Wordfence Security – Firewall &amp; Malware Scan

Version Description

Fix: Fixed bug with 2FA not properly handling email address login.
Fix: Show logins/logouts when Live Traffic is disabled.
Fix: Fixed bug with PCRE versions < 7.0 (repeated subpattern is too long).
Fix: Now able to delete whitelisted URL/params containing ampersands and non-UTF8 characters.
Improvement: Reduced 2FA activation code to expire after 30 days.
Improvement: Live Traffic now only shows verified Googlebot under Google Crawler filter for new visits.
Improvement: Adjusted permissions on Firewall log/config files to be 0640.
Fix: Fixed false positive from Maldet in the wfConfig table during the scan.

Release Info

Developer	wfmatt
Plugin	Wordfence Security – Firewall & Malware Scan
Version	6.1.6
Comparing to
See all releases

Code changes from version 6.1.5 to 6.1.6

Files changed (10) hide show

css/main.css +10 -0
lib/menu_activity.php +4 -8
lib/menu_options.php +1 -1
lib/menu_waf.php +24 -18
lib/wfLog.php +31 -5
lib/wordfenceClass.php +17 -5
readme.txt +12 -2
vendor/wordfence/wf-waf/src/lib/parser/sqli.php +6 -6
vendor/wordfence/wf-waf/src/lib/storage/file.php +1 -0
wordfence.php +2 -2

css/main.css CHANGED Viewed

@@ -1032,3 +1032,13 @@ tr.wf-table-filters {
             tr.wf-table-filters input {
             	max-width: 140px;
+            }


1032	tr.wf-table-filters input {
1033	max-width: 140px;
1034	}
1035	+
1036	+ #wordfenceLiveActivityDisabled {
1037	+ background: #fff;
1038	+ border-left: 4px solid #ffb900;
1039	+ -webkit-box-shadow: 0 1px 1px 0 rgba(0, 0, 0, .1);
1040	+ box-shadow: 0 1px 1px 0 rgba(0, 0, 0, .1);
1041	+ margin-bottom: 12px;
1042	+ padding: 1px 13px;
1043	+ max-width: 900px;
1044	+ }

lib/menu_activity.php CHANGED Viewed

	@@ -31,14 +31,11 @@
31	</table>
32	</div>
33	<div class="wordfenceWrap">
34	-
35	<?php if (!wfConfig::liveTrafficEnabled()): ?>
36	- <div ~~style~~="~~color: #F00;~~">
37	- ~~Live~~ ~~Traffic~~ ~~is disabled.~~
38	- ~~<?php if (wfConfig::get('cacheType') == 'falcon') { ?>This is done to improve performance because you have Wordfence Falcon Engine enabled.<?php } ?>~~
39	- </div>
40	- <?php else: ?>
41	- <div id="wf-live-traffic" class="wfTabsContainer">
42
43	<div id="wf-live-traffic-legend">
44	<ul>
	@@ -393,7 +390,6 @@
393	No events to report yet.
394	</div>
395	</div>
396	- <?php endif ?>
397	</div>
398	</div>
399


31	</table>
32	</div>
33	<div class="wordfenceWrap">

34	<?php if (!wfConfig::liveTrafficEnabled()): ?>
35	+ <div id="wordfenceLiveActivityDisabled"><p><strong>Live activity is disabled.</strong> <?php if (wfConfig::get('cacheType') == 'falcon') { ?>This is done to improve performance because you have Wordfence Falcon Engine enabled.<?php } ?> Login and firewall activity will still appear below.</p></div>
36	+ <?php endif ?>
37	+
38	+ <div id="wf-live-traffic" class="wfTabsContainer">


39
40	<div id="wf-live-traffic-legend">
41	<ul>

390	No events to report yet.
391	</div>
392	</div>

393	</div>
394	</div>
395

lib/menu_options.php CHANGED Viewed

	@@ -672,7 +672,7 @@ $w = new wfConfig();
672	require( 'wfAction.php' ); ?></td>
673	</tr>
674	<tr>
675	- <th>If ~~404's~~ for known vulnerable ~~URL's~~ exceed:<a
676	href="http://docs.wordfence.com/en/Wordfence_options#If_404.27s_for_known_vulnerable_URL.27s_exceed"
677	target="_blank" class="wfhelp"></a></th>
678	<td><?php $rateName = 'maxScanHits';


