Wordfence Security – Firewall &amp; Malware Scan

Version Description

Improvement: Better reporting for failed brute force login attempts.
Change: Reworded setting for ignored IPs in the WAF alert email.
Change: Updated support link on scan page.
Fix: When a key is in place on multiple sites, it's now possible to downgrade the ones not registered for it.
Fix: Addressed an issue where the increased attack rate emails would send repeatedly if the threshold value was missing.
Fix: Typo fix in firewall rule 11 name.

Release Info

Developer	wfryan
Plugin	Wordfence Security – Firewall & Malware Scan
Version	6.2.10
Comparing to
See all releases

Code changes from version 6.2.9 to 6.2.10

Files changed (7) hide show

lib/menu_options.php +17 -4
lib/menu_scan.php +1 -1
lib/wfAPI.php +6 -0
lib/wfSchema.php +5 -3
lib/wordfenceClass.php +72 -16
readme.txt +36 -50
wordfence.php +2 -2

lib/menu_options.php CHANGED Viewed

	@@ -38,7 +38,9 @@ $w = new wfConfig();
38	<tr>
39	<th>Key type currently active:</th>
40	<td>
41	- <?php if (wfConfig::get( '~~isPaid~~' )){ ?>


42	The currently active API Key is a Premium Key. <span style="font-weight: bold; color: #0A0;">Premium scanning enabled!</span>
43	<?php } else { ?>
44	The currently active API Key is a <span style="color: #F00; font-weight: bold;">Free Key</span>. <a
	@@ -49,7 +51,18 @@ $w = new wfConfig();
49	</tr>
50	<tr>
51	<td colspan="2">
52	- <?php if (wfConfig::get('~~isPaid~~')): ?>











53	<table border="0">
54	<tr>
55	<td><a href="https://www.wordfence.com/gnl1optMngKys/manage-wordfence-api-keys/"
	@@ -953,11 +966,11 @@ $w = new wfConfig();
953	</tr>
954
955	<tr>
956	- <th style="vertical-align: top;">~~Whitelisted~~ IP addresses for Wordfence Web Application Firewall alerting:</th>
957	<td><textarea name="wafAlertWhitelist" id="wafAlertWhitelist" cols="40" rows="4"><?php echo esc_html(preg_replace('/,/', "\n", $w->get('wafAlertWhitelist'))); ?></textarea></td>
958	</tr>
959	<tr>
960	- <th colspan="2" style="color: #999;">~~Whitelisted~~ IPs must be separated by commas or placed on separate lines. These addresses will be ignored from any alerts about increased attacks and can be used to ignore things like standalone website security scanners.<br/><br/></th>
961	</tr>
962	<tr class="hidden">
963	<th style="vertical-align: top;">Minimum number of blocked attacks before sending an alert</th>


38	<tr>
39	<th>Key type currently active:</th>
40	<td>
41	+ <?php if (wfConfig::get('hasKeyConflict')) { ?>
42	+ <span style="font-weight: bold; color: #A00;">The currently active Premium API Key is in use on another site.</span>
43	+ <?php } else if (wfConfig::get( 'isPaid' )){ ?>
44	The currently active API Key is a Premium Key. <span style="font-weight: bold; color: #0A0;">Premium scanning enabled!</span>
45	<?php } else { ?>
46	The currently active API Key is a <span style="color: #F00; font-weight: bold;">Free Key</span>. <a

51	</tr>
52	<tr>
53	<td colspan="2">
54	+ <?php if (wfConfig::get('hasKeyConflict')): ?>
55	+ <table border="0">
56	+ <tr>
57	+ <td><a href="https://www.wordfence.com/gnl1optMngKysReset/manage-wordfence-api-keys/"
58	+ target="_blank"><input type="button" value="Reset your premium license"/></a>
59	+ </td>
60	+ <td> </td>
61	+ <td><input type="button" value="Downgrade to a free license"
62	+ onclick="WFAD.downgradeLicense();"/></td>
63	+ </tr>
64	+ </table>
65	+ <?php elseif (wfConfig::get('isPaid')): ?>
66	<table border="0">
67	<tr>
68	<td><a href="https://www.wordfence.com/gnl1optMngKys/manage-wordfence-api-keys/"

966	</tr>
967
968	<tr>
969	+ <th style="vertical-align: top;">Ignored IP addresses for Wordfence Web Application Firewall alerting:</th>
970	<td><textarea name="wafAlertWhitelist" id="wafAlertWhitelist" cols="40" rows="4"><?php echo esc_html(preg_replace('/,/', "\n", $w->get('wafAlertWhitelist'))); ?></textarea></td>
971	</tr>
972	<tr>
973	+ <th colspan="2" style="color: #999;">Ignored IPs must be separated by commas or placed on separate lines. These addresses will be ignored from any alerts about increased attacks and can be used to ignore things like standalone website security scanners.<br/><br/></th>
974	</tr>
975	<tr class="hidden">
976	<th style="vertical-align: top;">Minimum number of blocked attacks before sending an alert</th>

lib/menu_scan.php CHANGED Viewed

	@@ -149,7 +149,7 @@ $sigUpdateTime = wfConfig::get('signatureUpdateTime');
149	<a href="#" target="_blank" class="wfALogViewLink" id="wfALogViewLink">View activity log</a>
150	</div>
151	<div style="margin: 0 0 20px 5px; width: 795px;">
152	- <strong>Docs:</strong> Our <a href="http://~~support~~.wordfence.com/" target="_blank">~~Support~~ ~~Site~~</a> can answer many common (and some less common) questions. It also includes our priority support ticketing system for Premium Wordfence users.
153	<?php $unknownFilesLink = wfUtils::siteURLRelative() . '?_wfsf=unknownFiles&nonce=' . wp_create_nonce('wp-ajax'); ?>
154	</div>
155


