Wordfence Security – Firewall & Malware Scan - Version 6.0.24

Version Description

  • Enhancement: Added automatic whitelisting for Facebook crawlers.
  • Improvement: Added styling to premium callouts.
  • Improvement: Updated local GeoIP database.
  • Improvement: Updated local browser data cache to support newer browsers and user-agents.
Download this release

Release Info

Developer wfmatt
Plugin Icon 128x128 Wordfence Security – Firewall & Malware Scan
Version 6.0.24
Comparing to
See all releases

Code changes from version 6.0.23 to 6.0.24

Files changed (16) hide show
  1. css/main.css +31 -0
  2. lib/GeoIP.dat +0 -0
  3. lib/email_genericAlert.php +6 -10
  4. lib/email_newIssues.php +12 -12
  5. lib/menu_countryBlocking.php +15 -5
  6. lib/menu_options.php +20 -4
  7. lib/menu_passwd.php +11 -8
  8. lib/menu_scan.php +15 -3
  9. lib/menu_scanSchedule.php +17 -6
  10. lib/menu_twoFactor.php +22 -7
  11. lib/wfActivityReport.php +8 -10
  12. lib/wfIPWhitelist.php +220 -0
  13. lib/wfLog.php +7 -60
  14. lib/wfUtils.php +154 -29
  15. readme.txt +7 -1
  16. wordfence.php +2 -2
css/main.css CHANGED
@@ -481,4 +481,35 @@ table.block-ranges-table tr td {
481
  background-color: #ffffe0;
482
  border: 1px solid #ffd975;
483
  border-width: 1px 1px 1px 10px;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
484
  }
481
  background-color: #ffffe0;
482
  border: 1px solid #ffd975;
483
  border-width: 1px 1px 1px 10px;
484
+ }
485
+
486
+ .wf-premium-callout {
487
+ border: 1px solid #00709E;
488
+ background-color: #ffffff;
489
+ padding: 16px;
490
+ margin: 20px 0 0;
491
+ max-width: 860px;
492
+ }
493
+ .wf-premium-callout h3 {
494
+ margin: 0 0 8px;
495
+ color: #11967A;
496
+ }
497
+ .wf-premium-callout ul {
498
+ margin: 8px 0;
499
+ padding: 0 0 0 15px;
500
+ }
501
+ .wf-premium-callout ul li {
502
+ list-style-type: disc;
503
+ margin: 0;
504
+ padding: 0;
505
+ }
506
+ .wf-premium-callout .center {
507
+ text-align: center;
508
+ margin: 0;
509
+ }
510
+ .wf-premium-callout .button-primary {
511
+ text-align: center;
512
+ text-transform: uppercase;
513
+ font-weight: bold;
514
+ background-color: #00709E;
515
  }
lib/GeoIP.dat CHANGED
Binary file
lib/email_genericAlert.php CHANGED
@@ -6,18 +6,14 @@ The Wordfence administrative URL for this site is: <?php echo $adminURL; ?>admin
6
  <?php if($IPMsg){ echo "\n$IPMsg\n"; } ?>
7
 
8
  <?php if(! $isPaid){ ?>
9
- NOTE: You are using the free version of Wordfence. Upgrading to the paid version of Wordfence gives you
10
- two factor authentication (sign-in via cellphone) and country blocking which are both effective methods to block attacks.
11
- A Premium Wordfence license also includes remote scanning with each scan of your site which can detect
12
- several additional website infections. Premium members can also schedule when website scans occur and
13
- can scan more than once per day.
14
 
15
- As a Premium member you also get access to our priority support system located at http://support.wordfence.com/ and can file
16
- priority support tickets using our ticketing system.
17
-
18
- Click here to sign-up for the Premium version of Wordfence now.
19
  https://www.wordfence.com/zz1/wordfence-signup/
20
-
21
  <?php } ?>
22
 
23
  --
6
  <?php if($IPMsg){ echo "\n$IPMsg\n"; } ?>
7
 
8
  <?php if(! $isPaid){ ?>
9
+ NOTE: You are using the free version of Wordfence. Upgrade to Premium today for less than $5 per month!
10
+ - Advanced features like IP reputation monitoring, country blocking, an advanced comment spam filter and cell phone sign-in give you the best protection available
11
+ - Remote, frequent and scheduled scans
12
+ - Access to Premium Support
13
+ - Discounts of up to 90% for multiyear and multi-license purchases
14
 
15
+ Click here to upgrade to Wordfence Premium:
 
 
 
16
  https://www.wordfence.com/zz1/wordfence-signup/
 
17
  <?php } ?>
18
 
19
  --
lib/email_newIssues.php CHANGED
@@ -32,18 +32,18 @@
32
 
33
 
34
  <?php if(! $isPaid){ ?>
35
- <p>NOTE: You are using the free version of Wordfence. Upgrading to the paid version of Wordfence gives you
36
- two factor authentication (sign-in via cellphone) and country blocking which are both effective methods to block attacks.
37
- A Premium Wordfence license also includes remote scanning with each scan of your site which can detect
38
- several additional website infections. Premium members can also schedule when website scans occur and
39
- can scan more than once per day.</p>
40
-
41
- <p>As a Premium member you also get access to our priority support system located at http://support.wordfence.com/ and can file
42
- priority support tickets using our ticketing system. </p>
43
-
44
- <p>Click here to sign-up for the Premium version of Wordfence now.<br>
45
- <a href="https://www.wordfence.com/zz2/wordfence-signup/">https://www.wordfence.com/zz2/wordfence-signup/</a></p>
46
-
47
  <?php } ?>
48
 
49
 
32
 
33
 
34
  <?php if(! $isPaid){ ?>
35
+ <p>NOTE: You are using the free version of Wordfence. Upgrade to Premium today for less than $5 per month!</p>
36
+ <ul>
37
+ <li>Advanced features like IP reputation monitoring, country blocking, an advanced comment spam filter and cell phone sign-in give you the best protection available</li>
38
+ <li>Remote, frequent and scheduled scans</li>
39
+ <li>Access to Premium Support</li>
40
+ <li>Discounts of up to 90% for multiyear and multi-license purchases</li>
41
+ </ul>
42
+
43
+ <p>
44
+ Click here to upgrade to Wordfence Premium:<br>
45
+ <a href="https://www.wordfence.com/zz2/wordfence-signup/">https://www.wordfence.com/zz2/wordfence-signup/</a>
46
+ </p>
47
  <?php } ?>
48
 