672	require( 'wfAction.php' ); ?></td>
673	</tr>
674	<tr>
675	+ <th>If 404s for known vulnerable URLs exceed:<a
676	href="http://docs.wordfence.com/en/Wordfence_options#If_404.27s_for_known_vulnerable_URL.27s_exceed"
677	target="_blank" class="wfhelp"></a></th>
678	<td><?php $rateName = 'maxScanHits';

lib/menu_waf.php CHANGED Viewed

	@@ -348,15 +348,15 @@ $wafConfigURL = network_admin_url('admin.php?page=WordfenceWAF&wafAction=configu
348	</td>
349	<td>
350	<input name="replaceWhitelistedPath" type="hidden" value="${whitelistedURLParam.path}">
351	- <span class="whitelist-display">${WFAD.base64_decode(whitelistedURLParam.path)}</span>
352	<input name="whitelistedPath" class="whitelist-edit whitelist-path" type="text"
353	- value="${WFAD.base64_decode(whitelistedURLParam.path)}">
354	</td>
355	<td>
356	<input name="replaceWhitelistedParam" type="hidden" value="${whitelistedURLParam.paramKey}">
357	- <span class="whitelist-display">${WFAD.base64_decode(whitelistedURLParam.paramKey)}</span>
358	<input name="whitelistedParam" class="whitelist-edit whitelist-param-key"
359	- type="text" value="${WFAD.base64_decode(whitelistedURLParam.paramKey)}">
360	</td>
361	<td>
362	{{if (whitelistedURLParam.data.timestamp)}}
	@@ -598,10 +598,13 @@ $wafConfigURL = network_admin_url('admin.php?page=WordfenceWAF&wafAction=configu
598	if (this.checked) {
599	var tr = $(this).closest('tr');
600	if (tr.is(':visible')) {
601	- var ~~path~~ = tr.~~find~~('~~input[name=whitelistedPath]~~')~~.val()~~;
602	- ~~var~~ ~~paramKey~~ = tr.~~find('input[name=whitelistedParam]')~~.~~val(~~);
603	- var ~~enabled~~ = tr.~~find('input~~[~~name=whitelistedEnabled~~]').~~attr('checked') ? 1 : 0~~;
604	- ~~data.push([encodeURIComponent(path),~~ ~~encodeURIComponent(~~paramKey), ~~enabled~~]);



605	}
606	}
607	});
	@@ -633,16 +636,19 @@ $wafConfigURL = network_admin_url('admin.php?page=WordfenceWAF&wafAction=configu
633	$(document).on('click', '.whitelist-url-delete', function() {
634	if (confirm('Are you sure you\'d like to delete this URL?')) {
635	var tr = $(this).closest('tr');
636	-
637	- ~~var pathInput = tr.find('input.whitelist-path');~~
638	- ~~var~~ ~~paramInput~~ = tr.~~find('input~~.~~whitelist-param-key'~~);
639	- WFAD.~~wafConfigSave('deleteWhitelist', {~~
640	- ~~deletedWhitelistedPath:~~ ~~pathInput~~.~~val(),~~
641	- ~~deletedWhitelistedParam: paramInput~~.~~val~~()
642	- }, ~~function() {~~
643	- ~~WFAD.colorbox('400px',~~ ~~'Firewall Configuration', 'The Wordfence Web Application Firewall ' +~~
644	- ~~'whitelist~~ ~~was~~ ~~saved successfully.');~~
645	- }, ~~false);~~



