Wordfence Security – Firewall &amp; Malware Scan

Version Description

Improvement: Adjusted the password audit to use a better cryptographic padding option.
Improvement: Improved the option value entry process for the modified files exclusion list.
Improvement: Added rel="noopener noreferrer" to all external links from the plugin for better interoperability with other scanners.
Improvement: Added support to the WAF for validating URLs for future use in rules.
Fix: Time formatting will now correctly handle :30 and :45 time zone offsets.
Fix: Hosts using mod_lsapi will now be detected as Litespeed for WAF optimization.
Fix: Added an option to allow automatic updates to function on Litespeed servers that have the global noabort set rather than site-local.
Fix: Fixed a PHP notice that could occur when running a scan immediately after removing a plugin.

Release Info

Developer	wfryan
Plugin	Wordfence Security – Firewall & Malware Scan
Version	6.3.12
Comparing to
See all releases

Code changes from version 6.3.11 to 6.3.12

Files changed (44) hide show

js/admin.ajaxWatcher.js +1 -1
js/admin.js +8 -8
lib/IPTraf.php +3 -3
lib/dashboard/widget_notifications.php +1 -1
lib/dashboard/widget_tdf.php +1 -1
lib/menu_activity.php +14 -14
lib/menu_blocking_advancedBlocking.php +1 -1
lib/menu_blocking_blockedIPs.php +10 -10
lib/menu_blocking_countryBlocking.php +4 -4
lib/menu_dashboard.php +1 -1
lib/menu_firewall_bruteForce.php +11 -11
lib/menu_firewall_rateLimiting.php +11 -11
lib/menu_firewall_waf.php +13 -13
lib/menu_options.php +104 -100
lib/menu_scan.php +23 -23
lib/menu_scan_options.php +25 -25
lib/menu_scan_scan.php +5 -5
lib/menu_scan_schedule.php +2 -2
lib/menu_tools_diagnostic.php +11 -11
lib/menu_tools_passwd.php +3 -3
lib/menu_tools_twoFactor.php +5 -5
lib/menu_tools_whois.php +1 -1
lib/pageTitle.php +1 -1
lib/unknownFiles.php +1 -1
lib/wfActivityReport.php +1 -1
lib/wfConfig.php +2 -1
lib/wfCrypt.php +3 -9
lib/wfDashboard.php +15 -0
lib/wfDiagnostic.php +1 -1
lib/wfScanEngine.php +12 -12
lib/wfUnlockMsg.php +1 -1
lib/wfUpdateCheck.php +28 -0
lib/wfUtils.php +17 -6
lib/wordfenceClass.php +17 -14
lib/wordfenceScanner.php +1 -1
readme.txt +11 -1
vendor/wordfence/wf-waf/src/init.php +1 -1
vendor/wordfence/wf-waf/src/lib/rules.php +130 -0
vendor/wordfence/wf-waf/src/lib/utils.php +78 -0
vendor/wordfence/wf-waf/src/views/403-blacklist.php +1 -1
vendor/wordfence/wf-waf/src/views/503-lockout.php +1 -1
vendor/wordfence/wf-waf/src/views/503.php +1 -1
views/marketing/rightrail.php +3 -3
wordfence.php +2 -2

js/admin.ajaxWatcher.js CHANGED Viewed

	@@ -30,7 +30,7 @@
30	$.wordfenceBox({
31	closeButton: false,
32	width: '400px',
33	- html: "<h3>Background Request Blocked</h3><p>Wordfence Firewall blocked a background request to WordPress for the URL <code>" + requestURLEscaped + "</code>. If this occurred as a result of an intentional action, you may consider whitelisting the request to allow it in the future.</p><p class=\"textright\"><a href=\"https://docs.wordfence.com/en/Web_Application_Firewall_-_Blocked_Ajax_Requests\" target=\"_blank\" class=\"wfboxhelp\"></a><a href=\"#\" class=\"button\" id=\"background-block-whitelist\">Whitelist this action</a> <a href=\"#\" class=\"button\" id=\"background-block-dismiss\">Dismiss</a></p>",
34	onComplete: function() {
35	$('#background-block-dismiss').click(function(event) {
36	event.preventDefault();


30	$.wordfenceBox({
31	closeButton: false,
32	width: '400px',
33	+ html: "<h3>Background Request Blocked</h3><p>Wordfence Firewall blocked a background request to WordPress for the URL <code>" + requestURLEscaped + "</code>. If this occurred as a result of an intentional action, you may consider whitelisting the request to allow it in the future.</p><p class=\"textright\"><a href=\"https://docs.wordfence.com/en/Web_Application_Firewall_-_Blocked_Ajax_Requests\" target=\"_blank\" rel=\"noopener noreferrer\" class=\"wfboxhelp\"></a><a href=\"#\" class=\"button\" id=\"background-block-whitelist\">Whitelist this action</a> <a href=\"#\" class=\"button\" id=\"background-block-dismiss\">Dismiss</a></p>",
34	onComplete: function() {
35	$('#background-block-dismiss').click(function(event) {
36	event.preventDefault();

js/admin.js CHANGED Viewed

	@@ -447,7 +447,7 @@
447	});
448	},
449	downgradeLicense: function() {
450	- this.colorbox((this.isSmallScreen ? '300px' : '400px'), "Confirm Downgrade", "Are you sure you want to downgrade your Wordfence Premium License? This will disable all Premium features and return you to the free version of Wordfence. <a href=\"https://www.wordfence.com/manage-wordfence-api-keys/\" target=\"_blank\">Click here to renew your paid membership</a> or click the button below to confirm you want to downgrade.<br /><br /><input class=\"wf-btn wf-btn-default\" type=\"button\" value=\"Downgrade and disable Premium features\" onclick=\"WFAD.downgradeLicenseConfirm();\" /><br />");
451	},
452	downgradeLicenseConfirm: function() {
453	jQuery.colorbox.close();
	@@ -463,7 +463,7 @@
463	}
464	var options = {
465	buttons: function(event, t) {
466	- var buttonElem = jQuery('<div id="wfTourButCont"><a id="pointer-close" style="margin-left:5px" class="wf-btn wf-btn-default">End the Tour</a></div><div><a id="wfRateLink" href="http://wordpress.org/extend/plugins/wordfence/" target="_blank" style="font-size: 10px; font-family: Verdana;">Help spread the word by rating us 5★ on WordPress.org</a></div>');
467	buttonElem.find('#pointer-close').bind('click.pointer', function(evtObj) {
468	var evtSourceElem = evtObj.srcElement ? evtObj.srcElement : evtObj.target;
469	if (evtSourceElem.id == 'wfRateLink') {
	@@ -693,7 +693,7 @@
693	summaryUpdated = true;
694	} else if (item.msg.indexOf('SUM_PAIDONLY:') != -1) {
695	msg = item.msg.replace('SUM_PAIDONLY:', '');
696	- jQuery('#consoleSummary').append('<div class="wfSummaryLine"><div class="wfSummaryDate">[' + item.date + ']</div><div class="wfSummaryMsg">' + msg + '</div><div class="wfSummaryResult"><a href="https://www.wordfence.com/wordfence-signup/" target="_blank">Paid Members Only</a></div><div class="wfClear"></div>');
697	summaryUpdated = true;
698	} else if (item.msg.indexOf('SUM_FINAL:') != -1) {
699	msg = item.msg.replace('SUM_FINAL:', '');
	@@ -1393,7 +1393,7 @@
1393	} else if (res.nginx) {
1394	self.colorbox((self.isSmallScreen ? '300px' : '400px'), "You are using Nginx as your web server. " +
1395	"You'll need to disable autoindexing in your nginx.conf. " +
1396	- "See the <a target='_blank' href='http://nginx.org/en/docs/http/ngx_http_autoindex_module.html'>Nginx docs for more info</a> on how to do this.");
1397	} else if (res.err) {
1398	self.colorbox((self.isSmallScreen ? '300px' : '400px'), "We encountered a problem", "We can't modify your .htaccess file for you because: " + res.err);
1399	}
	@@ -1880,7 +1880,7 @@
1880	for (var i = 0; i < res.result.rawdata.length; i++) {
1881	res.result.rawdata[i] = jQuery('<div />').text(res.result.rawdata[i]).html();
1882	res.result.rawdata[i] = res.result.rawdata[i].replace(/([^\s\t\r\n:;]+@[^\s\t\r\n:;\.]+\.[^\s\t\r\n:;]+)/, "<a href=\"mailto:$1\">$1<\/a>");
1883	- res.result.rawdata[i] = res.result.rawdata[i].replace(/(https?:\/\/[^\/]+[^\s\r\n\t]+)/, "<a target=\"_blank\" href=\"$1\">$1<\/a>");
1884	var redStyle = "";
1885	if (this.getQueryParam('wfnetworkblock')) {
1886	redStyle = " style=\"color: #F00;\"";
	@@ -2250,7 +2250,7 @@
2250	var pos = jQuery('#paidWrap').position();
2251	var width = jQuery('#paidWrap').width();
2252	var height = jQuery('#paidWrap').height();
2253	- jQuery('<div style="position: absolute; left: ' + pos.left + 'px; top: ' + pos.top + 'px; background-color: #FFF; width: ' + width + 'px; height: ' + height + 'px;"><div class="paidInnerMsg">' + msg + ' <a href="https://www.wordfence.com/wordfence-signup/" target="_blank">Click here to upgrade and gain access to this feature.</div></div>').insertAfter('#paidWrap').fadeTo(10000, 0.7);
2254	},
2255	sched_modeChange: function() {
2256	var self = this;
	@@ -2369,7 +2369,7 @@
2369
2370	message = message + "</ul>";
2371
2372	- message = message + "<p class=\"wf-center\"><a href=\"#\" class=\"wf-btn wf-btn-default\" id=\"wfTwoFactorDownload\" target=\"_blank\"><i class=\"dashicons dashicons-download\"></i> Download</a></p>";
2373	}
2374
2375	message = message + "<p><em>This will be shown only once. Keep these codes somewhere safe.</em></p>";
	@@ -2399,7 +2399,7 @@
2399	recoveryCodeFileContents = recoveryCodeFileContents + chunks[0] + " " + chunks[1] + " " + chunks[2] + " " + chunks[3] + "\r\n";
2400	}
2401
2402	- message = message + "<p class=\"wf-center\"><a href=\"#\" class=\"wf-btn wf-btn-default\" id=\"wfTwoFactorDownload\" target=\"_blank\"><i class=\"dashicons dashicons-download\"></i> Download</a></p>";
2403
2404	message = message + "</ul><p><em>This will be shown only once. Keep these codes somewhere safe.</em></p>";
2405


447	});
448	},
449	downgradeLicense: function() {
450	+ this.colorbox((this.isSmallScreen ? '300px' : '400px'), "Confirm Downgrade", "Are you sure you want to downgrade your Wordfence Premium License? This will disable all Premium features and return you to the free version of Wordfence. <a href=\"https://www.wordfence.com/manage-wordfence-api-keys/\" target=\"_blank\" rel=\"noopener noreferrer\">Click here to renew your paid membership</a> or click the button below to confirm you want to downgrade.<br /><br /><input class=\"wf-btn wf-btn-default\" type=\"button\" value=\"Downgrade and disable Premium features\" onclick=\"WFAD.downgradeLicenseConfirm();\" /><br />");
451	},
452	downgradeLicenseConfirm: function() {
453	jQuery.colorbox.close();

463	}
464	var options = {
465	buttons: function(event, t) {
466	+ var buttonElem = jQuery('<div id="wfTourButCont"><a id="pointer-close" style="margin-left:5px" class="wf-btn wf-btn-default">End the Tour</a></div><div><a id="wfRateLink" href="http://wordpress.org/extend/plugins/wordfence/" target="_blank" rel="noopener noreferrer" style="font-size: 10px; font-family: Verdana;">Help spread the word by rating us 5★ on WordPress.org</a></div>');
467	buttonElem.find('#pointer-close').bind('click.pointer', function(evtObj) {
468	var evtSourceElem = evtObj.srcElement ? evtObj.srcElement : evtObj.target;
469	if (evtSourceElem.id == 'wfRateLink') {

693	summaryUpdated = true;
694	} else if (item.msg.indexOf('SUM_PAIDONLY:') != -1) {
695	msg = item.msg.replace('SUM_PAIDONLY:', '');
696	+ jQuery('#consoleSummary').append('<div class="wfSummaryLine"><div class="wfSummaryDate">[' + item.date + ']</div><div class="wfSummaryMsg">' + msg + '</div><div class="wfSummaryResult"><a href="https://www.wordfence.com/wordfence-signup/" target="_blank" rel="noopener noreferrer">Paid Members Only</a></div><div class="wfClear"></div>');
697	summaryUpdated = true;
698	} else if (item.msg.indexOf('SUM_FINAL:') != -1) {
699	msg = item.msg.replace('SUM_FINAL:', '');

1393	} else if (res.nginx) {
1394	self.colorbox((self.isSmallScreen ? '300px' : '400px'), "You are using Nginx as your web server. " +
1395	"You'll need to disable autoindexing in your nginx.conf. " +
1396	+ "See the <a target='_blank' rel='noopener noreferrer' href='http://nginx.org/en/docs/http/ngx_http_autoindex_module.html'>Nginx docs for more info</a> on how to do this.");
1397	} else if (res.err) {
1398	self.colorbox((self.isSmallScreen ? '300px' : '400px'), "We encountered a problem", "We can't modify your .htaccess file for you because: " + res.err);
1399	}

1880	for (var i = 0; i < res.result.rawdata.length; i++) {
1881	res.result.rawdata[i] = jQuery('<div />').text(res.result.rawdata[i]).html();
1882	res.result.rawdata[i] = res.result.rawdata[i].replace(/([^\s\t\r\n:;]+@[^\s\t\r\n:;\.]+\.[^\s\t\r\n:;]+)/, "<a href=\"mailto:$1\">$1<\/a>");
1883	+ res.result.rawdata[i] = res.result.rawdata[i].replace(/(https?:\/\/[^\/]+[^\s\r\n\t]+)/, "<a target=\"_blank\" rel=\"noopener noreferrer\" href=\"$1\">$1<\/a>");
1884	var redStyle = "";
1885	if (this.getQueryParam('wfnetworkblock')) {
1886	redStyle = " style=\"color: #F00;\"";

2250	var pos = jQuery('#paidWrap').position();
2251	var width = jQuery('#paidWrap').width();
2252	var height = jQuery('#paidWrap').height();
2253	+ jQuery('<div style="position: absolute; left: ' + pos.left + 'px; top: ' + pos.top + 'px; background-color: #FFF; width: ' + width + 'px; height: ' + height + 'px;"><div class="paidInnerMsg">' + msg + ' <a href="https://www.wordfence.com/wordfence-signup/" target="_blank" rel="noopener noreferrer">Click here to upgrade and gain access to this feature.</div></div>').insertAfter('#paidWrap').fadeTo(10000, 0.7);
2254	},
2255	sched_modeChange: function() {
2256	var self = this;

2369
2370	message = message + "</ul>";
2371
2372	+ message = message + "<p class=\"wf-center\"><a href=\"#\" class=\"wf-btn wf-btn-default\" id=\"wfTwoFactorDownload\" target=\"_blank\" rel=\"noopener noreferrer\"><i class=\"dashicons dashicons-download\"></i> Download</a></p>";
2373	}
2374
2375	message = message + "<p><em>This will be shown only once. Keep these codes somewhere safe.</em></p>";

2399	recoveryCodeFileContents = recoveryCodeFileContents + chunks[0] + " " + chunks[1] + " " + chunks[2] + " " + chunks[3] + "\r\n";
2400	}
2401
2402	+ message = message + "<p class=\"wf-center\"><a href=\"#\" class=\"wf-btn wf-btn-default\" id=\"wfTwoFactorDownload\" target=\"_blank\" rel=\"noopener noreferrer\"><i class=\"dashicons dashicons-download\"></i> Download</a></p>";
2403
2404	message = message + "</ul><p><em>This will be shown only once. Keep these codes somewhere safe.</em></p>";
2405

lib/IPTraf.php CHANGED Viewed

	@@ -12,13 +12,13 @@
12	<?php if(wfUtils::hasXSS($v['URL'])){ ?>
13	<tr><th>URL:</th><td><span style="color: #F00;">Possible XSS code filtered out for your security</span></td></tr>
14	<?php } else { ?>
15	- <tr><th>URL:</th><td><a href="<?php echo wp_kses($v['URL'], array()); ?>" target="_blank"><?php echo $v['URL']; ?></a></td></tr>
16	<?php } ?>
17	<tr><th>Type:</th><td><?php if($v['type'] == 'hit'){ echo 'Normal request'; } else if($v['type'] == '404'){ echo '<span style="color: #F00;">Page not found</span>'; } ?></td></tr>
18	- <?php if($v['referer']){ ?><tr><th>Referrer:</th><td><a href="<?php echo $v['referer']; ?>" target="_blank"><?php echo $v['referer']; ?></a></td></tr><?php } ?>
19	<tr><th>Full Browser ID:</th><td><?php echo wp_kses($v['UA'], array()); ?></td></tr>
20	<?php if($v['user']){ ?>
21	- <tr><th>User:</th><td><a href="<?php echo $v['user']['editLink']; ?>" target="_blank"><?php echo $v['user']['avatar'] . ' ' . $v['user']['display_name']; ?></a></td></tr>
22	<?php } ?>
23	<?php if($v['loc']){ ?>
24	<tr><th>Location:</th><td><img src="<?php echo wfUtils::getBaseURL() . 'images/flags/' . strtolower($v['loc']['countryCode']); ?>.png" width="16" height="11" alt="<?php echo $v['loc']['countryName']; ?>" title="<?php echo $v['loc']['countryName']; ?>" class="wfFlag" />


12	<?php if(wfUtils::hasXSS($v['URL'])){ ?>
13	<tr><th>URL:</th><td><span style="color: #F00;">Possible XSS code filtered out for your security</span></td></tr>
14	<?php } else { ?>
15	+ <tr><th>URL:</th><td><a href="<?php echo wp_kses($v['URL'], array()); ?>" target="_blank" rel="noopener noreferrer"><?php echo $v['URL']; ?></a></td></tr>
16	<?php } ?>
17	<tr><th>Type:</th><td><?php if($v['type'] == 'hit'){ echo 'Normal request'; } else if($v['type'] == '404'){ echo '<span style="color: #F00;">Page not found</span>'; } ?></td></tr>
18	+ <?php if($v['referer']){ ?><tr><th>Referrer:</th><td><a href="<?php echo $v['referer']; ?>" target="_blank" rel="noopener noreferrer"><?php echo $v['referer']; ?></a></td></tr><?php } ?>
19	<tr><th>Full Browser ID:</th><td><?php echo wp_kses($v['UA'], array()); ?></td></tr>
20	<?php if($v['user']){ ?>
21	+ <tr><th>User:</th><td><a href="<?php echo $v['user']['editLink']; ?>" target="_blank" rel="noopener noreferrer"><?php echo $v['user']['avatar'] . ' ' . $v['user']['display_name']; ?></a></td></tr>
22	<?php } ?>
23	<?php if($v['loc']){ ?>
24	<tr><th>Location:</th><td><img src="<?php echo wfUtils::getBaseURL() . 'images/flags/' . strtolower($v['loc']['countryCode']); ?>.png" width="16" height="11" alt="<?php echo $v['loc']['countryName']; ?>" title="<?php echo $v['loc']['countryName']; ?>" class="wfFlag" />

lib/dashboard/widget_notifications.php CHANGED Viewed

	@@ -15,7 +15,7 @@
15	<li class="wf-notification<?php if ($n->priority % 10 == 1) { echo ' wf-notification-critical'; } else if ($n->priority % 10 == 2) { echo ' wf-notification-warning'; } ?>" data-notification="<?php echo esc_html($n->id); ?>">
16	<div class="wf-dashboard-item-list-title"><?php echo $n->html; ?></div>
17	<?php foreach ($n->links as $l): ?>
18	- <div class="wf-dashboard-item-list-action"><a href="<?php echo esc_html($l['link']); ?>"<?php if (preg_match('/^https?:\/\//i', $l['link'])) { echo ' target="_blank"'; } ?>><?php echo esc_html($l['label']); ?></a></div>
19	<?php endforeach; ?>
20	<div class="wf-dashboard-item-list-dismiss"><a href="#" class="wf-dismiss-notification"><i class="fa fa-times-circle" aria-hidden="true"></i></a></div>
21	</li>


15	<li class="wf-notification<?php if ($n->priority % 10 == 1) { echo ' wf-notification-critical'; } else if ($n->priority % 10 == 2) { echo ' wf-notification-warning'; } ?>" data-notification="<?php echo esc_html($n->id); ?>">
16	<div class="wf-dashboard-item-list-title"><?php echo $n->html; ?></div>
17	<?php foreach ($n->links as $l): ?>
18	+ <div class="wf-dashboard-item-list-action"><a href="<?php echo esc_html($l['link']); ?>"<?php if (preg_match('/^https?:\/\//i', $l['link'])) { echo ' target="_blank" rel="noopener noreferrer"'; } ?>><?php echo esc_html($l['label']); ?></a></div>
19	<?php endforeach; ?>
20	<div class="wf-dashboard-item-list-dismiss"><a href="#" class="wf-dismiss-notification"><i class="fa fa-times-circle" aria-hidden="true"></i></a></div>
21	</li>

lib/dashboard/widget_tdf.php CHANGED Viewed

	@@ -35,7 +35,7 @@
35	<li>
36	<div class="wf-dashboard-item-list-text">
37	<p>As a free Wordfence user, you are currently using the Community version of the Threat Defense Feed. Premium users are protected by an additional <?php echo ($d->tdfPremium - $d->tdfCommunity); ?> firewall rules and malware signatures. Upgrade to Premium today to improve your protection.</p>
38	- <p><a class="wf-btn wf-btn-primary wf-btn-callout" href="https://www.wordfence.com/gnl1scanUpgrade/wordfence-signup/" target="_blank">Upgrade to Premium</a></p>
39	</div>
40	</li>
41	<?php else: ?>


