Version Description
- Fix: Fixed fatal error on sites running Wordfence 6.1.11 in subdirectory and 6.1.10 or lower in parent directory.
- Fix: Added a few common files to be excluded from unknown WordPress core file scan.
Download this release
Release Info
| Developer | wfmatt |
| Plugin |  Wordfence Security – Firewall & Malware Scan |
| Version | 6.1.12 |
| Comparing to | |
| See all releases | |
Code changes from version 6.1.11 to 6.1.12
- lib/menu_options.php +7 -0
- lib/wfConfig.php +1 -0
- lib/wordfenceClass.php +4 -2
- lib/wordfenceHash.php +13 -6
- lib/wordfenceScanner.php +1 -1
- readme.txt +5 -1
- wordfence.php +2 -2
lib/menu_options.php
CHANGED
|
@@ -464,6 +464,13 @@ $w = new wfConfig();
|
|
| 464 |
<td><input type="checkbox" id="scansEnabled_plugins" class="wfConfigElem"
|
| 465 |
name="scansEnabled_plugins" value="1" <?php $w->cb( 'scansEnabled_plugins' ); ?>/></td>
|
| 466 |
</tr>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 467 |
<tr>
|
| 468 |
<th>Scan for signatures of known malicious files<a
|
| 469 |
href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_signatures_of_known_malicious_files"
|
| 464 |
<td><input type="checkbox" id="scansEnabled_plugins" class="wfConfigElem"
|
| 465 |
name="scansEnabled_plugins" value="1" <?php $w->cb( 'scansEnabled_plugins' ); ?>/></td>
|
| 466 |
</tr>
|
| 467 |
+
<tr>
|
| 468 |
+
<th>Scan wp-admin and wp-includes for files not bundled with WordPress<a
|
| 469 |
+
href="http://docs.wordfence.com/en/Wordfence_options#Scan_wordpress_core_for_unknown_files"
|
| 470 |
+
target="_blank" class="wfhelp"></a></th>
|
| 471 |
+
<td><input type="checkbox" id="scansEnabled_coreUnknown" class="wfConfigElem"
|
| 472 |
+
name="scansEnabled_coreUnknown" value="1" <?php $w->cb( 'scansEnabled_coreUnknown' ); ?>/></td>
|
| 473 |
+
</tr>
|
| 474 |
<tr>
|
| 475 |
<th>Scan for signatures of known malicious files<a
|
| 476 |
href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_signatures_of_known_malicious_files"
|
lib/wfConfig.php
CHANGED
|
@@ -32,6 +32,7 @@ class wfConfig {
|
|
| 32 |
"scansEnabled_core" => true,
|
| 33 |
"scansEnabled_themes" => false,
|
| 34 |
"scansEnabled_plugins" => false,
|
|
|
|
| 35 |
"scansEnabled_malware" => true,
|
| 36 |
"scansEnabled_fileContents" => true,
|
| 37 |
"scansEnabled_posts" => true,
|
| 32 |
"scansEnabled_core" => true,
|
| 33 |
"scansEnabled_themes" => false,
|
| 34 |
"scansEnabled_plugins" => false,
|
| 35 |
+
"scansEnabled_coreUnknown" => true,
|
| 36 |
"scansEnabled_malware" => true,
|
| 37 |
"scansEnabled_fileContents" => true,
|
| 38 |
"scansEnabled_posts" => true,
|
lib/wordfenceClass.php
CHANGED
|
@@ -722,7 +722,7 @@ SQL
|
|
| 722 |
return $URL;
|
| 723 |
}
|
| 724 |
public static function enqueueAJAXWatcher() {
|
| 725 |