646	}
647	});
648	$(document).on('click', '.whitelist-url-save', function() {


348	</td>
349	<td>
350	<input name="replaceWhitelistedPath" type="hidden" value="${whitelistedURLParam.path}">
351	+ <span class="whitelist-display">${WFAD.htmlEscape(WFAD.base64_decode(whitelistedURLParam.path))}</span>
352	<input name="whitelistedPath" class="whitelist-edit whitelist-path" type="text"
353	+ value="${WFAD.htmlEscape(WFAD.base64_decode(whitelistedURLParam.path))}">
354	</td>
355	<td>
356	<input name="replaceWhitelistedParam" type="hidden" value="${whitelistedURLParam.paramKey}">
357	+ <span class="whitelist-display">${WFAD.htmlEscape(WFAD.base64_decode(whitelistedURLParam.paramKey))}</span>
358	<input name="whitelistedParam" class="whitelist-edit whitelist-param-key"
359	+ type="text" value="${WFAD.htmlEscape(WFAD.base64_decode(whitelistedURLParam.paramKey))}">
360	</td>
361	<td>
362	{{if (whitelistedURLParam.data.timestamp)}}

598	if (this.checked) {
599	var tr = $(this).closest('tr');
600	if (tr.is(':visible')) {
601	+ var index = tr.attr('data-index');
602	+ if (index in WFAD.wafData.whitelistedURLParams) {
603	+ var path = WFAD.wafData.whitelistedURLParams[index].path;
604	+ var paramKey = WFAD.wafData.whitelistedURLParams[index].paramKey;
605	+ var enabled = tr.find('input[name=whitelistedEnabled]').attr('checked') ? 1 : 0;
606	+ data.push([path, paramKey, enabled]);
607	+ }
608	}
609	}
610	});

636	$(document).on('click', '.whitelist-url-delete', function() {
637	if (confirm('Are you sure you\'d like to delete this URL?')) {
638	var tr = $(this).closest('tr');
639	+ var index = tr.attr('data-index');
640	+
641	+ if (index in WFAD.wafData.whitelistedURLParams) {
642	+ var path = WFAD.wafData.whitelistedURLParams[index].path;
643	+ var param = WFAD.wafData.whitelistedURLParams[index].paramKey;
644	+ WFAD.wafConfigSave('deleteWhitelist', {
645	+ deletedWhitelistedPath: path,
646	+ deletedWhitelistedParam: param
647	+ }, function() {
648	+ WFAD.colorbox('400px', 'Firewall Configuration', 'The Wordfence Web Application Firewall ' +
649	+ 'whitelist was saved successfully.');
650	+ }, false);
651	+ }
652	}
653	});
654	$(document).on('click', '.whitelist-url-save', function() {

lib/wfLog.php CHANGED Viewed

	@@ -542,7 +542,13 @@ class wfLog {
542	* @return bool\|int
543	*/
544	public function logHit(){
545	- if (!wfConfig::liveTrafficEnabled() ~~\|\| !$this->logHitOK()) {~~






546	return false;
547	}
548	if ($this->currentRequest !== null) {
	@@ -1036,6 +1042,8 @@ class wfLog {
1036	if (!$this->currentRequest->actionDescription) {
1037	$this->currentRequest->actionDescription = "blocked: " . $reason;
1038	}


1039
1040	wfConfig::inc('total503s');
1041	wfUtils::doNotCache();
	@@ -1061,7 +1069,7 @@ class wfLog {
1061	} else if($nb == 'neverBlockUA' \|\| $nb == 'neverBlockVerified'){
1062	if(wfCrawl::isGoogleCrawler()){ //Check the UA using regex
1063	if($nb == 'neverBlockVerified'){
1064	- if(wfCrawl::isVerifiedGoogleCrawler(~~$this->googlePattern,~~ wfUtils::getIP())){ //UA check passed, now verify using PTR if configured to
1065	self::$gbSafeCache[$cacheKey] = false; //This is a verified Google crawler, so no we can't block it
1066	} else {
1067	self::$gbSafeCache[$cacheKey] = true; //This is a crawler claiming to be Google but it did not verify
	@@ -1661,11 +1669,29 @@ class wfLiveTrafficQuery {
1661	$sql = $this->buildQuery();
1662	$results = $wpdb->get_results($sql, ARRAY_A);
1663	$this->getWFLog()->processGetHitsResults('', $results);
1664	-
1665	- ~~foreach (~~$~~results~~ as ~~&$row) {~~


















1666	$row['actionData'] = (array) json_decode($row['actionData'], true);
1667	}
1668	- return $results;
1669	}
1670
1671	/**


