Wordfence Security – Firewall &amp; Malware Scan

Version Description

Improvement: Updated internal GeoIP database.
Improvement: Better error handling when a site is unreachable publicly.
Fix: Fixed a URL in alert emails that did not correctly detect when sent from a multisite installation.
Fix: Addressed an issue where the scan did not alert about a new WordPress version.

Release Info

Developer	wfryan
Plugin	Wordfence Security – Firewall & Malware Scan
Version	6.2.9
Comparing to
See all releases

Code changes from version 6.2.8 to 6.2.9

Files changed (12) hide show

js/admin.js +4 -0
lib/GeoIP.dat +0 -0
lib/GeoIPv6.dat +0 -0
lib/email_genericAlert.php +1 -1
lib/email_newIssues.php +2 -2
lib/wfScanEngine.php +9 -2
lib/wfUpdateCheck.php +2 -2
lib/wfUtils.php +4 -1
lib/wordfenceClass.php +16 -11
readme.txt +7 -1
views/reports/activity-report-email-inline.php +2 -2
wordfence.php +2 -2

js/admin.js CHANGED Viewed

	@@ -593,6 +593,10 @@
593	msg = item.msg.replace('SUM_ENDERR:', '');
594	jQuery('div.wfSummaryMsg:contains("' + msg + '")').next().addClass('wfSummaryErr').html('An error occurred.');
595	summaryUpdated = true;




596	} else if (item.msg.indexOf('SUM_DISABLED:') != -1) {
597	msg = item.msg.replace('SUM_DISABLED:', '');
598	jQuery('#consoleSummary').append('<div class="wfSummaryLine"><div class="wfSummaryDate">[' + item.date + ']</div><div class="wfSummaryMsg">' + msg + '</div><div class="wfSummaryResult">Disabled [<a href="admin.php?page=WordfenceSecOpt">Visit Options to Enable</a>]</div><div class="wfClear"></div>');


593	msg = item.msg.replace('SUM_ENDERR:', '');
594	jQuery('div.wfSummaryMsg:contains("' + msg + '")').next().addClass('wfSummaryErr').html('An error occurred.');
595	summaryUpdated = true;
596	+ } else if (item.msg.indexOf('SUM_ENDSKIPPED') != -1) {
597	+ msg = item.msg.replace('SUM_ENDSKIPPED:', '');
598	+ jQuery('div.wfSummaryMsg:contains("' + msg + '")').next().addClass('wfSummaryResult').html('Skipped.');
599	+ summaryUpdated = true;
600	} else if (item.msg.indexOf('SUM_DISABLED:') != -1) {
601	msg = item.msg.replace('SUM_DISABLED:', '');
602	jQuery('#consoleSummary').append('<div class="wfSummaryLine"><div class="wfSummaryDate">[' + item.date + ']</div><div class="wfSummaryMsg">' + msg + '</div><div class="wfSummaryResult">Disabled [<a href="admin.php?page=WordfenceSecOpt">Visit Options to Enable</a>]</div><div class="wfClear"></div>');

lib/GeoIP.dat CHANGED Viewed

Binary file

lib/GeoIPv6.dat CHANGED Viewed

Binary file

lib/email_genericAlert.php CHANGED Viewed

	@@ -1,6 +1,6 @@
1	This email was sent from your website "<?php echo $blogName; ?>" by the Wordfence plugin at <?php echo $date; ?>
2
3	- The Wordfence administrative URL for this site is: <?php echo ~~$adminURL; ?>~~admin.php?page=Wordfence
4
5	<?php echo $alertMsg; ?>
6	<?php if($IPMsg){ echo "\n$IPMsg\n"; } ?>


1	This email was sent from your website "<?php echo $blogName; ?>" by the Wordfence plugin at <?php echo $date; ?>
2
3	+ The Wordfence administrative URL for this site is: <?php echo network_admin_url('admin.php?page=Wordfence'); ?>
4
5	<?php echo $alertMsg; ?>
6	<?php if($IPMsg){ echo "\n$IPMsg\n"; } ?>