35	<li>
36	<div class="wf-dashboard-item-list-text">
37	<p>As a free Wordfence user, you are currently using the Community version of the Threat Defense Feed. Premium users are protected by an additional <?php echo ($d->tdfPremium - $d->tdfCommunity); ?> firewall rules and malware signatures. Upgrade to Premium today to improve your protection.</p>
38	+ <p><a class="wf-btn wf-btn-primary wf-btn-callout" href="https://www.wordfence.com/gnl1scanUpgrade/wordfence-signup/" target="_blank" rel="noopener noreferrer">Upgrade to Premium</a></p>
39	</div>
40	</li>
41	<?php else: ?>

lib/menu_activity.php CHANGED Viewed

	@@ -21,7 +21,7 @@
21	</div>
22	<div class="wp-header-end"></div>
23
24	- <a href="http://docs.wordfence.com/en/Live_traffic" target="_blank" class="wfhelp"></a><a href="http://docs.wordfence.com/en/Live_traffic" target="_blank">Learn more about Wordfence Live Traffic</a>
25
26	<div class="wordfenceModeElem" id="wordfenceMode_activity"></div>
27	<?php include('live_activity.php'); ?>
	@@ -155,16 +155,16 @@
155	class="wfFlag"/>
156	<a data-bind="text: (loc().city ? loc().city + ', ' : '') + loc().countryName,
157	attr: { href: 'http://maps.google.com/maps?q=' + loc().lat + ',' + loc().lon + '&z=6' }"
158	- target="_blank"></a>
159	</div>
160	<div data-bind="if: !loc()">
161	An unknown location at IP <a
162	- data-bind="text: IP, attr: { href: WFAD.makeIPTrafLink(IP()) }" target="_blank"></a>
163	</div>
164
165	<div>
166	<strong>IP:</strong> <a
167	- data-bind="text: IP, attr: { href: WFAD.makeIPTrafLink(IP()) }" target="_blank"></a>
168	<span data-bind="if: blocked()">
169	[<a data-bind="click: $root.unblockIP">unblock</a>]
170	</span>
	@@ -226,7 +226,7 @@
226	<span data-bind="if: action() != 'loginOK' && action() != 'loginFailValidUsername' && action() != 'loginFailInvalidUsername' && user()">
227	<span data-bind="html: user.avatar" class="wfAvatar"></span>
228	<a data-bind="attr: { href: user.editLink }, text: user().display_name"
229	- target="_blank"></a>
230	</span>
231	<span data-bind="if: loc()">
232	<span data-bind="if: action() != 'loginOK' && action() != 'loginFailValidUsername' && action() != 'loginFailInvalidUsername' && user()"> in</span>
	@@ -236,23 +236,23 @@
236	class="wfFlag"/>
237	<a data-bind="text: (loc().city ? loc().city + ', ' : '') + loc().countryName,
238	attr: { href: 'http://maps.google.com/maps?q=' + loc().lat + ',' + loc().lon + '&z=6' }"
239	- target="_blank"></a>
240	</span>
241	<span data-bind="if: !loc()">
242	<span
243	data-bind="text: action() != 'loginOK' && action() != 'loginFailValidUsername' && action() != 'loginFailInvalidUsername' && user() ? 'at an' : 'An'"></span> unknown location at IP <a
244	data-bind="text: IP, attr: { href: WFAD.makeIPTrafLink(IP()) }"
245	- target="_blank"></a>
246	</span>
247	<span data-bind="if: referer()">
248	<span data-bind="if: extReferer()">
249	arrived from <a data-bind="text: referer, attr: { href: referer }"
250	- target="_blank"
251	style="color: #A00; font-weight: bold;" class="wf-split-word-xs"></a> and
252	</span>
253	<span data-bind="if: !extReferer()">
254	left <a data-bind="text: referer, attr: { href: referer }"
255	- target="_blank"
256	style="color: #999; font-weight: normal;" class="wf-split-word-xs"></a> and
257	</span>
258	</span>
	@@ -288,14 +288,14 @@
288	</span>
289	<a class="wf-lt-url wf-split-word-xs"
290	data-bind="text: displayURL, attr: { href: URL, title: URL }"
291	- target="_blank"></a>
292	</div>
293	<div>
294	<span data-bind="text: timeAgo, attr: { 'data-timestamp': ctime }"
295	class="wfTimeAgo wfTimeAgo-timestamp"></span>
296	<strong>IP:</strong> <a
297	data-bind="attr: { href: WFAD.makeIPTrafLink(IP()) }, text: IP"
298	- target="_blank"></a>
299	<span data-bind="if: blocked()">
300	[<a data-bind="click: $root.unblockIP">unblock</a>]
301	</span>
	@@ -345,9 +345,9 @@
345	</a>
346	<a class="wf-btn wf-btn-default wf-btn-sm" data-bind="text: 'Run WHOIS on ' + IP(),
347	attr: { href: 'admin.php?page=WordfenceTools&whoisval=' + IP() + '#top#whois' }"
348	- target="_blank"></a>
349	<a class="wf-btn wf-btn-default wf-btn-sm"
350	- data-bind="attr: { href: WFAD.makeIPTrafLink(IP()) }" target="_blank">
351	See recent traffic
352	</a>
353	<span data-bind="if: action() == 'blocked:waf'">
	@@ -358,7 +358,7 @@
358	</a>
359	<?php if (WFWAF_DEBUG): ?>
360	<a href="#" class="wf-btn wf-btn-default wf-btn-sm"
361	- data-bind="attr: { href: '<?php echo esc_js(home_url()) ?>?_wfsf=debugWAF&nonce=' + WFAD.nonce + '&hitid=' + id() }" target="_blank">
362	Debug this Request
363	</a>
364	<?php endif ?>


21	</div>
22	<div class="wp-header-end"></div>
23
24	+ <a href="http://docs.wordfence.com/en/Live_traffic" target="_blank" rel="noopener noreferrer" class="wfhelp"></a><a href="http://docs.wordfence.com/en/Live_traffic" target="_blank" rel="noopener noreferrer">Learn more about Wordfence Live Traffic</a>
25
26	<div class="wordfenceModeElem" id="wordfenceMode_activity"></div>
27	<?php include('live_activity.php'); ?>

155	class="wfFlag"/>
156	<a data-bind="text: (loc().city ? loc().city + ', ' : '') + loc().countryName,
157	attr: { href: 'http://maps.google.com/maps?q=' + loc().lat + ',' + loc().lon + '&z=6' }"
158	+ target="_blank" rel="noopener noreferrer"></a>
159	</div>
160	<div data-bind="if: !loc()">
161	An unknown location at IP <a
162	+ data-bind="text: IP, attr: { href: WFAD.makeIPTrafLink(IP()) }" target="_blank" rel="noopener noreferrer"></a>
163	</div>
164
165	<div>
166	<strong>IP:</strong> <a
167	+ data-bind="text: IP, attr: { href: WFAD.makeIPTrafLink(IP()) }" target="_blank" rel="noopener noreferrer"></a>
168	<span data-bind="if: blocked()">
169	[<a data-bind="click: $root.unblockIP">unblock</a>]
170	</span>

226	<span data-bind="if: action() != 'loginOK' && action() != 'loginFailValidUsername' && action() != 'loginFailInvalidUsername' && user()">
227	<span data-bind="html: user.avatar" class="wfAvatar"></span>
228	<a data-bind="attr: { href: user.editLink }, text: user().display_name"
229	+ target="_blank" rel="noopener noreferrer"></a>
230	</span>
231	<span data-bind="if: loc()">
232	<span data-bind="if: action() != 'loginOK' && action() != 'loginFailValidUsername' && action() != 'loginFailInvalidUsername' && user()"> in</span>

236	class="wfFlag"/>
237	<a data-bind="text: (loc().city ? loc().city + ', ' : '') + loc().countryName,
238	attr: { href: 'http://maps.google.com/maps?q=' + loc().lat + ',' + loc().lon + '&z=6' }"
239	+ target="_blank" rel="noopener noreferrer"></a>
240	</span>
241	<span data-bind="if: !loc()">
242	<span
243	data-bind="text: action() != 'loginOK' && action() != 'loginFailValidUsername' && action() != 'loginFailInvalidUsername' && user() ? 'at an' : 'An'"></span> unknown location at IP <a
244	data-bind="text: IP, attr: { href: WFAD.makeIPTrafLink(IP()) }"
245	+ target="_blank" rel="noopener noreferrer"></a>
246	</span>
247	<span data-bind="if: referer()">
248	<span data-bind="if: extReferer()">
249	arrived from <a data-bind="text: referer, attr: { href: referer }"
250	+ target="_blank" rel="noopener noreferrer"
251	style="color: #A00; font-weight: bold;" class="wf-split-word-xs"></a> and
252	</span>
253	<span data-bind="if: !extReferer()">
254	left <a data-bind="text: referer, attr: { href: referer }"
255	+ target="_blank" rel="noopener noreferrer"
256	style="color: #999; font-weight: normal;" class="wf-split-word-xs"></a> and
257	</span>
258	</span>

288	</span>
289	<a class="wf-lt-url wf-split-word-xs"
290	data-bind="text: displayURL, attr: { href: URL, title: URL }"
291	+ target="_blank" rel="noopener noreferrer"></a>
292	</div>
293	<div>
294	<span data-bind="text: timeAgo, attr: { 'data-timestamp': ctime }"
295	class="wfTimeAgo wfTimeAgo-timestamp"></span>
296	<strong>IP:</strong> <a
297	data-bind="attr: { href: WFAD.makeIPTrafLink(IP()) }, text: IP"
298	+ target="_blank" rel="noopener noreferrer"></a>
299	<span data-bind="if: blocked()">
300	[<a data-bind="click: $root.unblockIP">unblock</a>]
301	</span>

345	</a>
346	<a class="wf-btn wf-btn-default wf-btn-sm" data-bind="text: 'Run WHOIS on ' + IP(),
347	attr: { href: 'admin.php?page=WordfenceTools&whoisval=' + IP() + '#top#whois' }"
348	+ target="_blank" rel="noopener noreferrer"></a>
349	<a class="wf-btn wf-btn-default wf-btn-sm"
350	+ data-bind="attr: { href: WFAD.makeIPTrafLink(IP()) }" target="_blank" rel="noopener noreferrer">
351	See recent traffic
352	</a>
353	<span data-bind="if: action() == 'blocked:waf'">

358	</a>
359	<?php if (WFWAF_DEBUG): ?>
360	<a href="#" class="wf-btn wf-btn-default wf-btn-sm"
361	+ data-bind="attr: { href: '<?php echo esc_js(home_url()) ?>?_wfsf=debugWAF&nonce=' + WFAD.nonce + '&hitid=' + id() }" target="_blank" rel="noopener noreferrer">
362	Debug this Request
363	</a>
364	<?php endif ?>

lib/menu_blocking_advancedBlocking.php CHANGED Viewed

	@@ -1,4 +1,4 @@
1	- <div class="wordfenceHelpLink"><a href="<?php echo $helpLink; ?>" target="_blank" class="wfhelp"></a><a href="<?php echo $helpLink; ?>" target="_blank"><?php echo $helpLabel; ?></a></div>
2	<div>
3	<div class="wordfenceModeElem" id="wordfenceMode_rangeBlocking"></div>
4	<?php if (!wfConfig::get('firewallEnabled')) { ?>


1	+ <div class="wordfenceHelpLink"><a href="<?php echo $helpLink; ?>" target="_blank" rel="noopener noreferrer" class="wfhelp"></a><a href="<?php echo $helpLink; ?>" target="_blank" rel="noopener noreferrer"><?php echo $helpLabel; ?></a></div>
2	<div>
3	<div class="wordfenceModeElem" id="wordfenceMode_rangeBlocking"></div>
4	<?php if (!wfConfig::get('firewallEnabled')) { ?>

lib/menu_blocking_blockedIPs.php CHANGED Viewed

	@@ -1,4 +1,4 @@
1	- <div class="wordfenceHelpLink"><a href="<?php echo $helpLink; ?>" target="_blank" class="wfhelp"></a><a href="<?php echo $helpLink; ?>" target="_blank"><?php echo $helpLabel; ?></a></div>
2	<div>
3	<div class="wordfenceModeElem" id="wordfenceMode_blockedIPs"></div>
4	<?php if(! wfConfig::get('firewallEnabled')){ ?><div style="color: #F00; font-weight: bold;">Rate limiting rules and advanced blocking are disabled. You can enable it on the <a href="admin.php?page=WordfenceSecOpt">Wordfence Options page</a> at the top.</div><?php } ?>
	@@ -41,13 +41,13 @@
41	<div>
42	{{if loc}}
43	<img src="<?php echo wfUtils::getBaseURL() . 'images/flags/'; ?>${loc.countryCode.toLowerCase()}.png" width="16" height="11" alt="${loc.countryName}" title="${loc.countryName}" class="wfFlag" />
44	- <a href="http://maps.google.com/maps?q=${loc.lat},${loc.lon}&z=6" target="_blank">{{if loc.city}}${loc.city}, {{/if}}${loc.countryName}</a>
45	{{else}}
46	- An unknown location at IP <a href="${WFAD.makeIPTrafLink(IP)}" target="_blank">${IP}</a>
47	{{/if}}
48	</div>
49	<div>
50	- <strong>IP:</strong> <a href="${WFAD.makeIPTrafLink(IP)}" target="_blank">${IP}</a>
51	</div>
52	<div>
53	<strong>Reason:</strong> ${lastReason}
	@@ -81,13 +81,13 @@
81	<div>
82	{{if loc}}
83	<img src="<?php echo wfUtils::getBaseURL() . 'images/flags/'; ?>${loc.countryCode.toLowerCase()}.png" width="16" height="11" alt="${loc.countryName}" title="${loc.countryName}" class="wfFlag" />
84	- <a href="http://maps.google.com/maps?q=${loc.lat},${loc.lon}&z=6" target="_blank">{{if loc.city}}${loc.city}, {{/if}}${loc.countryName}</a>
85	{{else}}
86	- An unknown location at IP <a href="${WFAD.makeIPTrafLink(IP)}" target="_blank">${IP}</a>
87	{{/if}}
88	</div>
89	<div>
90	- <strong>IP:</strong> <a href="${WFAD.makeIPTrafLink(IP)}" target="_blank">${IP}</a> [<a href="#" onclick="WFAD.unlockOutIP('${IP}'); return false;">unlock</a>]
91	</div>
92	<div>
93	<strong>Reason:</strong> ${reason}
	@@ -132,13 +132,13 @@
132	<div>
133	{{if loc}}
134	<img src="<?php echo wfUtils::getBaseURL() . 'images/flags/'; ?>${loc.countryCode.toLowerCase()}.png" width="16" height="11" alt="${loc.countryName}" title="${loc.countryName}" class="wfFlag" />
135	- <a href="http://maps.google.com/maps?q=${loc.lat},${loc.lon}&z=6" target="_blank">{{if loc.city}}${loc.city}, {{/if}}${loc.countryName}</a>
136	{{else}}
137	- An unknown location at IP <a href="${WFAD.makeIPTrafLink(IP)}" target="_blank">${IP}</a>
138	{{/if}}
139	</div>
140	<div>
141	- <strong>IP:</strong> <a href="${WFAD.makeIPTrafLink(IP)}" target="_blank">${IP}</a> [<a href="#" onclick="WFAD.unblockIPTwo('${IP}'); return false;">unblock</a>]
142	{{if permanent == '1'}}
143	[<span style="color: #F00;">permanently blocked</span>]
144	{{else}}  [<a href="#" onclick="WFAD.permBlockIP('${IP}'); return false;">make permanent</a>]{{/if}}


1	+ <div class="wordfenceHelpLink"><a href="<?php echo $helpLink; ?>" target="_blank" rel="noopener noreferrer" class="wfhelp"></a><a href="<?php echo $helpLink; ?>" target="_blank" rel="noopener noreferrer"><?php echo $helpLabel; ?></a></div>
2	<div>
3	<div class="wordfenceModeElem" id="wordfenceMode_blockedIPs"></div>
4	<?php if(! wfConfig::get('firewallEnabled')){ ?><div style="color: #F00; font-weight: bold;">Rate limiting rules and advanced blocking are disabled. You can enable it on the <a href="admin.php?page=WordfenceSecOpt">Wordfence Options page</a> at the top.</div><?php } ?>

41	<div>
42	{{if loc}}
43	<img src="<?php echo wfUtils::getBaseURL() . 'images/flags/'; ?>${loc.countryCode.toLowerCase()}.png" width="16" height="11" alt="${loc.countryName}" title="${loc.countryName}" class="wfFlag" />
44	+ <a href="http://maps.google.com/maps?q=${loc.lat},${loc.lon}&z=6" target="_blank" rel="noopener noreferrer">{{if loc.city}}${loc.city}, {{/if}}${loc.countryName}</a>
45	{{else}}
46	+ An unknown location at IP <a href="${WFAD.makeIPTrafLink(IP)}" target="_blank" rel="noopener noreferrer">${IP}</a>
47	{{/if}}
48	</div>
49	<div>
50	+ <strong>IP:</strong> <a href="${WFAD.makeIPTrafLink(IP)}" target="_blank" rel="noopener noreferrer">${IP}</a>
51	</div>
52	<div>
53	<strong>Reason:</strong> ${lastReason}

81	<div>
82	{{if loc}}
83	<img src="<?php echo wfUtils::getBaseURL() . 'images/flags/'; ?>${loc.countryCode.toLowerCase()}.png" width="16" height="11" alt="${loc.countryName}" title="${loc.countryName}" class="wfFlag" />
84	+ <a href="http://maps.google.com/maps?q=${loc.lat},${loc.lon}&z=6" target="_blank" rel="noopener noreferrer">{{if loc.city}}${loc.city}, {{/if}}${loc.countryName}</a>
85	{{else}}
86	+ An unknown location at IP <a href="${WFAD.makeIPTrafLink(IP)}" target="_blank" rel="noopener noreferrer">${IP}</a>
87	{{/if}}
88	</div>
89	<div>
90	+ <strong>IP:</strong> <a href="${WFAD.makeIPTrafLink(IP)}" target="_blank" rel="noopener noreferrer">${IP}</a> [<a href="#" onclick="WFAD.unlockOutIP('${IP}'); return false;">unlock</a>]
91	</div>
92	<div>
93	<strong>Reason:</strong> ${reason}

132	<div>
133	{{if loc}}
134	<img src="<?php echo wfUtils::getBaseURL() . 'images/flags/'; ?>${loc.countryCode.toLowerCase()}.png" width="16" height="11" alt="${loc.countryName}" title="${loc.countryName}" class="wfFlag" />
135	+ <a href="http://maps.google.com/maps?q=${loc.lat},${loc.lon}&z=6" target="_blank" rel="noopener noreferrer">{{if loc.city}}${loc.city}, {{/if}}${loc.countryName}</a>
136	{{else}}
137	+ An unknown location at IP <a href="${WFAD.makeIPTrafLink(IP)}" target="_blank" rel="noopener noreferrer">${IP}</a>
138	{{/if}}
139	</div>
140	<div>
141	+ <strong>IP:</strong> <a href="${WFAD.makeIPTrafLink(IP)}" target="_blank" rel="noopener noreferrer">${IP}</a> [<a href="#" onclick="WFAD.unblockIPTwo('${IP}'); return false;">unblock</a>]
142	{{if permanent == '1'}}
143	[<span style="color: #F00;">permanently blocked</span>]
144	{{else}}  [<a href="#" onclick="WFAD.permBlockIP('${IP}'); return false;">make permanent</a>]{{/if}}

lib/menu_blocking_countryBlocking.php CHANGED Viewed

	@@ -4,7 +4,7 @@ require('wfBulkCountries.php');
4	<script type="text/javascript">
5	WFAD.countryMap = <?php echo json_encode($wfBulkCountries); ?>;
6	</script>
7	- <div class="wordfenceHelpLink"><a href="<?php echo $helpLink; ?>" target="_blank" class="wfhelp"></a><a href="<?php echo $helpLink; ?>" target="_blank"><?php echo $helpLabel; ?></a></div>
8	<div>
9	<div class="wordfenceModeElem" id="wordfenceMode_countryBlocking"></div>
10	<?php if(! wfConfig::get('isPaid')){ ?>
	@@ -20,7 +20,7 @@ WFAD.countryMap = <?php echo json_encode($wfBulkCountries); ?>;
20	<li>Discounts of up to 90% available for multiyear and multi-license purchases</li>
21	</ul>
22
23	- <p class="center"><a class="wf-btn wf-btn-primary wf-btn-callout" href="https://www.wordfence.com/gnl1countryBlock1/wordfence-signup/" target="_blank">Get Premium</a></p>
24	</div>
25	<?php } ?>
26	<?php if (!wfConfig::get('firewallEnabled')) { ?>
	@@ -61,7 +61,7 @@ WFAD.countryMap = <?php echo json_encode($wfBulkCountries); ?>;
61	<label for="wfRestOfSiteBlocked" class="wf-col-sm-2 wf-control-label">Block access to the rest of the site (outside the login form)</label>
62	<div class="wf-col-sm-6">
63	<div class="wf-checkbox"><input type="checkbox" id="wfRestOfSiteBlocked" name="wfRestOfSiteBlocked" value="1" <?php if(wfConfig::get('cbl_restOfSiteBlocked')){ echo 'checked'; } ?>></div>
64	- <span class="wf-help-block">If you use Google Adwords, this is not recommended. <a href="https://docs.wordfence.com/en/Country_blocking#Google_Adwords_says_I_can.27t_block_countries._How_do_I_work_around_that.3F" target="_blank">Learn More</a></span>
65	</div>
66	</div>
67	</div>
	@@ -253,7 +253,7 @@ if(wfConfig::get('isPaid')){
253	} else {
254	?>
255	If you would like access to this premium feature, please
256	- <a href="https://www.wordfence.com/gnl1countryBlock2/wordfence-signup/" target="_blank">upgrade to our premium version</a>.
257	</p>
258	<?php
259	}