-
$wafDisabled = !WFWAF_ENABLED || wfWAFConfig::isDisabled();
|
| 726 |
if (wfUtils::isAdmin() && !$wafDisabled) {
|
| 727 |
wp_enqueue_style('wordfenceAJAXcss', wfUtils::getBaseURL() . 'css/wordfenceBox.css', '', WORDFENCE_VERSION);
|
| 728 |
wp_enqueue_script('wordfenceAJAXjs', wfUtils::getBaseURL() . 'js/admin.ajaxWatcher.js', array('jquery'), WORDFENCE_VERSION);
|
|
@@ -2717,7 +2717,9 @@ SQL
|
|
| 2717 |
foreach (self::$diagnosticParams as $param) {
|
| 2718 |
wfConfig::set($param, array_key_exists($param, $_POST) ? '1' : '0');
|
| 2719 |
}
|
| 2720 |
-
|
|
|
|
|
|
|
| 2721 |
return array('ok' => 1, 'reload' => false, 'paidKeyMsg' => '');
|
| 2722 |
}
|
| 2723 |
|
| 722 |
return $URL;
|
| 723 |
}
|
| 724 |
public static function enqueueAJAXWatcher() {
|
| 725 |
+
$wafDisabled = !WFWAF_ENABLED || (class_exists('wfWAFConfig') && wfWAFConfig::isDisabled());
|
| 726 |
if (wfUtils::isAdmin() && !$wafDisabled) {
|
| 727 |
wp_enqueue_style('wordfenceAJAXcss', wfUtils::getBaseURL() . 'css/wordfenceBox.css', '', WORDFENCE_VERSION);
|
| 728 |
wp_enqueue_script('wordfenceAJAXjs', wfUtils::getBaseURL() . 'js/admin.ajaxWatcher.js', array('jquery'), WORDFENCE_VERSION);
|
| 2717 |
foreach (self::$diagnosticParams as $param) {
|
| 2718 |
wfConfig::set($param, array_key_exists($param, $_POST) ? '1' : '0');
|
| 2719 |
}
|
| 2720 |
+
if (class_exists('wfWAFConfig')) {
|
| 2721 |
+
wfWAFConfig::set('betaThreatDefenseFeed', wfConfig::get('betaThreatDefenseFeed'));
|
| 2722 |
+
}
|
| 2723 |
return array('ok' => 1, 'reload' => false, 'paidKeyMsg' => '');
|
| 2724 |
}
|
| 2725 |
|
lib/wordfenceHash.php
CHANGED
|
@@ -17,6 +17,7 @@ class wordfenceHash {
|
|
| 17 |
private $pluginsEnabled = false;
|
| 18 |
private $themesEnabled = false;
|
| 19 |
private $malwareEnabled = false;
|
|
|
|
| 20 |
private $knownFiles = false;
|
| 21 |
private $malwareData = "";
|
| 22 |
private $haveIssues = array();
|
|
@@ -56,6 +57,10 @@ class wordfenceHash {
|
|
| 56 |
if(wfConfig::get('scansEnabled_malware')){
|
| 57 |
$this->malwareEnabled = true;
|
| 58 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
| 59 |
$this->db = new wfDB();
|
| 60 |
|
| 61 |
//Doing a delete for now. Later we can optimize this to only scan modified files.
|
|
@@ -104,9 +109,10 @@ class wordfenceHash {
|
|
| 104 |
if($this->themesEnabled){ $this->status['themes'] = wordfence::statusStart("Comparing open source themes against WordPress.org originals"); } else { wordfence::statusDisabled("Skipping theme scan"); }
|
| 105 |
if($this->pluginsEnabled){ $this->status['plugins'] = wordfence::statusStart("Comparing plugins against WordPress.org originals"); } else { wordfence::statusDisabled("Skipping plugin scan"); }
|
| 106 |