lib/email_newIssues.php CHANGED Viewed

	@@ -13,7 +13,7 @@
13
14	<?php if ($timeLimitReached): ?>
15	<div style="margin: 12px 0;padding: 8px; background-color: #ffffe0; border: 1px solid #ffd975; border-width: 1px 1px 1px 10px;">
16	- <em>The scan was terminated early because it reached the time limit for scans. If you would like to allow your scans to run longer, you can customize the limit on the options page: <a href="<?php echo ~~$adminURL; ?>~~admin.php?page=WordfenceSecOpt"><?php echo ~~$adminURL; ?>~~admin.php?page=WordfenceSecOpt</a> or read more about scan options to improve scan speed here: <a href="https://docs.wordfence.com/en/Scan_time_limit">https://docs.wordfence.com/en/Scan_time_limit</a></em>
17	</div>
18	<?php endif ?>
19
	@@ -51,7 +51,7 @@
51	<?php } } } ?>
52
53	<?php if ($issuesNotShown > 0) { ?>
54	- <p><?php echo wfUtils::pluralize($issuesNotShown, 'issue'); ?> were omitted from this email. View every issue: <a href="<?php echo ~~$adminURL; ?>~~admin.php?page=Wordfence"><?php echo ~~$adminURL; ?>~~admin.php?page=Wordfence</a></p>
55	<?php } ?>
56
57


13
14	<?php if ($timeLimitReached): ?>
15	<div style="margin: 12px 0;padding: 8px; background-color: #ffffe0; border: 1px solid #ffd975; border-width: 1px 1px 1px 10px;">
16	+ <em>The scan was terminated early because it reached the time limit for scans. If you would like to allow your scans to run longer, you can customize the limit on the options page: <a href="<?php echo esc_attr(network_admin_url('admin.php?page=WordfenceSecOpt')); ?>"><?php echo esc_attr(network_admin_url('admin.php?page=WordfenceSecOpt')); ?></a> or read more about scan options to improve scan speed here: <a href="https://docs.wordfence.com/en/Scan_time_limit">https://docs.wordfence.com/en/Scan_time_limit</a></em>
17	</div>
18	<?php endif ?>
19

51	<?php } } } ?>
52
53	<?php if ($issuesNotShown > 0) { ?>
54	+ <p><?php echo wfUtils::pluralize($issuesNotShown, 'issue'); ?> were omitted from this email. View every issue: <a href="<?php echo esc_attr(network_admin_url('admin.php?page=Wordfence')); ?>"><?php echo esc_html(network_admin_url('admin.php?page=Wordfence')); ?></a></p>
55	<?php } ?>
56
57

lib/wfScanEngine.php CHANGED Viewed

	@@ -369,8 +369,15 @@ class wfScanEngine {
369	$recommendation = wfConfig::get('detectProxyRecommendation', '');
370	}
371
372	- ~~if (~~$~~recommendation~~ == ~~'DEFERRED' \|\| empty($recommendation)) {~~

373	//Do nothing






374	}
375	else if ($recommendation == 'UNKNOWN') {
376	$this->addIssue('checkHowGetIPs', 2, 'checkHowGetIPs', 'checkHowGetIPs' . $recommendation . WORDFENCE_VERSION, "Unable to accurately detect IPs", 'Wordfence was unable to validate a test request to your website. This can happen if your website is behind a proxy that does not use one of the standard ways to convey the IP of the request or it is unreachable publicly. IP blocking and live traffic information may not be accurate. <a href="https://docs.wordfence.com/en/Misconfigured_how_get_IPs_notice " target="_blank">Get More Information</a>', array());
	@@ -395,7 +402,7 @@ class wfScanEngine {
395	$haveIssues = true;
396	}
397
398	- wordfence::statusEnd($this->statusIDX['checkHowGetIPs'], $haveIssues);
399	}
400	}
401


369	$recommendation = wfConfig::get('detectProxyRecommendation', '');
370	}
371
372	+ $failed = false;
373	+ if ($recommendation == 'DEFERRED') {
374	//Do nothing
375	+ wordfence::statusEnd($this->statusIDX['checkHowGetIPs'], $haveIssues, $failed, true);
376	+ return;
377	+ }
378	+ else if (empty($recommendation)) {
379	+ $failed = true;
380	+ $haveIssues = true;
381	}
382	else if ($recommendation == 'UNKNOWN') {
383	$this->addIssue('checkHowGetIPs', 2, 'checkHowGetIPs', 'checkHowGetIPs' . $recommendation . WORDFENCE_VERSION, "Unable to accurately detect IPs", 'Wordfence was unable to validate a test request to your website. This can happen if your website is behind a proxy that does not use one of the standard ways to convey the IP of the request or it is unreachable publicly. IP blocking and live traffic information may not be accurate. <a href="https://docs.wordfence.com/en/Misconfigured_how_get_IPs_notice " target="_blank">Get More Information</a>', array());