49
 
lib/menu_countryBlocking.php CHANGED
@@ -9,11 +9,21 @@ WFAD.countryMap = <?php echo json_encode($wfBulkCountries); ?>;
9
  <?php require('menuHeader.php'); ?>
10
  <?php $pageTitle = "Block Selected Countries from Accessing your Site"; $helpLink="http://docs.wordfence.com/en/Country_blocking"; $helpLabel="Learn more about Country Blocking"; include('pageTitle.php'); ?>
11
  <?php if(! wfConfig::get('isPaid')){ ?>
12
- <div class="wfPaidOnlyNotice">
13
- <strong>Country Blocking is only available to Premium Members at this time</strong><br /><br />
14
- Country Blocking is a premium feature because we have licensed a very accurate commercial geolocation database to provide this feature. If you would like to
15
- activate this feature, simply <a href="https://www.wordfence.com/gnl1countryBlock1/wordfence-signup/" target="_blank">click here and get a premium Wordfence API Key</a>, and then copy and paste it into your options page. You can <a href="http://docs.wordfence.com/en/Country_blocking" target="_blank">learn more about Country Blocking on our documentation website</a>.
16
- </div>
 
 
 
 
 
 
 
 
 
 
17
  <?php } ?>
18
  <?php if(wfConfig::get('cacheType') == 'falcon'){ ?>
19
  <div class="wfFalconNotice">
9
  <?php require('menuHeader.php'); ?>
10
  <?php $pageTitle = "Block Selected Countries from Accessing your Site"; $helpLink="http://docs.wordfence.com/en/Country_blocking"; $helpLabel="Learn more about Country Blocking"; include('pageTitle.php'); ?>
11
  <?php if(! wfConfig::get('isPaid')){ ?>
12
+ <div class="wf-premium-callout" style="margin: 20px">
13
+ <h3>Country Blocking is only available to Premium Members</h3>
14
+ <p>Country Blocking is a premium feature because we have licensed a very accurate commercial geolocation
15
+ database to provide this feature. Upgrade to Premium today:</p>
16
+ <ul>
17
+ <li>You can upgrade now for less than $5 per month</li>
18
+ <li>Other advanced features like IP reputation monitoring, an advanced comment spam filter, advanced
19
+ scanning options and cell phone sign-in give you the best protection available
20
+ </li>
21
+ <li>Access to Premium Support</li>
22
+ <li>Discounts of up to 90% available for multiyear and multi-license purchases</li>
23
+ </ul>
24
+ <p class="center"><a class="button button-primary"
25
+ href="https://www.wordfence.com/gnl1countryBlock1/wordfence-signup/">Get Premium</a></p>
26
+ </div>
27
  <?php } ?>
28
  <?php if(wfConfig::get('cacheType') == 'falcon'){ ?>
29
  <div class="wfFalconNotice">
lib/menu_options.php CHANGED
@@ -45,7 +45,7 @@ $w = new wfConfig();
45
  </tr>
46
  <tr>
47
  <td colspan="2">
48
- <?php if ( wfConfig::get( 'isPaid' ) ) { ?>
49
  <table border="0">
50
  <tr>
51
  <td><a href="https://www.wordfence.com/gnl1optMngKys/manage-wordfence-api-keys/"
@@ -56,9 +56,25 @@ $w = new wfConfig();
56
  onclick="WFAD.downgradeLicense();"/></td>
57
  </tr>
58
  </table>
59
- <?php } ?>
60
-
61
-
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
62
  <tr>
63
  <td colspan="2"><h2>Basic Options<a href="http://docs.wordfence.com/en/Wordfence_options#Basic_Options"
64
  target="_blank" class="wfhelp"></a></h2></td>
45
  </tr>
46
  <tr>
47
  <td colspan="2">
48
+ <?php if (wfConfig::get('isPaid')): ?>
49
  <table border="0">
50
  <tr>
51
  <td><a href="https://www.wordfence.com/gnl1optMngKys/manage-wordfence-api-keys/"
56
  onclick="WFAD.downgradeLicense();"/></td>
57
  </tr>
58
  </table>
59
+ <?php else: ?>
60
+ <div class="wf-premium-callout">
61
+ <h3>Upgrade to Wordfence Premium today for less than $5 per month</h3>
62
+ <ul>
63
+ <li>Advanced features like IP reputation monitoring, country blocking, an advanced
64
+ comment spam filter and cell phone sign-in give you the best protection available
65
+ </li>
66
+ <li>Remote, frequent and scheduled scans</li>
67
+ <li>Access to Premium Support</li>
68
+ <li>Discounts of up to 90% for multiyear and multi-license purchases</li>
69
+ </ul>
70
+ <p class="center">
71
+ <a class="button button-primary"
72
+ href="https://www.wordfence.com/gnl1optCallout1/wordfence-signup/">
73
+ Get Premium</a></p>
74
+ </div>
75
+ <?php endif ?>
76
+ </td>
77
+ </tr>
78
  <tr>
79
  <td colspan="2"><h2>Basic Options<a href="http://docs.wordfence.com/en/Wordfence_options#Basic_Options"
80
  target="_blank" class="wfhelp"></a></h2></td>
lib/menu_passwd.php CHANGED
@@ -6,14 +6,17 @@
6
  $helpLabel = "Learn more about Password Auditing";
7
  include('pageTitle.php'); ?>
8
  <?php if (!wfConfig::get('isPaid')) { ?>
9
- <div class="wfPaidOnlyNotice">
10
- <strong>Password Auditing is only available to Premium Members at this time</strong><br/><br/>
11
- Wordfence Password Auditing uses our high performance password auditing cluster to test the strength of your admin and user passwords.
12
- We securely simulate a high-performance password cracking attack on your password database and will alert you to weak passwords.
13
- We then provide a way to change weak passwords or alert members that they need to improve their password strength.
14
- To activate this feature, simply
15
- <a href="https://www.wordfence.com/gnl1pwAuditUp1/wordfence-signup/" target="_blank">click here and get a premium Wordfence API Key</a>, and then copy and paste it into your options page. You can
16
- <a href="http://docs.wordfence.com/en/Wordfence_Password_Auditing" target="_blank">learn more about Password Auditing on our Documentation Website</a>.
 