4	<script type="text/javascript">
5	WFAD.countryMap = <?php echo json_encode($wfBulkCountries); ?>;
6	</script>
7	+ <div class="wordfenceHelpLink"><a href="<?php echo $helpLink; ?>" target="_blank" rel="noopener noreferrer" class="wfhelp"></a><a href="<?php echo $helpLink; ?>" target="_blank" rel="noopener noreferrer"><?php echo $helpLabel; ?></a></div>
8	<div>
9	<div class="wordfenceModeElem" id="wordfenceMode_countryBlocking"></div>
10	<?php if(! wfConfig::get('isPaid')){ ?>

20	<li>Discounts of up to 90% available for multiyear and multi-license purchases</li>
21	</ul>
22
23	+ <p class="center"><a class="wf-btn wf-btn-primary wf-btn-callout" href="https://www.wordfence.com/gnl1countryBlock1/wordfence-signup/" target="_blank" rel="noopener noreferrer">Get Premium</a></p>
24	</div>
25	<?php } ?>
26	<?php if (!wfConfig::get('firewallEnabled')) { ?>

61	<label for="wfRestOfSiteBlocked" class="wf-col-sm-2 wf-control-label">Block access to the rest of the site (outside the login form)</label>
62	<div class="wf-col-sm-6">
63	<div class="wf-checkbox"><input type="checkbox" id="wfRestOfSiteBlocked" name="wfRestOfSiteBlocked" value="1" <?php if(wfConfig::get('cbl_restOfSiteBlocked')){ echo 'checked'; } ?>></div>
64	+ <span class="wf-help-block">If you use Google Adwords, this is not recommended. <a href="https://docs.wordfence.com/en/Country_blocking#Google_Adwords_says_I_can.27t_block_countries._How_do_I_work_around_that.3F" target="_blank" rel="noopener noreferrer">Learn More</a></span>
65	</div>
66	</div>
67	</div>

253	} else {
254	?>
255	If you would like access to this premium feature, please
256	+ <a href="https://www.wordfence.com/gnl1countryBlock2/wordfence-signup/" target="_blank" rel="noopener noreferrer">upgrade to our premium version</a>.
257	</p>
258	<?php
259	}

lib/menu_dashboard.php CHANGED Viewed

	@@ -4,7 +4,7 @@ $d = new wfDashboard();
4	<div class="wrap wordfence">
5	<div class="wf-container-fluid">
6	<?php $pageTitle = "Wordfence Dashboard"; include('pageTitle.php'); ?>
7	- <div class="wordfenceHelpLink"><a href="http://docs.wordfence.com/en/Wordfence_Dashboard" target="_blank" class="wfhelp"></a><a href="http://docs.wordfence.com/en/Wordfence_Dashboard" target="_blank">Learn more about the Wordfence Dashboard</a></div>
8	<div id="wordfenceMode_dashboard"></div>
9	<div class="wf-row wf-add-top">
10	<div class="wf-col-xs-12">


4	<div class="wrap wordfence">
5	<div class="wf-container-fluid">
6	<?php $pageTitle = "Wordfence Dashboard"; include('pageTitle.php'); ?>
7	+ <div class="wordfenceHelpLink"><a href="http://docs.wordfence.com/en/Wordfence_Dashboard" target="_blank" rel="noopener noreferrer" class="wfhelp"></a><a href="http://docs.wordfence.com/en/Wordfence_Dashboard" target="_blank" rel="noopener noreferrer">Learn more about the Wordfence Dashboard</a></div>
8	<div id="wordfenceMode_dashboard"></div>
9	<div class="wf-row wf-add-top">
10	<div class="wf-col-xs-12">

lib/menu_firewall_bruteForce.php CHANGED Viewed

	@@ -1,11 +1,11 @@
1	<?php
2	$w = new wfConfig();
3	?>
4	- <div class="wordfenceHelpLink"><a href="<?php echo $helpLink; ?>" target="_blank" class="wfhelp"></a><a href="<?php echo $helpLink; ?>" target="_blank"><?php echo $helpLabel; ?></a></div>
5	<div class="wf-add-top">
6	<form id="wfConfigForm-bruteForce" class="wf-form-horizontal">
7	<div class="wf-form-group">
8	- <label for="blockedTime" class="wf-col-sm-5 wf-control-label">Enforce strong passwords <a href="http://docs.wordfence.com/en/Wordfence_options#Enforce_strong_passwords.3F" target="_blank" class="wfhelp"></a></label>
9	<div class="wf-col-sm-7">
10	<select class="wf-form-control" id="loginSec_strongPasswds" name="loginSec_strongPasswds">
11	<option value="">Do not force users to use strong passwords</option>
	@@ -15,7 +15,7 @@ $w = new wfConfig();
15	</div>
16	</div>
17	<div class="wf-form-group">
18	- <label for="loginSec_maxFailures" class="wf-col-sm-5 wf-control-label">Lock out after how many login failures <a href="http://docs.wordfence.com/en/Wordfence_options#Lock_out_after_how_many_login_failures" target="_blank" class="wfhelp"></a></label>
19	<div class="wf-col-sm-7">
20	<select id="loginSec_maxFailures" class="wf-form-control" name="loginSec_maxFailures">
21	<option value="1"<?php $w->sel( 'loginSec_maxFailures', '1' ); ?>>1</option>
	@@ -39,7 +39,7 @@ $w = new wfConfig();
39	</div>
40	</div>
41	<div class="wf-form-group">
42	- <label for="loginSec_maxForgotPasswd" class="wf-col-sm-5 wf-control-label">Lock out after how many forgot password attempts <a href="http://docs.wordfence.com/en/Wordfence_options#Lock_out_after_how_many_forgot_password_attempts" target="_blank" class="wfhelp"></a></label>
43	<div class="wf-col-sm-7">
44	<select id="loginSec_maxForgotPasswd" class="wf-form-control" name="loginSec_maxForgotPasswd">
45	<option value="1"<?php $w->sel( 'loginSec_maxForgotPasswd', '1' ); ?>>1</option>
	@@ -63,7 +63,7 @@ $w = new wfConfig();
63	</div>
64	</div>
65	<div class="wf-form-group">
66	- <label for="loginSec_countFailMins" class="wf-col-sm-5 wf-control-label">Count failures over what time period <a href="http://docs.wordfence.com/en/Wordfence_options#Count_failures_over_what_time_period" target="_blank" class="wfhelp"></a></label>
67	<div class="wf-col-sm-7">
68	<select id="loginSec_countFailMins" class="wf-form-control" name="loginSec_countFailMins">
69	<option value="5"<?php $w->sel( 'loginSec_countFailMins', '5' ); ?>>5 minutes</option>
	@@ -78,7 +78,7 @@ $w = new wfConfig();
78	</div>
79	</div>
80	<div class="wf-form-group">
81	- <label for="loginSec_lockoutMins" class="wf-col-sm-5 wf-control-label">Amount of time a user is locked out <a href="http://docs.wordfence.com/en/Wordfence_options#Amount_of_time_a_user_is_locked_out" target="_blank" class="wfhelp"></a></label>
82	<div class="wf-col-sm-7">
83	<select id="loginSec_lockoutMins" class="wf-form-control" name="loginSec_lockoutMins">
84	<option value="5"<?php $w->sel( 'loginSec_lockoutMins', '5' ); ?>>5 minutes</option>
	@@ -99,31 +99,31 @@ $w = new wfConfig();
99	</div>
100	</div>
101	<div class="wf-form-group">
102	- <label for="loginSec_lockInvalidUsers" class="wf-col-sm-5 wf-control-label">Immediately lock out invalid usernames <a href="http://docs.wordfence.com/en/Wordfence_options#Immediately_lock_out_invalid_usernames" target="_blank" class="wfhelp"></a></label>
103	<div class="wf-col-sm-7">
104	<div class="wf-checkbox"><input type="checkbox" id="loginSec_lockInvalidUsers" name="loginSec_lockInvalidUsers" value="1" <?php $w->cb('loginSec_lockInvalidUsers'); ?>></div>
105	</div>
106	</div>
107	<div class="wf-form-group">
108	- <label for="loginSec_maskLoginErrors" class="wf-col-sm-5 wf-control-label">Don't let WordPress reveal valid users in login errors <a href="http://docs.wordfence.com/en/Wordfence_options#Don.27t_let_WordPress_reveal_valid_users_in_login_errors" target="_blank" class="wfhelp"></a></label>
109	<div class="wf-col-sm-7">
110	<div class="wf-checkbox"><input type="checkbox" id="loginSec_maskLoginErrors" name="loginSec_maskLoginErrors" value="1" <?php $w->cb('loginSec_maskLoginErrors'); ?>></div>
111	</div>
112	</div>
113	<div class="wf-form-group">
114	- <label for="loginSec_blockAdminReg" class="wf-col-sm-5 wf-control-label">Prevent users registering 'admin' username if it doesn't exist <a href="http://docs.wordfence.com/en/Wordfence_options#Prevent_users_registering_.27admin.27_username_if_it_doesn.27t_exist" target="_blank" class="wfhelp"></a></label>
115	<div class="wf-col-sm-7">
116	<div class="wf-checkbox"><input type="checkbox" id="loginSec_blockAdminReg" name="loginSec_blockAdminReg" value="1" <?php $w->cb('loginSec_blockAdminReg'); ?>></div>
117	</div>
118	</div>
119	<div class="wf-form-group">
120	- <label for="loginSec_disableAuthorScan" class="wf-col-sm-5 wf-control-label">Prevent discovery of usernames through '/?author=N' scans, the oEmbed API, and the WordPress REST API <a href="http://docs.wordfence.com/en/Wordfence_options#Prevent_discovery_of_usernames_through_.27.3F.2Fauthor.3DN.27_scans" target="_blank" class="wfhelp"></a></label>
121	<div class="wf-col-sm-7">
122	<div class="wf-checkbox"><input type="checkbox" id="loginSec_disableAuthorScan" name="loginSec_disableAuthorScan" value="1" <?php $w->cb('loginSec_disableAuthorScan'); ?>></div>
123	</div>
124	</div>
125	<div class="wf-form-group">
126	- <label for="loginSec_userBlacklist" class="wf-col-sm-5 wf-control-label">Immediately block the IP of users who try to sign in as these usernames <a href="http://docs.wordfence.com/en/Wordfence_options#Immediately_block_the_IP_of_users_who_try_to_sign_in_as_these_usernames" target="_blank" class="wfhelp"></a></label>
127	<div class="wf-col-sm-7">
128	<textarea id="loginSec_userBlacklist" class="wf-form-control" rows="4" name="loginSec_userBlacklist"><?php echo wfUtils::cleanupOneEntryPerLine($w->getHTML( 'loginSec_userBlacklist' )); ?></textarea>
129	<span class="wf-help-block">(One per line. Existing users won't be blocked.)</span>


1	<?php
2	$w = new wfConfig();
3	?>
4	+ <div class="wordfenceHelpLink"><a href="<?php echo $helpLink; ?>" target="_blank" rel="noopener noreferrer" class="wfhelp"></a><a href="<?php echo $helpLink; ?>" target="_blank" rel="noopener noreferrer"><?php echo $helpLabel; ?></a></div>
5	<div class="wf-add-top">
6	<form id="wfConfigForm-bruteForce" class="wf-form-horizontal">
7	<div class="wf-form-group">
8	+ <label for="blockedTime" class="wf-col-sm-5 wf-control-label">Enforce strong passwords <a href="http://docs.wordfence.com/en/Wordfence_options#Enforce_strong_passwords.3F" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
9	<div class="wf-col-sm-7">
10	<select class="wf-form-control" id="loginSec_strongPasswds" name="loginSec_strongPasswds">
11	<option value="">Do not force users to use strong passwords</option>

15	</div>
16	</div>
17	<div class="wf-form-group">
18	+ <label for="loginSec_maxFailures" class="wf-col-sm-5 wf-control-label">Lock out after how many login failures <a href="http://docs.wordfence.com/en/Wordfence_options#Lock_out_after_how_many_login_failures" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
19	<div class="wf-col-sm-7">
20	<select id="loginSec_maxFailures" class="wf-form-control" name="loginSec_maxFailures">
21	<option value="1"<?php $w->sel( 'loginSec_maxFailures', '1' ); ?>>1</option>

39	</div>
40	</div>
41	<div class="wf-form-group">
42	+ <label for="loginSec_maxForgotPasswd" class="wf-col-sm-5 wf-control-label">Lock out after how many forgot password attempts <a href="http://docs.wordfence.com/en/Wordfence_options#Lock_out_after_how_many_forgot_password_attempts" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
43	<div class="wf-col-sm-7">
44	<select id="loginSec_maxForgotPasswd" class="wf-form-control" name="loginSec_maxForgotPasswd">
45	<option value="1"<?php $w->sel( 'loginSec_maxForgotPasswd', '1' ); ?>>1</option>

63	</div>
64	</div>
65	<div class="wf-form-group">
66	+ <label for="loginSec_countFailMins" class="wf-col-sm-5 wf-control-label">Count failures over what time period <a href="http://docs.wordfence.com/en/Wordfence_options#Count_failures_over_what_time_period" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
67	<div class="wf-col-sm-7">
68	<select id="loginSec_countFailMins" class="wf-form-control" name="loginSec_countFailMins">
69	<option value="5"<?php $w->sel( 'loginSec_countFailMins', '5' ); ?>>5 minutes</option>

78	</div>
79	</div>
80	<div class="wf-form-group">
81	+ <label for="loginSec_lockoutMins" class="wf-col-sm-5 wf-control-label">Amount of time a user is locked out <a href="http://docs.wordfence.com/en/Wordfence_options#Amount_of_time_a_user_is_locked_out" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
82	<div class="wf-col-sm-7">
83	<select id="loginSec_lockoutMins" class="wf-form-control" name="loginSec_lockoutMins">
84	<option value="5"<?php $w->sel( 'loginSec_lockoutMins', '5' ); ?>>5 minutes</option>

99	</div>
100	</div>
101	<div class="wf-form-group">
102	+ <label for="loginSec_lockInvalidUsers" class="wf-col-sm-5 wf-control-label">Immediately lock out invalid usernames <a href="http://docs.wordfence.com/en/Wordfence_options#Immediately_lock_out_invalid_usernames" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
103	<div class="wf-col-sm-7">
104	<div class="wf-checkbox"><input type="checkbox" id="loginSec_lockInvalidUsers" name="loginSec_lockInvalidUsers" value="1" <?php $w->cb('loginSec_lockInvalidUsers'); ?>></div>
105	</div>
106	</div>
107	<div class="wf-form-group">
108	+ <label for="loginSec_maskLoginErrors" class="wf-col-sm-5 wf-control-label">Don't let WordPress reveal valid users in login errors <a href="http://docs.wordfence.com/en/Wordfence_options#Don.27t_let_WordPress_reveal_valid_users_in_login_errors" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
109	<div class="wf-col-sm-7">
110	<div class="wf-checkbox"><input type="checkbox" id="loginSec_maskLoginErrors" name="loginSec_maskLoginErrors" value="1" <?php $w->cb('loginSec_maskLoginErrors'); ?>></div>
111	</div>
112	</div>
113	<div class="wf-form-group">
114	+ <label for="loginSec_blockAdminReg" class="wf-col-sm-5 wf-control-label">Prevent users registering 'admin' username if it doesn't exist <a href="http://docs.wordfence.com/en/Wordfence_options#Prevent_users_registering_.27admin.27_username_if_it_doesn.27t_exist" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
115	<div class="wf-col-sm-7">
116	<div class="wf-checkbox"><input type="checkbox" id="loginSec_blockAdminReg" name="loginSec_blockAdminReg" value="1" <?php $w->cb('loginSec_blockAdminReg'); ?>></div>
117	</div>
118	</div>
119	<div class="wf-form-group">
120	+ <label for="loginSec_disableAuthorScan" class="wf-col-sm-5 wf-control-label">Prevent discovery of usernames through '/?author=N' scans, the oEmbed API, and the WordPress REST API <a href="http://docs.wordfence.com/en/Wordfence_options#Prevent_discovery_of_usernames_through_.27.3F.2Fauthor.3DN.27_scans" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
121	<div class="wf-col-sm-7">
122	<div class="wf-checkbox"><input type="checkbox" id="loginSec_disableAuthorScan" name="loginSec_disableAuthorScan" value="1" <?php $w->cb('loginSec_disableAuthorScan'); ?>></div>
123	</div>
124	</div>
125	<div class="wf-form-group">
126	+ <label for="loginSec_userBlacklist" class="wf-col-sm-5 wf-control-label">Immediately block the IP of users who try to sign in as these usernames <a href="http://docs.wordfence.com/en/Wordfence_options#Immediately_block_the_IP_of_users_who_try_to_sign_in_as_these_usernames" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
127	<div class="wf-col-sm-7">
128	<textarea id="loginSec_userBlacklist" class="wf-form-control" rows="4" name="loginSec_userBlacklist"><?php echo wfUtils::cleanupOneEntryPerLine($w->getHTML( 'loginSec_userBlacklist' )); ?></textarea>
129	<span class="wf-help-block">(One per line. Existing users won't be blocked.)</span>

lib/menu_firewall_rateLimiting.php CHANGED Viewed

	@@ -1,17 +1,17 @@
1	<?php
2	$w = new wfConfig();
3	?>
4	- <div class="wordfenceHelpLink"><a href="<?php echo $helpLink; ?>" target="_blank" class="wfhelp"></a><a href="<?php echo $helpLink; ?>" target="_blank"><?php echo $helpLabel; ?></a></div>
5	<div class="wf-add-top">
6	<form id="wfConfigForm-rateLimiting" class="wf-form-horizontal">
7	<div class="wf-form-group">
8	- <label for="blockFakeBots" class="wf-col-sm-5 wf-control-label">Immediately block fake Google crawlers <a href="http://docs.wordfence.com/en/Wordfence_options#Immediately_block_fake_Google_crawlers:" target="_blank" class="wfhelp"></a></label>
9	<div class="wf-col-sm-7">
10	<div class="wf-checkbox"><input type="checkbox" id="blockFakeBots" name="blockFakeBots" value="1" <?php $w->cb('blockFakeBots'); ?>></div>
11	</div>
12	</div>
13	<div class="wf-form-group">
14	- <label for="neverBlockBG" class="wf-col-sm-5 wf-control-label">How should we treat Google's crawlers <a href="http://docs.wordfence.com/en/Wordfence_options#How_should_we_treat_Google.27s_crawlers" target="_blank" class="wfhelp"></a></label>
15	<div class="wf-col-sm-7">
16	<select id="neverBlockBG" class="wf-form-control" name="neverBlockBG">
17	<option value="neverBlockVerified"<?php $w->sel( 'neverBlockBG', 'neverBlockVerified' ); ?>>Verified Google crawlers have unlimited access to this site</option>
	@@ -24,27 +24,27 @@ $w = new wfConfig();
24	$options = array( //Contents should already be HTML-escaped as needed
25	array(
26	'id' => 'maxGlobalRequests',
27	- 'label' => 'If anyone\'s requests exceed <a href="http://docs.wordfence.com/en/Wordfence_options#If_anyone.27s_requests_exceed:" target="_blank" class="wfhelp"></a>',
28	),
29	array(
30	'id' => 'maxRequestsCrawlers',
31	- 'label' => 'If a crawler\'s page views exceed <a href="http://docs.wordfence.com/en/Wordfence_options#If_a_crawler.27s_page_views_exceed" target="_blank" class="wfhelp"></a>',
32	),
33	array(
34	'id' => 'max404Crawlers',
35	- 'label' => 'If a crawler\'s pages not found (404s) exceed <a href="http://docs.wordfence.com/en/Wordfence_options#If_a_crawler.27s_pages_not_found_.28404s.29_exceed" target="_blank" class="wfhelp"></a>',
36	),
37	array(
38	'id' => 'maxRequestsHumans',
39	- 'label' => 'If a human\'s page views exceed <a href="http://docs.wordfence.com/en/Wordfence_options#If_a_human.27s_page_views_exceed" target="_blank" class="wfhelp"></a>',
40	),
41	array(
42	'id' => 'max404Humans',
43	- 'label' => 'If a human\'s pages not found (404s) exceed <a href="http://docs.wordfence.com/en/Wordfence_options#If_a_human.27s_pages_not_found_.28404s.29_exceed" target="_blank" class="wfhelp"></a>',
44	),
45	array(
46	'id' => 'maxScanHits',
47	- 'label' => 'If 404s for known vulnerable URLs exceed <a href="http://docs.wordfence.com/en/Wordfence_options#If_404.27s_for_known_vulnerable_URL.27s_exceed" target="_blank" class="wfhelp"></a>',
48	),
49	);
50	foreach ($options as $o): ?>
	@@ -76,13 +76,13 @@ $w = new wfConfig();
76	</select>
77	</div>
78	<?php if (isset($o['help']) \|\| (!wfConfig::get('isPaid') && isset($o['premium']) && $o['premium'])): ?>
79	- <span class="wf-help-block"><?php if (!wfConfig::get('isPaid') && isset($o['premium']) && $o['premium']) { echo '<span style="color: #F00;">Premium Feature</span> This feature requires a <a href="https://www.wordfence.com/gnl1optPdOnly1/wordfence-signup/" target="_blank">Wordfence Premium Key</a>. '; } ?><?php if (isset($o['help'])) { echo $o['help']; } ?></span>
80	<?php endif; ?>
81	</div>
82	</div>
83	<?php endforeach; ?>
84	<div class="wf-form-group">
85	- <label for="blockedTime" class="wf-col-sm-5 wf-control-label">How long is an IP address blocked when it breaks a rule <a href="http://docs.wordfence.com/en/Wordfence_options#How_long_is_an_IP_address_blocked_when_it_breaks_a_rule" target="_blank" class="wfhelp"></a></label>
86	<div class="wf-col-sm-7">
87	<select id="blockedTime" class="wf-form-control" name="blockedTime">
88	<option value="60"<?php $w->sel( 'blockedTime', '60' ); ?>>1 minute</option>