402	$haveIssues = true;
403	}
404
405	+ wordfence::statusEnd($this->statusIDX['checkHowGetIPs'], $haveIssues, $failed);
406	}
407	}
408

lib/wfUpdateCheck.php CHANGED Viewed

	@@ -47,13 +47,13 @@ class wfUpdateCheck {
47
48	include( ABSPATH . WPINC . '/version.php' ); //defines $wp_version
49
50	- $update_core = ~~get_site_transient~~(~~'update_core'~~);
51	if ($useCachedValued && isset($update_core->last_checked) && isset($update_core->version_checked) && 12 * HOUR_IN_SECONDS > (time() - $update_core->last_checked) && $update_core->version_checked == $wp_version) { //Duplicate of _maybe_update_core, which is a private call
52	//Do nothing, use cached value
53	}
54	else {
55	wp_version_check();
56	- $update_core = ~~get_site_transient~~(~~'update_core'~~);
57	}
58
59	if (isset($update_core->response) && $update_core->response == 'upgrade') {


47
48	include( ABSPATH . WPINC . '/version.php' ); //defines $wp_version
49
50	+ $update_core = get_preferred_from_update_core();
51	if ($useCachedValued && isset($update_core->last_checked) && isset($update_core->version_checked) && 12 * HOUR_IN_SECONDS > (time() - $update_core->last_checked) && $update_core->version_checked == $wp_version) { //Duplicate of _maybe_update_core, which is a private call
52	//Do nothing, use cached value
53	}
54	else {
55	wp_version_check();
56	+ $update_core = get_preferred_from_update_core();
57	}
58
59	if (isset($update_core->response) && $update_core->response == 'upgrade') {

lib/wfUtils.php CHANGED Viewed

	@@ -1420,9 +1420,13 @@ class wfUtils {
1420	}
1421
1422	public static function requestDetectProxyCallback($timeout = 0.01, $blocking = false, $forceCheck = false) {

1423	if (!$forceCheck) {
1424	$detectProxyNextCheck = wfConfig::get('detectProxyNextCheck', false);
1425	if ($detectProxyNextCheck !== false && time() < $detectProxyNextCheck) {



1426	return; //Let it pull the currently-stored value
1427	}
1428	}
	@@ -1435,7 +1439,6 @@ class wfUtils {
1435	$response = wp_remote_get(sprintf(WFWAF_API_URL_SEC . "proxy-check/%d.txt", $waf->getStorageEngine()->getConfig('attackDataKey')));
1436
1437	if (!is_wp_error($response)) {
1438	- $currentRecommendation = wfConfig::get('detectProxyRecommendation', '');
1439	$okToSendBody = wp_remote_retrieve_body($response);
1440	if (preg_match('/^(ok\|wait),\s*(\d+)$/i', $okToSendBody, $matches)) {
1441	$command = $matches[1];


1420	}
1421
1422	public static function requestDetectProxyCallback($timeout = 0.01, $blocking = false, $forceCheck = false) {
1423	+ $currentRecommendation = wfConfig::get('detectProxyRecommendation', '');
1424	if (!$forceCheck) {
1425	$detectProxyNextCheck = wfConfig::get('detectProxyNextCheck', false);
1426	if ($detectProxyNextCheck !== false && time() < $detectProxyNextCheck) {
1427	+ if (empty($currentRecommendation)) {
1428	+ wfConfig::set('detectProxyRecommendation', 'DEFERRED', wfConfig::DONT_AUTOLOAD);
1429	+ }
1430	return; //Let it pull the currently-stored value
1431	}
1432	}

1439	$response = wp_remote_get(sprintf(WFWAF_API_URL_SEC . "proxy-check/%d.txt", $waf->getStorageEngine()->getConfig('attackDataKey')));
1440
1441	if (!is_wp_error($response)) {

1442	$okToSendBody = wp_remote_retrieve_body($response);
1443	if (preg_match('/^(ok\|wait),\s*(\d+)$/i', $okToSendBody, $matches)) {
1444	$command = $matches[1];

lib/wordfenceClass.php CHANGED Viewed

@@ -5335,19 +5335,24 @@ HTML
             		self::status(10, 'info', 'SUM_START:' . $msg);
             		return sizeof($statusStartMsgs) - 1;
+            	}
-            -
            	public static function statusEnd($idx, $haveIssues, $successFailed = false){
             		$statusStartMsgs = wfConfig::get_ser('wfStatusStartMsgs', array());
-            -
            		if($haveIssues){
-            -
            			if($successFailed){
-            -
            				self::status(10, 'info', 'SUM_ENDFAILED:' . $statusStartMsgs[$idx]);
-            -
            			} else {
-            -
            				self::status(10, 'info', 'SUM_ENDBAD:' . $statusStartMsgs[$idx]);
-            -
            			}
-            -
            		} else {
-            -
            			if($successFailed){
-            -
            				self::status(10, 'info', 'SUM_ENDSUCCESS:' . $statusStartMsgs[$idx]);
             			} else {
-            -
            				self::status(10, 'info', 'SUM_ENDOK:' . $statusStartMsgs[$idx]);
+            			}
+            		}
             		$statusStartMsgs[$idx] = '';