 
 
17
  </div>
18
  <?php } ?>
19
 
6
  $helpLabel = "Learn more about Password Auditing";
7
  include('pageTitle.php'); ?>
8
  <?php if (!wfConfig::get('isPaid')) { ?>
9
+ <div class="wf-premium-callout" style="margin: 20px 0 20px 20px; width: 700px;">
10
+ <h3>Password Auditing is only available to Premium Members</h3>
11
+ <p>Wordfence Password Auditing uses our high performance password auditing cluster to test the strength of your admin and user passwords. We securely simulate a high-performance password cracking attack on your password database and will alert you to weak passwords. We then provide a way to change weak passwords or alert members that they need to improve their password strength. Upgrade to Premium today:</p>
12
+ <ul>
13
+ <li>You can upgrade now for less than $5 per month</li>
14
+ <li>Other advanced features like IP reputation monitoring, an advanced comment spam filter, advanced scanning options, cell phone sign-in and country blocking give you the best protection available</li>
15
+ <li>Access to Premium Support</li>
16
+ <li>Discounts of up to 90% available for multiyear and multi-license purchases</li>
17
+ </ul>
18
+
19
+ <p class="center"><a class="button button-primary" href="https://www.wordfence.com/gnl1pwAuditUp1/wordfence-signup/">Get Premium</a></p>
20
  </div>
21
  <?php } ?>
22
 
lib/menu_scan.php CHANGED
@@ -38,9 +38,21 @@
38
  Premium scanning enabled.
39
  </div>
40
  <?php } else { ?>
41
- <div style="margin: 0 0 20px 5px; width: 795px;">
42
- <strong style="color: #F00;">How to upgrade:</strong> If you would like access to our <a href="http://support.wordfence.com/" target="_blank">Premium Support help system</a> and features like Cellphone Sign-in, Country Blocking, external site scanning and the ability to schedule scans, simply <a href="https://www.wordfence.com/gnl1scanUpgrade/wordfence-signup/" target="_blank">visit our Wordfence Premium sign-up page</a> and sign up for a Premium Wordfence API key. Then go to the Wordfence options page on this site and replace your free API key with your new premium key. You will immediately be upgraded to Wordfence Premium with all the features it includes and you will have instant access to our ticketing system on <a href="http://support.wordfence.com/" target="_blank">support.wordfence.com</a>.
43
- </div>
 
 
 
 
 
 
 
 
 
 
 
 
44
 
45
  <?php } ?>
46
  <div class="consoleHead" style="margin-top: 20px;">
38
  Premium scanning enabled.
39
  </div>
40
  <?php } else { ?>
41
+ <div class="wf-premium-callout" style="margin: 20px 0 20px 2px;width: 765px;">
42
+ <h3>Upgrade to Wordfence Premium today for less than $5 per month</h3>
43
+ <ul>
44
+ <li>Advanced features like IP reputation monitoring, country blocking, an advanced comment spam
45
+ filter and cell phone sign-in give you the best protection available
46
+ </li>
47
+ <li>Remote, frequent and scheduled scans</li>
48
+ <li>Access to Premium Support</li>
49
+ <li>Discounts of up to 90% for multiyear and multi-license purchases</li>
50
+ </ul>
51
+ <p class="center"><a class="button button-primary"
52
+ href="https://www.wordfence.com/gnl1scanUpgrade/wordfence-signup/">
53
+ Get Premium</a></p>
54
+ </div>
55
+
56
 
57
  <?php } ?>
58
  <div class="consoleHead" style="margin-top: 20px;">
lib/menu_scanSchedule.php CHANGED
@@ -3,12 +3,23 @@
3
  <?php require('menuHeader.php'); ?>
4
  <?php $pageTitle = "Schedule when Wordfence Scans Occur"; $helpLink="http://docs.wordfence.com/en/Wordfence_scan_scheduling"; $helpLabel="Learn more about Scheduling Wordfence Scans"; include('pageTitle.php'); ?>
5
  <?php if(! wfConfig::get('isPaid')){ ?>
6
- <div class="wfPaidOnlyNotice">
7
- <strong>Scan Scheduling is only available to Premium Members at this time</strong><br /><br />
8
- Scan Scheduling is a premium feature because it places additional load on our scanning servers. If you would like to
9
- activate this feature, simply <a href="https://www.wordfence.com/gnl1scanSched1/wordfence-signup/" target="_blank">click here and get a premium Wordfence API Key</a>, and then copy and paste it into your options
10
- page.
11
- </div>
 
 
 
 
 
 
 
 
 
 
 
12
  <?php } ?>
13
 
14
  <div class="wordfenceWrap" style="margin: 20px 20px 20px 30px;">
3
  <?php require('menuHeader.php'); ?>
4
  <?php $pageTitle = "Schedule when Wordfence Scans Occur"; $helpLink="http://docs.wordfence.com/en/Wordfence_scan_scheduling"; $helpLabel="Learn more about Scheduling Wordfence Scans"; include('pageTitle.php'); ?>
5
  <?php if(! wfConfig::get('isPaid')){ ?>
6
+ <div class="wf-premium-callout" style="margin: 20px;">
7
+ <h3>Scan Scheduling is only available to Premium Members</h3>
8
+ <p>Scan Scheduling is a premium feature because it places additional load on our scanning servers. Premium users
9
+ can increase their WordPress protection by controlling scan frequency up to once per hour. Premium also
10
+ allows you to control when Wordfence initiates a scan, selecting optimal times that don’t interfere with
11
+ high-traffic or optimal usage of your site. Upgrade to Premium today:</p>
12
+ <ul>
13
+ <li>You can upgrade now for less than $5 per month</li>
14
+ <li>Other advanced features like IP reputation monitoring, an advanced comment spam filter, country blocking
15
+ and cell phone sign-in give you the best protection available
16
+ </li>
17
+ <li>Access to Premium Support</li>
18
+ <li>Discounts of up to 90% available for multiyear and multi-license purchases</li>
19
+ </ul>
20
+ <p class="center"><a class="button button-primary"
21
+ href="https://www.wordfence.com/gnl1scanSched1/wordfence-signup/">Get Premium</a></p>
22
+ </div>
23
  <?php } ?>
24
 
25
  <div class="wordfenceWrap" style="margin: 20px 20px 20px 30px;">
lib/menu_twoFactor.php CHANGED
@@ -3,13 +3,28 @@
3
  <?php require('menuHeader.php'); ?>
4
  <?php $pageTitle = "Cellphone Sign-in"; $helpLink="http://docs.wordfence.com/en/Cellphone_sign-in"; $helpLabel="Learn more about Cellphone Sign-in"; include('pageTitle.php'); ?>
5
  <?php if(! wfConfig::get('isPaid')){ ?>
6
- <div class="wfPaidOnlyNotice">
7
- <strong>Cellphone Sign-in is only available to Premium Members at this time</strong><br /><br />
8
- Cellphone Sign-in is a premium feature because we are charged per SMS we send when a user signs in. If you would like to
9
- activate this feature, simply <a href="https://www.wordfence.com/gnl1twoFac1/wordfence-signup/" target="_blank">click here and get a premium Wordfence API Key</a>, and then copy and paste it into your options page.
10
- <br /><br />
11
- Wordfence's Cellphone Sign-in uses a technique called "Two Factor Authentication" which is used by banks, government agencies and military world-wide as one of the most secure forms of remote system authentication. It's now available from Wordfence for your WordPress website. We recommend you enable Cellphone Sign-in for all Administrator level accounts. You can <a href="http://docs.wordfence.com/en/Cellphone_sign-in" target="_blank">learn more about Cellphone Sign-in on our documentation website</a>.
12
- </div>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
13
  <?php } ?>
14
 