149	<a href="#" target="_blank" class="wfALogViewLink" id="wfALogViewLink">View activity log</a>
150	</div>
151	<div style="margin: 0 0 20px 5px; width: 795px;">
152	+ <strong>Docs:</strong> Our <a href="http://docs.wordfence.com/" target="_blank">support site</a> can answer many common (and some less common) questions. It also includes a link to our priority support ticketing system for Premium Wordfence users.
153	<?php $unknownFilesLink = wfUtils::siteURLRelative() . '?_wfsf=unknownFiles&nonce=' . wp_create_nonce('wp-ajax'); ?>
154	</div>
155

lib/wfAPI.php CHANGED Viewed

	@@ -43,6 +43,12 @@ class wfAPI {
43	wfConfig::set('isPaid', '');
44	}
45	}






46
47	if (!is_array($dat)) {
48	throw new Exception("We received a data structure that is not the expected array when contacting the Wordfence scanning servers and calling the '$action' function.");


43	wfConfig::set('isPaid', '');
44	}
45	}
46	+
47	+ $hasKeyConflict = false;
48	+ if (isset($dat['_hasKeyConflict'])) {
49	+ $hasKeyConflict = ($dat['_hasKeyConflict'] == 1);
50	+ }
51	+ wfConfig::set('hasKeyConflict', $hasKeyConflict);
52
53	if (!is_array($dat)) {
54	throw new Exception("We received a data structure that is not the expected array when contacting the Wordfence scanning servers and calling the '$action' function.");

lib/wfSchema.php CHANGED Viewed

	@@ -175,15 +175,17 @@ class wfSchema {
175	`expiration` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
176	`body` varchar(255) NOT NULL DEFAULT '',
177	`count` int(10) unsigned NOT NULL DEFAULT '0',

178	PRIMARY KEY (`id`),
179	KEY `expiration` (`expiration`),
180	- KEY `IP` (`IP`)
181	- ) ~~DEFAULT~~ ~~CHARSET=utf8;",~~

182	'wfKnownFileList' => "(
183	`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
184	`path` text NOT NULL,
185	PRIMARY KEY (`id`)
186	- ) DEFAULT CHARSET=utf8;",
187	/*
188	'wfPerfLog' => "(
189	id int UNSIGNED NOT NULL auto_increment PRIMARY KEY,


175	`expiration` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
176	`body` varchar(255) NOT NULL DEFAULT '',
177	`count` int(10) unsigned NOT NULL DEFAULT '0',
178	+ `type` int(10) unsigned NOT NULL DEFAULT '0',
179	PRIMARY KEY (`id`),
180	KEY `expiration` (`expiration`),
181	+ KEY `IP` (`IP`),
182	+ KEY `type` (`type`)
183	+ ) DEFAULT CHARSET=utf8",
184	'wfKnownFileList' => "(
185	`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
186	`path` text NOT NULL,
187	PRIMARY KEY (`id`)
188	+ ) DEFAULT CHARSET=utf8",
189	/*
190	'wfPerfLog' => "(
191	id int UNSIGNED NOT NULL auto_increment PRIMARY KEY,

lib/wordfenceClass.php CHANGED Viewed

	@@ -552,6 +552,21 @@ SQL
552	//6.2.8
553	wfCache::removeCaching();
554















555	//Check the How does Wordfence get IPs setting
556	wfUtils::requestDetectProxyCallback();
557
	@@ -1712,7 +1727,7 @@ SQL
1712	if($maxBlockTime = self::wfsnIsBlocked($IP, 'brute')){
1713	self::getLog()->blockIP($IP, "Blocked by Wordfence Security Network", true, false, $maxBlockTime);
1714	$secsToGo = wfConfig::get('blockedTime');
1715	- self::getLog()->getCurrentRequest()->action = 'blocked:~~wfsnrepeat~~';
1716	self::getLog()->do503($secsToGo, "Blocked by Wordfence Security Network");
1717	}
1718
	@@ -1774,23 +1789,36 @@ SQL
1774	$wfdb = new wfDB();
1775	global $wpdb;
1776	$p = $wpdb->base_prefix;
1777	- $rawBlocks = $wfdb->querySelect("SELECT SQL_CALC_FOUND_ROWS IP, ctime FROM {$p}wfHits WHERE ctime > %.6f AND action = 'blocked:wfsnrepeat' ORDER BY ctime ASC LIMIT 100", $threshold);
1778	$totalRows = $wpdb->get_var('SELECT FOUND_ROWS()');
1779	$ipCounts = array();
1780	$maxctime = 0;
1781	foreach ($rawBlocks as $record) {
1782	$maxctime = max($maxctime, $record['ctime']);







1783	if (isset($ipCounts[$record['IP']])) {
1784	- $ipCounts[$record['IP']]~~++;~~




1785	}
1786	else {
1787	- $ipCounts[$record['IP']] = 1;
1788	}
1789	}
1790
1791	$toSend = array();
1792	- foreach ($ipCounts as $IP => $~~count~~) {
1793	- ~~$toSend[]~~ ~~= array~~(~~'IP'~~ => ~~base64_encode(~~$~~IP),~~ ~~'count'~~ => $count, ~~'blocked' => 1);~~


1794	}
1795
1796	try {
	@@ -1833,6 +1861,8 @@ SQL
1833	}
1834	public static function wfsnReportBlockedAttempt($IP, $type){
1835	self::wfsnScheduleBatchReportBlockedAttempts();


1836	}
1837	public static function wfsnBatchReportFailedAttempts() {
1838	$threshold = time();
	@@ -1840,7 +1870,7 @@ SQL
1840	$wfdb = new wfDB();
1841	global $wpdb;
1842	$p = $wpdb->base_prefix;
1843	- $toSend = $wfdb->querySelect("SELECT id, IP, count, 1 AS failed FROM {$p}wfSNIPCache WHERE count > 0 AND expiration < FROM_UNIXTIME(%d) LIMIT 100", $threshold);
1844	$toDelete = array();
1845	if (count($toSend)) {
1846	foreach ($toSend as &$record) {
	@@ -1888,11 +1918,12 @@ SQL
1888	restore_current_blog();
1889	}
1890	}
1891	- public static function wfsnIsBlocked($IP, $~~type~~){
1892	$wfdb = new wfDB();
1893	global $wpdb;
1894	$p = $wpdb->base_prefix;
1895	- $~~cachedRecord~~ = ~~$wfdb->querySingleRec~~(~~"SELECT id, body FROM {$p}wfSNIPCache WHERE IP = '%s' AND expiration > NOW(~~)~~", $IP)~~;