5335	self::status(10, 'info', 'SUM_START:' . $msg);
5336	return sizeof($statusStartMsgs) - 1;
5337	}
5338	+ public static function statusEnd($idx, $haveIssues, $successFailed = false, $skipped = false){
5339	$statusStartMsgs = wfConfig::get_ser('wfStatusStartMsgs', array());
5340	+ if ($skipped) {
5341	+ self::status(10, 'info', 'SUM_ENDSKIPPED:' . $statusStartMsgs[$idx]);
5342	+ }
5343	+ else {
5344	+ if($haveIssues){
5345	+ if($successFailed){
5346	+ self::status(10, 'info', 'SUM_ENDFAILED:' . $statusStartMsgs[$idx]);
5347	+ } else {
5348	+ self::status(10, 'info', 'SUM_ENDBAD:' . $statusStartMsgs[$idx]);
5349	+ }
5350	} else {
5351	+ if($successFailed){
5352	+ self::status(10, 'info', 'SUM_ENDSUCCESS:' . $statusStartMsgs[$idx]);
5353	+ } else {
5354	+ self::status(10, 'info', 'SUM_ENDOK:' . $statusStartMsgs[$idx]);
5355	+ }
5356	}
5357	}
5358	$statusStartMsgs[$idx] = '';

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: mmaunder
3	Tags: security, secure, security plugin, wordpress security, login security, firewall, malware, antivirus, web application firewall, block hackers, country blocking
4	Requires at least: 3.9
5	Tested up to: 4.7.0
6	- Stable tag: 6.2.8
7
8	Secure your website with the most comprehensive WordPress security plugin. Firewall, malware scan, blocking, live traffic, login security & more.
9
	@@ -190,6 +190,12 @@ Secure your website with Wordfence.
190
191	== Changelog ==
192






193	= 6.2.8 =
194	* Improvement: Added support for hiding the username information revealed by the WordPress 4.7 REST API. Thanks Vladimir Smitka.
195	* Improvement: Added vulnerability scanning for themes.


3	Tags: security, secure, security plugin, wordpress security, login security, firewall, malware, antivirus, web application firewall, block hackers, country blocking
4	Requires at least: 3.9
5	Tested up to: 4.7.0
6	+ Stable tag: 6.2.9
7
8	Secure your website with the most comprehensive WordPress security plugin. Firewall, malware scan, blocking, live traffic, login security & more.
9

190
191	== Changelog ==
192
193	+ = 6.2.9 =
194	+ * Improvement: Updated internal GeoIP database.
195	+ * Improvement: Better error handling when a site is unreachable publicly.
196	+ * Fix: Fixed a URL in alert emails that did not correctly detect when sent from a multisite installation.
197	+ * Fix: Addressed an issue where the scan did not alert about a new WordPress version.
198	+
199	= 6.2.8 =
200	* Improvement: Added support for hiding the username information revealed by the WordPress 4.7 REST API. Thanks Vladimir Smitka.
201	* Improvement: Added vulnerability scanning for themes.

views/reports/activity-report-email-inline.php CHANGED Viewed

	@@ -122,7 +122,7 @@ h6 a:visited { color: purple !important; }
122	<a href="http://www.wordfence.com/zz5/" style="font-size: 100%; vertical-align: baseline; outline: none; color: orange; text-decoration: none; margin: 0; padding: 0; border: 0;"><img src="<?php echo wfUtils::getBaseURL(); ?>images/logo.png" alt="" style="font-size: 100%; vertical-align: baseline; -ms-interpolation-mode: bicubic; outline: none; text-decoration: none; margin: 0; padding: 0; border: 0 none; width: 560px;" /></a>
123
124	<p style="font-size: 100%; vertical-align: baseline; margin: 1em 0; padding: 0; border: 0;">
125	- This email was sent from your website <a href="<?php echo ~~site_url~~() ?>"><?php echo ~~site_url~~() ?></a> and is a summary of security related activity that Wordfence monitors for the period <?php printf('%s to %s', $report_start, $report_end) ?>. <?php if (!wfConfig::get('isPaid')): ?>NOTE: You are using the free version of Wordfence and are missing out on features like cellphone sign-in, country blocking and detecting if your site IP is sending spam. <a href="http://www.wordfence.com/zz6/">Click here to upgrade to Wordfence Premium now</a>.<?php endif ?>
126	</p>
127
128	<h2 style="font-size: 20px; vertical-align: baseline; clear: both; color: #222 !important; margin: 20px 0 4px; padding: 0; border: 0;">
	@@ -379,7 +379,7 @@ h6 a:visited { color: purple !important; }
379	<?php endif ?>
380
381	<p style="font-size: 100%; vertical-align: baseline; margin: 1em 0; padding: 0; border: 0;">
382	- If you would like to sign-in to <a href="<?php echo ~~site_url~~() ?>"><?php echo ~~site_url~~() ?></a> please <a href="<?php echo network_admin_url() ?>">click here</a> now. You can change the frequency of this email or turn it on and off by visiting your <a href="<?php echo network_admin_url('admin.php?page=WordfenceSecOpt#wfMarkerEmailSummary') ?>">Wordfence options page</a>.
383	</p>
384	</div>
385	</td>