1	<?php
2	$w = new wfConfig();
3	?>
4	+ <div class="wordfenceHelpLink"><a href="<?php echo $helpLink; ?>" target="_blank" rel="noopener noreferrer" class="wfhelp"></a><a href="<?php echo $helpLink; ?>" target="_blank" rel="noopener noreferrer"><?php echo $helpLabel; ?></a></div>
5	<div class="wf-add-top">
6	<form id="wfConfigForm-rateLimiting" class="wf-form-horizontal">
7	<div class="wf-form-group">
8	+ <label for="blockFakeBots" class="wf-col-sm-5 wf-control-label">Immediately block fake Google crawlers <a href="http://docs.wordfence.com/en/Wordfence_options#Immediately_block_fake_Google_crawlers:" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
9	<div class="wf-col-sm-7">
10	<div class="wf-checkbox"><input type="checkbox" id="blockFakeBots" name="blockFakeBots" value="1" <?php $w->cb('blockFakeBots'); ?>></div>
11	</div>
12	</div>
13	<div class="wf-form-group">
14	+ <label for="neverBlockBG" class="wf-col-sm-5 wf-control-label">How should we treat Google's crawlers <a href="http://docs.wordfence.com/en/Wordfence_options#How_should_we_treat_Google.27s_crawlers" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
15	<div class="wf-col-sm-7">
16	<select id="neverBlockBG" class="wf-form-control" name="neverBlockBG">
17	<option value="neverBlockVerified"<?php $w->sel( 'neverBlockBG', 'neverBlockVerified' ); ?>>Verified Google crawlers have unlimited access to this site</option>

24	$options = array( //Contents should already be HTML-escaped as needed
25	array(
26	'id' => 'maxGlobalRequests',
27	+ 'label' => 'If anyone\'s requests exceed <a href="http://docs.wordfence.com/en/Wordfence_options#If_anyone.27s_requests_exceed:" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
28	),
29	array(
30	'id' => 'maxRequestsCrawlers',
31	+ 'label' => 'If a crawler\'s page views exceed <a href="http://docs.wordfence.com/en/Wordfence_options#If_a_crawler.27s_page_views_exceed" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
32	),
33	array(
34	'id' => 'max404Crawlers',
35	+ 'label' => 'If a crawler\'s pages not found (404s) exceed <a href="http://docs.wordfence.com/en/Wordfence_options#If_a_crawler.27s_pages_not_found_.28404s.29_exceed" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
36	),
37	array(
38	'id' => 'maxRequestsHumans',
39	+ 'label' => 'If a human\'s page views exceed <a href="http://docs.wordfence.com/en/Wordfence_options#If_a_human.27s_page_views_exceed" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
40	),
41	array(
42	'id' => 'max404Humans',
43	+ 'label' => 'If a human\'s pages not found (404s) exceed <a href="http://docs.wordfence.com/en/Wordfence_options#If_a_human.27s_pages_not_found_.28404s.29_exceed" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
44	),
45	array(
46	'id' => 'maxScanHits',
47	+ 'label' => 'If 404s for known vulnerable URLs exceed <a href="http://docs.wordfence.com/en/Wordfence_options#If_404.27s_for_known_vulnerable_URL.27s_exceed" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
48	),
49	);
50	foreach ($options as $o): ?>

76	</select>
77	</div>
78	<?php if (isset($o['help']) \|\| (!wfConfig::get('isPaid') && isset($o['premium']) && $o['premium'])): ?>
79	+ <span class="wf-help-block"><?php if (!wfConfig::get('isPaid') && isset($o['premium']) && $o['premium']) { echo '<span style="color: #F00;">Premium Feature</span> This feature requires a <a href="https://www.wordfence.com/gnl1optPdOnly1/wordfence-signup/" target="_blank" rel="noopener noreferrer">Wordfence Premium Key</a>. '; } ?><?php if (isset($o['help'])) { echo $o['help']; } ?></span>
80	<?php endif; ?>
81	</div>
82	</div>
83	<?php endforeach; ?>
84	<div class="wf-form-group">
85	+ <label for="blockedTime" class="wf-col-sm-5 wf-control-label">How long is an IP address blocked when it breaks a rule <a href="http://docs.wordfence.com/en/Wordfence_options#How_long_is_an_IP_address_blocked_when_it_breaks_a_rule" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
86	<div class="wf-col-sm-7">
87	<select id="blockedTime" class="wf-form-control" name="blockedTime">
88	<option value="60"<?php $w->sel( 'blockedTime', '60' ); ?>>1 minute</option>

lib/menu_firewall_waf.php CHANGED Viewed

	@@ -5,7 +5,7 @@ $wafConfigURL = network_admin_url('admin.php?page=WordfenceWAF&wafAction=configu
5	$wafRemoveURL = network_admin_url('admin.php?page=WordfenceWAF&wafAction=removeAutoPrepend');
6	/** @var array $wafData */
7	?>
8	- <div class="wordfenceHelpLink"><a href="<?php echo $helpLink; ?>" target="_blank" class="wfhelp"></a><a href="<?php echo $helpLink; ?>" target="_blank"><?php echo $helpLabel; ?></a></div>
9	<div>
10	<div class="wordfenceModeElem" id="wordfenceMode_waf"></div>
11	<?php
	@@ -45,13 +45,13 @@ $wafRemoveURL = network_admin_url('admin.php?page=WordfenceWAF&wafAction=removeA
45	<!-- end wafActionContent -->
46
47	<?php if (!empty($_REQUEST['wafAction']) && $_REQUEST['wafAction'] == 'removeAutoPrepend') { ?>
48	- <p class="wf-notice"><em>If you cannot complete the uninstallation process, <a target="_blank" href="https://docs.wordfence.com/en/Web_Application_Firewall_FAQ#How_can_I_remove_the_firewall_setup_manually.3F">click here for help</a>.</em></p>
49	<?php }
50	else if (!empty($_REQUEST['wafAction']) && $_REQUEST['wafAction'] == 'updateSuPHPConfig') {
51	//Do nothing
52	}
53	else { ?>
54	- <p class="wf-notice"><em>If you cannot complete the setup process, <a target="_blank" href="https://docs.wordfence.com/en/Web_Application_Firewall_Setup">click here for help</a>.</em></p>
55	<?php } ?>
56	</div>
57	<?php else: ?>
	@@ -84,12 +84,12 @@ $wafRemoveURL = network_admin_url('admin.php?page=WordfenceWAF&wafAction=removeA
84	<?php if (wfConfig::get('isPaid')) { ?>
85	<div class="wf-success" style="max-width: 881px;">
86	You are running the Premium version of the Threat Defense Feed which is updated in real-time as new
87	- threats emerge. <a href="https://www.wordfence.com/zz14/sign-in/" target="_blank">Protect additional sites.</a>
88	</div>
89	<?php } ?>
90	<form action="javascript:void(0)" id="waf-config-form" class="wf-form-horizontal">
91	<div class="wf-form-group">
92	- <label for="wf-waf-protection-mode" class="wf-col-sm-5 wf-col-md-3 wf-control-label waf-config-label">Protection Level <a href="http://docs.wordfence.com/en/WAF#Protection_Level" target="_blank" class="wfhelp"></a></label>
93	<div class="wf-col-sm-7 wf-col-md-5">
94	<?php if (!WFWAF_AUTO_PREPEND): ?>
95	<p class="wf-form-control-static wf-notice-text">Basic WordPress Protection</p>
	@@ -100,7 +100,7 @@ $wafRemoveURL = network_admin_url('admin.php?page=WordfenceWAF&wafAction=removeA
100	</div>
101	</div>
102	<div class="wf-form-group">
103	- <label for="input-wafStatus" class="wf-col-sm-5 wf-col-md-3 wf-control-label waf-config-label">Firewall Status <a href="http://docs.wordfence.com/en/WAF#Firewall_Status" target="_blank" class="wfhelp"></a></label>
104	<?php $wafStatus = (!WFWAF_ENABLED ? 'disabled' : $config->getConfig('wafStatus')); ?>
105	<div class="wf-col-sm-7 wf-col-md-5">
106	<select id="input-wafStatus" name="wafStatus" class="wf-form-control"<?php echo !WFWAF_ENABLED ? ' disabled' : '' ?>>
	@@ -162,7 +162,7 @@ $wafRemoveURL = network_admin_url('admin.php?page=WordfenceWAF&wafAction=removeA
162
163	<br>
164
165	- <h2>Rules <a href="http://docs.wordfence.com/en/WAF#Rules" target="_blank" class="wfhelp"></a></h2>
166
167	<div id="waf-rules-wrapper"></div>
168
	@@ -179,7 +179,7 @@ $wafRemoveURL = network_admin_url('admin.php?page=WordfenceWAF&wafAction=removeA
179
180	<br>
181
182	- <h2>Whitelisted URLs <a href="http://docs.wordfence.com/en/WAF#Whitelisted_URLs" target="_blank" class="wfhelp"></a></h2>
183
184	<p><em>The URL/parameters in this table will not be tested by the firewall. They are typically added
185	while the firewall is in Learning Mode or by an admin who identifies a particular action/request
	@@ -215,7 +215,7 @@ $wafRemoveURL = network_admin_url('admin.php?page=WordfenceWAF&wafAction=removeA
215	<div id="whitelist-monitor" class="wf-form-horizontal">
216	<div class="wf-form-group">
217	<div class="wf-col-xs-12">
218	- <p class="wf-form-control-static"><strong>Monitor Background Requests for False Positives</strong> <a href="https://docs.wordfence.com/en/WAF#Whitelisted_URLs" target="_blank" class="wfhelp"></a></p>
219	</div>
220	<div class="wf-col-xs-12">
221	<label class="wf-checkbox-inline"><input type="checkbox" id="monitor-front" name="monitor-front" value="1"<?php echo wfConfig::get('ajaxWatcherDisabled_front') ? '' : ' checked'; ?>>Front</label>
	@@ -233,10 +233,10 @@ $wafRemoveURL = network_admin_url('admin.php?page=WordfenceWAF&wafAction=removeA
233	<p class="wf-form-control-static"><strong>Other Options</strong></p>
234	</div>
235	<div class="wf-col-xs-12">
236	- <label class="wf-checkbox-inline"><input type="checkbox" id="waf-disable-ip-blocking" name="waf-disable-ip-blocking" value="1"<?php echo $config->getConfig('disableWAFIPBlocking') ? ' checked' : ''; ?>>Delay IP and Country blocking until after WordPress and plugins have loaded (only process firewall rules early) <a href="https://docs.wordfence.com/en/WAF#Advanced_Configuration" target="_blank" class="wfhelp"></a></label>
237	</div>
238	<div class="wf-col-xs-12">
239	- <label class="wf-checkbox-inline<?php echo (wfConfig::p() ? '' : ' wf-disabled'); ?>"><input type="checkbox" id="waf-disable-blacklist-blocking" name="waf-disable-blacklist-blocking" value="1"<?php echo !$config->getConfig('disableWAFBlacklistBlocking') ? ' checked' : ''; echo (wfConfig::p() ? '' : ' disabled'); ?>>Preemptively block malicious IP addresses <span style="color: #F00;">Premium Feature</span> <a href="https://docs.wordfence.com/en/WAF#Advanced_Configuration" target="_blank" class="wfhelp"></a></label>
240	</div>
241	</div>
242	</div>
	@@ -245,10 +245,10 @@ $wafRemoveURL = network_admin_url('admin.php?page=WordfenceWAF&wafAction=removeA
245	<div class="wf-form-horizontal">
246	<div class="wf-form-group">
247	<div class="wf-col-xs-12">
248	- <p class="wf-form-control-static"><strong>Remove Extended Protection <a href="https://docs.wordfence.com/en/Web_Application_Firewall_FAQ#How_can_I_remove_the_firewall_setup_manually.3F" target="_blank" class="wfhelp"></a></strong></p>
249	</div>
250	<div class="wf-col-xs-12">
251	- <p class="wf-form-control-static"><em>If you're moving to a new host or a new installation location, you may need to temporarily disable extended protection to avoid any file not found errors. Use this action to remove the configuration changes that enable extended protection mode or you can <a href="https://docs.wordfence.com/en/Web_Application_Firewall_FAQ#How_can_I_remove_the_firewall_setup_manually.3F" target="_blank">remove them manually</a>.</em></p>
252	</div>
253	</div>
254	<div class="wf-form-group">


5	$wafRemoveURL = network_admin_url('admin.php?page=WordfenceWAF&wafAction=removeAutoPrepend');
6	/** @var array $wafData */
7	?>
8	+ <div class="wordfenceHelpLink"><a href="<?php echo $helpLink; ?>" target="_blank" rel="noopener noreferrer" class="wfhelp"></a><a href="<?php echo $helpLink; ?>" target="_blank" rel="noopener noreferrer"><?php echo $helpLabel; ?></a></div>
9	<div>
10	<div class="wordfenceModeElem" id="wordfenceMode_waf"></div>
11	<?php

45	<!-- end wafActionContent -->
46
47	<?php if (!empty($_REQUEST['wafAction']) && $_REQUEST['wafAction'] == 'removeAutoPrepend') { ?>
48	+ <p class="wf-notice"><em>If you cannot complete the uninstallation process, <a target="_blank" rel="noopener noreferrer" href="https://docs.wordfence.com/en/Web_Application_Firewall_FAQ#How_can_I_remove_the_firewall_setup_manually.3F">click here for help</a>.</em></p>
49	<?php }
50	else if (!empty($_REQUEST['wafAction']) && $_REQUEST['wafAction'] == 'updateSuPHPConfig') {
51	//Do nothing
52	}
53	else { ?>
54	+ <p class="wf-notice"><em>If you cannot complete the setup process, <a target="_blank" rel="noopener noreferrer" href="https://docs.wordfence.com/en/Web_Application_Firewall_Setup">click here for help</a>.</em></p>
55	<?php } ?>
56	</div>
57	<?php else: ?>

84	<?php if (wfConfig::get('isPaid')) { ?>
85	<div class="wf-success" style="max-width: 881px;">
86	You are running the Premium version of the Threat Defense Feed which is updated in real-time as new
87	+ threats emerge. <a href="https://www.wordfence.com/zz14/sign-in/" target="_blank" rel="noopener noreferrer">Protect additional sites.</a>
88	</div>
89	<?php } ?>
90	<form action="javascript:void(0)" id="waf-config-form" class="wf-form-horizontal">
91	<div class="wf-form-group">
92	+ <label for="wf-waf-protection-mode" class="wf-col-sm-5 wf-col-md-3 wf-control-label waf-config-label">Protection Level <a href="http://docs.wordfence.com/en/WAF#Protection_Level" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
93	<div class="wf-col-sm-7 wf-col-md-5">
94	<?php if (!WFWAF_AUTO_PREPEND): ?>
95	<p class="wf-form-control-static wf-notice-text">Basic WordPress Protection</p>

100	</div>
101	</div>
102	<div class="wf-form-group">
103	+ <label for="input-wafStatus" class="wf-col-sm-5 wf-col-md-3 wf-control-label waf-config-label">Firewall Status <a href="http://docs.wordfence.com/en/WAF#Firewall_Status" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
104	<?php $wafStatus = (!WFWAF_ENABLED ? 'disabled' : $config->getConfig('wafStatus')); ?>
105	<div class="wf-col-sm-7 wf-col-md-5">
106	<select id="input-wafStatus" name="wafStatus" class="wf-form-control"<?php echo !WFWAF_ENABLED ? ' disabled' : '' ?>>

162
163	<br>
164
165	+ <h2>Rules <a href="http://docs.wordfence.com/en/WAF#Rules" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></h2>
166
167	<div id="waf-rules-wrapper"></div>
168

179
180	<br>
181
182	+ <h2>Whitelisted URLs <a href="http://docs.wordfence.com/en/WAF#Whitelisted_URLs" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></h2>
183
184	<p><em>The URL/parameters in this table will not be tested by the firewall. They are typically added
185	while the firewall is in Learning Mode or by an admin who identifies a particular action/request

215	<div id="whitelist-monitor" class="wf-form-horizontal">
216	<div class="wf-form-group">
217	<div class="wf-col-xs-12">
218	+ <p class="wf-form-control-static"><strong>Monitor Background Requests for False Positives</strong> <a href="https://docs.wordfence.com/en/WAF#Whitelisted_URLs" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></p>
219	</div>
220	<div class="wf-col-xs-12">
221	<label class="wf-checkbox-inline"><input type="checkbox" id="monitor-front" name="monitor-front" value="1"<?php echo wfConfig::get('ajaxWatcherDisabled_front') ? '' : ' checked'; ?>>Front</label>

233	<p class="wf-form-control-static"><strong>Other Options</strong></p>
234	</div>
235	<div class="wf-col-xs-12">
236	+ <label class="wf-checkbox-inline"><input type="checkbox" id="waf-disable-ip-blocking" name="waf-disable-ip-blocking" value="1"<?php echo $config->getConfig('disableWAFIPBlocking') ? ' checked' : ''; ?>>Delay IP and Country blocking until after WordPress and plugins have loaded (only process firewall rules early) <a href="https://docs.wordfence.com/en/WAF#Advanced_Configuration" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
237	</div>
238	<div class="wf-col-xs-12">
239	+ <label class="wf-checkbox-inline<?php echo (wfConfig::p() ? '' : ' wf-disabled'); ?>"><input type="checkbox" id="waf-disable-blacklist-blocking" name="waf-disable-blacklist-blocking" value="1"<?php echo !$config->getConfig('disableWAFBlacklistBlocking') ? ' checked' : ''; echo (wfConfig::p() ? '' : ' disabled'); ?>>Preemptively block malicious IP addresses <span style="color: #F00;">Premium Feature</span> <a href="https://docs.wordfence.com/en/WAF#Advanced_Configuration" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
240	</div>
241	</div>
242	</div>