15
  <div class="wordfenceWrap" style="margin: 20px 20px 20px 30px;">
3
  <?php require('menuHeader.php'); ?>
4
  <?php $pageTitle = "Cellphone Sign-in"; $helpLink="http://docs.wordfence.com/en/Cellphone_sign-in"; $helpLabel="Learn more about Cellphone Sign-in"; include('pageTitle.php'); ?>
5
  <?php if(! wfConfig::get('isPaid')){ ?>
6
+ <div class="wf-premium-callout" style="margin: 20px 0 20px 20px; width: 700px;">
7
+ <h3>Cellphone Sign-in is only available to Premium Members</h3>
8
+
9
+ <p>This is a premium feature because we are charged per SMS we send when a user signs in. Upgrade to Premium
10
+ today:</p>
11
+ <ul>
12
+ <li>You can upgrade now for less than $5 per month</li>
13
+ <li>Other advanced features like IP reputation monitoring, an advanced comment spam filter, advanced
14
+ scanning options and country blocking give you the best protection available
15
+ </li>
16
+ <li>Access to Premium Support</li>
17
+ <li>Discounts of up to 90% available for multiyear and multi-license purchases</li>
18
+ </ul>
19
+ <p>Wordfence's Cellphone Sign-in uses a technique called "Two Factor Authentication" which is used by banks,
20
+ government agencies and military world-wide as one of the most secure forms of remote system authentication.
21
+ It's now available from Wordfence for your WordPress website. We recommend you enable Cellphone Sign-in for
22
+ all Administrator level accounts.</p>
23
+
24
+ <p class="center"><a class="button button-primary"
25
+ href="https://www.wordfence.com/gnl1twoFac1/wordfence-signup/">Get Premium</a></p>
26
+ </div>
27
+
28
  <?php } ?>
29
 
30
  <div class="wordfenceWrap" style="margin: 20px 20px 20px 30px;">
lib/wfActivityReport.php CHANGED
@@ -267,30 +267,28 @@ SQL
267
  }
268
 
269
  /**
270
- * Generate SQL from the whitelist. Uses the return format from wfLog::getWhitelistedIPs
271
  *
272
- * @see wfLog::getWhitelistedIPs
273
  * @param array $whitelisted_ips
274
  * @return string
275
  */
276
  public function getBlockedIPWhitelistWhereClause($whitelisted_ips = null) {
277
  if ($whitelisted_ips === null) {
278
- $whitelisted_ips = wordfence::getLog()->getWhitelistedIPs();
279
  }
280
  if (!is_array($whitelisted_ips)) {
281
  return false;
282
  }
283
 
284
  $where = '';
285
- /** @var array|wfUserIPRange|string $ip_range */
286
  foreach ($whitelisted_ips as $ip_range) {
287
- if (is_array($ip_range) && count($ip_range) == 2) {
288
- $where .= $this->db->prepare('IP BETWEEN %s AND %s', $ip_range[0], $ip_range[1]) . ' OR ';
289
- } elseif (is_a($ip_range, 'wfUserIPRange')) {
290
- $where .= $ip_range->toSQL('IP') . ' OR ';
291
- } elseif (is_string($ip_range) || is_numeric($ip_range)) {
292
- $where .= $this->db->prepare('IP = %s', $ip_range) . ' OR ';
293
  }
 
 
294
  }
295
  if ($where) {
296
  // remove the extra ' OR '
267
  }
268
 
269
  /**
270
+ * Generate SQL from the whitelist. Uses the return format from wfUtils::getIPWhitelist
271
  *
272
+ * @see wfUtils::getIPWhitelist
273
  * @param array $whitelisted_ips
274
  * @return string
275
  */
276
  public function getBlockedIPWhitelistWhereClause($whitelisted_ips = null) {
277
  if ($whitelisted_ips === null) {
278
+ $whitelisted_ips = wfUtils::getIPWhitelist();
279
  }
280
  if (!is_array($whitelisted_ips)) {
281
  return false;
282
  }
283
 
284
  $where = '';
285
+
286
  foreach ($whitelisted_ips as $ip_range) {
287
+ if (!is_a($ip_range, 'wfUserIPRange')) {
288
+ $ip_range = wfUtils::CIDR2wfUserIPRange($ip_range);
 
 
 