542	* @return bool\|int
543	*/
544	public function logHit(){
545	+ $liveTrafficEnabled = wfConfig::liveTrafficEnabled();
546	+ $action = $this->currentRequest->action;
547	+ $logHitOK = $this->logHitOK();
548	+ if (!$logHitOK) {
549	+ return false;
550	+ }
551	+ if (!$liveTrafficEnabled && !$action) {
552	return false;
553	}
554	if ($this->currentRequest !== null) {

1042	if (!$this->currentRequest->actionDescription) {
1043	$this->currentRequest->actionDescription = "blocked: " . $reason;
1044	}
1045	+
1046	+ $this->logHit();
1047
1048	wfConfig::inc('total503s');
1049	wfUtils::doNotCache();

1069	} else if($nb == 'neverBlockUA' \|\| $nb == 'neverBlockVerified'){
1070	if(wfCrawl::isGoogleCrawler()){ //Check the UA using regex
1071	if($nb == 'neverBlockVerified'){
1072	+ if(wfCrawl::isVerifiedGoogleCrawler(wfUtils::getIP())){ //UA check passed, now verify using PTR if configured to
1073	self::$gbSafeCache[$cacheKey] = false; //This is a verified Google crawler, so no we can't block it
1074	} else {
1075	self::$gbSafeCache[$cacheKey] = true; //This is a crawler claiming to be Google but it did not verify

1669	$sql = $this->buildQuery();
1670	$results = $wpdb->get_results($sql, ARRAY_A);
1671	$this->getWFLog()->processGetHitsResults('', $results);
1672	+
1673	+ $verifyCrawlers = false;
1674	+ if ($this->filters !== null && count($this->filters->getFilters()) > 0) {
1675	+ $filters = $this->filters->getFilters();
1676	+ foreach ($filters as $f) {
1677	+ if (strtolower($f->getParam()) == "isgoogle") {
1678	+ $verifyCrawlers = true;
1679	+ break;
1680	+ }
1681	+ }
1682	+ }
1683	+
1684	+ foreach ($results as $key => &$row) {
1685	+ if ($row['isGoogle'] && $verifyCrawlers) {
1686	+ if (!wfCrawl::isVerifiedGoogleCrawler($row['IP'], $row['UA'])) {
1687	+ unset($results[$key]); //foreach copies $results and iterates on the copy, so it is safe to mutate $results within the loop
1688	+ continue;
1689	+ }
1690	+ }
1691	+
1692	$row['actionData'] = (array) json_decode($row['actionData'], true);
1693	}
1694	+ return array_values($results);
1695	}
1696
1697	/**

lib/wordfenceClass.php CHANGED Viewed

	@@ -1163,7 +1163,10 @@ SQL
1163	foreach($twoFactorUsers as &$t){
1164	if($t[0] == $userDat->ID && $t[3] == 'activated'){
1165	if($_POST['wordfence_authFactor'] == $t[2] && $t[4] > time()){
1166	- //Do ~~nothing~~ ~~and~~ ~~allow~~ ~~user~~ to ~~sign~~ in. ~~Their~~ ~~passwd~~ ~~has~~ ~~already~~ ~~been~~ ~~modified~~ to be the ~~passwd~~ ~~without the code.~~



1167	} else if($_POST['wordfence_authFactor'] == $t[2]){
1168	$api = new wfAPI(wfConfig::get('apiKey'), wfUtils::getWPVersion());
1169	try {
	@@ -1350,6 +1353,9 @@ SQL
1350	}
1351	if(! $username){ return; }
1352	$userDat = get_user_by('login', $username);



1353	$_POST['wordfence_userDat'] = $userDat;
1354	if(preg_match(self::$passwordCodePattern, $passwd, $matches)){
1355	$_POST['wordfence_authFactor'] = $matches[1];
	@@ -1363,6 +1369,9 @@ SQL
1363	}
1364	if(! $username){ return; }
1365	$userDat = get_user_by('login', $username);



