283 |
|
284 |
$where = '';
|
285 |
-
|
286 |
foreach ($whitelisted_ips as $ip_range) {
|
287 |
-
if (
|
288 |
-
$
|
289 |
-
} elseif (is_a($ip_range, 'wfUserIPRange')) {
|
290 |
-
$where .= $ip_range->toSQL('IP') . ' OR ';
|
291 |
-
} elseif (is_string($ip_range) || is_numeric($ip_range)) {
|
292 |
-
$where .= $this->db->prepare('IP = %s', $ip_range) . ' OR ';
|
293 |
}
|
|
|
|
|
294 |
}
|
295 |
if ($where) {
|
296 |
// remove the extra ' OR '
|
267 |
}
|
268 |
|
269 |
/**
|
270 |
+
* Generate SQL from the whitelist. Uses the return format from wfUtils::getIPWhitelist
|
271 |
*
|
272 |
+
* @see wfUtils::getIPWhitelist
|
273 |
* @param array $whitelisted_ips
|
274 |
* @return string
|
275 |
*/
|
276 |
public function getBlockedIPWhitelistWhereClause($whitelisted_ips = null) {
|
277 |
if ($whitelisted_ips === null) {
|
278 |
+
$whitelisted_ips = wfUtils::getIPWhitelist();
|
279 |
}
|
280 |
if (!is_array($whitelisted_ips)) {
|
281 |
return false;
|
282 |
}
|
283 |
|
284 |
$where = '';
|
285 |
+
|
286 |
foreach ($whitelisted_ips as $ip_range) {
|
287 |
+
if (!is_a($ip_range, 'wfUserIPRange')) {
|
288 |
+
$ip_range = wfUtils::CIDR2wfUserIPRange($ip_range);
|
|
|
|
|
|
|
|
|
289 |
}
|
290 |
+
|
291 |
+
$where .= $ip_range->toSQL('IP') . ' OR ';
|
292 |
}
|
293 |
if ($where) {
|
294 |
// remove the extra ' OR '
|
lib/wfIPWhitelist.php
ADDED
@@ -0,0 +1,220 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
/**
|
3 |
+
* Addresses should be in human readable format as a single IP (e.g. 1.2.3.4) or CIDR (e.g. 1.2.3.4/32)
|
4 |
+
*/
|
5 |
+
$wfIPWhitelist = array(
|
6 |
+
'private' => array(
|
7 |
+
//We've modified this and removed some addresses which may be routable on the Net and cause auto-whitelisting.
|
8 |
+
//'0.0.0.0/8', #Broadcast addr
|
9 |
+
'10.0.0.0/8', #Private addrs
|
10 |
+
//'100.64.0.0/10', #carrier-grade-nat for comms between ISP and subscribers
|
11 |
+
'127.0.0.0/8', #loopback
|
12 |
+
//'169.254.0.0/16', #link-local when DHCP fails e.g. os x
|
13 |
+
'172.16.0.0/12', #private addrs
|
14 |
+
'192.0.0.0/29', #used for NAT with IPv6, so basically a private addr
|
15 |
+
//'192.0.2.0/24', #Only for use in docs and examples, not for public use
|
16 |
+
//'192.88.99.0/24', #Used by 6to4 anycast relays
|
17 |
+
'192.168.0.0/16', #Used for local communications within a private network
|
18 |
+
//'198.18.0.0/15', #Used for testing of inter-network communications between two separate subnets
|
19 |
+
//'198.51.100.0/24', #Assigned as "TEST-NET-2" in RFC 5737 for use solely in documentation and example source code and should not be used publicly.
|
20 |
+
//'203.0.113.0/24', #Assigned as "TEST-NET-3" in RFC 5737 for use solely in documentation and example source code and should not be used publicly.
