Wordfence Security – Firewall & Malware Scan - Version 6.0.9

Version Description

  • Fix: Fixed bug in Live Traffic where v5 style blocked ranges generated PHP warning breaking the JSON response.
  • Fix: Fixed invalid date bug in Live Traffic: Top Consumers and Top 404s.
  • Fix: Fixed edge case bug with author=N scans redirecting to author archives page.
Download this release

Release Info

Developer wfmatt
Plugin Icon 128x128 Wordfence Security – Firewall & Malware Scan
Version 6.0.9
Comparing to
See all releases

Code changes from version 6.0.8 to 6.0.9

lib/menu_activity.php CHANGED
@@ -88,7 +88,7 @@
88
<span class="wfReverseLookup"><span style="display:none;">${elem.IP}</span></span>
89
</div>
90
<div>
91
- <span class="wfTimeAgo wfTimeAgo-timestamp">Last hit was ${elem.timeAgo} ago.</span>
92
</div>
93
</td>
94
<td style="font-size: 28px; color: #999;">
88
<span class="wfReverseLookup"><span style="display:none;">${elem.IP}</span></span>
89
</div>
90
<div>
91
+ <span class="wfTimeAgo wfTimeAgo-timestamp" data-timestamp="${elem.timestamp}">Last hit was ${elem.timeAgo} ago.</span>
92
</div>
93
</td>
94
<td style="font-size: 28px; color: #999;">
lib/wfLog.php CHANGED
@@ -459,11 +459,10 @@ class wfLog {
459
wordfence::status(1, 'error', "Invalid type to getLeechers(): $type");
460
return false;
461
}
462
- $results = $this->getDB()->querySelect("select IP, sum(hits) as totalHits from $table where eMin > ((unix_timestamp() - 86400) / 60) group by IP order by totalHits desc limit 20");
463
$this->resolveIPs($results);
464
foreach($results as &$elem){
465
- $elem['timestamp'] = $this->getDB()->querySingle("select unix_timestamp() - (eMin * 60) from $table where IP=%s", $elem['IP']);
466
- $elem['timeAgo'] = wfUtils::makeTimeAgo($elem['timestamp']);
467
$elem['blocked'] = $this->getDB()->querySingle("select blockedTime from " . $this->blocksTable . " where IP=%s and ((blockedTime + %s > unix_timestamp()) OR permanent = 1)", $elem['IP'], wfConfig::get('blockedTime'));
468
//take action
469
$elem['IP'] = wfUtils::inet_ntop($elem['IP']);
@@ -578,6 +577,11 @@ class wfLog {
578
list($blocked_range) = explode('|', $advanced_blocking_row['blockString']);
579
$blocked_range = explode('-', $blocked_range);
580
if (count($blocked_range) == 2) {
581
$advanced_blocking[] = array(wfUtils::inet_pton($blocked_range[0]), wfUtils::inet_pton($blocked_range[1]), $advanced_blocking_row['id']);
582
}
583
}
459
wordfence::status(1, 'error', "Invalid type to getLeechers(): $type");
460
return false;
461
}
462
+ $results = $this->getDB()->querySelect("select IP, sum(hits) as totalHits, eMin * 60 as timestamp, (UNIX_TIMESTAMP() - (eMin * 60)) as timeAgo from $table where eMin > ((unix_timestamp() - 86400) / 60) group by IP order by totalHits desc limit 20");
463
$this->resolveIPs($results);
464
foreach($results as &$elem){
465
+ $elem['timeAgo'] = wfUtils::makeTimeAgo($elem['timeAgo']);
466
$elem['blocked'] = $this->getDB()->querySingle("select blockedTime from " . $this->blocksTable . " where IP=%s and ((blockedTime + %s > unix_timestamp()) OR permanent = 1)", $elem['IP'], wfConfig::get('blockedTime'));
467
//take action
468
$elem['IP'] = wfUtils::inet_ntop($elem['IP']);
577
list($blocked_range) = explode('|', $advanced_blocking_row['blockString']);
578
$blocked_range = explode('-', $blocked_range);
579
if (count($blocked_range) == 2) {
580
+ // Still using v5 32 bit int style format.
581
+ if (!preg_match('/[\.:]/', $blocked_range[0])) {
582
+ $blocked_range[0] = long2ip($blocked_range[0]);
583
+ $blocked_range[1] = long2ip($blocked_range[1]);
584
+ }
585
$advanced_blocking[] = array(wfUtils::inet_pton($blocked_range[0]), wfUtils::inet_pton($blocked_range[1]), $advanced_blocking_row['id']);
586
}
587