1366	$_POST['wordfence_userDat'] = $userDat;
1367	if(preg_match(self::$passwordCodePattern, $passwd, $matches)){
1368	$_POST['wordfence_authFactor'] = $matches[1];
	@@ -1485,8 +1494,11 @@ SQL
1485	if($twoFactorUsers[$i][0] == $userID){
1486	if($twoFactorUsers[$i][2] == $code){
1487	$twoFactorUsers[$i][3] = 'activated';


1488	$found = true;
1489	$user = $twoFactorUsers[$i];

1490	break;
1491	} else {
1492	return array('errorMsg' => "That is not the correct code. Please look for an SMS containing an activation code on the phone with number: " . wp_kses($twoFactorUsers[$i][1], array()) );
	@@ -1517,7 +1529,7 @@ SQL
1517	$i--;
1518	}
1519	}
1520	- $twoFactorUsers[] = array($ID, $phone, $code, 'notActivated', time() + (86400 * ~~100~~)); //expiry of code is ~~100~~ days in future
1521	wfConfig::set_ser('twoFactorUsers', $twoFactorUsers);
1522	}
1523	public static function ajax_loadTwoFactor_callback(){
	@@ -4575,7 +4587,7 @@ to your httpd.conf if using Apache, or find documentation on how to disable dire
4575	$deletedWhitelistedPath = stripslashes($_POST['deletedWhitelistedPath']);
4576	$deletedWhitelistedParam = stripslashes($_POST['deletedWhitelistedParam']);
4577	$savedWhitelistedURLParams = (array) wfWAF::getInstance()->getStorageEngine()->getConfig('whitelistedURLParams');
4578	- $key = ~~base64_encode(~~$deletedWhitelistedPath) . '\|' . ~~base64_encode(~~$deletedWhitelistedParam);
4579	unset($savedWhitelistedURLParams[$key]);
4580	wfWAF::getInstance()->getStorageEngine()->setConfig('whitelistedURLParams', $savedWhitelistedURLParams);
4581	}
	@@ -4738,7 +4750,7 @@ to your httpd.conf if using Apache, or find documentation on how to disable dire
4738	}
4739	foreach ($items as $key) {
4740	list($path, $paramKey, ) = $key;
4741	- $whitelistKey = ~~base64_encode(rawurldecode(~~$path)) . '\|' . ~~base64_encode(rawurldecode(~~$paramKey));
4742	if (array_key_exists($whitelistKey, $whitelist)) {
4743	unset($whitelist[$whitelistKey]);
4744	}
	@@ -4787,7 +4799,7 @@ to your httpd.conf if using Apache, or find documentation on how to disable dire
4787	}
4788	foreach ($items as $key) {
4789	list($path, $paramKey, ) = $key;
4790	- $whitelistKey = ~~base64_encode(rawurldecode(~~$path)) . '\|' . ~~base64_encode(rawurldecode(~~$paramKey));
4791	if (array_key_exists($whitelistKey, $whitelist) && is_array($whitelist[$whitelistKey])) {
4792	foreach ($whitelist[$whitelistKey] as $ruleID => $data) {
4793	$whitelist[$whitelistKey][$ruleID]['disabled'] = !$enabled;


1163	foreach($twoFactorUsers as &$t){
1164	if($t[0] == $userDat->ID && $t[3] == 'activated'){
1165	if($_POST['wordfence_authFactor'] == $t[2] && $t[4] > time()){
1166	+ // Set this 2FA code to expire in 30 seconds (for other plugins hooking into the auth process)
1167	+ $t[4] = time() + 30;
1168	+ wfConfig::set_ser('twoFactorUsers', $twoFactorUsers);
1169	+
1170	} else if($_POST['wordfence_authFactor'] == $t[2]){
1171	$api = new wfAPI(wfConfig::get('apiKey'), wfUtils::getWPVersion());
1172	try {

1353	}
1354	if(! $username){ return; }
1355	$userDat = get_user_by('login', $username);
1356	+ if (!$userDat) {
1357	+ $userDat = get_user_by('email', $username);
1358	+ }
1359	$_POST['wordfence_userDat'] = $userDat;
1360	if(preg_match(self::$passwordCodePattern, $passwd, $matches)){
1361	$_POST['wordfence_authFactor'] = $matches[1];