|
21 |
+
//'224.0.0.0/4', #Reserved for multicast assignments as specified in RFC 5771
|
22 |
+
//'240.0.0.0/4', #Reserved for future use, as specified by RFC 6890
|
23 |
+
//'255.255.255.255/32', #Reserved for the "limited broadcast" destination address, as specified by RFC 6890
|
24 |
+
),
|
25 |
+
'wordfence' => array(
|
26 |
+
// 69.46.36.1 - 69.46.36.32
|
27 |
+
'69.46.36.1/32',
|
28 |
+
'69.46.36.2/31',
|
29 |
+
'69.46.36.4/30',
|
30 |
+
'69.46.36.8/29',
|
31 |
+
'69.46.36.16/28',
|
32 |
+
'69.46.36.32/32',
|
33 |
+
),
|
34 |
+
'sucuri' => array(
|
35 |
+
'97.74.127.171',
|
36 |
+
'69.164.203.172',
|
37 |
+
'173.230.128.135',
|
38 |
+
'66.228.34.49',
|
39 |
+
'66.228.40.185',
|
40 |
+
'50.116.36.92',
|
41 |
+
'50.116.36.93',
|
42 |
+
'50.116.3.171',
|
43 |
+
'198.58.96.212',
|
44 |
+
'50.116.63.221',
|
45 |
+
'192.155.92.112',
|
46 |
+
'192.81.128.31',
|
47 |
+
'198.58.106.244',
|
48 |
+
'192.155.95.139',
|
49 |
+
'23.239.9.227',
|
50 |
+
'198.58.112.103',
|
51 |
+
'192.155.94.43',
|
52 |
+
'162.216.16.33',
|
53 |
+
'173.255.233.124',
|
54 |
+
'173.255.233.124',
|
55 |
+
'192.155.90.179',
|
56 |
+
'50.116.41.217',
|
57 |
+
'192.81.129.227',
|
58 |
+
'198.58.111.80',
|
59 |
+
'162.216.19.183',
|
60 |
+
),
|
61 |
+
'facebook' => array(
|
62 |
+
'204.15.20.0/22',
|
63 |
+
'69.63.176.0/20',
|
64 |
+
'66.220.144.0/20',
|
65 |
+
'66.220.144.0/21',
|
66 |
+
'69.63.184.0/21',
|
67 |
+
'69.63.176.0/21',
|
68 |
+
'74.119.76.0/22',
|
69 |
+
'69.171.255.0/24',
|
70 |
+
'173.252.64.0/18',
|
71 |
+
'69.171.224.0/19',
|
72 |
+
'69.171.224.0/20',
|
73 |
+
'103.4.96.0/22',
|
74 |
+
'69.63.176.0/24',
|
75 |
+
'173.252.64.0/19',
|
76 |
+
'173.252.70.0/24',
|
77 |
+
'31.13.64.0/18',
|
78 |
+
'31.13.24.0/21',
|
79 |
+
'66.220.152.0/21',
|
80 |
+
'66.220.159.0/24',
|
81 |
+
'69.171.239.0/24',
|
82 |
+
'69.171.240.0/20',
|
83 |
+
'31.13.64.0/19',
|
84 |
+
'31.13.64.0/24',
|
85 |
+
'31.13.65.0/24',
|
86 |
+
'31.13.67.0/24',
|
87 |
+
'31.13.68.0/24',
|
88 |
+
'31.13.69.0/24',
|
89 |
+
'31.13.70.0/24',
|
90 |
+
'31.13.71.0/24',
|
91 |
+
'31.13.72.0/24',
|
92 |
+
'31.13.73.0/24',
|
93 |
+
'31.13.74.0/24',
|
94 |
+
'31.13.75.0/24',
|
95 |
+
'31.13.76.0/24',
|
96 |
+
'31.13.77.0/24',
|
97 |
+
'31.13.96.0/19',
|
98 |
+
'31.13.66.0/24',
|
99 |
+
'173.252.96.0/19',
|
100 |
+
'69.63.178.0/24',
|
101 |
+
'31.13.78.0/24',
|
102 |
+
'31.13.79.0/24',
|
103 |
+
'31.13.80.0/24',
|
104 |
+
'31.13.82.0/24',
|
105 |
+
'31.13.83.0/24',
|
106 |
+
'31.13.84.0/24',
|
107 |
+
'31.13.85.0/24',
|
108 |
+
'31.13.86.0/24',
|
109 |
+
'31.13.87.0/24',
|
110 |
+
'31.13.88.0/24',
|
111 |
+
'31.13.89.0/24',
|
112 |
+
'31.13.90.0/24',
|
113 |
+
'31.13.91.0/24',
|
114 |
+
'31.13.92.0/24',
|
115 |
+
'31.13.93.0/24',
|
116 |
+
'31.13.94.0/24',
|
117 |
+
'31.13.95.0/24',
|
118 |
+
'69.171.253.0/24',