 
289
  }
290
+
291
+ $where .= $ip_range->toSQL('IP') . ' OR ';
292
  }
293
  if ($where) {
294
  // remove the extra ' OR '
lib/wfIPWhitelist.php ADDED
@@ -0,0 +1,220 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Addresses should be in human readable format as a single IP (e.g. 1.2.3.4) or CIDR (e.g. 1.2.3.4/32)
4
+ */
5
+ $wfIPWhitelist = array(
6
+ 'private' => array(
7
+ //We've modified this and removed some addresses which may be routable on the Net and cause auto-whitelisting.
8
+ //'0.0.0.0/8', #Broadcast addr
9
+ '10.0.0.0/8', #Private addrs
10
+ //'100.64.0.0/10', #carrier-grade-nat for comms between ISP and subscribers
11
+ '127.0.0.0/8', #loopback
12
+ //'169.254.0.0/16', #link-local when DHCP fails e.g. os x
13
+ '172.16.0.0/12', #private addrs
14
+ '192.0.0.0/29', #used for NAT with IPv6, so basically a private addr
15
+ //'192.0.2.0/24', #Only for use in docs and examples, not for public use
16
+ //'192.88.99.0/24', #Used by 6to4 anycast relays
17
+ '192.168.0.0/16', #Used for local communications within a private network
18
+ //'198.18.0.0/15', #Used for testing of inter-network communications between two separate subnets
19
+ //'198.51.100.0/24', #Assigned as "TEST-NET-2" in RFC 5737 for use solely in documentation and example source code and should not be used publicly.
20
+ //'203.0.113.0/24', #Assigned as "TEST-NET-3" in RFC 5737 for use solely in documentation and example source code and should not be used publicly.
21
+ //'224.0.0.0/4', #Reserved for multicast assignments as specified in RFC 5771
22
+ //'240.0.0.0/4', #Reserved for future use, as specified by RFC 6890
23
+ //'255.255.255.255/32', #Reserved for the "limited broadcast" destination address, as specified by RFC 6890
24
+ ),
25
+ 'wordfence' => array(
26
+ // 69.46.36.1 - 69.46.36.32
27
+ '69.46.36.1/32',
28
+ '69.46.36.2/31',
29
+ '69.46.36.4/30',
30
+ '69.46.36.8/29',
31
+ '69.46.36.16/28',
32
+ '69.46.36.32/32',
33
+ ),
34
+ 'sucuri' => array(
35
+ '97.74.127.171',
36
+ '69.164.203.172',
37
+ '173.230.128.135',
38
+ '66.228.34.49',
39
+ '66.228.40.185',
40
+ '50.116.36.92',
41
+ '50.116.36.93',
42
+ '50.116.3.171',
43
+ '198.58.96.212',
44
+ '50.116.63.221',
45
+ '192.155.92.112',
46
+ '192.81.128.31',
47
+ '198.58.106.244',
48
+ '192.155.95.139',
49
+ '23.239.9.227',
50
+ '198.58.112.103',
51
+ '192.155.94.43',
52
+ '162.216.16.33',
53
+ '173.255.233.124',
54
+ '173.255.233.124',
55
+ '192.155.90.179',
56
+ '50.116.41.217',
57
+ '192.81.129.227',
58
+ '198.58.111.80',
59
+ '162.216.19.183',
60
+ ),
61
+ 'facebook' => array(
62
+ '204.15.20.0/22',
63
+ '69.63.176.0/20',
64
+ '66.220.144.0/20',
65
+ '66.220.144.0/21',
66
+ '69.63.184.0/21',
67
+ '69.63.176.0/21',
68
+ '74.119.76.0/22',
69
+ '69.171.255.0/24',
70
+ '173.252.64.0/18',
71
+ '69.171.224.0/19',
72
+ '69.171.224.0/20',
73
+ '103.4.96.0/22',
74
+ '69.63.176.0/24',
75
+ '173.252.64.0/19',
76
+ '173.252.70.0/24',
77
+ '31.13.64.0/18',
78
+ '31.13.24.0/21',
79
+ '66.220.152.0/21',
80
+ '66.220.159.0/24',
81
+ '69.171.239.0/24',
82
+ '69.171.240.0/20',
83
+ '31.13.64.0/19',
84
+ '31.13.64.0/24',
85
+ '31.13.65.0/24',
86
+ '31.13.67.0/24',
87
+ '31.13.68.0/24',
88
+ '31.13.69.0/24',
89
+ '31.13.70.0/24',
90
+ '31.13.71.0/24',
91
+ '31.13.72.0/24',
92
+ '31.13.73.0/24',
93
+ '31.13.74.0/24',
94
+ '31.13.75.0/24',
95
+ '31.13.76.0/24',
96
+ '31.13.77.0/24',
97
+ '31.13.96.0/19',
98
+ '31.13.66.0/24',
99
+ '173.252.96.0/19',
100
+ '69.63.178.0/24',
101
+ '31.13.78.0/24',
102
+ '31.13.79.0/24',
103
+ '31.13.80.0/24',
104
+ '31.13.82.0/24',
105
+ '31.13.83.0/24',
106
+ '31.13.84.0/24',
107
+ '31.13.85.0/24',
108
+ '31.13.86.0/24',
109
+ '31.13.87.0/24',
110
+ '31.13.88.0/24',
111
+ '31.13.89.0/24',
112
+ '31.13.90.0/24',
113
+ '31.13.91.0/24',
114
+ '31.13.92.0/24',
115
+ '31.13.93.0/24',
116
+ '31.13.94.0/24',
117
+ '31.13.95.0/24',
118
+ '69.171.253.0/24',
119
+ '69.63.186.0/24',
120
+ '31.13.81.0/24',
121
+ '179.60.192.0/22',
122
+ '179.60.192.0/24',
123
+ '179.60.193.0/24',
124
+ '179.60.194.0/24',
125
+ '179.60.195.0/24',
126
+ '185.60.216.0/22',
127
+ '45.64.40.0/22',
128
+ '185.60.216.0/24',
129
+ '185.60.217.0/24',
130
+ '185.60.218.0/24',
131
+ '185.60.219.0/24',
132
+ '129.134.0.0/16',
133
+ '157.240.0.0/16',
134
+ '204.15.20.0/22',
135
+ '69.63.176.0/20',
136
+ '69.63.176.0/21',
137
+ '69.63.184.0/21',
138
+ '66.220.144.0/20',
139
+ '69.63.176.0/20',
140
+ '2620:0:1c00::/40',
141
+ '2a03:2880::/32',
142
+ '2a03:2880:fffe::/48',
143
+ '2a03:2880:ffff::/48',
144
+ '2620:0:1cff::/48',
145
+ '2a03:2880:f000::/48',
146
+ '2a03:2880:f001::/48',
147
+ '2a03:2880:f002::/48',
148
+ '2a03:2880:f003::/48',
149
+ '2a03:2880:f004::/48',
150
+ '2a03:2880:f005::/48',
151
+ '2a03:2880:f006::/48',
152
+ '2a03:2880:f007::/48',
153
+ '2a03:2880:f008::/48',
154
+ '2a03:2880:f009::/48',
155
+ '2a03:2880:f00a::/48',
156
+ '2a03:2880:f00b::/48',
157
+ '2a03:2880:f00c::/48',
158
+ '2a03:2880:f00d::/48',
159
+ '2a03:2880:f00e::/48',
160
+ '2a03:2880:f00f::/48',
161