245	<div class="wf-form-horizontal">
246	<div class="wf-form-group">
247	<div class="wf-col-xs-12">
248	+ <p class="wf-form-control-static"><strong>Remove Extended Protection <a href="https://docs.wordfence.com/en/Web_Application_Firewall_FAQ#How_can_I_remove_the_firewall_setup_manually.3F" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></strong></p>
249	</div>
250	<div class="wf-col-xs-12">
251	+ <p class="wf-form-control-static"><em>If you're moving to a new host or a new installation location, you may need to temporarily disable extended protection to avoid any file not found errors. Use this action to remove the configuration changes that enable extended protection mode or you can <a href="https://docs.wordfence.com/en/Web_Application_Firewall_FAQ#How_can_I_remove_the_firewall_setup_manually.3F" target="_blank" rel="noopener noreferrer">remove them manually</a>.</em></p>
252	</div>
253	</div>
254	<div class="wf-form-group">

lib/menu_options.php CHANGED Viewed

	@@ -32,7 +32,7 @@ $w = new wfConfig();
32	<form id="wfConfigForm" class="wf-form-horizontal">
33	<h2>License</h2>
34	<div class="wf-form-group">
35	- <label for="apiKey" class="wf-col-sm-3 wf-control-label">Your Wordfence API Key <a href="http://docs.wordfence.com/en/Wordfence_options#Wordfence_API_Key" target="_blank" class="wfhelp"></a></label>
36	<div class="wf-col-sm-9">
37	<input type="text" id="apiKey" class="wf-form-control" name="apiKey" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" value="<?php $w->f( 'apiKey' ); ?>" size="80">
38	</div>
	@@ -47,7 +47,7 @@ $w = new wfConfig();
47	The currently active API Key is a Premium Key. <span style="font-weight: bold; color: #0A0;">Premium scanning enabled!</span>
48	<?php } else { ?>
49	The currently active API Key is a <span style="color: #F00; font-weight: bold;">Free Key</span>. <a
50	- href="https://www.wordfence.com/gnl1optAPIKey1/wordfence-signup/" target="_blank">Click Here to Upgrade to
51	Wordfence Premium now.</a>
52	<?php } ?>
53	</p>
	@@ -56,11 +56,11 @@ $w = new wfConfig();
56	<div class="wf-form-group">
57	<?php if (wfConfig::get('hasKeyConflict')): ?>
58	<div class="wf-col-sm-9 wf-col-sm-offset-3">
59	- <a href="https://www.wordfence.com/gnl1optMngKysReset/manage-wordfence-api-keys/" target="_blank"><input type="button" class="wf-btn wf-btn-default wf-btn-sm" value="Reset your premium license"/></a> <input type="button" class="wf-btn wf-btn-default wf-btn-sm" value="Downgrade to a free license" onclick="WFAD.downgradeLicense();"/>
60	</div>
61	<?php elseif (wfConfig::get('isPaid')): ?>
62	<div class="wf-col-sm-9 wf-col-sm-offset-3">
63	- <a href="https://www.wordfence.com/gnl1optMngKys/manage-wordfence-api-keys/" target="_blank"><input type="button" class="wf-btn wf-btn-default wf-btn-sm" value="Renew your premium license"/></a> <input type="button" class="wf-btn wf-btn-default wf-btn-sm" value="Downgrade to a free license" onclick="WFAD.downgradeLicense();"/>
64	</div>
65	<?php else: ?>
66	<div class="wf-col-xs-12">
	@@ -73,82 +73,82 @@ $w = new wfConfig();
73	<li>Access to Premium Support</li>
74	<li>Discounts of up to 90% for multiyear and multi-license purchases</li>
75	</ul>
76	- <p class="center"><a class="wf-btn wf-btn-primary wf-btn-callout" href="https://www.wordfence.com/gnl1optCallout1/wordfence-signup/" target="_blank">Get Premium</a></p>
77	</div>
78	</div>
79	<?php endif ?>
80	</div>
81
82	- <h2>Basic Options <a href="http://docs.wordfence.com/en/Wordfence_options#Basic_Options" target="_blank" class="wfhelp"></a></h2>
83	<div class="wf-form-group">
84	- <label for="firewallEnabled" class="wf-col-sm-5 wf-control-label">Enable Rate Limiting and Advanced Blocking <a href="https://docs.wordfence.com/en/Wordfence_options#Enable_Rate_Limiting_and_Advanced_Blocking" target="_blank" class="wfhelp"></a></label>
85	<div class="wf-col-sm-7">
86	<div class="wf-checkbox"><input type="checkbox" id="firewallEnabled" class="wfConfigElem" name="firewallEnabled" value="1" <?php $w->cb( 'firewallEnabled' ); ?>></div>
87	<span class="wf-help-block"><span style="color: #F00;">NOTE:</span> This checkbox enables ALL blocking/throttling functions including IP, country and advanced blocking, and the "Rate Limiting Rules" below.</span>
88	</div>
89	</div>
90	<div class="wf-form-group">
91	- <label for="loginSecurityEnabled" class="wf-col-sm-5 wf-control-label">Enable login security <a href="http://docs.wordfence.com/en/Wordfence_options#Enable_login_security" target="_blank" class="wfhelp"></a></label>
92	<div class="wf-col-sm-7">
93	<div class="wf-checkbox"><input type="checkbox" id="loginSecurityEnabled" class="wfConfigElem" name="loginSecurityEnabled" value="1" <?php $w->cb( 'loginSecurityEnabled' ); ?>></div>
94	<span class="wf-help-block">This option enables all "Login Security" options, including two-factor authentication, strong password enforcement, and invalid login throttling. You can modify individual options further down this page.</span>
95	</div>
96	</div>
97	<div class="wf-form-group">
98	- <label for="liveTrafficEnabled" class="wf-col-sm-5 wf-control-label">Enable Live Traffic View <a href="http://docs.wordfence.com/en/Wordfence_options#Enable_Live_Traffic_View" target="_blank" class="wfhelp"></a></label>
99	<div class="wf-col-sm-7">
100	<div class="wf-checkbox"><input type="checkbox" id="liveTrafficEnabled" class="wfConfigElem" name="liveTrafficEnabled" value="1" <?php $w->cb( 'liveTrafficEnabled' ); ?> onclick="WFAD.reloadConfigPage = true; return true;"></div>
101	<span class="wf-help-block">This option enables live traffic logging.</span>
102	</div>
103	</div>
104	<div class="wf-form-group">
105	- <label for="advancedCommentScanning" class="wf-col-sm-5 wf-control-label">Advanced Comment Spam Filter <a href="http://docs.wordfence.com/en/Wordfence_options#Advanced_Comment_Spam_Filter" target="_blank" class="wfhelp"></a></label>
106	<div class="wf-col-sm-7">
107	<div class="wf-checkbox"><input type="checkbox" id="advancedCommentScanning" class="wfConfigElem" name="advancedCommentScanning" value="1" <?php $w->cbp( 'advancedCommentScanning' ); if (!wfConfig::get('isPaid')) { ?>onclick="alert('This is a paid feature because it places significant additional load on our servers.'); jQuery('#advancedCommentScanning').attr('checked', false); return false;" <?php } ?>></div>
108	<span class="wf-help-block"><span style="color: #F00;">Premium Feature</span> In addition to free comment filtering (see below) this option filters comments against several additional real-time lists of known spammers and infected hosts.</span>
109	</div>
110	</div>
111	<div class="wf-form-group">
112	- <label for="spamvertizeCheck" class="wf-col-sm-5 wf-control-label">Check if this website is being "Spamvertised" <a href="http://docs.wordfence.com/en/Wordfence_options#Check_if_this_website_is_being_.22Spamvertized.22" target="_blank" class="wfhelp"></a></label>
113	<div class="wf-col-sm-7">
114	<div class="wf-checkbox"><input type="checkbox" id="spamvertizeCheck" class="wfConfigElem" name="spamvertizeCheck" value="1" <?php $w->cbp('spamvertizeCheck'); if (!wfConfig::get('isPaid')) { ?>onclick="alert('This is a paid feature because it places significant additional load on our servers.'); jQuery('#spamvertizeCheck').attr('checked', false); return false;" <?php } ?>></div>
115	<span class="wf-help-block"><span style="color: #F00;">Premium Feature</span> When doing a scan, Wordfence will check with spam services if your site domain name is appearing as a link in spam emails.</span>
116	</div>
117	</div>
118	<div class="wf-form-group">
119	- <label for="checkSpamIP" class="wf-col-sm-5 wf-control-label">Check if this website IP is generating spam <a href="http://docs.wordfence.com/en/Wordfence_options#Check_if_this_website_IP_is_generating_spam" target="_blank" class="wfhelp"></a></label>
120	<div class="wf-col-sm-7">
121	<div class="wf-checkbox"><input type="checkbox" id="checkSpamIP" class="wfConfigElem" name="checkSpamIP" value="1" <?php $w->cbp( 'checkSpamIP' ); if (!wfConfig::get('isPaid')) { ?>onclick="alert('This is a paid feature because it places significant additional load on our servers.'); jQuery('#checkSpamIP').attr('checked', false); return false;" <?php } ?>></div>
122	<span class="wf-help-block"><span style="color: #F00;">Premium Feature</span> When doing a scan, Wordfence will check with spam services if your website IP address is listed as a known source of spam email.</span>
123	</div>
124	</div>
125	<div class="wf-form-group">
126	- <label for="scheduledScansEnabled" class="wf-col-sm-5 wf-control-label">Enable automatic scheduled scans <a href="http://docs.wordfence.com/en/Wordfence_options#Enable_automatic_scheduled_scans" target="_blank" class="wfhelp"></a></label>
127	<div class="wf-col-sm-7">
128	<div class="wf-checkbox"><input type="checkbox" id="scheduledScansEnabled" class="wfConfigElem" name="scheduledScansEnabled" value="1" <?php $w->cb( 'scheduledScansEnabled' ); ?>></div>
129	<span class="wf-help-block">Regular scans ensure your site stays secure.</span>
130	</div>
131	</div>
132	<div class="wf-form-group">
133	- <label for="autoUpdate" class="wf-col-sm-5 wf-control-label">Update Wordfence automatically when a new version is released? <a href="http://docs.wordfence.com/en/Wordfence_options#Update_Wordfence_Automatically_when_a_new_version_is_released" target="_blank" class="wfhelp"></a></label>
134	<div class="wf-col-sm-7">
135	<div class="wf-checkbox"><input type="checkbox" id="autoUpdate" class="wfConfigElem" name="autoUpdate" value="1" <?php $w->cb( 'autoUpdate' ); ?>></div>
136	<span class="wf-help-block">Automatically updates Wordfence to the newest version within 24 hours of a new release.<br>
137	- <?php if (getenv('noabort') != '1' && stristr($_SERVER['SERVER_SOFTWARE'], 'litespeed') !== false) { ?>
138	- <span style="color: #F00;">Warning: </span>You are running LiteSpeed web server and ~~you~~ ~~don~~'t ~~have~~ ~~the~~ "noabort" variable set in ~~your~~ ~~.htaccess~~.<br>
139	- <a href="https://docs.wordfence.com/en/LiteSpeed_aborts_Wordfence_scans_and_updates._How_do_I_prevent_that%3F" target="_blank">Please read this article in our FAQ to make an important change that will ensure your site stability during an update.<br>
140	<?php } ?></span>
141	</div>
142	</div>
143	<div class="wf-form-group">
144	- <label for="alertEmails" class="wf-col-sm-5 wf-control-label">Where to email alerts <a href="http://docs.wordfence.com/en/Wordfence_options#Where_to_email_alerts" target="_blank" class="wfhelp"></a></label>
145	<div class="wf-col-sm-7">
146	<input type="text" id="alertEmails" name="alertEmails" class="wf-form-control" value="<?php $w->f( 'alertEmails' ); ?>" size="50">
147	<span class="wf-help-block">Separate multiple emails with commas.</span>
148	</div>
149	</div>
150	<div class="wf-form-group">
151	- <label for="howGetIPs" class="wf-col-sm-5 wf-control-label">How does Wordfence get IPs <a href="http://docs.wordfence.com/en/Wordfence_options#How_does_Wordfence_get_IPs" target="_blank" class="wfhelp"></a></label>
152	<div class="wf-col-sm-7">
153	<select id="howGetIPs" name="howGetIPs" class="wf-form-control">
154	<option value="">Let Wordfence use the most secure method to get visitor IP addresses. Prevents spoofing and works with most sites.</option>
	@@ -201,14 +201,14 @@ $w = new wfConfig();
201	</div>
202	<div class="wfMarker" id="wfMarkerBasicOptions"></div>
203
204	- <h2>Advanced Options <a href="http://docs.wordfence.com/en/Wordfence_options#Advanced_Options" target="_blank" class="wfhelp"></a></h2>
205	<div class="wf-form-group">
206	<div class="wf-col-sm-9">
207	<span class="wf-help-block">Wordfence works great out of the box for most websites. Simply install Wordfence and your site and content is protected. For finer granularity of control, we have provided advanced options.</span>
208	</div>
209	</div>
210	<div id="wfConfigAdvanced">
211	- <h3>Alerts <a href="http://docs.wordfence.com/en/Wordfence_options#Alerts" target="_blank" class="wfhelp"></a></h3>
212	<?php
213	$emails = wfConfig::getAlertEmails();
214	if (count($emails) < 1):
	@@ -313,7 +313,7 @@ $w = new wfConfig();
313	</div>
314
315	<div class="wfMarker" id="wfMarkerEmailSummary"></div>
316	- <h3>Email Summary <a href="http://docs.wordfence.com/en/Wordfence_options#Email_Summary" target="_blank" class="wfhelp"></a></h3>
317	<div class="wf-form-group">
318	<label for="email_summary_enabled" class="wf-col-sm-5 wf-control-label">Enable email summary</label>
319	<div class="wf-col-sm-7">
	@@ -331,9 +331,9 @@ $w = new wfConfig();
331	</div>
332	</div>
333	<div class="wf-form-group">
334	- <label for="email_summary_excluded_directories" class="wf-col-sm-5 wf-control-label">~~Comma-separated~~ ~~list~~ of directories to exclude from recently modified file list</label>
335	<div class="wf-col-sm-7">
336	- <~~input~~ ~~type="text"~~ id="email_summary_excluded_directories" name="email_summary_excluded_directories" class="wf-form-control" ~~value~~="<?php $w->f( 'email_summary_excluded_directories' ); ~~?>"~~>
337	</div>
338	</div>
339	<?php if ((defined('WP_DEBUG') && WP_DEBUG) \|\| wfConfig::get('debugOn', 0)): ?>
	@@ -355,7 +355,7 @@ $w = new wfConfig();
355	</div>
356
357	<div class="wfMarker" id="wfMarkerLiveTrafficOptions"></div>
358	- <h3>Live Traffic View <a href="http://docs.wordfence.com/en/Wordfence_options#Live_Traffic_View" target="_blank" class="wfhelp"></a></h3>
359	<div class="wf-form-group">
360	<label for="liveTraf_ignorePublishers" class="wf-col-sm-5 wf-control-label">Don't log signed-in users with publishing access</label>
361	<div class="wf-col-sm-7">
	@@ -388,44 +388,44 @@ $w = new wfConfig();
388	</div>
389
390	<div class="wfMarker" id="wfMarkerScansToInclude"></div>
391	- <h3>Scans to include <a href="http://docs.wordfence.com/en/Wordfence_options#Scans_to_Include" target="_blank" class="wfhelp"></a></h3>
392	<?php
393	$options = array( //Contents should already be HTML-escaped as needed
394	array(
395	'id' => 'scansEnabled_checkHowGetIPs',
396	- 'label' => 'Scan for misconfigured How does Wordfence get IPs <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_misconfigured_How_does_Wordfence_get_IPs" target="_blank" class="wfhelp"></a>',
397	),
398	array(
399	'id' => 'scansEnabled_checkReadableConfig',
400	- 'label' => 'Scan for publicly accessible configuration, backup, or log files <a href="http://docs.wordfence.com/en/Wordfence_options#Configuration_Readable" target="_blank" class="wfhelp"></a>',
401	),
402	array(
403	'id' => 'scansEnabled_suspectedFiles',
404	- 'label' => 'Scan for publicly accessible quarantined files <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_publicly_accessible_quarantined_files" target="_blank" class="wfhelp"></a>',
405	),
406	array(
407	'id' => 'scansEnabled_core',
408	- 'label' => 'Scan core files against repository versions for changes <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_core_files_against_repository_version_for_changes" target="_blank" class="wfhelp"></a>',
409	),
410	array(
411	'id' => 'scansEnabled_themes',
412	- 'label' => 'Scan theme files against repository versions for changes <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_theme_files_against_repository_versions_for_changes" target="_blank" class="wfhelp"></a>',
413	),
414	array(
415	'id' => 'scansEnabled_plugins',
416	- 'label' => 'Scan plugin files against repository versions for changes <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_plugin_files_against_repository_versions_for_changes" target="_blank" class="wfhelp"></a>',
417	),
418	array(
419	'id' => 'scansEnabled_coreUnknown',
420	- 'label' => 'Scan wp-admin and wp-includes for files not bundled with WordPress <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_wordpress_core_for_unknown_files" target="_blank" class="wfhelp"></a>',
421	),
422	array(
423	'id' => 'scansEnabled_malware',
424	- 'label' => 'Scan for signatures of known malicious files <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_signatures_of_known_malicious_files" target="_blank" class="wfhelp"></a>',
425	),
426	array(
427	'id' => 'scansEnabled_fileContents',
428	- 'label' => 'Scan file contents for backdoors, trojans and suspicious code <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_file_contents_for_backdoors.2C_trojans_and_suspicious_code" target="_blank" class="wfhelp"></a>',
429	'help' => '<a href="#add-more-rules" class="do-show" data-selector="#scan_include_extra">+ Add additional signatures</a>',
430	'subs' => array(
431	array(
	@@ -442,47 +442,47 @@ $w = new wfConfig();
442	),
443	array(
444	'id' => 'scansEnabled_posts',
445	- 'label' => 'Scan posts for known dangerous URLs and suspicious content <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_posts_for_known_dangerous_URLs_and_suspicious_content" target="_blank" class="wfhelp"></a>',
446	),
447	array(
448	'id' => 'scansEnabled_comments',
449	- 'label' => 'Scan comments for known dangerous URLs and suspicious content <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_comments_for_known_dangerous_URLs_and_suspicious_content" target="_blank" class="wfhelp"></a>',
450	),
451	array(
452	'id' => 'scansEnabled_oldVersions',
453	- 'label' => 'Scan for out of date, abandoned, and vulnerable plugins, themes, and WordPress versions <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_out_of_date_plugins.2C_themes_and_WordPress_versions" target="_blank" class="wfhelp"></a>',
454	),
455	array(
456	'id' => 'scansEnabled_suspiciousAdminUsers',
457	- 'label' => 'Scan for admin users created outside of WordPress <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_admin_users_created_outside_of_WordPress" target="_blank" class="wfhelp"></a>',
458	),
459	array(
460	'id' => 'scansEnabled_passwds',
461	- 'label' => 'Check the strength of passwords <a href="http://docs.wordfence.com/en/Wordfence_options#Check_the_strength_of_passwords" target="_blank" class="wfhelp"></a>',
462	),
463	array(
464	'id' => 'scansEnabled_diskSpace',
465	- 'label' => 'Monitor disk space<a href="http://docs.wordfence.com/en/Wordfence_options#Monitor_disk_space" target="_blank" class="wfhelp"></a>',
466	),
467	array(
468	'id' => 'scansEnabled_dns',
469	- 'label' => 'Scan for unauthorized DNS changes <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_unauthorized_DNS_changes" target="_blank" class="wfhelp"></a>',
470	),
471	array(
472	'id' => 'other_scanOutside',
473	- 'label' => 'Scan files outside your WordPress installation <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_files_outside_your_WordPress_installation" target="_blank" class="wfhelp"></a>',
474	),
475	array(
476	'id' => 'scansEnabled_scanImages',
477	- 'label' => 'Scan images, binary, and other files as if they were executable <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_image_files_as_if_they_were_executable" target="_blank" class="wfhelp"></a>',
478	),
479	array(
480	'id' => 'scansEnabled_highSense',
481	- 'label' => 'Enable HIGH SENSITIVITY scanning (may give false positives) <a href="http://docs.wordfence.com/en/Wordfence_options#Enable_HIGH_SENSITIVITY_scanning" target="_blank" class="wfhelp"></a>',
482	),
483	array(
484	'id' => 'lowResourceScansEnabled',
485	- 'label' => 'Use low resource scanning (reduces server load by lengthening the scan duration) <a href="http://docs.wordfence.com/en/Wordfence_options#Use_low_resource_scanning" target="_blank" class="wfhelp"></a>',
486	),
487	);
488	foreach ($options as $o):
	@@ -492,7 +492,7 @@ $w = new wfConfig();
492	<div class="wf-col-sm-7">
493	<div class="wf-checkbox"><input type="checkbox" id="<?php echo $o['id']; ?>" class="wfConfigElem" name="<?php echo $o['id']; ?>" value="1" <?php $w->cb($o['id']); ?> <?php if (!wfConfig::get('isPaid') && isset($o['premium']) && $o['premium']) { echo 'disabled'; } ?>></div>
494	<?php if (isset($o['help']) \|\| (!wfConfig::get('isPaid') && isset($o['premium']) && $o['premium'])): ?>
495	- <span class="wf-help-block"><?php if (!wfConfig::get('isPaid') && isset($o['premium']) && $o['premium']) { echo '<span style="color: #F00;">Premium Feature</span> This feature requires a <a href="https://www.wordfence.com/gnl1optPdOnly1/wordfence-signup/" target="_blank">Wordfence Premium Key</a>. '; } ?><?php if (isset($o['help'])) { echo $o['help']; } ?></span>
496	<?php endif; ?>
497	</div>
498	</div>
	@@ -517,20 +517,20 @@ $w = new wfConfig();
517	endforeach;
518	?>
519	<div class="wf-form-group">
520	- <label for="scan_exclude" class="wf-col-sm-5 wf-control-label">Exclude files from scan that match these wildcard patterns (one per line) <a href="http://docs.wordfence.com/en/Wordfence_options#Exclude_files_from_scan_that_match_these_wildcard_patterns." target="_blank" class="wfhelp"></a></label>
521	<div class="wf-col-sm-7">
522	<textarea id="scan_exclude" class="wf-form-control" rows="4" name="scan_exclude"><?php echo wfUtils::cleanupOneEntryPerLine($w->getHTML( 'scan_exclude' )); ?></textarea>
523	</div>
524	</div>
525	<div class="wf-form-group">
526	- <label for="scan_maxIssues" class="wf-col-sm-5 wf-control-label">Limit the number of issues sent in the scan results email <a href="https://docs.wordfence.com/en/Wordfence_options#Limit_the_number_of_issues_sent_in_the_scan_results_email" target="_blank" class="wfhelp"></a></label>
527	<div class="wf-col-sm-7">
528	<input type="text" class="wf-form-control" name="scan_maxIssues" id="scan_maxIssues" value="<?php $w->f( 'scan_maxIssues' ); ?>">
529	<span class="wf-help-block">0 or empty means unlimited issues will be sent.</span>
530	</div>
531	</div>
532	<div class="wf-form-group">
533	- <label for="scan_maxDuration" class="wf-col-sm-5 wf-control-label">Time limit that a scan can run in seconds <a href="http://docs.wordfence.com/en/Wordfence_options#Time_limit_that_a_scan_can_run_in_seconds" target="_blank" class="wfhelp"></a></label>
534	<div class="wf-col-sm-7">
535	<input type="text" class="wf-form-control" name="scan_maxDuration" id="scan_maxDuration" value="<?php $w->f( 'scan_maxDuration' ); ?>">
536	<span class="wf-help-block">0 or empty means the default of <?php echo wfUtils::makeDuration(WORDFENCE_DEFAULT_MAX_SCAN_TIME); ?> will be used.</span>
	@@ -538,15 +538,15 @@ $w = new wfConfig();
538	</div>
539
540	<div class="wfMarker" id="wfMarkerFirewallRules"></div>
541	- <h3>Rate Limiting Rules <a href="http://docs.wordfence.com/en/Wordfence_options#Rate_Limiting_Rules" target="_blank" class="wfhelp"></a></h3>
542	<div class="wf-form-group">
543	- <label for="blockFakeBots" class="wf-col-sm-5 wf-control-label">Immediately block fake Google crawlers <a href="http://docs.wordfence.com/en/Wordfence_options#Immediately_block_fake_Google_crawlers:" target="_blank" class="wfhelp"></a></label>
544	<div class="wf-col-sm-7">
545	<div class="wf-checkbox"><input type="checkbox" id="blockFakeBots" name="blockFakeBots" value="1" <?php $w->cb('blockFakeBots'); ?>></div>
546	</div>
547	</div>
548	<div class="wf-form-group">
549	- <label for="neverBlockBG" class="wf-col-sm-5 wf-control-label">How should we treat Google's crawlers <a href="http://docs.wordfence.com/en/Wordfence_options#How_should_we_treat_Google.27s_crawlers" target="_blank" class="wfhelp"></a></label>
550	<div class="wf-col-sm-7">
551	<select id="neverBlockBG" class="wf-form-control" name="neverBlockBG">
552	<option value="neverBlockVerified"<?php $w->sel( 'neverBlockBG', 'neverBlockVerified' ); ?>>Verified Google crawlers have unlimited access to this site</option>
	@@ -559,27 +559,27 @@ $w = new wfConfig();
559	$options = array( //Contents should already be HTML-escaped as needed
560	array(
561	'id' => 'maxGlobalRequests',
562	- 'label' => 'If anyone\'s requests exceed <a href="http://docs.wordfence.com/en/Wordfence_options#If_anyone.27s_requests_exceed:" target="_blank" class="wfhelp"></a>',
563	),
564	array(
565	'id' => 'maxRequestsCrawlers',
566	- 'label' => 'If a crawler\'s page views exceed <a href="http://docs.wordfence.com/en/Wordfence_options#If_a_crawler.27s_page_views_exceed" target="_blank" class="wfhelp"></a>',
567	),
568	array(
569	'id' => 'max404Crawlers',
570	- 'label' => 'If a crawler\'s pages not found (404s) exceed <a href="http://docs.wordfence.com/en/Wordfence_options#If_a_crawler.27s_pages_not_found_.28404s.29_exceed" target="_blank" class="wfhelp"></a>',
571	),
572	array(
573	'id' => 'maxRequestsHumans',
574	- 'label' => 'If a human\'s page views exceed <a href="http://docs.wordfence.com/en/Wordfence_options#If_a_human.27s_page_views_exceed" target="_blank" class="wfhelp"></a>',
575	),
576	array(
577	'id' => 'max404Humans',
578	- 'label' => 'If a human\'s pages not found (404s) exceed <a href="http://docs.wordfence.com/en/Wordfence_options#If_a_human.27s_pages_not_found_.28404s.29_exceed" target="_blank" class="wfhelp"></a>',
579	),
580	array(
581	'id' => 'maxScanHits',
582	- 'label' => 'If 404s for known vulnerable URLs exceed <a href="http://docs.wordfence.com/en/Wordfence_options#If_404.27s_for_known_vulnerable_URL.27s_exceed" target="_blank" class="wfhelp"></a>',
583	),
584	);
585	foreach ($options as $o): ?>
	@@ -611,13 +611,13 @@ $w = new wfConfig();
611	</select>
612	</div>
613	<?php if (isset($o['help']) \|\| (!wfConfig::get('isPaid') && isset($o['premium']) && $o['premium'])): ?>
614	- <span class="wf-help-block"><?php if (!wfConfig::get('isPaid') && isset($o['premium']) && $o['premium']) { echo '<span style="color: #F00;">Premium Feature</span> This feature requires a <a href="https://www.wordfence.com/gnl1optPdOnly1/wordfence-signup/" target="_blank">Wordfence Premium Key</a>. '; } ?><?php if (isset($o['help'])) { echo $o['help']; } ?></span>
615	<?php endif; ?>
616	</div>
617	</div>
618	<?php endforeach; ?>
619	<div class="wf-form-group">
620	- <label for="blockedTime" class="wf-col-sm-5 wf-control-label">How long is an IP address blocked when it breaks a rule <a href="http://docs.wordfence.com/en/Wordfence_options#How_long_is_an_IP_address_blocked_when_it_breaks_a_rule" target="_blank" class="wfhelp"></a></label>
621	<div class="wf-col-sm-7">
622	<select id="blockedTime" class="wf-form-control" name="blockedTime">
623	<option value="60"<?php $w->sel( 'blockedTime', '60' ); ?>>1 minute</option>
	@@ -637,9 +637,9 @@ $w = new wfConfig();
637	</div>
638
639	<div class="wfMarker" id="wfMarkerLoginSecurity"></div>
640	- <h3>Login Security Options <a href="http://docs.wordfence.com/en/Wordfence_options#Login_Security_Options" target="_blank" class="wfhelp"></a></h3>
641	<div class="wf-form-group">
642	- <label for="loginSec_strongPasswds" class="wf-col-sm-5 wf-control-label">Enforce strong passwords <a href="http://docs.wordfence.com/en/Wordfence_options#Enforce_strong_passwords.3F" target="_blank" class="wfhelp"></a></label>
643	<div class="wf-col-sm-7">
644	<select class="wf-form-control" id="loginSec_strongPasswds" name="loginSec_strongPasswds">
645	<option value="">Do not force users to use strong passwords</option>
	@@ -649,7 +649,7 @@ $w = new wfConfig();
649	</div>
650	</div>
651	<div class="wf-form-group">
652	- <label for="loginSec_maxFailures" class="wf-col-sm-5 wf-control-label">Lock out after how many login failures <a href="http://docs.wordfence.com/en/Wordfence_options#Lock_out_after_how_many_login_failures" target="_blank" class="wfhelp"></a></label>
653	<div class="wf-col-sm-7">
654	<select id="loginSec_maxFailures" class="wf-form-control" name="loginSec_maxFailures">
655	<option value="1"<?php $w->sel( 'loginSec_maxFailures', '1' ); ?>>1</option>
	@@ -673,7 +673,7 @@ $w = new wfConfig();
673	</div>
674	</div>
675	<div class="wf-form-group">
676	- <label for="loginSec_maxForgotPasswd" class="wf-col-sm-5 wf-control-label">Lock out after how many forgot password attempts <a href="http://docs.wordfence.com/en/Wordfence_options#Lock_out_after_how_many_forgot_password_attempts" target="_blank" class="wfhelp"></a></label>
677	<div class="wf-col-sm-7">
678	<select id="loginSec_maxForgotPasswd" class="wf-form-control" name="loginSec_maxForgotPasswd">
679	<option value="1"<?php $w->sel( 'loginSec_maxForgotPasswd', '1' ); ?>>1</option>
	@@ -697,7 +697,7 @@ $w = new wfConfig();
697	</div>
698	</div>
699	<div class="wf-form-group">
700	- <label for="loginSec_countFailMins" class="wf-col-sm-5 wf-control-label">Count failures over what time period <a href="http://docs.wordfence.com/en/Wordfence_options#Count_failures_over_what_time_period" target="_blank" class="wfhelp"></a></label>
701	<div class="wf-col-sm-7">
702	<select id="loginSec_countFailMins" class="wf-form-control" name="loginSec_countFailMins">
703	<option value="5"<?php $w->sel( 'loginSec_countFailMins', '5' ); ?>>5 minutes</option>
	@@ -712,7 +712,7 @@ $w = new wfConfig();
712	</div>
713	</div>
714	<div class="wf-form-group">
715	- <label for="loginSec_lockoutMins" class="wf-col-sm-5 wf-control-label">Amount of time a user is locked out <a href="http://docs.wordfence.com/en/Wordfence_options#Amount_of_time_a_user_is_locked_out" target="_blank" class="wfhelp"></a></label>
716	<div class="wf-col-sm-7">
717	<select id="loginSec_lockoutMins" class="wf-form-control" name="loginSec_lockoutMins">
718	<option value="5"<?php $w->sel( 'loginSec_lockoutMins', '5' ); ?>>5 minutes</option>
	@@ -733,31 +733,31 @@ $w = new wfConfig();
733	</div>
734	</div>
735	<div class="wf-form-group">
736	- <label for="loginSec_lockInvalidUsers" class="wf-col-sm-5 wf-control-label">Immediately lock out invalid usernames <a href="http://docs.wordfence.com/en/Wordfence_options#Immediately_lock_out_invalid_usernames" target="_blank" class="wfhelp"></a></label>
737	<div class="wf-col-sm-7">
738	<div class="wf-checkbox"><input type="checkbox" id="loginSec_lockInvalidUsers" name="loginSec_lockInvalidUsers" value="1" <?php $w->cb('loginSec_lockInvalidUsers'); ?>></div>
739	</div>
740	</div>
741	<div class="wf-form-group">
742	- <label for="loginSec_maskLoginErrors" class="wf-col-sm-5 wf-control-label">Don't let WordPress reveal valid users in login errors <a href="http://docs.wordfence.com/en/Wordfence_options#Don.27t_let_WordPress_reveal_valid_users_in_login_errors" target="_blank" class="wfhelp"></a></label>
743	<div class="wf-col-sm-7">
744	<div class="wf-checkbox"><input type="checkbox" id="loginSec_maskLoginErrors" name="loginSec_maskLoginErrors" value="1" <?php $w->cb('loginSec_maskLoginErrors'); ?>></div>
745	</div>
746	</div>
747	<div class="wf-form-group">
748	- <label for="loginSec_blockAdminReg" class="wf-col-sm-5 wf-control-label">Prevent users registering 'admin' username if it doesn't exist <a href="http://docs.wordfence.com/en/Wordfence_options#Prevent_users_registering_.27admin.27_username_if_it_doesn.27t_exist" target="_blank" class="wfhelp"></a></label>
749	<div class="wf-col-sm-7">
750	<div class="wf-checkbox"><input type="checkbox" id="loginSec_blockAdminReg" name="loginSec_blockAdminReg" value="1" <?php $w->cb('loginSec_blockAdminReg'); ?>></div>
751	</div>
752	</div>
753	<div class="wf-form-group">
754	- <label for="loginSec_disableAuthorScan" class="wf-col-sm-5 wf-control-label">Prevent discovery of usernames through '/?author=N' scans, the oEmbed API, and the WordPress REST API <a href="http://docs.wordfence.com/en/Wordfence_options#Prevent_discovery_of_usernames_through_.27.3F.2Fauthor.3DN.27_scans" target="_blank" class="wfhelp"></a></label>
755	<div class="wf-col-sm-7">
756	<div class="wf-checkbox"><input type="checkbox" id="loginSec_disableAuthorScan" name="loginSec_disableAuthorScan" value="1" <?php $w->cb('loginSec_disableAuthorScan'); ?>></div>
757	</div>
758	</div>
759	<div class="wf-form-group">
760	- <label for="loginSec_userBlacklist" class="wf-col-sm-5 wf-control-label">Immediately block the IP of users who try to sign in as these usernames <a href="http://docs.wordfence.com/en/Wordfence_options#Immediately_block_the_IP_of_users_who_try_to_sign_in_as_these_usernames" target="_blank" class="wfhelp"></a></label>
761	<div class="wf-col-sm-7">
762	<textarea id="loginSec_userBlacklist" class="wf-form-control" rows="4" name="loginSec_userBlacklist"><?php echo wfUtils::cleanupOneEntryPerLine($w->getHTML( 'loginSec_userBlacklist' )); ?></textarea>
763	<span class="wf-help-block">(One per line. Existing users won't be blocked.)</span>
	@@ -765,7 +765,7 @@ $w = new wfConfig();
765	</div>
766
767	<div class="wfMarker" id="wfMarkerNotification"></div>
768	- <h3>Dashboard Notification Options <a href="http://docs.wordfence.com/en/Wordfence_options#Dashboard_Notification_Options" target="_blank" class="wfhelp"></a></h3>
769	<div class="wf-form-group">
770	<label for="notification_updatesNeeded" class="wf-col-sm-5 wf-control-label">Updates Needed (Plugin, Theme, or Core)</label>
771	<div class="wf-col-sm-7">
	@@ -777,7 +777,7 @@ $w = new wfConfig();
777	<div class="wf-col-sm-7">
778	<div class="wf-checkbox"><input type="checkbox" id="notification_securityAlerts"<?php if ($w->p()) { echo ' name="notification_securityAlerts"'; } ?> value="1" <?php if ($w->p()) { $w->cb('notification_securityAlerts'); } else { echo ' checked disabled'; } ?>></div>
779	<?php if (!$w->p()): ?>
780	- <span class="wf-help-block"><span style="color: #F00;">Premium Option</span> This option requires a <a href="https://www.wordfence.com/gnl1optPdOnly1/wordfence-signup/" target="_blank">Wordfence Premium Key</a>.</span>
781	<?php if ($w->get('notification_securityAlerts')): ?><input type="hidden" name="notification_securityAlerts" value="<?php $w->f('notification_securityAlerts'); ?>"><?php endif; ?>
782	<?php endif; ?>
783	</div>
	@@ -787,7 +787,7 @@ $w = new wfConfig();
787	<div class="wf-col-sm-7">
788	<div class="wf-checkbox"><input type="checkbox" id="notification_promotions"<?php if ($w->p()) { echo ' name="notification_promotions"'; } ?> value="1" <?php if ($w->p()) { $w->cb('notification_promotions'); } else { echo ' checked disabled'; } ?>></div>
789	<?php if (!$w->p()): ?>
790	- <span class="wf-help-block"><span style="color: #F00;">Premium Option</span> This option requires a <a href="https://www.wordfence.com/gnl1optPdOnly1/wordfence-signup/" target="_blank">Wordfence Premium Key</a>.</span>
791	<?php if ($w->get('notification_promotions')): ?><input type="hidden" name="notification_promotions" value="<?php $w->f('notification_promotions'); ?>"><?php endif; ?>
792	<?php endif; ?>
793	</div>
	@@ -797,7 +797,7 @@ $w = new wfConfig();
797	<div class="wf-col-sm-7">
798	<div class="wf-checkbox"><input type="checkbox" id="notification_blogHighlights"<?php if ($w->p()) { echo ' name="notification_blogHighlights"'; } ?> value="1" <?php if ($w->p()) { $w->cb('notification_blogHighlights'); } else { echo ' checked disabled'; } ?>></div>
799	<?php if (!$w->p()): ?>
800	- <span class="wf-help-block"><span style="color: #F00;">Premium Option</span> This option requires a <a href="https://www.wordfence.com/gnl1optPdOnly1/wordfence-signup/" target="_blank">Wordfence Premium Key</a>.</span>
801	<?php if ($w->get('notification_blogHighlights')): ?><input type="hidden" name="notification_blogHighlights" value="<?php $w->f('notification_blogHighlights'); ?>"><?php endif; ?>
802	<?php endif; ?>
803	</div>
	@@ -807,7 +807,7 @@ $w = new wfConfig();
807	<div class="wf-col-sm-7">
808	<div class="wf-checkbox"><input type="checkbox" id="notification_productUpdates"<?php if ($w->p()) { echo ' name="notification_productUpdates"'; } ?> value="1" <?php if ($w->p()) { $w->cb('notification_productUpdates'); } else { echo ' checked disabled'; } ?>></div>
809	<?php if (!$w->p()): ?>
810	- <span class="wf-help-block"><span style="color: #F00;">Premium Option</span> This option requires a <a href="https://www.wordfence.com/gnl1optPdOnly1/wordfence-signup/" target="_blank">Wordfence Premium Key</a>.</span>
811	<?php if ($w->get('notification_productUpdates')): ?><input type="hidden" name="notification_productUpdates" value="<?php $w->f('notification_productUpdates'); ?>"><?php endif; ?>
812	<?php endif; ?>
813	</div>
	@@ -820,23 +820,23 @@ $w = new wfConfig();
820	</div>
821
822	<div class="wfMarker" id="wfMarkerOtherOptions"></div>
823	- <h3>Other Options <a href="http://docs.wordfence.com/en/Wordfence_options#Other_Options" target="_blank" class="wfhelp"></a></h3>
824	<div class="wf-form-group">
825	- <label for="whitelisted" class="wf-col-sm-5 wf-control-label">Whitelisted IP addresses that bypass all rules <a href="http://docs.wordfence.com/en/Wordfence_options#Whitelisted_IP_addresses_that_bypass_all_rules" target="_blank" class="wfhelp"></a></label>
826	<div class="wf-col-sm-7">
827	<textarea id="whitelisted" class="wf-form-control" rows="4" name="whitelisted"><?php echo esc_html(preg_replace('/,/', "\n", $w->get('whitelisted'))); ?></textarea>
828	- <span class="wf-help-block">Whitelisted IPs must be separated by commas or placed on separate lines. You can specify ranges using the following format: 123.23.34.[1-50]<br/>Wordfence automatically whitelists <a href="http://en.wikipedia.org/wiki/Private_network" target="_blank">private networks</a> because these are not routable on the public Internet.</span>
829	</div>
830	</div>
831	<div class="wf-form-group">
832	- <label for="bannedURLs" class="wf-col-sm-5 wf-control-label">Immediately block IPs that access these URLs <a href="http://docs.wordfence.com/en/Wordfence_options#Immediately_block_IP.27s_that_access_these_URLs" target="_blank" class="wfhelp"></a></label>
833	<div class="wf-col-sm-7">
834	<textarea id="bannedURLs" class="wf-form-control" rows="4" name="bannedURLs"><?php echo esc_html(preg_replace('/,/', "\n", $w->get('bannedURLs'))); ?></textarea>
835	<span class="wf-help-block">Separate multiple URLs with commas or place them on separate lines. Asterisks are wildcards, but use with care. If you see an attacker repeatedly probing your site for a known vulnerability you can use this to immediately block them. All URLs must start with a '/' without quotes and must be relative. e.g. /badURLone/, /bannedPage.html, /dont-access/this/URL/, /starts/with-*</span>
836	</div>
837	</div>
838	<div class="wf-form-group">
839	- <label for="allowed404s" class="wf-col-sm-5 wf-control-label">Whitelisted 404 URLs (one per line) <a href="http://docs.wordfence.com/en/Wordfence_options#Whitelisted_404_URLs" target="_blank" class="wfhelp"></a></label>
840	<div class="wf-col-sm-7">
841	<textarea id="allowed404s" class="wf-form-control" rows="4" name="allowed404s"><?php echo $w->getHTML( 'allowed404s' ); ?></textarea>
842	<span class="wf-help-block">These URL patterns will be excluded from the throttling rules used to limit crawlers.</span>
	@@ -865,7 +865,7 @@ $w = new wfConfig();
865	$options = array( //Contents should already be HTML-escaped as needed
866	array(
867	'id' => 'other_hideWPVersion',
868	- 'label' => 'Hide WordPress version <a href="http://docs.wordfence.com/en/Wordfence_options#Hide_WordPress_version" target="_blank" class="wfhelp"></a>',
869	),
870	array(
871	'id' => 'showAdminBarMenu',
	@@ -874,23 +874,27 @@ $w = new wfConfig();
874	),
875	array(
876	'id' => 'other_blockBadPOST',
877	- 'label' => 'Block IPs who send POST requests with blank User-Agent and Referer <a href="http://docs.wordfence.com/en/Wordfence_options#Block_IP.27s_who_send_POST_requests_with_blank_User-Agent_and_Referer" target="_blank" class="wfhelp"></a>',
878	),
879	array(
880	'id' => 'other_noAnonMemberComments',
881	- 'label' => 'Hold anonymous comments using member emails for moderation <a href="http://docs.wordfence.com/en/Wordfence_options#Hold_anonymous_comments_using_member_emails_for_moderation" target="_blank" class="wfhelp"></a>',
882	),
883	array(
884	'id' => 'other_scanComments',
885	- 'label' => 'Filter comments for malware and phishing URLs <a href="http://docs.wordfence.com/en/Wordfence_options#Filter_comments_for_malware_and_phishing_URL.27s" target="_blank" class="wfhelp"></a>',
886	),
887	array(
888	'id' => 'other_pwStrengthOnUpdate',
889	- 'label' => 'Check password strength on profile update <a href="http://docs.wordfence.com/en/Wordfence_options#Check_password_strength_on_profile_update" target="_blank" class="wfhelp"></a>',
890	),
891	array(
892	'id' => 'other_WFNet',
893	- 'label' => 'Participate in the Real-Time WordPress Security Network <a href="http://docs.wordfence.com/en/Wordfence_options#Participate_in_the_Real-Time_WordPress_Security_Network" target="_blank" class="wfhelp"></a>',