1896	if (isset($cachedRecord)) {
1897	$wfdb->queryWriteIgnoreError("UPDATE {$p}wfSNIPCache SET count = count + 1 WHERE id = %d", $cachedRecord['id']);
1898	if (preg_match('/BLOCKED:(\d+)/', $cachedRecord['body'], $matches) && (!self::getLog()->isWhitelisted($IP))) {
	@@ -1902,14 +1933,18 @@ SQL
1902	}
1903
1904	try {
1905	- $result = wp_remote_get(WORDFENCE_HACKATTEMPT_URL . 'hackAttempt/?k=' . rawurlencode(wfConfig::get('apiKey')) . ~~'&IP=' . rawurlencode(filter_var($IP, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) ? wfUtils::inet_aton($IP) : wfUtils::inet_pton($IP)) . '&t=' . rawurlencode($type), array(~~
1906	- '~~timeout~~' => 3,
1907	- '~~user-agent~~' ~~=> "Wordfence~~.~~com~~ ~~UA " .~~ (~~defined('WORDFENCE_VERSION'~~) ~~? WORDFENCE_VERSION : '[Unknown version]'),~~
1908	- ~~));~~




1909	if (is_wp_error($result)) {
1910	return false;
1911	}
1912	- $wfdb->queryWriteIgnoreError("INSERT INTO {$p}wfSNIPCache (IP, expiration, body) VALUES ('%s', DATE_ADD(NOW(), INTERVAL %d SECOND), '%s')", $IP, 30, $result['body']);
1913	self::wfsnScheduleBatchReportFailedAttempts();
1914	if (preg_match('/BLOCKED:(\d+)/', $result['body'], $matches) && (!self::getLog()->isWhitelisted($IP))) {
1915	return $matches[1];
	@@ -1919,6 +1954,17 @@ SQL
1919	return false;
1920	}
1921	}











1922	public static function logoutAction(){
1923	$userID = get_current_user_id();
1924	$userDat = get_user_by('id', $userID);
	@@ -2766,7 +2812,12 @@ SQL
2766	}
2767	} else {
2768	$api = new wfAPI($opts['apiKey'], wfUtils::getWPVersion());
2769	- ~~$api->call('ping_api_key',~~ ~~array(), array());~~





2770	}
2771	return array('ok' => 1, 'reload' => $reload, 'paidKeyMsg' => $paidKeyMsg );
2772	}
	@@ -6089,7 +6140,11 @@ to your httpd.conf if using Apache, or find documentation on how to disable dire
6089	ORDER BY attackLogTime DESC
6090	LIMIT 10", array_merge($wafAlertWhitelist, array($cutoffTime))));
6091	$attackCount = $wpdb->get_var('SELECT FOUND_ROWS()');
6092	- if (~~$attackCount~~ >= wfConfig::get('wafAlertThreshold')~~) {~~




6093	$durationMessage = wfUtils::makeDuration($alertInterval);
6094	$message = <<<ALERTMSG
6095	The Wordfence Web Application Firewall has blocked {$attackCount} attacks over the last {$durationMessage}. Below is a sample of these recent attacks:
	@@ -6336,6 +6391,7 @@ LIMIT %d", $lastSendTime, $limit));
6336	if (class_exists('wfWAFIPBlocksController')) {
6337	if ($action == wfWAFIPBlocksController::WFWAF_BLOCK_WFSN) {
6338	$hit->action = 'blocked:wfsnrepeat';

6339	}
6340	}
6341	$hit->actionDescription = $actionDescription;


552	//6.2.8
553	wfCache::removeCaching();
554
555	+ //6.2.10
556	+ $snipCacheTable = "{$wpdb->base_prefix}wfSNIPCache";
557	+ $hasType = $wpdb->get_col($wpdb->prepare(<<<SQL
558	+ SELECT * FROM information_schema.COLUMNS
559	+ WHERE TABLE_SCHEMA=DATABASE()
560	+ AND COLUMN_NAME='type'
561	+ AND TABLE_NAME=%s
562	+ SQL
563	+ , $snipCacheTable));
564	+ if (!$hasType) {
565	+ $wpdb->query("ALTER TABLE `{$snipCacheTable}` ADD `type` INT UNSIGNED NOT NULL DEFAULT '0'");
566	+ $wpdb->query("ALTER TABLE `{$snipCacheTable}` ADD INDEX (`type`)");
567	+ }
568	+
569	+
570	//Check the How does Wordfence get IPs setting
571	wfUtils::requestDetectProxyCallback();
572

1727	if($maxBlockTime = self::wfsnIsBlocked($IP, 'brute')){
1728	self::getLog()->blockIP($IP, "Blocked by Wordfence Security Network", true, false, $maxBlockTime);
1729	$secsToGo = wfConfig::get('blockedTime');
1730	+ self::getLog()->getCurrentRequest()->action = 'blocked:wfsn';
1731	self::getLog()->do503($secsToGo, "Blocked by Wordfence Security Network");
1732	}
1733

1789	$wfdb = new wfDB();
1790	global $wpdb;
1791	$p = $wpdb->base_prefix;
1792	+ $rawBlocks = $wfdb->querySelect("SELECT SQL_CALC_FOUND_ROWS IP, ctime, actionData FROM {$p}wfHits WHERE ctime > %.6f AND action = 'blocked:wfsnrepeat' ORDER BY ctime ASC LIMIT 100", $threshold);
1793	$totalRows = $wpdb->get_var('SELECT FOUND_ROWS()');
1794	$ipCounts = array();
1795	$maxctime = 0;
1796	foreach ($rawBlocks as $record) {
1797	$maxctime = max($maxctime, $record['ctime']);
1798	+ $endpointType = 0;
1799	+ if (!empty($record['actionData'])) {
1800	+ $actionData = wfRequestModel::unserializeActionData($record['actionData']);
1801	+ if (isset($actionData['type'])) {
1802	+ $endpointType = $actionData['type'];
1803	+ }
1804	+ }
1805	if (isset($ipCounts[$record['IP']])) {
1806	+ $ipCounts[$record['IP']] = array();
1807	+ }
1808	+
1809	+ if (isset($ipCounts[$record['IP']][$endpointType])) {
1810	+ $ipCounts[$record['IP']][$endpointType]++;
1811	}
1812	else {
1813	+ $ipCounts[$record['IP']][$endpointType] = 1;
1814	}
1815	}
1816
1817	$toSend = array();
1818	+ foreach ($ipCounts as $IP => $endpoints) {
1819	+ foreach ($endpoints as $endpointType => $count) {
1820	+ $toSend[] = array('IP' => base64_encode($IP), 'count' => $count, 'blocked' => 1, 'type' => $endpointType);
1821	+ }
1822	}
1823
1824	try {