122	<a href="http://www.wordfence.com/zz5/" style="font-size: 100%; vertical-align: baseline; outline: none; color: orange; text-decoration: none; margin: 0; padding: 0; border: 0;"><img src="<?php echo wfUtils::getBaseURL(); ?>images/logo.png" alt="" style="font-size: 100%; vertical-align: baseline; -ms-interpolation-mode: bicubic; outline: none; text-decoration: none; margin: 0; padding: 0; border: 0 none; width: 560px;" /></a>
123
124	<p style="font-size: 100%; vertical-align: baseline; margin: 1em 0; padding: 0; border: 0;">
125	+ This email was sent from your website <a href="<?php echo network_site_url() ?>"><?php echo network_site_url() ?></a> and is a summary of security related activity that Wordfence monitors for the period <?php printf('%s to %s', $report_start, $report_end) ?>. <?php if (!wfConfig::get('isPaid')): ?>NOTE: You are using the free version of Wordfence and are missing out on features like cellphone sign-in, country blocking and detecting if your site IP is sending spam. <a href="http://www.wordfence.com/zz6/">Click here to upgrade to Wordfence Premium now</a>.<?php endif ?>
126	</p>
127
128	<h2 style="font-size: 20px; vertical-align: baseline; clear: both; color: #222 !important; margin: 20px 0 4px; padding: 0; border: 0;">

379	<?php endif ?>
380
381	<p style="font-size: 100%; vertical-align: baseline; margin: 1em 0; padding: 0; border: 0;">
382	+ If you would like to sign-in to <a href="<?php echo network_site_url() ?>"><?php echo network_site_url() ?></a> please <a href="<?php echo network_admin_url() ?>">click here</a> now. You can change the frequency of this email or turn it on and off by visiting your <a href="<?php echo network_admin_url('admin.php?page=WordfenceSecOpt#wfMarkerEmailSummary') ?>">Wordfence options page</a>.
383	</p>
384	</div>
385	</td>

wordfence.php CHANGED Viewed

	@@ -4,14 +4,14 @@ Plugin Name: Wordfence Security
4	Plugin URI: http://www.wordfence.com/
5	Description: Wordfence Security - Anti-virus, Firewall and Malware Scan
6	Author: Wordfence
7	- Version: 6.2.8
8	Author URI: http://www.wordfence.com/
9	Network: true
10	*/
11	if(defined('WP_INSTALLING') && WP_INSTALLING){
12	return;
13	}
14	- define('WORDFENCE_VERSION', '6.2.8');
15	define('WORDFENCE_BASENAME', function_exists('plugin_basename') ? plugin_basename(__FILE__) :
16	basename(dirname(__FILE__)) . '/' . basename(__FILE__));
17


4	Plugin URI: http://www.wordfence.com/
5	Description: Wordfence Security - Anti-virus, Firewall and Malware Scan
6	Author: Wordfence
7	+ Version: 6.2.9
8	Author URI: http://www.wordfence.com/
9	Network: true
10	*/
11	if(defined('WP_INSTALLING') && WP_INSTALLING){
12	return;
13	}
14	+ define('WORDFENCE_VERSION', '6.2.9');
15	define('WORDFENCE_BASENAME', function_exists('plugin_basename') ? plugin_basename(__FILE__) :
16	basename(dirname(__FILE__)) . '/' . basename(__FILE__));
17

Wordfence Security – Firewall & Malware Scan - Version 6.2.9

Version Description

Release Info

Code changes from version 6.2.8 to 6.2.9