|
119 |
+
'69.63.186.0/24',
|
120 |
+
'31.13.81.0/24',
|
121 |
+
'179.60.192.0/22',
|
122 |
+
'179.60.192.0/24',
|
123 |
+
'179.60.193.0/24',
|
124 |
+
'179.60.194.0/24',
|
125 |
+
'179.60.195.0/24',
|
126 |
+
'185.60.216.0/22',
|
127 |
+
'45.64.40.0/22',
|
128 |
+
'185.60.216.0/24',
|
129 |
+
'185.60.217.0/24',
|
130 |
+
'185.60.218.0/24',
|
131 |
+
'185.60.219.0/24',
|
132 |
+
'129.134.0.0/16',
|
133 |
+
'157.240.0.0/16',
|
134 |
+
'204.15.20.0/22',
|
135 |
+
'69.63.176.0/20',
|
136 |
+
'69.63.176.0/21',
|
137 |
+
'69.63.184.0/21',
|
138 |
+
'66.220.144.0/20',
|
139 |
+
'69.63.176.0/20',
|
140 |
+
'2620:0:1c00::/40',
|
141 |
+
'2a03:2880::/32',
|
142 |
+
'2a03:2880:fffe::/48',
|
143 |
+
'2a03:2880:ffff::/48',
|
144 |
+
'2620:0:1cff::/48',
|
145 |
+
'2a03:2880:f000::/48',
|
146 |
+
'2a03:2880:f001::/48',
|
147 |
+
'2a03:2880:f002::/48',
|
148 |
+
'2a03:2880:f003::/48',
|
149 |
+
'2a03:2880:f004::/48',
|
150 |
+
'2a03:2880:f005::/48',
|
151 |
+
'2a03:2880:f006::/48',
|
152 |
+
'2a03:2880:f007::/48',
|
153 |
+
'2a03:2880:f008::/48',
|
154 |
+
'2a03:2880:f009::/48',
|
155 |
+
'2a03:2880:f00a::/48',
|
156 |
+
'2a03:2880:f00b::/48',
|
157 |
+
'2a03:2880:f00c::/48',
|
158 |
+
'2a03:2880:f00d::/48',
|
159 |
+
'2a03:2880:f00e::/48',
|
160 |
+
'2a03:2880:f00f::/48',
|
161 |
+
'2a03:2880:f010::/48',
|
162 |
+
'2a03:2880:f011::/48',
|
163 |
+
'2a03:2880:f012::/48',
|
164 |
+
'2a03:2880:f013::/48',
|
165 |
+
'2a03:2880:f014::/48',
|
166 |
+
'2a03:2880:f015::/48',
|
167 |
+
'2a03:2880:f016::/48',
|
168 |
+
'2a03:2880:f017::/48',
|
169 |
+
'2a03:2880:f018::/48',
|
170 |
+
'2a03:2880:f019::/48',
|
171 |
+
'2a03:2880:f01a::/48',
|
172 |
+
'2a03:2880:f01b::/48',
|
173 |
+
'2a03:2880:f01c::/48',
|
174 |
+
'2a03:2880:f01d::/48',
|
175 |
+
'2a03:2880:f01e::/48',
|
176 |
+
'2a03:2880:f01f::/48',
|
177 |
+
'2a03:2880:1000::/36',
|
178 |
+
'2a03:2880:2000::/36',
|
179 |
+
'2a03:2880:3000::/36',
|
180 |
+
'2a03:2880:4000::/36',
|
181 |
+
'2a03:2880:5000::/36',
|
182 |
+
'2a03:2880:6000::/36',
|
183 |
+
'2a03:2880:7000::/36',
|
184 |
+
'2a03:2880:f020::/48',
|
185 |
+
'2a03:2880:f021::/48',
|
186 |
+
'2a03:2880:f022::/48',
|
187 |
+
'2a03:2880:f023::/48',
|
188 |
+
'2a03:2880:f024::/48',
|
189 |
+
'2a03:2880:f025::/48',
|
190 |
+
'2a03:2880:f026::/48',
|
191 |
+
'2a03:2880:f027::/48',
|
192 |
+
'2a03:2880:f028::/48',
|
193 |
+
'2a03:2880:f029::/48',
|
194 |
+
'2a03:2880:f02a::/48',
|
195 |
+
'2a03:2880:f02b::/48',
|
196 |
+
'2a03:2880:f02c::/48',
|
197 |
+
'2a03:2880:f02d::/48',
|
198 |
+
'2a03:2880:f02e::/48',
|
199 |
+
'2a03:2880:f02f::/48',
|
200 |
+
'2a03:2880:f030::/48',
|
201 |
+
'2a03:2880:f031::/48',
|
202 |
+
'2a03:2880:f032::/48',
|
203 |
+
'2a03:2880:f033::/48',
|
204 |
+
'2a03:2880:f034::/48',
|
205 |
+
'2a03:2880:f035::/48',
|
206 |
+