1861	}
1862	public static function wfsnReportBlockedAttempt($IP, $type){
1863	self::wfsnScheduleBatchReportBlockedAttempts();
1864	+ $endpointType = self::wfsnEndpointType();
1865	+ self::getLog()->getCurrentRequest()->actionData = wfRequestModel::serializeActionData(array('type' => $endpointType));
1866	}
1867	public static function wfsnBatchReportFailedAttempts() {
1868	$threshold = time();

1870	$wfdb = new wfDB();
1871	global $wpdb;
1872	$p = $wpdb->base_prefix;
1873	+ $toSend = $wfdb->querySelect("SELECT id, IP, type, count, 1 AS failed FROM {$p}wfSNIPCache WHERE count > 0 AND expiration < FROM_UNIXTIME(%d) LIMIT 100", $threshold);
1874	$toDelete = array();
1875	if (count($toSend)) {
1876	foreach ($toSend as &$record) {

1918	restore_current_blog();
1919	}
1920	}
1921	+ public static function wfsnIsBlocked($IP, $hitType){
1922	$wfdb = new wfDB();
1923	global $wpdb;
1924	$p = $wpdb->base_prefix;
1925	+ $endpointType = self::wfsnEndpointType();
1926	+ $cachedRecord = $wfdb->querySingleRec("SELECT id, body FROM {$p}wfSNIPCache WHERE IP = '%s' AND type = %d AND expiration > NOW()", $IP, $endpointType);
1927	if (isset($cachedRecord)) {
1928	$wfdb->queryWriteIgnoreError("UPDATE {$p}wfSNIPCache SET count = count + 1 WHERE id = %d", $cachedRecord['id']);
1929	if (preg_match('/BLOCKED:(\d+)/', $cachedRecord['body'], $matches) && (!self::getLog()->isWhitelisted($IP))) {

1933	}
1934
1935	try {
1936	+ $result = wp_remote_get(WORDFENCE_HACKATTEMPT_URL . 'hackAttempt/?k=' . rawurlencode(wfConfig::get('apiKey')) .
1937	+ '&IP=' . rawurlencode(filter_var($IP, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) ? wfUtils::inet_aton($IP) : wfUtils::inet_pton($IP)) .
1938	+ '&t=' . rawurlencode($hitType) .
1939	+ '&type=' . $endpointType,
1940	+ array(
1941	+ 'timeout' => 3,
1942	+ 'user-agent' => "Wordfence.com UA " . (defined('WORDFENCE_VERSION') ? WORDFENCE_VERSION : '[Unknown version]'),
1943	+ ));
1944	if (is_wp_error($result)) {
1945	return false;
1946	}
1947	+ $wfdb->queryWriteIgnoreError("INSERT INTO {$p}wfSNIPCache (IP, type, expiration, body) VALUES ('%s', %d, DATE_ADD(NOW(), INTERVAL %d SECOND), '%s')", $IP, $endpointType, 30, $result['body']);
1948	self::wfsnScheduleBatchReportFailedAttempts();
1949	if (preg_match('/BLOCKED:(\d+)/', $result['body'], $matches) && (!self::getLog()->isWhitelisted($IP))) {
1950	return $matches[1];

1954	return false;
1955	}
1956	}
1957	+ public static function wfsnEndpointType() {
1958	+ $wploginPath = ABSPATH . 'wp-login.php';
1959	+ $type = 0; //Unknown
1960	+ if (defined('XMLRPC_REQUEST') && XMLRPC_REQUEST) {
1961	+ $type = 2;
1962	+ }
1963	+ else if (isset($_SERVER['SCRIPT_FILENAME']) && $_SERVER['SCRIPT_FILENAME'] == $wploginPath) {
1964	+ $type = 1;
1965	+ }
1966	+ return $type;
1967	+ }
1968	public static function logoutAction(){
1969	$userID = get_current_user_id();
1970	$userDat = get_user_by('id', $userID);

2812	}
2813	} else {
2814	$api = new wfAPI($opts['apiKey'], wfUtils::getWPVersion());
2815	+ try {
2816	+ $api->call('ping_api_key', array(), array());
2817	+ }
2818	+ catch (Exception $e){
2819	+ return array('errorMsg' => "Your options have been saved. However we tried to verify your API key with the Wordfence servers and received an error: " . wp_kses($e->getMessage(), array()) );
2820	+ }
2821	}
2822	return array('ok' => 1, 'reload' => $reload, 'paidKeyMsg' => $paidKeyMsg );
2823	}

6140	ORDER BY attackLogTime DESC
6141	LIMIT 10", array_merge($wafAlertWhitelist, array($cutoffTime))));
6142	$attackCount = $wpdb->get_var('SELECT FOUND_ROWS()');
6143	+ $threshold = (int) wfConfig::get('wafAlertThreshold');
6144	+ if ($threshold < 1) {
6145	+ $threshold = 100;
6146	+ }
6147	+ if ($attackCount >= $threshold) {
6148	$durationMessage = wfUtils::makeDuration($alertInterval);
6149	$message = <<<ALERTMSG
6150	The Wordfence Web Application Firewall has blocked {$attackCount} attacks over the last {$durationMessage}. Below is a sample of these recent attacks:

6391	if (class_exists('wfWAFIPBlocksController')) {
6392	if ($action == wfWAFIPBlocksController::WFWAF_BLOCK_WFSN) {
6393	$hit->action = 'blocked:wfsnrepeat';
6394	+ wordfence::wfsnReportBlockedAttempt($hit->IP, 'waf');
6395	}
6396	}
6397	$hit->actionDescription = $actionDescription;

readme.txt CHANGED Viewed

	@@ -2,54 +2,53 @@
2	Contributors: mmaunder
3	Tags: security, secure, security plugin, wordpress security, login security, firewall, malware, antivirus, web application firewall, block hackers, country blocking
4	Requires at least: 3.9
5	- Tested up to: 4.7.0
6	- Stable tag: 6.2.9
7
8	Secure your website with the most comprehensive WordPress security plugin. Firewall, malware scan, blocking, live traffic, login security & more.
9
10	== Description ==
11	= THE MOST DOWNLOADED WORDPRESS SECURITY PLUGIN =
12
13	- Secure your website with Wordfence. Powered by the constantly updated Threat Defense Feed, our Web Application Firewall stops you from getting hacked. Wordfence Scan leverages the same proprietary feed, alerting you quickly in the event your site is compromised. Our Live Traffic view gives you real-time visibility into traffic and hack attempts on your website. A deep set of ~~addtional~~ tools round out the most complete WordPress security solution available.
14
15	- Wordfence Security is 100% free and open source. We also offer a Premium API key that gives you Premium Support, Country Blocking, Scheduled Scans, Password Auditing and we even check if your website IP address is being used to Spamvertize. [Click here to sign-up for Wordfence Premium now](http://www.wordfence.com~~/?utm_source=repo&utm_medium=web&utm_campaign=pluginDescCTA~~) or simply install Wordfence free and start protecting your website.
16
17	- You can find our official documentation at [docs.wordfence.com](http://docs.wordfence.com~~/?utm_source=repo&utm_medium=web&utm_campaign=pluginDesc~~) and our Frequently Asked Questions on our support portal at [support.wordfence.com](https://support.wordfence.com/solution/categories/1000023037/folders/1000035543~~?utm_source=repo&utm_medium=web&utm_campaign=pluginDesc~~). We are also active in our community support forums on [wordpress.org](https://wordpress.org/support/plugin/wordfence) if you are one of our free users. Our Premium Support Ticket System is at [support.wordfence.com](https://support.wordfence.com~~/?utm_source=repo&utm_medium=web&utm_campaign=pluginDesc~~). Learn about WordPress security at [wordfence.com/learn](https://www.wordfence.com/learn~~/?utm_source=repo&utm_medium=web&utm_campaign=pluginDesc~~).
18
19	This is a brief introductory video for Wordfence:
20
21	[vimeo http://vimeo.com/134150724]
22
23	- Wordfence Security is ~~now~~ Multi-Site compatible and includes Cellphone Sign-in which permanently secures your website from brute force hacks.
24
25	- = ~~WORDFENCE~~ WORDPRESS SECURITY FEATURES =
26
27	= WordPress Firewall =
28	* Web Application Firewall stops you from getting hacked by identifying malicious traffic, blocking attackers before they can access your website.
29	* Threat Defense Feed automatically updates firewall rules that protect you from the latest threats. Premium members receive the real-time version.
30	- * Block common security threats like fake Googlebots, malicious scans from hackers and botnets.
31
32	= Blocking Features =
33	* Real-time blocking of known attackers. If another site using Wordfence is attacked and blocks the attacker, your site is automatically protected.
34	- * Block entire malicious networks. Includes advanced IP and Domain WHOIS to report malicious IP's or networks and block entire networks using the firewall. Report security threats to network owner.
35	- * Rate limit or block security threats like aggressive crawlers, scrapers and bots doing security scans for vulnerabilities in your site.
36	- * Choose whether you want to block or throttle users and robots who break your security rules.
37	* Premium users can also block countries and schedule scans for specific times and a higher frequency.
38
39	- = Login Security =
40	* Sign-in using your password and your cellphone to vastly improve login security. This is called Two Factor Authentication and is used by banks, government agencies and military world-wide for highest security authentication.
41	- * Includes two-factor authentication, also referred to as cellphone sign-in.
42	* Enforce strong passwords among your administrators, publishers and users. Improve login security.
43	* Checks the strength of all user and admin passwords to enhance login security.
44	- * Includes login security to lock out brute force hacks and to stop WordPress from revealing info that will compromise security.
45
46	= Security Scanning =
47	* Scans for the HeartBleed vulnerability - included in the free scan for all users.
48	* Scans core files, themes and plugins against WordPress.org repository versions to check their integrity. Verify security of your source.
49	* See how files have changed. Optionally repair changed files that are security threats.
50	- * Scans for signatures of over 44,000 known malware variants that are known security threats.
51	* Scans for many known backdoors that create security holes including C99, R57, RootShell, Crystal Shell, Matamu, Cybershell, W4cking, Sniper, Predator, Jackal, Phantasma, GFS, Dive, Dx and many many more.
52	- * Continuously scans for malware and phishing URL's including all ~~URL's~~ on the Google Safe Browsing List in all your comments, posts and files that are security threats.
53	* Scans for heuristics of backdoors, trojans, suspicious code and other security issues.
54
55	= Monitoring Features =
	@@ -59,7 +58,7 @@ Wordfence Security is now Multi-Site compatible and includes Cellphone Sign-in w
59	* Monitor your DNS security for unauthorized DNS changes.
60	* Monitors disk space which is related to security because many DDoS attacks attempt to consume all disk space to create denial of service.
61
62	- = Multi-Site Security =
63	* Wordfence Security for multi-site also scans all posts and comments across all blogs from one admin panel.
64	* WordPress Multi-Site (or WordPress MU in the older parlance) compatible.
65
	@@ -70,7 +69,7 @@ Wordfence Security is now Multi-Site compatible and includes Cellphone Sign-in w
70	* Includes support for other major plugins and themes like WooCommerce.
71
72	= Free Learning Center =
73	- * The Wordfence website includes an in-depth [WordPress Security Learning Center](https://www.wordfence.com/learn~~/?utm_source=repo&utm_medium=web&utm_campaign=pluginDesc~~).
74
75	The Wordfence WordPress security plugin is full-featured and constantly updated by our team to incorporate the latest security features and to hunt for the newest security threats to your WordPress website.
76
	@@ -100,18 +99,18 @@ To install the Wordfence WordPress security plugin on WordPress Multi-Site insta
100
101	Secure your website with Wordfence.
102
103	- [Visit our support website which contains a FAQ and knowledgebase which is more comprehensive and updated frequently.](http://support.wordfence.com~~/?utm_source=repo&utm_medium=web&utm_campaign=pluginDesc~~)
104
105	= What does Wordfence Security do that other WordPress security plugins don't do? =
106
107	* Wordfence Security actually verifies your website source code integrity against the official WordPress repository and shows you the changes. We are the only plugin to do this.
108	- * Wordfence Security provides two-factor authentication (Cellphone Sign-in) for paid members. We're the first plugin to offer this.
109	* Wordfence Security fully supports IPv6 including giving you the ability to look up the location of IPv6 addresses, block IPv6 ranges, detect IPv6 country and do a whois lookup on IPv6 addresses and more.
110	* Wordfence Security includes protection against DDoS attacks by giving you a performance boost up to 50X.
111	* Wordfence Security scans check all your files, comments and posts for URL's in Google's Safe Browsing list. We are the only plugin to offer this very important security enhancement.
112	* Wordfence Security scans do not consume large amounts of your precious bandwidth because all security scans happen on your web server which makes them very fast.
113	* Wordfence Security fully supports WordPress Multi-Site which means you can security scan every blog in your Multi-Site installation with one click.
114	* Wordfence Security includes Two-Factor authentication, the most secure way to stop brute force attackers in their tracks.