1369	}
1370	if(! $username){ return; }
1371	$userDat = get_user_by('login', $username);
1372	+ if (!$userDat) {
1373	+ $userDat = get_user_by('email', $username);
1374	+ }
1375	$_POST['wordfence_userDat'] = $userDat;
1376	if(preg_match(self::$passwordCodePattern, $passwd, $matches)){
1377	$_POST['wordfence_authFactor'] = $matches[1];

1494	if($twoFactorUsers[$i][0] == $userID){
1495	if($twoFactorUsers[$i][2] == $code){
1496	$twoFactorUsers[$i][3] = 'activated';
1497	+ // Set the expiration earlier to invalidate this code
1498	+ $twoFactorUsers[$i][4] = 0;
1499	$found = true;
1500	$user = $twoFactorUsers[$i];
1501	+
1502	break;
1503	} else {
1504	return array('errorMsg' => "That is not the correct code. Please look for an SMS containing an activation code on the phone with number: " . wp_kses($twoFactorUsers[$i][1], array()) );

1529	$i--;
1530	}
1531	}
1532	+ $twoFactorUsers[] = array($ID, $phone, $code, 'notActivated', time() + (86400 * 30)); //expiry of code is 30 days in future
1533	wfConfig::set_ser('twoFactorUsers', $twoFactorUsers);
1534	}
1535	public static function ajax_loadTwoFactor_callback(){

4587	$deletedWhitelistedPath = stripslashes($_POST['deletedWhitelistedPath']);
4588	$deletedWhitelistedParam = stripslashes($_POST['deletedWhitelistedParam']);
4589	$savedWhitelistedURLParams = (array) wfWAF::getInstance()->getStorageEngine()->getConfig('whitelistedURLParams');
4590	+ $key = $deletedWhitelistedPath . '\|' . $deletedWhitelistedParam;
4591	unset($savedWhitelistedURLParams[$key]);
4592	wfWAF::getInstance()->getStorageEngine()->setConfig('whitelistedURLParams', $savedWhitelistedURLParams);
4593	}

4750	}
4751	foreach ($items as $key) {
4752	list($path, $paramKey, ) = $key;
4753	+ $whitelistKey = $path . '\|' . $paramKey;
4754	if (array_key_exists($whitelistKey, $whitelist)) {
4755	unset($whitelist[$whitelistKey]);
4756	}

4799	}
4800	foreach ($items as $key) {
4801	list($path, $paramKey, ) = $key;
4802	+ $whitelistKey = $path . '\|' . $paramKey;
4803	if (array_key_exists($whitelistKey, $whitelist) && is_array($whitelist[$whitelistKey])) {
4804	foreach ($whitelist[$whitelistKey] as $ruleID => $data) {
4805	$whitelist[$whitelistKey][$ruleID]['disabled'] = !$enabled;

readme.txt CHANGED Viewed

	@@ -2,8 +2,8 @@
2	Contributors: mmaunder
3	Tags: wordpress, security, web application firewall, waf, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, two factor authentication, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching, IPv6, IP version 6
4	Requires at least: 3.9
5	- Tested up to: 4.5.1
6	- Stable tag: 6.1.5
7
8	The Wordfence WordPress security plugin provides free enterprise-class WordPress security, protecting your website from hacks and malware.
9	== Description ==
	@@ -195,6 +195,16 @@ Designed for every skill level, [The WordPress Security Learning Center](https:/
195
196	== Changelog ==
197










198	= 6.1.5 =
199	* Fix: WordPress language files no longer flagged as changed.
200	* Improvement: Accept wildcards in "Immediately block IP's that access these URLs."