'2a03:2880:f036::/48',
|
207 |
+
'2a03:2880:f037::/48',
|
208 |
+
'2a03:2880:f038::/48',
|
209 |
+
'2a03:2880:f039::/48',
|
210 |
+
'2a03:2880:f03a::/48',
|
211 |
+
'2a03:2880:f03b::/48',
|
212 |
+
'2a03:2880:f03c::/48',
|
213 |
+
'2a03:2880:f03d::/48',
|
214 |
+
'2a03:2880:f03e::/48',
|
215 |
+
'2a03:2880:f03f::/48',
|
216 |
+
'2401:db00::/32',
|
217 |
+
'2a03:2880::/36',
|
218 |
+
'2803:6080::/32',
|
219 |
+
),
|
220 |
+
);
|
lib/wfLog.php
CHANGED
@@ -169,70 +169,17 @@ class wfLog {
|
|
169 |
* @return bool
|
170 |
*/
|
171 |
public function isWhitelisted($IP) {
|
172 |
-
|
173 |
-
|
174 |
-
|
175 |
-
|
176 |
-
|
177 |
-
|
178 |
-
return true;
|
179 |
-
}
|
180 |
-
//These belong to sucuri's scanning servers which will get blocked by Wordfence as a false positive if you try a scan. So we whitelisted them.
|
181 |
-
$externalWhite = array('97.74.127.171', '69.164.203.172', '173.230.128.135', '66.228.34.49', '66.228.40.185', '50.116.36.92', '50.116.36.93', '50.116.3.171', '198.58.96.212', '50.116.63.221', '192.155.92.112', '192.81.128.31', '198.58.106.244', '192.155.95.139', '23.239.9.227', '198.58.112.103', '192.155.94.43', '162.216.16.33', '173.255.233.124', '173.255.233.124', '192.155.90.179', '50.116.41.217', '192.81.129.227', '198.58.111.80', '162.216.19.183');
|
182 |
-
if (in_array($IP, $externalWhite)) {
|
183 |
-
return true;
|
184 |
-
}
|
185 |
-
$list = wfConfig::get('whitelisted');
|
186 |
-
if (!$list) {
|
187 |
-
return false;
|
188 |
-
}
|
189 |
-
$list = explode(',', $list);
|
190 |
-
if (sizeof($list) < 1) {
|
191 |
-
return false;
|
192 |
-
}
|
193 |
-
foreach ($list as $whiteIP) {
|
194 |
-
$white_ip_block = new wfUserIPRange($whiteIP);
|
195 |
-
if ($white_ip_block->isIPInRange($IP)) {
|
196 |
return true;
|
197 |
}
|
198 |
}
|
199 |
-
return false;
|
200 |
-
}
|
201 |
-
|
202 |
-
/**
|
203 |
-
* Get an array of static IPs, tuple for a numeric IP range, or a wfUserIPRange object to define and test a range
|
204 |
-
* like [127-128].0.0.[1-40]
|
205 |
-
*
|
206 |
-
* @see wfUserIPRange
|
207 |
-
* @param null $user_whitelisted
|
208 |
-
* @return array
|
209 |
-
*/
|
210 |
-
public function getWhitelistedIPs($user_whitelisted = null) {
|
211 |
-
$white_listed_ips = array();
|
212 |
-
// Wordfence's IP block which would prevent our scanning server manually kicking off scans that are stuck
|
213 |
-
$white_listed_ips[] = array(1160651777, 1160651808);
|
214 |
-
|
215 |
-
// Private range
|
216 |
-
$private_range = wfUtils::getPrivateAddrs();
|
217 |
-
foreach ($private_range as $ip_range) {
|
218 |
-
$white_listed_ips[] = array($ip_range[1], $ip_range[2]);
|
219 |
-
}
|
220 |
-
|
221 |
-
// These belong to sucuri's scanning servers which will get blocked by Wordfence as a false positive if you try a scan. So we whitelisted them.