894	),
895	);
896	foreach ($options as $o):
	@@ -900,13 +904,13 @@ $w = new wfConfig();
900	<div class="wf-col-sm-7">
901	<div class="wf-checkbox"><input type="checkbox" id="<?php echo $o['id']; ?>" class="wfConfigElem" name="<?php echo $o['id']; ?>" value="1" <?php $w->cb($o['id']); ?> <?php if (!wfConfig::get('isPaid') && isset($o['premium']) && $o['premium']) { echo 'disabled'; } ?>></div>
902	<?php if (isset($o['help']) \|\| (!wfConfig::get('isPaid') && isset($o['premium']) && $o['premium'])): ?>
903	- <span class="wf-help-block"><?php if (!wfConfig::get('isPaid') && isset($o['premium']) && $o['premium']) { echo '<span style="color: #F00;">Premium Feature</span> This feature requires a <a href="https://www.wordfence.com/gnl1optPdOnly1/wordfence-signup/" target="_blank">Wordfence Premium Key</a>. '; } ?><?php if (isset($o['help'])) { echo $o['help']; } ?></span>
904	<?php endif; ?>
905	</div>
906	</div>
907	<?php endforeach; ?>
908	<div class="wf-form-group">
909	- <label for="maxMem" class="wf-col-sm-5 wf-control-label">How much memory should Wordfence request when scanning <a href="http://docs.wordfence.com/en/Wordfence_options#How_much_memory_should_Wordfence_request_when_scanning" target="_blank" class="wfhelp"></a></label>
910	<div class="wf-col-sm-7">
911	<div class="wf-form-inline">
912	<input type="text" class="wf-form-control" name="maxMem" id="maxMem" value="<?php $w->f( 'maxMem' ); ?>">
	@@ -915,14 +919,14 @@ $w = new wfConfig();
915	</div>
916	</div>
917	<div class="wf-form-group">
918	- <label for="maxExecutionTime" class="wf-col-sm-5 wf-control-label">Maximum execution time for each scan stage <a href="http://docs.wordfence.com/en/Wordfence_options#Maximum_execution_time_for_each_scan_stage" target="_blank" class="wfhelp"></a></label>
919	<div class="wf-col-sm-7">
920	<input type="text" class="wf-form-control" name="maxExecutionTime" id="maxExecutionTime" value="<?php $w->f( 'maxExecutionTime' ); ?>">
921	<span class="wf-help-block">Blank for default. Must be greater than 9.</span>
922	</div>
923	</div>
924	<div class="wf-form-group">
925	- <label for="actUpdateInterval" class="wf-col-sm-5 wf-control-label">Update interval in seconds (2 is default) <a href="http://docs.wordfence.com/en/Wordfence_options#Update_interval_in_seconds" target="_blank" class="wfhelp"></a></label>
926	<div class="wf-col-sm-7">
927	<input type="text" class="wf-form-control" name="actUpdateInterval" id="actUpdateInterval" value="<?php $w->f( 'actUpdateInterval' ); ?>">
928	<span class="wf-help-block">Setting higher will reduce browser traffic but slow scan starts, live traffic & status updates.</span>
	@@ -932,20 +936,20 @@ $w = new wfConfig();
932	$options = array( //Contents should already be HTML-escaped as needed
933	array(
934	'id' => 'liveActivityPauseEnabled',
935	- 'label' => 'Pause live updates when window loses focus <a href="http://docs.wordfence.com/en/Wordfence_options#Pause_live_updates_when_window_loses_focus" target="_blank" class="wfhelp"></a>',
936	),
937	array(
938	'id' => 'deleteTablesOnDeact',
939	- 'label' => 'Delete Wordfence tables and data on deactivation <a href="http://docs.wordfence.com/en/Wordfence_options#Delete_Wordfence_tables_and_data_on_deactivation.3F" target="_blank" class="wfhelp"></a>',
940	),
941	array(
942	'id' => 'disableCookies',
943	- 'label' => 'Disable Wordfence Cookies <a href="http://docs.wordfence.com/en/Wordfence_options#Disable_Wordfence_Cookies" target="_blank" class="wfhelp"></a>',
944	'help' => 'When enabled, all visits in live traffic will appear to be new visits.',
945	),
946	array(
947	'id' => 'disableCodeExecutionUploads',
948	- 'label' => 'Disable Code Execution for Uploads directory <a href="http://docs.wordfence.com/en/Wordfence_options#Disable_Code_Execution_for_Uploads_directory" target="_blank" class="wfhelp"></a>',
949	),
950	array(
951	'id' => 'ajaxWatcherDisabled_front',
	@@ -970,14 +974,14 @@ $w = new wfConfig();
970	<div class="wf-col-sm-7">
971	<div class="wf-checkbox"><input type="checkbox" id="<?php echo $o['id']; ?>" class="wfConfigElem" name="<?php echo $o['id']; ?>" value="1" <?php $w->cb($o['id']); ?> <?php if (!wfConfig::get('isPaid') && isset($o['premium']) && $o['premium']) { echo 'disabled'; } ?>></div>
972	<?php if (isset($o['help']) \|\| (!wfConfig::get('isPaid') && isset($o['premium']) && $o['premium'])): ?>
973	- <span class="wf-help-block"><?php if (!wfConfig::get('isPaid') && isset($o['premium']) && $o['premium']) { echo '<span style="color: #F00;">Premium Feature</span> This feature requires a <a href="https://www.wordfence.com/gnl1optPdOnly1/wordfence-signup/" target="_blank">Wordfence Premium Key</a>. '; } ?><?php if (isset($o['help'])) { echo $o['help']; } ?></span>
974	<?php endif; ?>
975	</div>
976	</div>
977	<?php endforeach; ?>
978
979	<div class="wfMarker" id="wfMarkerExportOptions"></div>
980	- <h3>Exporting and Importing Wordfence Settings <a href="http://docs.wordfence.com/en/Wordfence_options#Exporting_and_Importing_Wordfence_Settings" target="_blank" class="wfhelp"></a></h3>
981	<div class="wf-form-group">
982	<label for="exportSettingsBut" class="wf-col-sm-5 wf-control-label">Export this site's Wordfence settings for import on another site</label>
983	<div class="wf-col-sm-7">
	@@ -1044,7 +1048,7 @@ $w = new wfConfig();
1044	<p>
1045	If you use the free edition of Wordfence, you don't need to worry about entering an API key in the "API Key"
1046	field above. One is automatically created for you. If you choose to <a
1047	- href="https://www.wordfence.com/gnl1optUpg1/wordfence-signup/" target="_blank">upgrade to Wordfence Premium
1048	edition</a>, you will receive an API key. You will need to copy and paste that key into the "API Key"
1049	field above and hit "Save" to activate your key.
1050	</p>
	@@ -1163,7 +1167,7 @@ $w = new wfConfig();
1163
1164	<p>
1165	Thanks for completing this tour and I'm very happy to have you as our newest Wordfence customer. Don't
1166	- forget to <a href="http://wordpress.org/extend/plugins/wordfence/" target="_blank">rate us 5 stars if you
1167	love Wordfence</a>.<br/>
1168	<br/>
1169	<strong>Mark Maunder</strong> - Wordfence Creator.