+ '2a03:2880:f010::/48',
162
+ '2a03:2880:f011::/48',
163
+ '2a03:2880:f012::/48',
164
+ '2a03:2880:f013::/48',
165
+ '2a03:2880:f014::/48',
166
+ '2a03:2880:f015::/48',
167
+ '2a03:2880:f016::/48',
168
+ '2a03:2880:f017::/48',
169
+ '2a03:2880:f018::/48',
170
+ '2a03:2880:f019::/48',
171
+ '2a03:2880:f01a::/48',
172
+ '2a03:2880:f01b::/48',
173
+ '2a03:2880:f01c::/48',
174
+ '2a03:2880:f01d::/48',
175
+ '2a03:2880:f01e::/48',
176
+ '2a03:2880:f01f::/48',
177
+ '2a03:2880:1000::/36',
178
+ '2a03:2880:2000::/36',
179
+ '2a03:2880:3000::/36',
180
+ '2a03:2880:4000::/36',
181
+ '2a03:2880:5000::/36',
182
+ '2a03:2880:6000::/36',
183
+ '2a03:2880:7000::/36',
184
+ '2a03:2880:f020::/48',
185
+ '2a03:2880:f021::/48',
186
+ '2a03:2880:f022::/48',
187
+ '2a03:2880:f023::/48',
188
+ '2a03:2880:f024::/48',
189
+ '2a03:2880:f025::/48',
190
+ '2a03:2880:f026::/48',
191
+ '2a03:2880:f027::/48',
192
+ '2a03:2880:f028::/48',
193
+ '2a03:2880:f029::/48',
194
+ '2a03:2880:f02a::/48',
195
+ '2a03:2880:f02b::/48',
196
+ '2a03:2880:f02c::/48',
197
+ '2a03:2880:f02d::/48',
198
+ '2a03:2880:f02e::/48',
199
+ '2a03:2880:f02f::/48',
200
+ '2a03:2880:f030::/48',
201
+ '2a03:2880:f031::/48',
202
+ '2a03:2880:f032::/48',
203
+ '2a03:2880:f033::/48',
204
+ '2a03:2880:f034::/48',
205
+ '2a03:2880:f035::/48',
206
+ '2a03:2880:f036::/48',
207
+ '2a03:2880:f037::/48',
208
+ '2a03:2880:f038::/48',
209
+ '2a03:2880:f039::/48',
210
+ '2a03:2880:f03a::/48',
211
+ '2a03:2880:f03b::/48',
212
+ '2a03:2880:f03c::/48',
213
+ '2a03:2880:f03d::/48',
214
+ '2a03:2880:f03e::/48',
215
+ '2a03:2880:f03f::/48',
216
+ '2401:db00::/32',
217
+ '2a03:2880::/36',
218
+ '2803:6080::/32',
219
+ ),
220
+ );
lib/wfLog.php CHANGED
@@ -169,70 +169,17 @@ class wfLog {
169
  * @return bool
170
  */
171
  public function isWhitelisted($IP) {
172
- $wfIPBlock = new wfUserIPRange('69.46.36.[1-32]');
173
- if ($wfIPBlock->isIPInRange($IP)) { //IP is in Wordfence's IP block which would prevent our scanning server manually kicking off scans that are stuck
174
- return true;
175
- }
176
- //We now whitelist all private addrs
177
- if (wfUtils::isPrivateAddress($IP)) {
178
- return true;
179
- }
180
- //These belong to sucuri's scanning servers which will get blocked by Wordfence as a false positive if you try a scan. So we whitelisted them.
181
- $externalWhite = array('97.74.127.171', '69.164.203.172', '173.230.128.135', '66.228.34.49', '66.228.40.185', '50.116.36.92', '50.116.36.93', '50.116.3.171', '198.58.96.212', '50.116.63.221', '192.155.92.112', '192.81.128.31', '198.58.106.244', '192.155.95.139', '23.239.9.227', '198.58.112.103', '192.155.94.43', '162.216.16.33', '173.255.233.124', '173.255.233.124', '192.155.90.179', '50.116.41.217', '192.81.129.227', '198.58.111.80', '162.216.19.183');
182
- if (in_array($IP, $externalWhite)) {
183
- return true;
184
- }
185
- $list = wfConfig::get('whitelisted');
186
- if (!$list) {
187
- return false;
188
- }
189
- $list = explode(',', $list);
190
- if (sizeof($list) < 1) {
191
- return false;
192
- }
193
- foreach ($list as $whiteIP) {
194
- $white_ip_block = new wfUserIPRange($whiteIP);
195
- if ($white_ip_block->isIPInRange($IP)) {
196
  return true;
197
  }
198
  }
199
- return false;
200
- }
201
-
202
- /**
203
- * Get an array of static IPs, tuple for a numeric IP range, or a wfUserIPRange object to define and test a range
204
- * like [127-128].0.0.[1-40]
205
- *
206
- * @see wfUserIPRange
207
- * @param null $user_whitelisted
208
- * @return array
209
- */
210
- public function getWhitelistedIPs($user_whitelisted = null) {
211
- $white_listed_ips = array();
212
- // Wordfence's IP block which would prevent our scanning server manually kicking off scans that are stuck
213
- $white_listed_ips[] = array(1160651777, 1160651808);
214
-
215
- // Private range
216
- $private_range = wfUtils::getPrivateAddrs();
217
- foreach ($private_range as $ip_range) {
218
- $white_listed_ips[] = array($ip_range[1], $ip_range[2]);
219
- }
220
-
221
- // These belong to sucuri's scanning servers which will get blocked by Wordfence as a false positive if you try a scan. So we whitelisted them.
222
- $white_listed_ips = array_merge($white_listed_ips, array_map(array('wfUtils', 'inet_pton'), array('97.74.127.171', '69.164.203.172', '173.230.128.135', '66.228.34.49', '66.228.40.185', '50.116.36.92', '50.116.36.93', '50.116.3.171', '198.58.96.212', '50.116.63.221', '192.155.92.112', '192.81.128.31', '198.58.106.244', '192.155.95.139', '23.239.9.227', '198.58.112.103', '192.155.94.43', '162.216.16.33', '173.255.233.124', '173.255.233.124', '192.155.90.179', '50.116.41.217', '192.81.129.227', '198.58.111.80', '162.216.19.183')));
223
-
224
- if ($user_whitelisted === null) {
225
- $user_whitelisted = wfConfig::get('whitelisted');
226
- }
227
-
228
- if ($user_whitelisted) {
229
- $user_whitelisted = explode(',', $user_whitelisted);
230
- foreach ($user_whitelisted as $whiteIP) {
231
- $white_listed_ips[] = new wfUserIPRange($whiteIP);
232
- }
233
- }
234
 