|
222 |
-
$white_listed_ips = array_merge($white_listed_ips, array_map(array('wfUtils', 'inet_pton'), array('97.74.127.171', '69.164.203.172', '173.230.128.135', '66.228.34.49', '66.228.40.185', '50.116.36.92', '50.116.36.93', '50.116.3.171', '198.58.96.212', '50.116.63.221', '192.155.92.112', '192.81.128.31', '198.58.106.244', '192.155.95.139', '23.239.9.227', '198.58.112.103', '192.155.94.43', '162.216.16.33', '173.255.233.124', '173.255.233.124', '192.155.90.179', '50.116.41.217', '192.81.129.227', '198.58.111.80', '162.216.19.183')));
|
223 |
-
|
224 |
-
if ($user_whitelisted === null) {
|
225 |
-
$user_whitelisted = wfConfig::get('whitelisted');
|
226 |
-
}
|
227 |
-
|
228 |
-
if ($user_whitelisted) {
|
229 |
-
$user_whitelisted = explode(',', $user_whitelisted);
|
230 |
-
foreach ($user_whitelisted as $whiteIP) {
|
231 |
-
$white_listed_ips[] = new wfUserIPRange($whiteIP);
|
232 |
-
}
|
233 |
-
}
|
234 |
|
235 |
-
return
|
236 |
}
|
237 |
|
238 |
public function unblockAllIPs(){
|
169 |
* @return bool
|
170 |
*/
|
171 |
public function isWhitelisted($IP) {
|
172 |
+
foreach (wfUtils::getIPWhitelist() as $subnet) {
|
173 |
+
if ($subnet instanceof wfUserIPRange) {
|
174 |
+
if ($subnet->isIPInRange($IP)) {
|
175 |
+
return true;
|
176 |
+
}
|
177 |
+
} elseif (wfUtils::subnetContainsIP($subnet, $IP)) {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
178 |
return true;
|
179 |
}
|
180 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
181 |
|
182 |
+
return false;
|
183 |
}
|
184 |
|
185 |
public function unblockAllIPs(){
|
lib/wfUtils.php
CHANGED
@@ -2,25 +2,6 @@
|
|
2 |
require_once('wfConfig.php');
|
3 |
require_once('wfCountryMap.php');
|
4 |
class wfUtils {
|
5 |
-
#We've modified this and removed some addresses which may be routable on the Net and cause auto-whitelisting.
|
6 |
-
private static $privateAddrs = array(
|
7 |
-
//array('0.0.0.0/8',0,16777215), #Broadcast addr
|
8 |
-
array('10.0.0.0/8',167772160,184549375), #Private addrs
|
9 |
-
//array('100.64.0.0/10',1681915904,1686110207), #carrier-grade-nat for comms between ISP and subscribers
|
10 |
-
array('127.0.0.0/8',2130706432,2147483647), #loopback
|
11 |
-
//array('169.254.0.0/16',2851995648,2852061183), #link-local when DHCP fails e.g. os x
|
12 |
-
array('172.16.0.0/12',2886729728,2887778303), #private addrs
|
13 |
-
array('192.0.0.0/29',3221225472,3221225479), #used for NAT with IPv6, so basically a private addr
|
14 |
-
//array('192.0.2.0/24',3221225984,3221226239), #Only for use in docs and examples, not for public use
|
15 |
-
//array('192.88.99.0/24',3227017984,3227018239), #Used by 6to4 anycast relays
|
16 |
-
array('192.168.0.0/16',3232235520,3232301055), #Used for local communications within a private network
|
17 |
-
//array('198.18.0.0/15',3323068416,3323199487), #Used for testing of inter-network communications between two separate subnets
|
18 |
-
//array('198.51.100.0/24',3325256704,3325256959), #Assigned as "TEST-NET-2" in RFC 5737 for use solely in documentation and example source code and should not be used publicly.
|
19 |
-
//array('203.0.113.0/24',3405803776,3405804031), #Assigned as "TEST-NET-3" in RFC 5737 for use solely in documentation and example source code and should not be used publicly.
|
20 |
-
//array('224.0.0.0/4',3758096384,4026531839), #Reserved for multicast assignments as specified in RFC 5771
|
21 |
-
//array('240.0.0.0/4',4026531840,4294967295), #Reserved for future use, as specified by RFC 6890
|
22 |
-
//array('255.255.255.255/32',4294967295,4294967295) #Reserved for the "limited broadcast" destination address, as specified by RFC 6890
|
23 |
-
);
|
24 |
private static $isWindows = false;
|
25 |
public static $scanLockFH = false;
|
26 |
private static $lastErrorReporting = false;
|
@@ -83,6 +64,124 @@ class wfUtils {
|
|
83 |
return round($bytes, $precision) . ' ' . $units[$pow];
|
84 |
}
|
85 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
86 |
/**
|
87 |
* Return dot notation of IPv4 address.