2	Contributors: mmaunder
3	Tags: wordpress, security, web application firewall, waf, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, two factor authentication, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching, IPv6, IP version 6
4	Requires at least: 3.9
5	+ Tested up to: 4.5.2
6	+ Stable tag: 6.1.6
7
8	The Wordfence WordPress security plugin provides free enterprise-class WordPress security, protecting your website from hacks and malware.
9	== Description ==

195
196	== Changelog ==
197
198	+ = 6.1.6 =
199	+ * Fix: Fixed bug with 2FA not properly handling email address login.
200	+ * Fix: Show logins/logouts when Live Traffic is disabled.
201	+ * Fix: Fixed bug with PCRE versions < 7.0 (repeated subpattern is too long).
202	+ * Fix: Now able to delete whitelisted URL/params containing ampersands and non-UTF8 characters.
203	+ * Improvement: Reduced 2FA activation code to expire after 30 days.
204	+ * Improvement: Live Traffic now only shows verified Googlebot under Google Crawler filter for new visits.
205	+ * Improvement: Adjusted permissions on Firewall log/config files to be 0640.
206	+ * Fix: Fixed false positive from Maldet in the wfConfig table during the scan.
207	+
208	= 6.1.5 =
209	* Fix: WordPress language files no longer flagged as changed.
210	* Improvement: Accept wildcards in "Immediately block IP's that access these URLs."

vendor/wordfence/wf-waf/src/lib/parser/sqli.php CHANGED Viewed

	@@ -2707,15 +2707,15 @@ class wfWAFSQLiLexer implements wfWAFLexerInterface {
2707	new wfWAFLexerTokenMatcher(self::BINARY_NUMBER_LITERAL, '/^(?:0b[01]+\|[bB]\'[01]+\')/', true),
2708	new wfWAFLexerTokenMatcher(self::HEX_NUMBER_LITERAL, '/^(?:0x[0-9a-fA-F]+\|[xX]\'[0-9a-fA-F]+\')/', true),
2709	new wfWAFLexerTokenMatcher(self::INTEGER_LITERAL, '/^[0-9]+/', true),
2710	- new wfWAFLexerTokenMatcher(self::VARIABLE, '/^(?:@(?:`([~~^`\\\\~~]~~{0,256}~~(~~?:\\\\.~~[~~^`\\\\~~]~~{0,256}~~)~~{0,256}~~)`\|
2711	- "(?:[^#"\\\\]~~{0,256}~~(?:\\\\.[^#"\\\\]~~{0,256}~~)~~{0,256}~~)"\|
2712	- \'(?:[^\'\\\\]~~{0,256}~~(?:\\\\.[^\'\\\\]~~{0,256}~~)~~{0,256}~~)\'\|
2713	[a-zA-Z_\\$\\.]+\|
2714	@[a-zA-Z_\\$][a-zA-Z_\\$0-9]{0,256}){0,1})
2715	/Asx'),
2716	- new wfWAFLexerTokenMatcher(self::QUOTED_IDENTIFIER, '/^`(?:[~~^`\\\\~~]~~{0,256}~~(~~?:\\\\.~~[~~^`\\\\~~]~~{0,256}~~)~~{0,256}~~)`/As'),
2717	- new wfWAFLexerTokenMatcher(self::DOUBLE_STRING_LITERAL, '/^(?:[nN]\|_[0-9a-zA-Z\\$_]{0,256})?"(?:[^#"\\\\]~~{0,256}~~(?:\\\\.[^#"\\\\]~~{0,256}~~)~~{0,256}~~)"/As'),
2718	- new wfWAFLexerTokenMatcher(self::SINGLE_STRING_LITERAL, '/^(?:[nN]\|_[0-9a-zA-Z\\$_]{0,256})?\'(?:[^\'\\\\]~~{0,256}~~(?:\\\\.[^\'\\\\]~~{0,256}~~)~~{0,256}~~)\'/As'),
2719	// U+0080 .. U+FFFF
2720	new wfWAFLexerTokenMatcher(self::UNQUOTED_IDENTIFIER, '/^[0-9a-zA-Z\\$_\\x{0080}-\\x{FFFF}]{1,256}/u'),
2721	new wfWAFLexerTokenMatcher(self::MYSQL_PORTABLE_COMMENT_START, '/^\\/\\*\\![0-9]{0,5}/s'),