235
- return $white_listed_ips;
236
  }
237
 
238
  public function unblockAllIPs(){
169
  * @return bool
170
  */
171
  public function isWhitelisted($IP) {
172
+ foreach (wfUtils::getIPWhitelist() as $subnet) {
173
+ if ($subnet instanceof wfUserIPRange) {
174
+ if ($subnet->isIPInRange($IP)) {
175
+ return true;
176
+ }
177
+ } elseif (wfUtils::subnetContainsIP($subnet, $IP)) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
178
  return true;
179
  }
180
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
181
 
182
+ return false;
183
  }
184
 
185
  public function unblockAllIPs(){
lib/wfUtils.php CHANGED
@@ -2,25 +2,6 @@
2
  require_once('wfConfig.php');
3
  require_once('wfCountryMap.php');
4
  class wfUtils {
5
- #We've modified this and removed some addresses which may be routable on the Net and cause auto-whitelisting.
6
- private static $privateAddrs = array(
7
- //array('0.0.0.0/8',0,16777215), #Broadcast addr
8
- array('10.0.0.0/8',167772160,184549375), #Private addrs
9
- //array('100.64.0.0/10',1681915904,1686110207), #carrier-grade-nat for comms between ISP and subscribers
10
- array('127.0.0.0/8',2130706432,2147483647), #loopback
11
- //array('169.254.0.0/16',2851995648,2852061183), #link-local when DHCP fails e.g. os x
12
- array('172.16.0.0/12',2886729728,2887778303), #private addrs
13
- array('192.0.0.0/29',3221225472,3221225479), #used for NAT with IPv6, so basically a private addr
14
- //array('192.0.2.0/24',3221225984,3221226239), #Only for use in docs and examples, not for public use
15
- //array('192.88.99.0/24',3227017984,3227018239), #Used by 6to4 anycast relays
16
- array('192.168.0.0/16',3232235520,3232301055), #Used for local communications within a private network
17
- //array('198.18.0.0/15',3323068416,3323199487), #Used for testing of inter-network communications between two separate subnets
18
- //array('198.51.100.0/24',3325256704,3325256959), #Assigned as "TEST-NET-2" in RFC 5737 for use solely in documentation and example source code and should not be used publicly.
19
- //array('203.0.113.0/24',3405803776,3405804031), #Assigned as "TEST-NET-3" in RFC 5737 for use solely in documentation and example source code and should not be used publicly.
20
- //array('224.0.0.0/4',3758096384,4026531839), #Reserved for multicast assignments as specified in RFC 5771
21
- //array('240.0.0.0/4',4026531840,4294967295), #Reserved for future use, as specified by RFC 6890
22
- //array('255.255.255.255/32',4294967295,4294967295) #Reserved for the "limited broadcast" destination address, as specified by RFC 6890
23
- );
24
  private static $isWindows = false;
25
  public static $scanLockFH = false;
26
  private static $lastErrorReporting = false;
@@ -83,6 +64,124 @@ class wfUtils {
83
  return round($bytes, $precision) . ' ' . $units[$pow];
84
  }
85
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
86
  /**
87
  * Return dot notation of IPv4 address.
88
  *
@@ -266,6 +365,40 @@ class wfUtils {
266
  return rand(11,230) . '.' . rand(0,255) . '.' . rand(0,255) . '.' . rand(0,255);
267
  }
268
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
269
  /**
270
  * @param string $addr Should be in dot or colon notation (127.0.0.1 or ::1)
271
  * @return bool
@@ -273,9 +406,8 @@ class wfUtils {
273
  public static function isPrivateAddress($addr) {
274
  // Run this through the preset list for IPv4 addresses.
275
  if (filter_var($addr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) !== false) {
276
- $num = self::inet_aton($addr);
277
- foreach (self::$privateAddrs as $a) {
278
- if ($num >= $a[1] && $num <= $a[2]) {
279
  return true;
280
  }
281
  }
@@ -901,13 +1033,6 @@ class wfUtils {
901
  }
902
  }
903
 
904
- /**
905
- * @return array
906
- */
907
- public static function getPrivateAddrs() {
908
- return self::$privateAddrs;
909
- }
910
-
911
  /**
912
  * @param string $host
913
  * @return array
2
  require_once('wfConfig.php');
3
  require_once('wfCountryMap.php');
4
  class wfUtils {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
5
  private static $isWindows = false;
6
  public static $scanLockFH = false;
7
  private static $lastErrorReporting = false;
64
  return round($bytes, $precision) . ' ' . $units[$pow];
65
  }
66
 
67
+ /**
68
+ * Check if an IP address is in a network block
69
+ *
70
+ * @param string $subnet Single IP or subnet in CIDR notation (e.g. '192.168.100.0' or '192.168.100.0/22')
71
+ * @param string $ip IPv4 or IPv6 address in dot or colon notation
72
+ * @return boolean
73
+ */
74
+ public static function subnetContainsIP($subnet, $ip) {
75
+ list($network, $prefix) = array_pad(explode('/', $subnet, 2), 2, null);
76
+
77
+ if (filter_var($network, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
78
+ // If no prefix was supplied, 32 is implied for IPv4
79
+ if ($prefix === null) {
80
+ $prefix = 32;
81
+ }
82
+
83
+ // Validate the IPv4 network prefix
84
+ if ($prefix < 0 || $prefix > 32) {
85
+ return false;
86
+ }
87
+
88
+ // Increase the IPv4 network prefix to work in the IPv6 address space
89
+ $prefix += 96;
90
+ } else {
91
+ // If no prefix was supplied, 128 is implied for IPv6
92
+ if ($prefix === null) {
93
+ $prefix = 128;
94
+ }
95
+
96
+ // Validate the IPv6 network prefix
97
+ if ($prefix < 1 || $prefix > 128) {
98
+ return false;
99
+ }
100
+ }
101
+
102
+ // Convert human readable addresses to 128 bit (IPv6) binary strings
103
+ // Note: self::inet_pton converts IPv4 addresses to IPv6 compatible versions
104
+ $binary_network = str_pad(wfHelperBin::bin2str(self::inet_pton($network)), 128, '0', STR_PAD_LEFT);
105
+ $binary_ip = str_pad(wfHelperBin::bin2str(self::inet_pton($ip)), 128, '0', STR_PAD_LEFT);
106
+
107
+ return 0 === substr_compare($binary_ip, $binary_network, 0, $prefix);
108
+ }
109
+
110
+ /**
111
+ * Convert CIDR notation to a wfUserIPRange object
112
+ *
113
+ * @param string $cidr
114
+ * @return wfUserIPRange
115
+ */
116
+ public static function CIDR2wfUserIPRange($cidr) {
117
+ list($network, $prefix) = array_pad(explode('/', $cidr, 2), 2, null);
118
+ $ip_range = new wfUserIPRange();
119
+
120
+ if (filter_var($network, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
121
+ // If no prefix was supplied, 32 is implied for IPv4
122
+ if ($prefix === null) {
123
+ $prefix = 32;
124
+ }
125
+
126
+ // Validate the IPv4 network prefix
127
+ if ($prefix < 0 || $prefix > 32) {
128
+ return $ip_range;
129
+ }
130
+
131
+ // Increase the IPv4 network prefix to work in the IPv6 address space
132
+ $prefix += 96;
133
+ } else {
134
+ // If no prefix was supplied, 128 is implied for IPv6
135
+ if ($prefix === null) {
136
+ $prefix = 128;
137
+ }
138
+
139
+ // Validate the IPv6 network prefix
140
+ if ($prefix < 1 || $prefix > 128) {
141
+ return $ip_range;
142
+ }
143
+ }
144
+
145
+ // Convert human readable address to 128 bit (IPv6) binary string
146
+ // Note: self::inet_pton converts IPv4 addresses to IPv6 compatible versions
147
+ $binary_network = self::inet_pton($network);
148
+ $binary_mask = wfHelperBin::str2bin(str_pad(str_repeat('1', $prefix), 128, '0', STR_PAD_RIGHT));
149
+
150
+ // Calculate first and last address
151
+ $binary_first = $binary_network & $binary_mask;
152
+ $binary_last = $binary_network | ~ $binary_mask;
153
+
154
+ // Convert binary addresses back to human readable strings
155
+ $first = self::inet_ntop($binary_first);
156
+ $last = self::inet_ntop($binary_last);
157
+
158
+ // Split addresses into segments
159
+ $first_array = preg_split('/[\.\:]/', $first);
160
+ $last_array = preg_split('/[\.\:]/', $last);
161
+
162
+ // Make sure arrays are the same size. IPv6 '::' could cause problems otherwise.
163
+ // The strlen filter should leave zeros in place
164
+ $first_array = array_pad(array_filter($first_array, 'strlen'), count($last_array), '0');
165
+
166
+ $range_segments = array();
167
+
168
+ foreach ($first_array as $index => $segment) {
169
+ if ($segment === $last_array[$index]) {
170
+ $range_segments[] = $segment;
171
+ } else if ($segment === '' || $last_array[$index] === '') {
172
+ $range_segments[] = '';
173
+ } else {
174
+ $range_segments[] = "[{$segment}-{$last_array[$index]}]";
175
+ }
176
+ }
177
+
178
+ $delimiter = filter_var($network, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) ? '.' : ':';
179
+
180
+ $ip_range->setIPString(implode($delimiter, $range_segments));
181
+
182
+ return $ip_range;
183
+ }
184
+
185
  /**
186
  * Return dot notation of IPv4 address.
187
  *
365
  return rand(11,230) . '.' . rand(0,255) . '.' . rand(0,255) . '.' . rand(0,255);
366
  }
367
 