|
88 |
*
|
@@ -266,6 +365,40 @@ class wfUtils {
|
|
266 |
return rand(11,230) . '.' . rand(0,255) . '.' . rand(0,255) . '.' . rand(0,255);
|
267 |
}
|
268 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
269 |
/**
|
270 |
* @param string $addr Should be in dot or colon notation (127.0.0.1 or ::1)
|
271 |
* @return bool
|
@@ -273,9 +406,8 @@ class wfUtils {
|
|
273 |
public static function isPrivateAddress($addr) {
|
274 |
// Run this through the preset list for IPv4 addresses.
|
275 |
if (filter_var($addr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) !== false) {
|
276 |
-
|
277 |
-
|
278 |
-
if ($num >= $a[1] && $num <= $a[2]) {
|
279 |
return true;
|
280 |
}
|
281 |
}
|
@@ -901,13 +1033,6 @@ class wfUtils {
|
|
901 |
}
|
902 |
}
|
903 |
|
904 |
-
/**
|
905 |
-
* @return array
|
906 |
-
*/
|
907 |
-
public static function getPrivateAddrs() {
|
908 |
-
return self::$privateAddrs;
|
909 |
-
}
|
910 |
-
|
911 |
/**
|
912 |
* @param string $host
|
913 |
* @return array
|
2 |
require_once('wfConfig.php');
|
3 |
require_once('wfCountryMap.php');
|
4 |
class wfUtils {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5 |
private static $isWindows = false;
|
6 |
public static $scanLockFH = false;
|
7 |
private static $lastErrorReporting = false;
|
64 |
return round($bytes, $precision) . ' ' . $units[$pow];
|
65 |
}
|
66 |
|
67 |
+
/**
|
68 |
+
* Check if an IP address is in a network block
|
69 |
+
*
|
70 |
+
* @param string $subnet Single IP or subnet in CIDR notation (e.g. '192.168.100.0' or '192.168.100.0/22')
|
71 |
+
* @param string $ip IPv4 or IPv6 address in dot or colon notation
|
72 |
+
* @return boolean
|
73 |
+
*/
|
74 |
+
public static function subnetContainsIP($subnet, $ip) {
|
75 |
+
list($network, $prefix) = array_pad(explode('/', $subnet, 2), 2, null);
|
76 |
+
|
77 |
+
if (filter_var($network, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
|
78 |
+
// If no prefix was supplied, 32 is implied for IPv4
|
79 |
+
if ($prefix === null) {
|
80 |
+
$prefix = 32;
|
81 |
+
}
|
82 |
+
|
83 |
+
// Validate the IPv4 network prefix
|
84 |
+
if ($prefix < 0 || $prefix > 32) {
|
85 |
+
return false;
|
86 |
+
}
|
87 |
+
|
88 |
+
// Increase the IPv4 network prefix to work in the IPv6 address space
|
89 |
+
$prefix += 96;
|
90 |
+
} else {
|
91 |
+
// If no prefix was supplied, 128 is implied for IPv6
|
92 |
+
if ($prefix === null) {
|
93 |
+
$prefix = 128;
|
94 |
+
}
|
95 |
+
|
96 |
+
// Validate the IPv6 network prefix
|
97 |
+
if ($prefix < 1 || $prefix > 128) {
|
98 |
+
return false;
|
99 |
+
}
|
100 |
+
}
|
101 |
+
|
102 |
+
// Convert human readable addresses to 128 bit (IPv6) binary strings
|
103 |
+
// Note: self::inet_pton converts IPv4 addresses to IPv6 compatible versions
|
104 |
+
$binary_network = str_pad(wfHelperBin::bin2str(self::inet_pton($network)), 128, '0', STR_PAD_LEFT);
|
105 |
+
$binary_ip = str_pad(wfHelperBin::bin2str(self::inet_pton($ip)), 128, '0', STR_PAD_LEFT);
|
106 |
+
|
107 |
+
return 0 === substr_compare($binary_ip, $binary_network, 0, $prefix);
|
108 |
+
}
|
109 |
+
|
110 |
+
/**
|
111 |
+
* Convert CIDR notation to a wfUserIPRange object
|
112 |
+
*
|
113 |
+
* @param string $cidr