if($this->malwareEnabled){ $this->status['malware'] = wordfence::statusStart("Scanning for known malware files"); } else { wordfence::statusDisabled("Skipping malware scan"); }
|
|
|
|
| 107 |
}
|
| 108 |
public function __sleep(){
|
| 109 |
-
return array('striplen', 'totalFiles', 'totalDirs', 'totalData', 'linesOfPHP', 'linesOfJCH', 'stoppedOnFile', 'coreEnabled', 'pluginsEnabled', 'themesEnabled', 'malwareEnabled', 'knownFiles', 'malwareData', 'haveIssues', 'status', 'possibleMalware', 'path', 'only', 'totalForks', 'alertedOnUnknownWordPressVersion');
|
| 110 |
}
|
| 111 |
public function __wakeup(){
|
| 112 |
$this->db = new wfDB();
|
|
@@ -132,6 +138,7 @@ class wordfenceHash {
|
|
| 132 |
if($this->coreEnabled){ wordfence::statusEnd($this->status['core'], $this->haveIssues['core']); }
|
| 133 |
if($this->themesEnabled){ wordfence::statusEnd($this->status['themes'], $this->haveIssues['themes']); }
|
| 134 |
if($this->pluginsEnabled){ wordfence::statusEnd($this->status['plugins'], $this->haveIssues['plugins']); }
|
|
|
|
| 135 |
if(sizeof($this->possibleMalware) > 0){
|
| 136 |
$malwareResp = $engine->api->binCall('check_possible_malware', json_encode($this->possibleMalware));
|
| 137 |
if($malwareResp['code'] != 200){
|
|
@@ -239,10 +246,10 @@ class wordfenceHash {
|
|
| 239 |
|
| 240 |
if ($allowKnownFileScan)
|
| 241 |
{
|
| 242 |
-
if (!$this->alertedOnUnknownWordPressVersion && empty($this->knownFiles['core'])) {
|
| 243 |
require(ABSPATH . 'wp-includes/version.php'); //defines $wp_version
|
| 244 |
$this->alertedOnUnknownWordPressVersion = true;
|
| 245 |
-
$this->haveIssues['
|
| 246 |
$this->engine->addIssue(
|
| 247 |
'coreUnknown',
|
| 248 |
2,
|
|
@@ -365,11 +372,11 @@ class wordfenceHash {
|
|
| 365 |
|
| 366 |
}
|
| 367 |
}
|
| 368 |
-
else if (!$this->alertedOnUnknownWordPressVersion) { //Check for unknown files in system directories
|
| 369 |
-
$restrictedWordPressFolders = array(ABSPATH . 'wp-admin/', ABSPATH . '
|
| 370 |
foreach ($restrictedWordPressFolders as $path) {
|
| 371 |
if (strpos($realFile, $path) === 0) {
|
| 372 |
-
$this->haveIssues['
|
| 373 |
$this->engine->addIssue(
|
| 374 |
'file',
|
| 375 |
2,
|
| 17 |
private $pluginsEnabled = false;
|
| 18 |
private $themesEnabled = false;
|
| 19 |
private $malwareEnabled = false;
|
| 20 |
+
private $coreUnknownEnabled = false;
|
| 21 |
private $knownFiles = false;
|
| 22 |
private $malwareData = "";
|
| 23 |
private $haveIssues = array();
|
| 57 |
if(wfConfig::get('scansEnabled_malware')){
|
| 58 |
$this->malwareEnabled = true;
|
| 59 |
}
|
| 60 |
+
if(wfConfig::get('scansEnabled_coreUnknown')){
|
| 61 |
+
$this->coreUnknownEnabled = true;
|
| 62 |
+
}
|
| 63 |
+
|
| 64 |
$this->db = new wfDB();
|
| 65 |
|
| 66 |
//Doing a delete for now. Later we can optimize this to only scan modified files.