2707	new wfWAFLexerTokenMatcher(self::BINARY_NUMBER_LITERAL, '/^(?:0b[01]+\|[bB]\'[01]+\')/', true),
2708	new wfWAFLexerTokenMatcher(self::HEX_NUMBER_LITERAL, '/^(?:0x[0-9a-fA-F]+\|[xX]\'[0-9a-fA-F]+\')/', true),
2709	new wfWAFLexerTokenMatcher(self::INTEGER_LITERAL, '/^[0-9]+/', true),
2710	+ new wfWAFLexerTokenMatcher(self::VARIABLE, '/^(?:@(?:`(?:[^`](?:``[^`])*)`\|
2711	+ "([^"\\\\](?:\\\\.[^"\\\\])*)"\|
2712	+ \'([^\'\\\\](?:\\\\.[^\'\\\\])*)\'\|
2713	[a-zA-Z_\\$\\.]+\|
2714	@[a-zA-Z_\\$][a-zA-Z_\\$0-9]{0,256}){0,1})
2715	/Asx'),
2716	+ new wfWAFLexerTokenMatcher(self::QUOTED_IDENTIFIER, '/^`(?:[^`](?:``[^`])*)`/As'),
2717	+ new wfWAFLexerTokenMatcher(self::DOUBLE_STRING_LITERAL, '/^(?:[nN]\|_[0-9a-zA-Z\\$_]{0,256})?"([^"\\\\](?:\\\\.[^"\\\\])*)"/As'),
2718	+ new wfWAFLexerTokenMatcher(self::SINGLE_STRING_LITERAL, '/^(?:[nN]\|_[0-9a-zA-Z\\$_]{0,256})?\'([^\'\\\\](?:\\\\.[^\'\\\\])*)\'/As'),
2719	// U+0080 .. U+FFFF
2720	new wfWAFLexerTokenMatcher(self::UNQUOTED_IDENTIFIER, '/^[0-9a-zA-Z\\$_\\x{0080}-\\x{FFFF}]{1,256}/u'),
2721	new wfWAFLexerTokenMatcher(self::MYSQL_PORTABLE_COMMENT_START, '/^\\/\\*\\![0-9]{0,5}/s'),

vendor/wordfence/wf-waf/src/lib/storage/file.php CHANGED Viewed

	@@ -22,6 +22,7 @@ class wfWAFStorageFile implements wfWAFStorageInterface {
22	fflush($tmpHandle);
23	self::lock($tmpHandle, LOCK_UN);
24	fclose($tmpHandle);

25
26	// Attempt to verify file has finished writing (sometimes the disk will lie for better benchmarks)
27	$tmpContents = file_get_contents($tmpFile);


22	fflush($tmpHandle);
23	self::lock($tmpHandle, LOCK_UN);
24	fclose($tmpHandle);
25	+ chmod($tmpFile, 0640);
26
27	// Attempt to verify file has finished writing (sometimes the disk will lie for better benchmarks)
28	$tmpContents = file_get_contents($tmpFile);

wordfence.php CHANGED Viewed

	@@ -4,14 +4,14 @@ Plugin Name: Wordfence Security
4	Plugin URI: http://www.wordfence.com/
5	Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
6	Author: Wordfence
7	- Version: 6.1.5
8	Author URI: http://www.wordfence.com/
9	Network: true
10	*/
11	if(defined('WP_INSTALLING') && WP_INSTALLING){
12	return;
13	}
14	- define('WORDFENCE_VERSION', '6.1.5');
15	define('WORDFENCE_BASENAME', function_exists('plugin_basename') ? plugin_basename(__FILE__) :
16	basename(dirname(__FILE__)) . '/' . basename(__FILE__));
17


4	Plugin URI: http://www.wordfence.com/
5	Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
6	Author: Wordfence
7	+ Version: 6.1.6
8	Author URI: http://www.wordfence.com/
9	Network: true
10	*/
11	if(defined('WP_INSTALLING') && WP_INSTALLING){
12	return;
13	}
14	+ define('WORDFENCE_VERSION', '6.1.6');
15	define('WORDFENCE_BASENAME', function_exists('plugin_basename') ? plugin_basename(__FILE__) :
16	basename(dirname(__FILE__)) . '/' . basename(__FILE__));
17

Wordfence Security – Firewall & Malware Scan - Version 6.1.6

Version Description

Release Info

Code changes from version 6.1.5 to 6.1.6