|
114 |
+
* @return wfUserIPRange
|
115 |
+
*/
|
116 |
+
public static function CIDR2wfUserIPRange($cidr) {
|
117 |
+
list($network, $prefix) = array_pad(explode('/', $cidr, 2), 2, null);
|
118 |
+
$ip_range = new wfUserIPRange();
|
119 |
+
|
120 |
+
if (filter_var($network, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
|
121 |
+
// If no prefix was supplied, 32 is implied for IPv4
|
122 |
+
if ($prefix === null) {
|
123 |
+
$prefix = 32;
|
124 |
+
}
|
125 |
+
|
126 |
+
// Validate the IPv4 network prefix
|
127 |
+
if ($prefix < 0 || $prefix > 32) {
|
128 |
+
return $ip_range;
|
129 |
+
}
|
130 |
+
|
131 |
+
// Increase the IPv4 network prefix to work in the IPv6 address space
|
132 |
+
$prefix += 96;
|
133 |
+
} else {
|
134 |
+
// If no prefix was supplied, 128 is implied for IPv6
|
135 |
+
if ($prefix === null) {
|
136 |
+
$prefix = 128;
|
137 |
+
}
|
138 |
+
|
139 |
+
// Validate the IPv6 network prefix
|
140 |
+
if ($prefix < 1 || $prefix > 128) {
|
141 |
+
return $ip_range;
|
142 |
+
}
|
143 |
+
}
|
144 |
+
|
145 |
+
// Convert human readable address to 128 bit (IPv6) binary string
|
146 |
+
// Note: self::inet_pton converts IPv4 addresses to IPv6 compatible versions
|
147 |
+
$binary_network = self::inet_pton($network);
|
148 |
+
$binary_mask = wfHelperBin::str2bin(str_pad(str_repeat('1', $prefix), 128, '0', STR_PAD_RIGHT));
|
149 |
+
|
150 |
+
// Calculate first and last address
|
151 |
+
$binary_first = $binary_network & $binary_mask;
|
152 |
+
$binary_last = $binary_network | ~ $binary_mask;
|
153 |
+
|
154 |
+
// Convert binary addresses back to human readable strings
|
155 |
+
$first = self::inet_ntop($binary_first);
|
156 |
+
$last = self::inet_ntop($binary_last);
|
157 |
+
|
158 |
+
// Split addresses into segments
|
159 |
+
$first_array = preg_split('/[\.\:]/', $first);
|
160 |
+
$last_array = preg_split('/[\.\:]/', $last);
|
161 |
+
|
162 |
+
// Make sure arrays are the same size. IPv6 '::' could cause problems otherwise.
|
163 |
+
// The strlen filter should leave zeros in place
|
164 |
+
$first_array = array_pad(array_filter($first_array, 'strlen'), count($last_array), '0');
|
165 |
+
|
166 |
+
$range_segments = array();
|
167 |
+
|
168 |
+
foreach ($first_array as $index => $segment) {
|
169 |
+
if ($segment === $last_array[$index]) {
|
170 |
+
$range_segments[] = $segment;
|
171 |
+
} else if ($segment === '' || $last_array[$index] === '') {
|
172 |
+
$range_segments[] = '';
|
173 |
+
} else {
|
174 |
+
$range_segments[] = "[{$segment}-{$last_array[$index]}]";
|
175 |
+
}
|
176 |
+
}
|
177 |
+
|
178 |
+
$delimiter = filter_var($network, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) ? '.' : ':';
|
179 |
+
|
180 |
+
$ip_range->setIPString(implode($delimiter, $range_segments));
|
181 |
+
|
182 |
+
return $ip_range;
|
183 |
+
}
|
184 |
+
|
185 |
/**
|
186 |
* Return dot notation of IPv4 address.
|
187 |
*
|
365 |
return rand(11,230) . '.' . rand(0,255) . '.' . rand(0,255) . '.' . rand(0,255);
|
366 |
}
|
367 |
|
368 |
+
/**
|
369 |
+
* Get the list of whitelisted IPs and networks
|
370 |
+
*
|
371 |
+
* Results may include wfUserIPRange objects for now. Ideally everything would be in CIDR notation.