|
| 109 |
if($this->themesEnabled){ $this->status['themes'] = wordfence::statusStart("Comparing open source themes against WordPress.org originals"); } else { wordfence::statusDisabled("Skipping theme scan"); }
|
| 110 |
if($this->pluginsEnabled){ $this->status['plugins'] = wordfence::statusStart("Comparing plugins against WordPress.org originals"); } else { wordfence::statusDisabled("Skipping plugin scan"); }
|
| 111 |
if($this->malwareEnabled){ $this->status['malware'] = wordfence::statusStart("Scanning for known malware files"); } else { wordfence::statusDisabled("Skipping malware scan"); }
|
| 112 |
+
if($this->coreUnknownEnabled){ $this->status['coreUnknown'] = wordfence::statusStart("Scanning for unknown files in wp-admin and wp-includes"); } else { wordfence::statusDisabled("Skipping unknown core file scan"); }
|
| 113 |
}
|
| 114 |
public function __sleep(){
|
| 115 |
+
return array('striplen', 'totalFiles', 'totalDirs', 'totalData', 'linesOfPHP', 'linesOfJCH', 'stoppedOnFile', 'coreEnabled', 'pluginsEnabled', 'themesEnabled', 'malwareEnabled', 'coreUnknownEnabled', 'knownFiles', 'malwareData', 'haveIssues', 'status', 'possibleMalware', 'path', 'only', 'totalForks', 'alertedOnUnknownWordPressVersion');
|
| 116 |
}
|
| 117 |
public function __wakeup(){
|
| 118 |
$this->db = new wfDB();
|
| 138 |
if($this->coreEnabled){ wordfence::statusEnd($this->status['core'], $this->haveIssues['core']); }
|
| 139 |
if($this->themesEnabled){ wordfence::statusEnd($this->status['themes'], $this->haveIssues['themes']); }
|
| 140 |
if($this->pluginsEnabled){ wordfence::statusEnd($this->status['plugins'], $this->haveIssues['plugins']); }
|
| 141 |
+
if($this->coreUnknownEnabled){ wordfence::statusEnd($this->status['coreUnknown'], $this->haveIssues['coreUnknown']); }
|
| 142 |
if(sizeof($this->possibleMalware) > 0){
|
| 143 |
$malwareResp = $engine->api->binCall('check_possible_malware', json_encode($this->possibleMalware));
|
| 144 |
if($malwareResp['code'] != 200){
|
| 246 |
|
| 247 |
if ($allowKnownFileScan)
|
| 248 |
{
|
| 249 |
+
if ($this->coreUnknownEnabled && !$this->alertedOnUnknownWordPressVersion && empty($this->knownFiles['core'])) {
|
| 250 |
require(ABSPATH . 'wp-includes/version.php'); //defines $wp_version
|
| 251 |
$this->alertedOnUnknownWordPressVersion = true;
|
| 252 |
+
$this->haveIssues['coreUnknown'] = true;
|
| 253 |
$this->engine->addIssue(
|
| 254 |
'coreUnknown',
|
| 255 |
2,
|
| 372 |
|
| 373 |
}
|
| 374 |
}
|
| 375 |
+
else if ($this->coreUnknownEnabled && !$this->alertedOnUnknownWordPressVersion) { //Check for unknown files in system directories
|
| 376 |
+
$restrictedWordPressFolders = array(ABSPATH . 'wp-admin/', ABSPATH . WPINC . '/');
|
| 377 |
foreach ($restrictedWordPressFolders as $path) {
|
| 378 |
if (strpos($realFile, $path) === 0) {
|
| 379 |
+
$this->haveIssues['coreUnknown'] = true;
|
| 380 |
$this->engine->addIssue(
|
| 381 |
'file',
|
| 382 |
2,
|
lib/wordfenceScanner.php
CHANGED
|
@@ -35,7 +35,7 @@ class wordfenceScanner {
|
|
| 35 |
protected static $excludePatterns = array();
|
| 36 |
protected static $builtinExclusions = array(
|
| 37 |
array('pattern' => 'wp\-includes\/version\.php', 'include' => self::EXCLUSION_PATTERNS_KNOWN_FILES), //Excluded from the known files scan because non-en_US installations will have extra content that fails the check, still in malware scan
|
| 38 |
-
array('pattern' => '(?:wp\-includes|wp\-admin)\/(?:[^\/]+\/+)*(?:\.htaccess|\.htpasswd|php_errorlog|error_log|[^\/]+?\.log)', 'include' => self::EXCLUSION_PATTERNS_KNOWN_FILES),
|
| 39 |
);
|
| 40 |
/** @var wfScanEngine */
|
| 41 |
protected $scanEngine;
|
| 35 |
protected static $excludePatterns = array();
|
| 36 |
protected static $builtinExclusions = array(
|
| 37 |
array('pattern' => 'wp\-includes\/version\.php', 'include' => self::EXCLUSION_PATTERNS_KNOWN_FILES), //Excluded from the known files scan because non-en_US installations will have extra content that fails the check, still in malware scan
|
| 38 |
+
array('pattern' => '(?:wp\-includes|wp\-admin)\/(?:[^\/]+\/+)*(?:\.htaccess|\.htpasswd|php_errorlog|error_log|[^\/]+?\.log|\._|\.DS_Store|\.listing|dwsync\.xml)', 'include' => self::EXCLUSION_PATTERNS_KNOWN_FILES),
|
| 39 |
);
|
| 40 |
/** @var wfScanEngine */
|
| 41 |
protected $scanEngine;
|
readme.txt
CHANGED
|
@@ -3,7 +3,7 @@ Contributors: mmaunder
|
|
| 3 |
Tags: security, secure, security plugin, wordpress security, login security, firewall, malware, antivirus, web application firewall, block hackers, country blocking, block hackers
|
| 4 |
Requires at least: 3.9
|
| 5 |
Tested up to: 4.6.0
|
| 6 |
-
Stable tag: 6.1.