115
116	= Does Wordfence Security support Multi-Site installations? =
117
	@@ -119,19 +118,15 @@ Yes. WordPress MU or Multi-Site as it's called now is fully supported. Using Wor
119
120	= Will Wordfence Security slow my site down? =
121
122	- No. Wordfence is extremely fast and uses techniques like caching its own configuration data to avoid database lookups and blocking malicious attacks that would slow down your site. Older
123	- versions of Wordfence did incur a slight performance penalty, but we have not only fixed this issue but knocked it out of the park.
124
125	= How often is Wordfence Security updated? =
126
127	- The Wordfence Security plugin is frequently updated and we update the code on our security scanning servers
128	- more frequently. Our cloud servers are continually updated with the latest known security threats and vulnerabilities so
129	- that we can blog any security threat as soon as it emerges in the wild.
130
131	= What if I need support? =
132
133	- All our paid customers receive priority support. Excellent customer service is a key part
134	- of being a Wordfence Security member. As free or Premium member can visit [support.wordfence.com](http://support.wordfence.com/?utm_source=repo&utm_medium=web&utm_campaign=pluginDesc) and where you will find out knowledgebase. If you're a Premium member you can also open a support ticket.
135
136	= Can I disable certain security features of Wordfence Security? =
137
	@@ -139,44 +134,27 @@ Yes! Simply visit the Options page, click on advanced options and enable or disa
139
140	= What if my site security has already been compromised by a hacker? =
141
142	- Wordfence Security is the only WordPress security plugin that is able to repair core files, themes and plugins on sites where security is already compromised.
143	- However, please note that site security can not be assured unless you do a full reinstall if your site has been hacked. We recommend you only
144	- use Wordfence Security to get your site into a running state in order to recover the data you need to do a full reinstall. A full reinstall is the only
145	- way to ensure site security once you have been hacked.
146
147	= How will I be alerted that my site has a security problem? =
148
149	- Wordfence Security sends security alerts via email. Once you install Wordfence Security, you will configure a list of email addresses where security alerts will be sent.
150	- When you receive a security alert, make sure you deal with it promptly to ensure your site stays secure.
151
152	= My WordPress site is behind a firewall. Doesn't that make it secure? =
153
154	- If your site is accessible from the web, it means that people you don't know can execute PHP code on your site.
155	- They have to be able to execute PHP code, like the core WordPress code, in order for your site to work.
156	- Most WordPress security threats allow a hacker to execute PHP code on your website. The challenge hackers
157	- face is how to get their malicious PHP code onto your site to compromise your security. There
158	- are many upload mechanisms that WordPress itself, themes and plugins offer and the vast majority of these
159	- are secure. However, every now and then a hacker discovers an upload mechanism that is not secure or
160	- a way of fooling your site into allowing an upload. That is usually when security is compromised. Even
161	- though your site is behind a commercial firewall, it still accepts web requests that include uploads and executes PHP code
162	- and as long as it does that, it may become face a security vulnerability at some point.
163
164	= Will Wordfence Security protect me against the Timthumb security problem? =
165
166	- The timthumb security exploit occurred in 2011 and all good plugins and themes now use an updated
167	- version of timthumb (which the creator of Wordfence Security wrote and donated to the timthumb author) which closes the security hole that
168	- caused the problem. However we do scan for old version of timthumb for good measure to make sure they don't
169	- cause a security hole on your site.
170
171	= Does Wordfence Security support IPv6? =
172
173	- Most definitely! As of Wordfence version 6.0.1 we fully support IPv6 with all security functions including country blocking, range blocking,
174	- city lookup, whois lookup and all other security functions. If you are not running IPv6 Wordfence will work great on your site too. We are
175	- fully compatible with both IPv4 and IPv6 whether you run both or only one addressing scheme.
176
177	= Where can I learn more about WordPress security? =
178
179	- Designed for every skill level, [The WordPress Security Learning Center](https://www.wordfence.com/learn~~/?utm_source=repo&utm_medium=web&utm_campaign=pluginDesc~~) is dedicated to deepening user's understanding of security best practices by having access to in-depth articles, videos, industry survey results, graphics and more.
180
181	== Screenshots ==
182
	@@ -190,6 +168,14 @@ Secure your website with Wordfence.
190
191	== Changelog ==
192








193	= 6.2.9 =
194	* Improvement: Updated internal GeoIP database.
195	* Improvement: Better error handling when a site is unreachable publicly.