|
372 |
+
*
|
373 |
+
* @param string $filter Group name to filter whitelist by
|
374 |
+
* @return array
|
375 |
+
*/
|
376 |
+
public static function getIPWhitelist($filter = null) {
|
377 |
+
static $wfIPWhitelist;
|
378 |
+
|
379 |
+
if (!isset($wfIPWhitelist)) {
|
380 |
+
include('wfIPWhitelist.php');
|
381 |
+
|
382 |
+
// Memoize user defined whitelist IPs and ranges
|
383 |
+
// TODO: Convert everything to CIDR
|
384 |
+
$wfIPWhitelist['user'] = array();
|
385 |
+
|
386 |
+
foreach (array_filter(explode(',', wfConfig::get('whitelisted'))) as $ip) {
|
387 |
+
$wfIPWhitelist['user'][] = new wfUserIPRange($ip);
|
388 |
+
}
|
389 |
+
}
|
390 |
+
|
391 |
+
$whitelist = array();
|
392 |
+
|
393 |
+
foreach ($wfIPWhitelist as $group => $values) {
|
394 |
+
if ($filter === null || $group === $filter) {
|
395 |
+
$whitelist = array_merge($whitelist, $values);
|
396 |
+
}
|
397 |
+
}
|
398 |
+
|
399 |
+
return $whitelist;
|
400 |
+
}
|
401 |
+
|
402 |
/**
|
403 |
* @param string $addr Should be in dot or colon notation (127.0.0.1 or ::1)
|
404 |
* @return bool
|
406 |
public static function isPrivateAddress($addr) {
|
407 |
// Run this through the preset list for IPv4 addresses.
|
408 |
if (filter_var($addr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) !== false) {
|
409 |
+
foreach (self::getIPWhitelist('private') as $a) {
|
410 |
+
if (self::subnetContainsIP($a, $addr)) {
|
|
|
411 |
return true;
|
412 |
}
|
413 |
}
|
1033 |
}
|
1034 |
}
|
1035 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1036 |
/**
|
1037 |
* @param string $host
|
1038 |
* @return array
|
readme.txt
CHANGED
@@ -3,7 +3,7 @@ Contributors: mmaunder
|
|
3 |
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching, IPv6, IP version 6
|
4 |
Requires at least: 3.9
|
5 |
Tested up to: 4.4.1
|
6 |
-
Stable tag: 6.0.
|
7 |
|
8 |
The Wordfence WordPress security plugin provides free enterprise-class WordPress security, protecting your website from hacks and malware.
|
9 |
== Description ==
|
@@ -190,6 +190,12 @@ Designed for every skill level, [The WordPress Security Learning Center](https:/
|
|
190 |
|
191 |
== Changelog ==
|
192 |
|
|
|
|
|
|
|
|
|
|
|
|
|
193 |
= 6.0.23 =
|
194 |
* Improvement: Updated local GeoIP database.
|
195 |
* Improvement: Updated local browser data cache to support newer browsers and user-agents.
|
3 |
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching, IPv6, IP version 6
|
4 |
Requires at least: 3.9
|
5 |
Tested up to: 4.4.1
|
6 |
+
Stable tag: 6.0.24
|
7 |
|
8 |
The Wordfence WordPress security plugin provides free enterprise-class WordPress security, protecting your website from hacks and malware.
|
9 |
== Description ==
|
190 |
|
191 |
== Changelog ==
|
192 |
|
193 |
+
= 6.0.24 =
|
194 |
+
* Enhancement: Added automatic whitelisting for Facebook crawlers.
|
195 |
+
* Improvement: Added styling to premium callouts.
|
196 |
+
* Improvement: Updated local GeoIP database.
|
197 |
+
* Improvement: Updated local browser data cache to support newer browsers and user-agents.
|
198 |
+
|
199 |
= 6.0.23 =
|
200 |
* Improvement: Updated local GeoIP database.
|
201 |
* Improvement: Updated local browser data cache to support newer browsers and user-agents.
|
wordfence.php
CHANGED
@@ -4,13 +4,13 @@ Plugin Name: Wordfence Security
|
|
4 |
Plugin URI: http://www.wordfence.com/
|
5 |
Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
|
6 |
Author: Wordfence
|
7 |
-
Version: 6.0.
|
8 |
Author URI: http://www.wordfence.com/
|
9 |
*/
|
10 |
if(defined('WP_INSTALLING') && WP_INSTALLING){
|
11 |
return;
|
12 |
}
|
13 |
-
define('WORDFENCE_VERSION', '6.0.
|
14 |
if(get_option('wordfenceActivated') != 1){
|
15 |
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
|
16 |
}
|
4 |
Plugin URI: http://www.wordfence.com/
|
5 |
Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
|
6 |
Author: Wordfence
|
7 |
+
Version: 6.0.24
|
8 |
Author URI: http://www.wordfence.com/
|
9 |
*/
|
10 |
if(defined('WP_INSTALLING') && WP_INSTALLING){
|
11 |
return;
|
12 |
}
|
13 |
+
define('WORDFENCE_VERSION', '6.0.24');
|
14 |
if(get_option('wordfenceActivated') != 1){
|
15 |
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
|
16 |
}
|