368
+ /**
369
+ * Get the list of whitelisted IPs and networks
370
+ *
371
+ * Results may include wfUserIPRange objects for now. Ideally everything would be in CIDR notation.
372
+ *
373
+ * @param string $filter Group name to filter whitelist by
374
+ * @return array
375
+ */
376
+ public static function getIPWhitelist($filter = null) {
377
+ static $wfIPWhitelist;
378
+
379
+ if (!isset($wfIPWhitelist)) {
380
+ include('wfIPWhitelist.php');
381
+
382
+ // Memoize user defined whitelist IPs and ranges
383
+ // TODO: Convert everything to CIDR
384
+ $wfIPWhitelist['user'] = array();
385
+
386
+ foreach (array_filter(explode(',', wfConfig::get('whitelisted'))) as $ip) {
387
+ $wfIPWhitelist['user'][] = new wfUserIPRange($ip);
388
+ }
389
+ }
390
+
391
+ $whitelist = array();
392
+
393
+ foreach ($wfIPWhitelist as $group => $values) {
394
+ if ($filter === null || $group === $filter) {
395
+ $whitelist = array_merge($whitelist, $values);
396
+ }
397
+ }
398
+
399
+ return $whitelist;
400
+ }
401
+
402
  /**
403
  * @param string $addr Should be in dot or colon notation (127.0.0.1 or ::1)
404
  * @return bool
406
  public static function isPrivateAddress($addr) {
407
  // Run this through the preset list for IPv4 addresses.
408
  if (filter_var($addr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) !== false) {
409
+ foreach (self::getIPWhitelist('private') as $a) {
410
+ if (self::subnetContainsIP($a, $addr)) {
 
411
  return true;
412
  }
413
  }
1033
  }
1034
  }
1035
 
 
 
 
 
 
 
 
1036
  /**
1037
  * @param string $host
1038
  * @return array
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: mmaunder
3
  Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching, IPv6, IP version 6
4
  Requires at least: 3.9
5
  Tested up to: 4.4.1
6
- Stable tag: 6.0.23
7
 
8
  The Wordfence WordPress security plugin provides free enterprise-class WordPress security, protecting your website from hacks and malware.
9
  == Description ==
@@ -190,6 +190,12 @@ Designed for every skill level, [The WordPress Security Learning Center](https:/
190
 
191
  == Changelog ==
192
 
 
 
 
 
 
 
193
  = 6.0.23 =
194
  * Improvement: Updated local GeoIP database.
195
  * Improvement: Updated local browser data cache to support newer browsers and user-agents.
3
  Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching, IPv6, IP version 6
4
  Requires at least: 3.9
5
  Tested up to: 4.4.1
6
+ Stable tag: 6.0.24
7
 
8
  The Wordfence WordPress security plugin provides free enterprise-class WordPress security, protecting your website from hacks and malware.
9
  == Description ==
190
 
191
  == Changelog ==
192
 
193
+ = 6.0.24 =
194
+ * Enhancement: Added automatic whitelisting for Facebook crawlers.
195
+ * Improvement: Added styling to premium callouts.
196
+ * Improvement: Updated local GeoIP database.
197
+ * Improvement: Updated local browser data cache to support newer browsers and user-agents.
198
+
199
  = 6.0.23 =
200
  * Improvement: Updated local GeoIP database.
201
  * Improvement: Updated local browser data cache to support newer browsers and user-agents.
wordfence.php CHANGED
@@ -4,13 +4,13 @@ Plugin Name: Wordfence Security
4
  Plugin URI: http://www.wordfence.com/
5
  Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
6
  Author: Wordfence
7
- Version: 6.0.23
8
  Author URI: http://www.wordfence.com/
9
  */
10
  if(defined('WP_INSTALLING') && WP_INSTALLING){
11
  return;
12
  }
13
- define('WORDFENCE_VERSION', '6.0.23');
14
  if(get_option('wordfenceActivated') != 1){
15
  add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
16
  }
4
  Plugin URI: http://www.wordfence.com/
5
  Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
6
  Author: Wordfence
7
+ Version: 6.0.24
8
  Author URI: http://www.wordfence.com/
9
  */
10
  if(defined('WP_INSTALLING') && WP_INSTALLING){
11
  return;
12
  }
13
+ define('WORDFENCE_VERSION', '6.0.24');
14
  if(get_option('wordfenceActivated') != 1){
15
  add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
16
  }