|
| 7 |
|
| 8 |
Secure your website with the Wordfence security plugin for WordPress. Wordfence provides free enterprise-class WordPress security, protecting your website from hacks and malware.
|
| 9 |
|
|
@@ -200,6 +200,10 @@ Secure your website with Wordfence.
|
|
| 200 |
|
| 201 |
== Changelog ==
|
| 202 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 203 |
= 6.1.11 =
|
| 204 |
* Improvement: Alert on added files to wp-admin, wp-includes.
|
| 205 |
* Improvement: 2FA is now available via any authenticator program that accepts TOTP secrets.
|
| 3 |
Tags: security, secure, security plugin, wordpress security, login security, firewall, malware, antivirus, web application firewall, block hackers, country blocking, block hackers
|
| 4 |
Requires at least: 3.9
|
| 5 |
Tested up to: 4.6.0
|
| 6 |
+
Stable tag: 6.1.12
|
| 7 |
|
| 8 |
Secure your website with the Wordfence security plugin for WordPress. Wordfence provides free enterprise-class WordPress security, protecting your website from hacks and malware.
|
| 9 |
|
| 200 |
|
| 201 |
== Changelog ==
|
| 202 |
|
| 203 |
+
= 6.1.12 =
|
| 204 |
+
* Fix: Fixed fatal error on sites running Wordfence 6.1.11 in subdirectory and 6.1.10 or lower in parent directory.
|
| 205 |
+
* Fix: Added a few common files to be excluded from unknown WordPress core file scan.
|
| 206 |
+
|
| 207 |
= 6.1.11 =
|
| 208 |
* Improvement: Alert on added files to wp-admin, wp-includes.
|
| 209 |
* Improvement: 2FA is now available via any authenticator program that accepts TOTP secrets.
|
wordfence.php
CHANGED
|
@@ -4,14 +4,14 @@ Plugin Name: Wordfence Security
|
|
| 4 |
Plugin URI: http://www.wordfence.com/
|
| 5 |
Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
|
| 6 |
Author: Wordfence
|
| 7 |
-
Version: 6.1.
|
| 8 |
Author URI: http://www.wordfence.com/
|
| 9 |
Network: true
|
| 10 |
*/
|
| 11 |
if(defined('WP_INSTALLING') && WP_INSTALLING){
|
| 12 |
return;
|
| 13 |
}
|
| 14 |
-
define('WORDFENCE_VERSION', '6.1.
|
| 15 |
define('WORDFENCE_BASENAME', function_exists('plugin_basename') ? plugin_basename(__FILE__) :
|
| 16 |
basename(dirname(__FILE__)) . '/' . basename(__FILE__));
|
| 17 |
|
| 4 |
Plugin URI: http://www.wordfence.com/
|
| 5 |
Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
|
| 6 |
Author: Wordfence
|
| 7 |
+
Version: 6.1.12
|
| 8 |
Author URI: http://www.wordfence.com/
|
| 9 |
Network: true
|
| 10 |
*/
|
| 11 |
if(defined('WP_INSTALLING') && WP_INSTALLING){
|
| 12 |
return;
|
| 13 |
}
|
| 14 |
+
define('WORDFENCE_VERSION', '6.1.12');
|
| 15 |
define('WORDFENCE_BASENAME', function_exists('plugin_basename') ? plugin_basename(__FILE__) :
|
| 16 |
basename(dirname(__FILE__)) . '/' . basename(__FILE__));
|
| 17 |
|