2	Contributors: mmaunder
3	Tags: security, secure, security plugin, wordpress security, login security, firewall, malware, antivirus, web application firewall, block hackers, country blocking
4	Requires at least: 3.9
5	+ Tested up to: 4.7.1
6	+ Stable tag: 6.2.10
7
8	Secure your website with the most comprehensive WordPress security plugin. Firewall, malware scan, blocking, live traffic, login security & more.
9
10	== Description ==
11	= THE MOST DOWNLOADED WORDPRESS SECURITY PLUGIN =
12
13	+ WordPress security is all we do. Secure your WordPress website with Wordfence. Powered by the constantly updated Threat Defense Feed, our Web Application Firewall stops you from getting hacked. Wordfence Scan leverages the same proprietary feed, alerting you quickly in the event your site is compromised. Our Live Traffic view gives you real-time visibility into traffic and hack attempts on your WordPress website. A deep set of additional tools round out the most complete WordPress security solution available.
14
15	+ With over 22 million downloads, Wordfence is the most popular WordPress security plugin available. Wordfence Security is 100% free and open source. We also offer a Premium API key that gives you Premium Support, Country Blocking, Scheduled Scans, Password Auditing, real-time updates to the Threat Defense Feed, two-factor authentication, and we even check if your website IP address is being used to Spamvertize. [Click here to sign-up for Wordfence Premium now](http://www.wordfence.com/) or simply install Wordfence free and start protecting your website.
16
17	+ You can find our official documentation at [docs.wordfence.com](http://docs.wordfence.com/) and our Frequently Asked Questions on our support portal at [support.wordfence.com](https://support.wordfence.com/solution/categories/1000023037/folders/1000035543). We are also active in our community support forums on [wordpress.org](https://wordpress.org/support/plugin/wordfence) if you are one of our free users. Our Premium Support Ticket System is at [support.wordfence.com](https://support.wordfence.com/). Learn about WordPress security at [wordfence.com/learn](https://www.wordfence.com/learn/).
18
19	This is a brief introductory video for Wordfence:
20
21	[vimeo http://vimeo.com/134150724]
22
23	+ Wordfence Security is Multi-Site compatible and includes Cellphone Sign-in which permanently secures your WordPress website from brute force hacks.
24
25	+ = WORDPRESS SECURITY FEATURES =
26
27	= WordPress Firewall =
28	* Web Application Firewall stops you from getting hacked by identifying malicious traffic, blocking attackers before they can access your website.
29	* Threat Defense Feed automatically updates firewall rules that protect you from the latest threats. Premium members receive the real-time version.
30	+ * Block common WordPress security threats like fake Googlebots, malicious scans from hackers and botnets.
31
32	= Blocking Features =
33	* Real-time blocking of known attackers. If another site using Wordfence is attacked and blocks the attacker, your site is automatically protected.
34	+ * Block entire malicious networks. Includes advanced IP and Domain WHOIS to report malicious IP's or networks and block entire networks using the firewall. Report WordPress security threats to network owner.
35	+ * Rate limit or block WordPress security threats like aggressive crawlers, scrapers and bots doing security scans for vulnerabilities in your site.
36	+ * Choose whether you want to block or throttle users and robots who break your WordPress security rules.
37	* Premium users can also block countries and schedule scans for specific times and a higher frequency.
38
39	+ = WordPress Login Security =
40	* Sign-in using your password and your cellphone to vastly improve login security. This is called Two Factor Authentication and is used by banks, government agencies and military world-wide for highest security authentication.

41	* Enforce strong passwords among your administrators, publishers and users. Improve login security.
42	* Checks the strength of all user and admin passwords to enhance login security.
43	+ * Includes login security to lock out brute force hacks and to stop WordPress from revealing info that will compromise WordPress security.
44
45	= Security Scanning =
46	* Scans for the HeartBleed vulnerability - included in the free scan for all users.
47	* Scans core files, themes and plugins against WordPress.org repository versions to check their integrity. Verify security of your source.
48	* See how files have changed. Optionally repair changed files that are security threats.
49	+ * Scans for signatures of over 44,000 known malware variants that are known WordPress security threats.
50	* Scans for many known backdoors that create security holes including C99, R57, RootShell, Crystal Shell, Matamu, Cybershell, W4cking, Sniper, Predator, Jackal, Phantasma, GFS, Dive, Dx and many many more.
51	+ * Continuously scans for malware and phishing URL's including all URLs on the Google Safe Browsing List in all your comments, posts and files that are security threats.
52	* Scans for heuristics of backdoors, trojans, suspicious code and other security issues.
53
54	= Monitoring Features =

58	* Monitor your DNS security for unauthorized DNS changes.
59	* Monitors disk space which is related to security because many DDoS attacks attempt to consume all disk space to create denial of service.
60
61	+ = Multi-Site WordPress Security =
62	* Wordfence Security for multi-site also scans all posts and comments across all blogs from one admin panel.
63	* WordPress Multi-Site (or WordPress MU in the older parlance) compatible.
64

69	* Includes support for other major plugins and themes like WooCommerce.
70
71	= Free Learning Center =
72	+ * The Wordfence website includes an in-depth [WordPress Security Learning Center](https://www.wordfence.com/learn/).
73
74	The Wordfence WordPress security plugin is full-featured and constantly updated by our team to incorporate the latest security features and to hunt for the newest security threats to your WordPress website.
75

99
100	Secure your website with Wordfence.
101
102	+ [Visit our support website which contains a FAQ and knowledgebase which is more comprehensive and updated frequently.](http://support.wordfence.com/)
103
104	= What does Wordfence Security do that other WordPress security plugins don't do? =
105
106	* Wordfence Security actually verifies your website source code integrity against the official WordPress repository and shows you the changes. We are the only plugin to do this.