}
lib/wordfenceClass.php CHANGED
@@ -486,7 +486,7 @@ class wordfence {
486
add_action('wordfence_hourly_cron', 'wordfence::hourlyCron');
487
add_action('plugins_loaded', 'wordfence::veryFirstAction');
488
add_action('init', 'wordfence::initAction');
489
- add_action('template_redirect', 'wordfence::templateRedir');
490
add_action('shutdown', 'wordfence::shutdownAction');
491
492
if(version_compare(PHP_VERSION, '5.4.0') >= 0){
@@ -2615,6 +2615,7 @@ class wordfence {
2615
// prevent /?author=N scans from disclosing usernames.
2616
if (wfConfig::get('loginSec_disableAuthorScan') && is_author() && !empty($_GET['author']) && is_numeric($_GET['author'])) {
2617
wp_redirect(home_url());
2618
}
2619
2620
$wfFunc = get_query_var('_wfsf');
486
add_action('wordfence_hourly_cron', 'wordfence::hourlyCron');
487
add_action('plugins_loaded', 'wordfence::veryFirstAction');
488
add_action('init', 'wordfence::initAction');
489
+ add_action('template_redirect', 'wordfence::templateRedir', 0);
490
add_action('shutdown', 'wordfence::shutdownAction');
491
492
if(version_compare(PHP_VERSION, '5.4.0') >= 0){
2615
// prevent /?author=N scans from disclosing usernames.
2616
if (wfConfig::get('loginSec_disableAuthorScan') && is_author() && !empty($_GET['author']) && is_numeric($_GET['author'])) {
2617
wp_redirect(home_url());
2618
+ exit;
2619
}
2620
2621
$wfFunc = get_query_var('_wfsf');
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: mmaunder
3
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching, IPv6, IP version 6
4
Requires at least: 3.9
5
Tested up to: 4.2.2
6
- Stable tag: 6.0.8
7
8
Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
9
@@ -172,6 +172,11 @@ fully compatible with both IPv4 and IPv6 whether you run both or only one addres
172
173
== Changelog ==
174
175
= 6.0.8 =
176
* Improvement: Added the local time stamp to 'time since' labels in Live Traffic and Blocked IPs pages.
177
* Improvement: Added a check to prompt the admin to download a backup copy of the wp-config.php in the event it's flagged as containing malware.
3
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching, IPv6, IP version 6
4
Requires at least: 3.9
5
Tested up to: 4.2.2
6
+ Stable tag: 6.0.9
7
8
Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
9
172
173
== Changelog ==
174
175
+ = 6.0.9 =
176
+ * Fix: Fixed bug in Live Traffic where v5 style blocked ranges generated PHP warning breaking the JSON response.
177
+ * Fix: Fixed invalid date bug in Live Traffic: Top Consumers and Top 404s.
178
+ * Fix: Fixed edge case bug with author=N scans redirecting to author archives page.
179
+
180
= 6.0.8 =
181
* Improvement: Added the local time stamp to 'time since' labels in Live Traffic and Blocked IPs pages.
182
* Improvement: Added a check to prompt the admin to download a backup copy of the wp-config.php in the event it's flagged as containing malware.
wordfence.php CHANGED
@@ -4,13 +4,13 @@ Plugin Name: Wordfence Security
4
Plugin URI: http://www.wordfence.com/
5
Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
6
Author: Wordfence
7
- Version: 6.0.8
8
Author URI: http://www.wordfence.com/
9
*/
10
if(defined('WP_INSTALLING') && WP_INSTALLING){
11
return;
12
}
13
- define('WORDFENCE_VERSION', '6.0.8');
14
if(get_option('wordfenceActivated') != 1){
15
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
16
}
4
Plugin URI: http://www.wordfence.com/
5
Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
6
Author: Wordfence
7
+ Version: 6.0.9
8
Author URI: http://www.wordfence.com/
9
*/
10
if(defined('WP_INSTALLING') && WP_INSTALLING){
11
return;
12
}
13
+ define('WORDFENCE_VERSION', '6.0.9');
14
if(get_option('wordfenceActivated') != 1){
15
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
16
}