32	<form id="wfConfigForm" class="wf-form-horizontal">
33	<h2>License</h2>
34	<div class="wf-form-group">
35	+ <label for="apiKey" class="wf-col-sm-3 wf-control-label">Your Wordfence API Key <a href="http://docs.wordfence.com/en/Wordfence_options#Wordfence_API_Key" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
36	<div class="wf-col-sm-9">
37	<input type="text" id="apiKey" class="wf-form-control" name="apiKey" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" value="<?php $w->f( 'apiKey' ); ?>" size="80">
38	</div>

47	The currently active API Key is a Premium Key. <span style="font-weight: bold; color: #0A0;">Premium scanning enabled!</span>
48	<?php } else { ?>
49	The currently active API Key is a <span style="color: #F00; font-weight: bold;">Free Key</span>. <a
50	+ href="https://www.wordfence.com/gnl1optAPIKey1/wordfence-signup/" target="_blank" rel="noopener noreferrer">Click Here to Upgrade to
51	Wordfence Premium now.</a>
52	<?php } ?>
53	</p>

56	<div class="wf-form-group">
57	<?php if (wfConfig::get('hasKeyConflict')): ?>
58	<div class="wf-col-sm-9 wf-col-sm-offset-3">
59	+ <a href="https://www.wordfence.com/gnl1optMngKysReset/manage-wordfence-api-keys/" target="_blank" rel="noopener noreferrer"><input type="button" class="wf-btn wf-btn-default wf-btn-sm" value="Reset your premium license"/></a> <input type="button" class="wf-btn wf-btn-default wf-btn-sm" value="Downgrade to a free license" onclick="WFAD.downgradeLicense();"/>
60	</div>
61	<?php elseif (wfConfig::get('isPaid')): ?>
62	<div class="wf-col-sm-9 wf-col-sm-offset-3">
63	+ <a href="https://www.wordfence.com/gnl1optMngKys/manage-wordfence-api-keys/" target="_blank" rel="noopener noreferrer"><input type="button" class="wf-btn wf-btn-default wf-btn-sm" value="Renew your premium license"/></a> <input type="button" class="wf-btn wf-btn-default wf-btn-sm" value="Downgrade to a free license" onclick="WFAD.downgradeLicense();"/>
64	</div>
65	<?php else: ?>
66	<div class="wf-col-xs-12">

73	<li>Access to Premium Support</li>
74	<li>Discounts of up to 90% for multiyear and multi-license purchases</li>
75	</ul>
76	+ <p class="center"><a class="wf-btn wf-btn-primary wf-btn-callout" href="https://www.wordfence.com/gnl1optCallout1/wordfence-signup/" target="_blank" rel="noopener noreferrer">Get Premium</a></p>
77	</div>
78	</div>
79	<?php endif ?>
80	</div>
81
82	+ <h2>Basic Options <a href="http://docs.wordfence.com/en/Wordfence_options#Basic_Options" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></h2>
83	<div class="wf-form-group">
84	+ <label for="firewallEnabled" class="wf-col-sm-5 wf-control-label">Enable Rate Limiting and Advanced Blocking <a href="https://docs.wordfence.com/en/Wordfence_options#Enable_Rate_Limiting_and_Advanced_Blocking" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
85	<div class="wf-col-sm-7">
86	<div class="wf-checkbox"><input type="checkbox" id="firewallEnabled" class="wfConfigElem" name="firewallEnabled" value="1" <?php $w->cb( 'firewallEnabled' ); ?>></div>
87	<span class="wf-help-block"><span style="color: #F00;">NOTE:</span> This checkbox enables ALL blocking/throttling functions including IP, country and advanced blocking, and the "Rate Limiting Rules" below.</span>
88	</div>
89	</div>
90	<div class="wf-form-group">
91	+ <label for="loginSecurityEnabled" class="wf-col-sm-5 wf-control-label">Enable login security <a href="http://docs.wordfence.com/en/Wordfence_options#Enable_login_security" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
92	<div class="wf-col-sm-7">
93	<div class="wf-checkbox"><input type="checkbox" id="loginSecurityEnabled" class="wfConfigElem" name="loginSecurityEnabled" value="1" <?php $w->cb( 'loginSecurityEnabled' ); ?>></div>
94	<span class="wf-help-block">This option enables all "Login Security" options, including two-factor authentication, strong password enforcement, and invalid login throttling. You can modify individual options further down this page.</span>
95	</div>
96	</div>
97	<div class="wf-form-group">
98	+ <label for="liveTrafficEnabled" class="wf-col-sm-5 wf-control-label">Enable Live Traffic View <a href="http://docs.wordfence.com/en/Wordfence_options#Enable_Live_Traffic_View" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
99	<div class="wf-col-sm-7">
100	<div class="wf-checkbox"><input type="checkbox" id="liveTrafficEnabled" class="wfConfigElem" name="liveTrafficEnabled" value="1" <?php $w->cb( 'liveTrafficEnabled' ); ?> onclick="WFAD.reloadConfigPage = true; return true;"></div>
101	<span class="wf-help-block">This option enables live traffic logging.</span>
102	</div>
103	</div>
104	<div class="wf-form-group">
105	+ <label for="advancedCommentScanning" class="wf-col-sm-5 wf-control-label">Advanced Comment Spam Filter <a href="http://docs.wordfence.com/en/Wordfence_options#Advanced_Comment_Spam_Filter" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
106	<div class="wf-col-sm-7">
107	<div class="wf-checkbox"><input type="checkbox" id="advancedCommentScanning" class="wfConfigElem" name="advancedCommentScanning" value="1" <?php $w->cbp( 'advancedCommentScanning' ); if (!wfConfig::get('isPaid')) { ?>onclick="alert('This is a paid feature because it places significant additional load on our servers.'); jQuery('#advancedCommentScanning').attr('checked', false); return false;" <?php } ?>></div>
108	<span class="wf-help-block"><span style="color: #F00;">Premium Feature</span> In addition to free comment filtering (see below) this option filters comments against several additional real-time lists of known spammers and infected hosts.</span>
109	</div>
110	</div>
111	<div class="wf-form-group">
112	+ <label for="spamvertizeCheck" class="wf-col-sm-5 wf-control-label">Check if this website is being "Spamvertised" <a href="http://docs.wordfence.com/en/Wordfence_options#Check_if_this_website_is_being_.22Spamvertized.22" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
113	<div class="wf-col-sm-7">
114	<div class="wf-checkbox"><input type="checkbox" id="spamvertizeCheck" class="wfConfigElem" name="spamvertizeCheck" value="1" <?php $w->cbp('spamvertizeCheck'); if (!wfConfig::get('isPaid')) { ?>onclick="alert('This is a paid feature because it places significant additional load on our servers.'); jQuery('#spamvertizeCheck').attr('checked', false); return false;" <?php } ?>></div>
115	<span class="wf-help-block"><span style="color: #F00;">Premium Feature</span> When doing a scan, Wordfence will check with spam services if your site domain name is appearing as a link in spam emails.</span>
116	</div>
117	</div>
118	<div class="wf-form-group">
119	+ <label for="checkSpamIP" class="wf-col-sm-5 wf-control-label">Check if this website IP is generating spam <a href="http://docs.wordfence.com/en/Wordfence_options#Check_if_this_website_IP_is_generating_spam" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
120	<div class="wf-col-sm-7">
121	<div class="wf-checkbox"><input type="checkbox" id="checkSpamIP" class="wfConfigElem" name="checkSpamIP" value="1" <?php $w->cbp( 'checkSpamIP' ); if (!wfConfig::get('isPaid')) { ?>onclick="alert('This is a paid feature because it places significant additional load on our servers.'); jQuery('#checkSpamIP').attr('checked', false); return false;" <?php } ?>></div>
122	<span class="wf-help-block"><span style="color: #F00;">Premium Feature</span> When doing a scan, Wordfence will check with spam services if your website IP address is listed as a known source of spam email.</span>
123	</div>
124	</div>
125	<div class="wf-form-group">
126	+ <label for="scheduledScansEnabled" class="wf-col-sm-5 wf-control-label">Enable automatic scheduled scans <a href="http://docs.wordfence.com/en/Wordfence_options#Enable_automatic_scheduled_scans" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
127	<div class="wf-col-sm-7">
128	<div class="wf-checkbox"><input type="checkbox" id="scheduledScansEnabled" class="wfConfigElem" name="scheduledScansEnabled" value="1" <?php $w->cb( 'scheduledScansEnabled' ); ?>></div>
129	<span class="wf-help-block">Regular scans ensure your site stays secure.</span>
130	</div>
131	</div>
132	<div class="wf-form-group">
133	+ <label for="autoUpdate" class="wf-col-sm-5 wf-control-label">Update Wordfence automatically when a new version is released? <a href="http://docs.wordfence.com/en/Wordfence_options#Update_Wordfence_Automatically_when_a_new_version_is_released" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
134	<div class="wf-col-sm-7">
135	<div class="wf-checkbox"><input type="checkbox" id="autoUpdate" class="wfConfigElem" name="autoUpdate" value="1" <?php $w->cb( 'autoUpdate' ); ?>></div>
136	<span class="wf-help-block">Automatically updates Wordfence to the newest version within 24 hours of a new release.<br>
137	+ <?php if (!wfConfig::get('other_bypassLitespeedNoabort', false) && getenv('noabort') != '1' && stristr($_SERVER['SERVER_SOFTWARE'], 'litespeed') !== false) { ?>
138	+ <span style="color: #F00;">Warning: </span>You are running the LiteSpeed web server and Wordfence can't determine whether "noabort" is set. Please verify that the environmental variable "noabort" is set for the local site, or the server's global External Application Abort is set to "No Abort".<br>
139	+ <a href="https://docs.wordfence.com/en/LiteSpeed_aborts_Wordfence_scans_and_updates._How_do_I_prevent_that%3F" target="_blank" rel="noopener noreferrer">Please read this article in our FAQ to make an important change that will ensure your site stability during an update.<br>
140	<?php } ?></span>
141	</div>
142	</div>
143	<div class="wf-form-group">
144	+ <label for="alertEmails" class="wf-col-sm-5 wf-control-label">Where to email alerts <a href="http://docs.wordfence.com/en/Wordfence_options#Where_to_email_alerts" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
145	<div class="wf-col-sm-7">
146	<input type="text" id="alertEmails" name="alertEmails" class="wf-form-control" value="<?php $w->f( 'alertEmails' ); ?>" size="50">
147	<span class="wf-help-block">Separate multiple emails with commas.</span>
148	</div>
149	</div>
150	<div class="wf-form-group">
151	+ <label for="howGetIPs" class="wf-col-sm-5 wf-control-label">How does Wordfence get IPs <a href="http://docs.wordfence.com/en/Wordfence_options#How_does_Wordfence_get_IPs" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
152	<div class="wf-col-sm-7">
153	<select id="howGetIPs" name="howGetIPs" class="wf-form-control">
154	<option value="">Let Wordfence use the most secure method to get visitor IP addresses. Prevents spoofing and works with most sites.</option>

201	</div>
202	<div class="wfMarker" id="wfMarkerBasicOptions"></div>
203
204	+ <h2>Advanced Options <a href="http://docs.wordfence.com/en/Wordfence_options#Advanced_Options" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></h2>
205	<div class="wf-form-group">
206	<div class="wf-col-sm-9">
207	<span class="wf-help-block">Wordfence works great out of the box for most websites. Simply install Wordfence and your site and content is protected. For finer granularity of control, we have provided advanced options.</span>
208	</div>
209	</div>
210	<div id="wfConfigAdvanced">
211	+ <h3>Alerts <a href="http://docs.wordfence.com/en/Wordfence_options#Alerts" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></h3>
212	<?php
213	$emails = wfConfig::getAlertEmails();
214	if (count($emails) < 1):

313	</div>
314
315	<div class="wfMarker" id="wfMarkerEmailSummary"></div>
316	+ <h3>Email Summary <a href="http://docs.wordfence.com/en/Wordfence_options#Email_Summary" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></h3>
317	<div class="wf-form-group">
318	<label for="email_summary_enabled" class="wf-col-sm-5 wf-control-label">Enable email summary</label>
319	<div class="wf-col-sm-7">

331	</div>
332	</div>
333	<div class="wf-form-group">
334	+ <label for="email_summary_excluded_directories" class="wf-col-sm-5 wf-control-label">List of directories to exclude from recently modified file list</label>
335	<div class="wf-col-sm-7">
336	+ <textarea id="email_summary_excluded_directories" name="email_summary_excluded_directories" class="wf-form-control" rows="4"><?php echo esc_html(wfUtils::cleanupOneEntryPerLine($w->get('email_summary_excluded_directories', ''))); ?></textarea>
337	</div>
338	</div>
339	<?php if ((defined('WP_DEBUG') && WP_DEBUG) \|\| wfConfig::get('debugOn', 0)): ?>

355	</div>
356
357	<div class="wfMarker" id="wfMarkerLiveTrafficOptions"></div>
358	+ <h3>Live Traffic View <a href="http://docs.wordfence.com/en/Wordfence_options#Live_Traffic_View" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></h3>
359	<div class="wf-form-group">
360	<label for="liveTraf_ignorePublishers" class="wf-col-sm-5 wf-control-label">Don't log signed-in users with publishing access</label>
361	<div class="wf-col-sm-7">

388	</div>
389
390	<div class="wfMarker" id="wfMarkerScansToInclude"></div>
391	+ <h3>Scans to include <a href="http://docs.wordfence.com/en/Wordfence_options#Scans_to_Include" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></h3>
392	<?php
393	$options = array( //Contents should already be HTML-escaped as needed
394	array(
395	'id' => 'scansEnabled_checkHowGetIPs',
396	+ 'label' => 'Scan for misconfigured How does Wordfence get IPs <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_misconfigured_How_does_Wordfence_get_IPs" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
397	),
398	array(
399	'id' => 'scansEnabled_checkReadableConfig',
400	+ 'label' => 'Scan for publicly accessible configuration, backup, or log files <a href="http://docs.wordfence.com/en/Wordfence_options#Configuration_Readable" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
401	),
402	array(
403	'id' => 'scansEnabled_suspectedFiles',
404	+ 'label' => 'Scan for publicly accessible quarantined files <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_publicly_accessible_quarantined_files" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
405	),
406	array(
407	'id' => 'scansEnabled_core',
408	+ 'label' => 'Scan core files against repository versions for changes <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_core_files_against_repository_version_for_changes" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
409	),
410	array(
411	'id' => 'scansEnabled_themes',
412	+ 'label' => 'Scan theme files against repository versions for changes <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_theme_files_against_repository_versions_for_changes" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
413	),
414	array(
415	'id' => 'scansEnabled_plugins',
416	+ 'label' => 'Scan plugin files against repository versions for changes <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_plugin_files_against_repository_versions_for_changes" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
417	),
418	array(
419	'id' => 'scansEnabled_coreUnknown',
420	+ 'label' => 'Scan wp-admin and wp-includes for files not bundled with WordPress <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_wordpress_core_for_unknown_files" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
421	),
422	array(
423	'id' => 'scansEnabled_malware',
424	+ 'label' => 'Scan for signatures of known malicious files <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_signatures_of_known_malicious_files" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
425	),
426	array(
427	'id' => 'scansEnabled_fileContents',
428	+ 'label' => 'Scan file contents for backdoors, trojans and suspicious code <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_file_contents_for_backdoors.2C_trojans_and_suspicious_code" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
429	'help' => '<a href="#add-more-rules" class="do-show" data-selector="#scan_include_extra">+ Add additional signatures</a>',
430	'subs' => array(
431	array(