107	* Wordfence Security fully supports IPv6 including giving you the ability to look up the location of IPv6 addresses, block IPv6 ranges, detect IPv6 country and do a whois lookup on IPv6 addresses and more.
108	* Wordfence Security includes protection against DDoS attacks by giving you a performance boost up to 50X.
109	* Wordfence Security scans check all your files, comments and posts for URL's in Google's Safe Browsing list. We are the only plugin to offer this very important security enhancement.
110	* Wordfence Security scans do not consume large amounts of your precious bandwidth because all security scans happen on your web server which makes them very fast.
111	* Wordfence Security fully supports WordPress Multi-Site which means you can security scan every blog in your Multi-Site installation with one click.
112	* Wordfence Security includes Two-Factor authentication, the most secure way to stop brute force attackers in their tracks.
113	+ * Wordfence security provides a WordPress Firewall developed specifically for WordPress and is kept up to date by our Threat Defense Feed. Premium customers receive updates in real-time.
114
115	= Does Wordfence Security support Multi-Site installations? =
116

118
119	= Will Wordfence Security slow my site down? =
120
121	+ No. Wordfence is extremely fast and uses techniques like caching its own configuration data to avoid database lookups and blocking malicious attacks that would slow down your site. Older versions of Wordfence did incur a slight performance penalty, but we have not only fixed this issue but knocked it out of the park.

122
123	= How often is Wordfence Security updated? =
124
125	+ The Wordfence Security plugin is frequently updated and we update the code on our security scanning servers more frequently. Our cloud servers are continually updated with the latest known security threats and vulnerabilities so that we can blog any security threat as soon as it emerges in the wild.


126
127	= What if I need support? =
128
129	+ All our paid customers receive priority support. Excellent customer service is a key part of being a Wordfence Security member. As free or Premium member can visit [support.wordfence.com](http://support.wordfence.com/) and where you will find out knowledgebase. If you're a Premium member you can also open a support ticket.

130
131	= Can I disable certain security features of Wordfence Security? =
132

134
135	= What if my site security has already been compromised by a hacker? =
136
137	+ Wordfence Security is the only WordPress security plugin that is able to repair core files, themes and plugins on sites where security is already compromised. However, please note that site security can not be assured unless you do a full reinstall if your site has been hacked. We recommend you only use Wordfence Security to get your site into a running state in order to recover the data you need to do a full reinstall. A full reinstall is the only way to ensure site security once you have been hacked.



138
139	= How will I be alerted that my site has a security problem? =
140
141	+ Wordfence Security sends security alerts via email. Once you install Wordfence Security, you will configure a list of email addresses where security alerts will be sent. When you receive a security alert, make sure you deal with it promptly to ensure your site stays secure.

142
143	= My WordPress site is behind a firewall. Doesn't that make it secure? =
144
145	+ If your site is accessible from the web, it means that people you don't know can execute PHP code on your site. They have to be able to execute PHP code, like the core WordPress code, in order for your site to work. Most WordPress security threats allow a hacker to execute PHP code on your website. The challenge hackers face is how to get their malicious PHP code onto your site to compromise your security. There are many upload mechanisms that WordPress itself, themes and plugins offer and the vast majority of these are secure. However, every now and then a hacker discovers an upload mechanism that is not secure or a way of fooling your site into allowing an upload. That is usually when security is compromised. Even though your site is behind a commercial firewall, it still accepts web requests that include uploads and executes PHP code and as long as it does that, it may face a security vulnerability at some point.








146
147	= Will Wordfence Security protect me against the Timthumb security problem? =
148
149	+ The timthumb security exploit occurred in 2011 and all good plugins and themes now use an updated version of timthumb (which the creator of Wordfence Security wrote and donated to the timthumb author) which closes the security hole that caused the problem. However we do scan for old version of timthumb for good measure to make sure they don't cause a security hole on your site.



150
151	= Does Wordfence Security support IPv6? =
152
153	+ Most definitely! As of Wordfence version 6.0.1 we fully support IPv6 with all security functions including country blocking, range blocking, city lookup, whois lookup and all other security functions. If you are not running IPv6 Wordfence will work great on your site too. We are fully compatible with both IPv4 and IPv6 whether you run both or only one addressing scheme.


154
155	= Where can I learn more about WordPress security? =
156
157	+ Designed for every skill level, [The WordPress Security Learning Center](https://www.wordfence.com/learn/) is dedicated to deepening user's understanding of security best practices by having access to in-depth articles, videos, industry survey results, graphics and more.
158
159	== Screenshots ==
160

168
169	== Changelog ==
170
171	+ = 6.2.10 =
172	+ * Improvement: Better reporting for failed brute force login attempts.
173	+ * Change: Reworded setting for ignored IPs in the WAF alert email.
174	+ * Change: Updated support link on scan page.
175	+ * Fix: When a key is in place on multiple sites, it's now possible to downgrade the ones not registered for it.
176	+ * Fix: Addressed an issue where the increased attack rate emails would send repeatedly if the threshold value was missing.
177	+ * Fix: Typo fix in firewall rule 11 name.
178	+
179	= 6.2.9 =
180	* Improvement: Updated internal GeoIP database.
181	* Improvement: Better error handling when a site is unreachable publicly.

wordfence.php CHANGED Viewed

	@@ -4,14 +4,14 @@ Plugin Name: Wordfence Security
4	Plugin URI: http://www.wordfence.com/
5	Description: Wordfence Security - Anti-virus, Firewall and Malware Scan
6	Author: Wordfence
7	- Version: 6.2.9
8	Author URI: http://www.wordfence.com/
9	Network: true
10	*/
11	if(defined('WP_INSTALLING') && WP_INSTALLING){
12	return;
13	}
14	- define('WORDFENCE_VERSION', '6.2.9');
15	define('WORDFENCE_BASENAME', function_exists('plugin_basename') ? plugin_basename(__FILE__) :
16	basename(dirname(__FILE__)) . '/' . basename(__FILE__));
17


4	Plugin URI: http://www.wordfence.com/
5	Description: Wordfence Security - Anti-virus, Firewall and Malware Scan
6	Author: Wordfence
7	+ Version: 6.2.10
8	Author URI: http://www.wordfence.com/
9	Network: true
10	*/
11	if(defined('WP_INSTALLING') && WP_INSTALLING){
12	return;
13	}
14	+ define('WORDFENCE_VERSION', '6.2.10');
15	define('WORDFENCE_BASENAME', function_exists('plugin_basename') ? plugin_basename(__FILE__) :
16	basename(dirname(__FILE__)) . '/' . basename(__FILE__));
17

Wordfence Security – Firewall & Malware Scan - Version 6.2.10

Version Description

Release Info

Code changes from version 6.2.9 to 6.2.10