442	),
443	array(
444	'id' => 'scansEnabled_posts',
445	+ 'label' => 'Scan posts for known dangerous URLs and suspicious content <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_posts_for_known_dangerous_URLs_and_suspicious_content" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
446	),
447	array(
448	'id' => 'scansEnabled_comments',
449	+ 'label' => 'Scan comments for known dangerous URLs and suspicious content <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_comments_for_known_dangerous_URLs_and_suspicious_content" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
450	),
451	array(
452	'id' => 'scansEnabled_oldVersions',
453	+ 'label' => 'Scan for out of date, abandoned, and vulnerable plugins, themes, and WordPress versions <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_out_of_date_plugins.2C_themes_and_WordPress_versions" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
454	),
455	array(
456	'id' => 'scansEnabled_suspiciousAdminUsers',
457	+ 'label' => 'Scan for admin users created outside of WordPress <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_admin_users_created_outside_of_WordPress" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
458	),
459	array(
460	'id' => 'scansEnabled_passwds',
461	+ 'label' => 'Check the strength of passwords <a href="http://docs.wordfence.com/en/Wordfence_options#Check_the_strength_of_passwords" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
462	),
463	array(
464	'id' => 'scansEnabled_diskSpace',
465	+ 'label' => 'Monitor disk space<a href="http://docs.wordfence.com/en/Wordfence_options#Monitor_disk_space" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
466	),
467	array(
468	'id' => 'scansEnabled_dns',
469	+ 'label' => 'Scan for unauthorized DNS changes <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_unauthorized_DNS_changes" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
470	),
471	array(
472	'id' => 'other_scanOutside',
473	+ 'label' => 'Scan files outside your WordPress installation <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_files_outside_your_WordPress_installation" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
474	),
475	array(
476	'id' => 'scansEnabled_scanImages',
477	+ 'label' => 'Scan images, binary, and other files as if they were executable <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_image_files_as_if_they_were_executable" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
478	),
479	array(
480	'id' => 'scansEnabled_highSense',
481	+ 'label' => 'Enable HIGH SENSITIVITY scanning (may give false positives) <a href="http://docs.wordfence.com/en/Wordfence_options#Enable_HIGH_SENSITIVITY_scanning" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
482	),
483	array(
484	'id' => 'lowResourceScansEnabled',
485	+ 'label' => 'Use low resource scanning (reduces server load by lengthening the scan duration) <a href="http://docs.wordfence.com/en/Wordfence_options#Use_low_resource_scanning" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
486	),
487	);
488	foreach ($options as $o):

492	<div class="wf-col-sm-7">
493	<div class="wf-checkbox"><input type="checkbox" id="<?php echo $o['id']; ?>" class="wfConfigElem" name="<?php echo $o['id']; ?>" value="1" <?php $w->cb($o['id']); ?> <?php if (!wfConfig::get('isPaid') && isset($o['premium']) && $o['premium']) { echo 'disabled'; } ?>></div>
494	<?php if (isset($o['help']) \|\| (!wfConfig::get('isPaid') && isset($o['premium']) && $o['premium'])): ?>
495	+ <span class="wf-help-block"><?php if (!wfConfig::get('isPaid') && isset($o['premium']) && $o['premium']) { echo '<span style="color: #F00;">Premium Feature</span> This feature requires a <a href="https://www.wordfence.com/gnl1optPdOnly1/wordfence-signup/" target="_blank" rel="noopener noreferrer">Wordfence Premium Key</a>. '; } ?><?php if (isset($o['help'])) { echo $o['help']; } ?></span>
496	<?php endif; ?>
497	</div>
498	</div>

517	endforeach;
518	?>
519	<div class="wf-form-group">
520	+ <label for="scan_exclude" class="wf-col-sm-5 wf-control-label">Exclude files from scan that match these wildcard patterns (one per line) <a href="http://docs.wordfence.com/en/Wordfence_options#Exclude_files_from_scan_that_match_these_wildcard_patterns." target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
521	<div class="wf-col-sm-7">
522	<textarea id="scan_exclude" class="wf-form-control" rows="4" name="scan_exclude"><?php echo wfUtils::cleanupOneEntryPerLine($w->getHTML( 'scan_exclude' )); ?></textarea>
523	</div>
524	</div>
525	<div class="wf-form-group">
526	+ <label for="scan_maxIssues" class="wf-col-sm-5 wf-control-label">Limit the number of issues sent in the scan results email <a href="https://docs.wordfence.com/en/Wordfence_options#Limit_the_number_of_issues_sent_in_the_scan_results_email" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
527	<div class="wf-col-sm-7">
528	<input type="text" class="wf-form-control" name="scan_maxIssues" id="scan_maxIssues" value="<?php $w->f( 'scan_maxIssues' ); ?>">
529	<span class="wf-help-block">0 or empty means unlimited issues will be sent.</span>
530	</div>
531	</div>
532	<div class="wf-form-group">
533	+ <label for="scan_maxDuration" class="wf-col-sm-5 wf-control-label">Time limit that a scan can run in seconds <a href="http://docs.wordfence.com/en/Wordfence_options#Time_limit_that_a_scan_can_run_in_seconds" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
534	<div class="wf-col-sm-7">
535	<input type="text" class="wf-form-control" name="scan_maxDuration" id="scan_maxDuration" value="<?php $w->f( 'scan_maxDuration' ); ?>">
536	<span class="wf-help-block">0 or empty means the default of <?php echo wfUtils::makeDuration(WORDFENCE_DEFAULT_MAX_SCAN_TIME); ?> will be used.</span>

538	</div>
539
540	<div class="wfMarker" id="wfMarkerFirewallRules"></div>
541	+ <h3>Rate Limiting Rules <a href="http://docs.wordfence.com/en/Wordfence_options#Rate_Limiting_Rules" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></h3>
542	<div class="wf-form-group">
543	+ <label for="blockFakeBots" class="wf-col-sm-5 wf-control-label">Immediately block fake Google crawlers <a href="http://docs.wordfence.com/en/Wordfence_options#Immediately_block_fake_Google_crawlers:" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
544	<div class="wf-col-sm-7">
545	<div class="wf-checkbox"><input type="checkbox" id="blockFakeBots" name="blockFakeBots" value="1" <?php $w->cb('blockFakeBots'); ?>></div>
546	</div>
547	</div>
548	<div class="wf-form-group">
549	+ <label for="neverBlockBG" class="wf-col-sm-5 wf-control-label">How should we treat Google's crawlers <a href="http://docs.wordfence.com/en/Wordfence_options#How_should_we_treat_Google.27s_crawlers" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
550	<div class="wf-col-sm-7">
551	<select id="neverBlockBG" class="wf-form-control" name="neverBlockBG">
552	<option value="neverBlockVerified"<?php $w->sel( 'neverBlockBG', 'neverBlockVerified' ); ?>>Verified Google crawlers have unlimited access to this site</option>

559	$options = array( //Contents should already be HTML-escaped as needed
560	array(
561	'id' => 'maxGlobalRequests',
562	+ 'label' => 'If anyone\'s requests exceed <a href="http://docs.wordfence.com/en/Wordfence_options#If_anyone.27s_requests_exceed:" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
563	),
564	array(
565	'id' => 'maxRequestsCrawlers',
566	+ 'label' => 'If a crawler\'s page views exceed <a href="http://docs.wordfence.com/en/Wordfence_options#If_a_crawler.27s_page_views_exceed" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
567	),
568	array(
569	'id' => 'max404Crawlers',
570	+ 'label' => 'If a crawler\'s pages not found (404s) exceed <a href="http://docs.wordfence.com/en/Wordfence_options#If_a_crawler.27s_pages_not_found_.28404s.29_exceed" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
571	),
572	array(
573	'id' => 'maxRequestsHumans',
574	+ 'label' => 'If a human\'s page views exceed <a href="http://docs.wordfence.com/en/Wordfence_options#If_a_human.27s_page_views_exceed" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
575	),
576	array(
577	'id' => 'max404Humans',
578	+ 'label' => 'If a human\'s pages not found (404s) exceed <a href="http://docs.wordfence.com/en/Wordfence_options#If_a_human.27s_pages_not_found_.28404s.29_exceed" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
579	),
580	array(
581	'id' => 'maxScanHits',
582	+ 'label' => 'If 404s for known vulnerable URLs exceed <a href="http://docs.wordfence.com/en/Wordfence_options#If_404.27s_for_known_vulnerable_URL.27s_exceed" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
583	),
584	);
585	foreach ($options as $o): ?>

611	</select>
612	</div>
613	<?php if (isset($o['help']) \|\| (!wfConfig::get('isPaid') && isset($o['premium']) && $o['premium'])): ?>
614	+ <span class="wf-help-block"><?php if (!wfConfig::get('isPaid') && isset($o['premium']) && $o['premium']) { echo '<span style="color: #F00;">Premium Feature</span> This feature requires a <a href="https://www.wordfence.com/gnl1optPdOnly1/wordfence-signup/" target="_blank" rel="noopener noreferrer">Wordfence Premium Key</a>. '; } ?><?php if (isset($o['help'])) { echo $o['help']; } ?></span>
615	<?php endif; ?>
616	</div>
617	</div>
618	<?php endforeach; ?>
619	<div class="wf-form-group">
620	+ <label for="blockedTime" class="wf-col-sm-5 wf-control-label">How long is an IP address blocked when it breaks a rule <a href="http://docs.wordfence.com/en/Wordfence_options#How_long_is_an_IP_address_blocked_when_it_breaks_a_rule" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
621	<div class="wf-col-sm-7">
622	<select id="blockedTime" class="wf-form-control" name="blockedTime">
623	<option value="60"<?php $w->sel( 'blockedTime', '60' ); ?>>1 minute</option>

637	</div>
638
639	<div class="wfMarker" id="wfMarkerLoginSecurity"></div>
640	+ <h3>Login Security Options <a href="http://docs.wordfence.com/en/Wordfence_options#Login_Security_Options" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></h3>
641	<div class="wf-form-group">
642	+ <label for="loginSec_strongPasswds" class="wf-col-sm-5 wf-control-label">Enforce strong passwords <a href="http://docs.wordfence.com/en/Wordfence_options#Enforce_strong_passwords.3F" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
643	<div class="wf-col-sm-7">
644	<select class="wf-form-control" id="loginSec_strongPasswds" name="loginSec_strongPasswds">
645	<option value="">Do not force users to use strong passwords</option>

649	</div>
650	</div>
651	<div class="wf-form-group">
652	+ <label for="loginSec_maxFailures" class="wf-col-sm-5 wf-control-label">Lock out after how many login failures <a href="http://docs.wordfence.com/en/Wordfence_options#Lock_out_after_how_many_login_failures" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
653	<div class="wf-col-sm-7">
654	<select id="loginSec_maxFailures" class="wf-form-control" name="loginSec_maxFailures">
655	<option value="1"<?php $w->sel( 'loginSec_maxFailures', '1' ); ?>>1</option>

673	</div>
674	</div>
675	<div class="wf-form-group">
676	+ <label for="loginSec_maxForgotPasswd" class="wf-col-sm-5 wf-control-label">Lock out after how many forgot password attempts <a href="http://docs.wordfence.com/en/Wordfence_options#Lock_out_after_how_many_forgot_password_attempts" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
677	<div class="wf-col-sm-7">
678	<select id="loginSec_maxForgotPasswd" class="wf-form-control" name="loginSec_maxForgotPasswd">
679	<option value="1"<?php $w->sel( 'loginSec_maxForgotPasswd', '1' ); ?>>1</option>

697	</div>
698	</div>
699	<div class="wf-form-group">
700	+ <label for="loginSec_countFailMins" class="wf-col-sm-5 wf-control-label">Count failures over what time period <a href="http://docs.wordfence.com/en/Wordfence_options#Count_failures_over_what_time_period" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
701	<div class="wf-col-sm-7">
702	<select id="loginSec_countFailMins" class="wf-form-control" name="loginSec_countFailMins">
703	<option value="5"<?php $w->sel( 'loginSec_countFailMins', '5' ); ?>>5 minutes</option>

712	</div>
713	</div>
714	<div class="wf-form-group">
715	+ <label for="loginSec_lockoutMins" class="wf-col-sm-5 wf-control-label">Amount of time a user is locked out <a href="http://docs.wordfence.com/en/Wordfence_options#Amount_of_time_a_user_is_locked_out" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
716	<div class="wf-col-sm-7">
717	<select id="loginSec_lockoutMins" class="wf-form-control" name="loginSec_lockoutMins">
718	<option value="5"<?php $w->sel( 'loginSec_lockoutMins', '5' ); ?>>5 minutes</option>

733	</div>
734	</div>
735	<div class="wf-form-group">
736	+ <label for="loginSec_lockInvalidUsers" class="wf-col-sm-5 wf-control-label">Immediately lock out invalid usernames <a href="http://docs.wordfence.com/en/Wordfence_options#Immediately_lock_out_invalid_usernames" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
737	<div class="wf-col-sm-7">
738	<div class="wf-checkbox"><input type="checkbox" id="loginSec_lockInvalidUsers" name="loginSec_lockInvalidUsers" value="1" <?php $w->cb('loginSec_lockInvalidUsers'); ?>></div>
739	</div>
740	</div>
741	<div class="wf-form-group">
742	+ <label for="loginSec_maskLoginErrors" class="wf-col-sm-5 wf-control-label">Don't let WordPress reveal valid users in login errors <a href="http://docs.wordfence.com/en/Wordfence_options#Don.27t_let_WordPress_reveal_valid_users_in_login_errors" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
743	<div class="wf-col-sm-7">
744	<div class="wf-checkbox"><input type="checkbox" id="loginSec_maskLoginErrors" name="loginSec_maskLoginErrors" value="1" <?php $w->cb('loginSec_maskLoginErrors'); ?>></div>
745	</div>
746	</div>
747	<div class="wf-form-group">
748	+ <label for="loginSec_blockAdminReg" class="wf-col-sm-5 wf-control-label">Prevent users registering 'admin' username if it doesn't exist <a href="http://docs.wordfence.com/en/Wordfence_options#Prevent_users_registering_.27admin.27_username_if_it_doesn.27t_exist" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
749	<div class="wf-col-sm-7">
750	<div class="wf-checkbox"><input type="checkbox" id="loginSec_blockAdminReg" name="loginSec_blockAdminReg" value="1" <?php $w->cb('loginSec_blockAdminReg'); ?>></div>
751	</div>
752	</div>
753	<div class="wf-form-group">
754	+ <label for="loginSec_disableAuthorScan" class="wf-col-sm-5 wf-control-label">Prevent discovery of usernames through '/?author=N' scans, the oEmbed API, and the WordPress REST API <a href="http://docs.wordfence.com/en/Wordfence_options#Prevent_discovery_of_usernames_through_.27.3F.2Fauthor.3DN.27_scans" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
755	<div class="wf-col-sm-7">
756	<div class="wf-checkbox"><input type="checkbox" id="loginSec_disableAuthorScan" name="loginSec_disableAuthorScan" value="1" <?php $w->cb('loginSec_disableAuthorScan'); ?>></div>
757	</div>
758	</div>
759	<div class="wf-form-group">
760	+ <label for="loginSec_userBlacklist" class="wf-col-sm-5 wf-control-label">Immediately block the IP of users who try to sign in as these usernames <a href="http://docs.wordfence.com/en/Wordfence_options#Immediately_block_the_IP_of_users_who_try_to_sign_in_as_these_usernames" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
761	<div class="wf-col-sm-7">
762	<textarea id="loginSec_userBlacklist" class="wf-form-control" rows="4" name="loginSec_userBlacklist"><?php echo wfUtils::cleanupOneEntryPerLine($w->getHTML( 'loginSec_userBlacklist' )); ?></textarea>
763	<span class="wf-help-block">(One per line. Existing users won't be blocked.)</span>

765	</div>
766
767	<div class="wfMarker" id="wfMarkerNotification"></div>
768	+ <h3>Dashboard Notification Options <a href="http://docs.wordfence.com/en/Wordfence_options#Dashboard_Notification_Options" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></h3>
769	<div class="wf-form-group">
770	<label for="notification_updatesNeeded" class="wf-col-sm-5 wf-control-label">Updates Needed (Plugin, Theme, or Core)</label>
771	<div class="wf-col-sm-7">

777	<div class="wf-col-sm-7">
778	<div class="wf-checkbox"><input type="checkbox" id="notification_securityAlerts"<?php if ($w->p()) { echo ' name="notification_securityAlerts"'; } ?> value="1" <?php if ($w->p()) { $w->cb('notification_securityAlerts'); } else { echo ' checked disabled'; } ?>></div>
779	<?php if (!$w->p()): ?>
780	+ <span class="wf-help-block"><span style="color: #F00;">Premium Option</span> This option requires a <a href="https://www.wordfence.com/gnl1optPdOnly1/wordfence-signup/" target="_blank" rel="noopener noreferrer">Wordfence Premium Key</a>.</span>
781	<?php if ($w->get('notification_securityAlerts')): ?><input type="hidden" name="notification_securityAlerts" value="<?php $w->f('notification_securityAlerts'); ?>"><?php endif; ?>
782	<?php endif; ?>
783	</div>

787	<div class="wf-col-sm-7">
788	<div class="wf-checkbox"><input type="checkbox" id="notification_promotions"<?php if ($w->p()) { echo ' name="notification_promotions"'; } ?> value="1" <?php if ($w->p()) { $w->cb('notification_promotions'); } else { echo ' checked disabled'; } ?>></div>
789	<?php if (!$w->p()): ?>
790	+ <span class="wf-help-block"><span style="color: #F00;">Premium Option</span> This option requires a <a href="https://www.wordfence.com/gnl1optPdOnly1/wordfence-signup/" target="_blank" rel="noopener noreferrer">Wordfence Premium Key</a>.</span>
791	<?php if ($w->get('notification_promotions')): ?><input type="hidden" name="notification_promotions" value="<?php $w->f('notification_promotions'); ?>"><?php endif; ?>
792	<?php endif; ?>
793	</div>

797	<div class="wf-col-sm-7">
798	<div class="wf-checkbox"><input type="checkbox" id="notification_blogHighlights"<?php if ($w->p()) { echo ' name="notification_blogHighlights"'; } ?> value="1" <?php if ($w->p()) { $w->cb('notification_blogHighlights'); } else { echo ' checked disabled'; } ?>></div>
799	<?php if (!$w->p()): ?>
800	+ <span class="wf-help-block"><span style="color: #F00;">Premium Option</span> This option requires a <a href="https://www.wordfence.com/gnl1optPdOnly1/wordfence-signup/" target="_blank" rel="noopener noreferrer">Wordfence Premium Key</a>.</span>
801	<?php if ($w->get('notification_blogHighlights')): ?><input type="hidden" name="notification_blogHighlights" value="<?php $w->f('notification_blogHighlights'); ?>"><?php endif; ?>
802	<?php endif; ?>
803	</div>

807	<div class="wf-col-sm-7">
808	<div class="wf-checkbox"><input type="checkbox" id="notification_productUpdates"<?php if ($w->p()) { echo ' name="notification_productUpdates"'; } ?> value="1" <?php if ($w->p()) { $w->cb('notification_productUpdates'); } else { echo ' checked disabled'; } ?>></div>
809	<?php if (!$w->p()): ?>
810	+ <span class="wf-help-block"><span style="color: #F00;">Premium Option</span> This option requires a <a href="https://www.wordfence.com/gnl1optPdOnly1/wordfence-signup/" target="_blank" rel="noopener noreferrer">Wordfence Premium Key</a>.</span>
811	<?php if ($w->get('notification_productUpdates')): ?><input type="hidden" name="notification_productUpdates" value="<?php $w->f('notification_productUpdates'); ?>"><?php endif; ?>
812	<?php endif; ?>
813	</div>

820	</div>
821
822	<div class="wfMarker" id="wfMarkerOtherOptions"></div>
823	+ <h3>Other Options <a href="http://docs.wordfence.com/en/Wordfence_options#Other_Options" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></h3>
824	<div class="wf-form-group">
825	+ <label for="whitelisted" class="wf-col-sm-5 wf-control-label">Whitelisted IP addresses that bypass all rules <a href="http://docs.wordfence.com/en/Wordfence_options#Whitelisted_IP_addresses_that_bypass_all_rules" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
826	<div class="wf-col-sm-7">
827	<textarea id="whitelisted" class="wf-form-control" rows="4" name="whitelisted"><?php echo esc_html(preg_replace('/,/', "\n", $w->get('whitelisted'))); ?></textarea>
828	+ <span class="wf-help-block">Whitelisted IPs must be separated by commas or placed on separate lines. You can specify ranges using the following format: 123.23.34.[1-50]<br/>Wordfence automatically whitelists <a href="http://en.wikipedia.org/wiki/Private_network" target="_blank" rel="noopener noreferrer">private networks</a> because these are not routable on the public Internet.</span>
829	</div>
830	</div>
831	<div class="wf-form-group">
832	+ <label for="bannedURLs" class="wf-col-sm-5 wf-control-label">Immediately block IPs that access these URLs <a href="http://docs.wordfence.com/en/Wordfence_options#Immediately_block_IP.27s_that_access_these_URLs" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
833	<div class="wf-col-sm-7">
834	<textarea id="bannedURLs" class="wf-form-control" rows="4" name="bannedURLs"><?php echo esc_html(preg_replace('/,/', "\n", $w->get('bannedURLs'))); ?></textarea>
835	<span class="wf-help-block">Separate multiple URLs with commas or place them on separate lines. Asterisks are wildcards, but use with care. If you see an attacker repeatedly probing your site for a known vulnerability you can use this to immediately block them. All URLs must start with a '/' without quotes and must be relative. e.g. /badURLone/, /bannedPage.html, /dont-access/this/URL/, /starts/with-*</span>
836	</div>
837	</div>
838	<div class="wf-form-group">
839	+ <label for="allowed404s" class="wf-col-sm-5 wf-control-label">Whitelisted 404 URLs (one per line) <a href="http://docs.wordfence.com/en/Wordfence_options#Whitelisted_404_URLs" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
840	<div class="wf-col-sm-7">
841	<textarea id="allowed404s" class="wf-form-control" rows="4" name="allowed404s"><?php echo $w->getHTML( 'allowed404s' ); ?></textarea>
842	<span class="wf-help-block">These URL patterns will be excluded from the throttling rules used to limit crawlers.</span>

865	$options = array( //Contents should already be HTML-escaped as needed
866	array(
867	'id' => 'other_hideWPVersion',
868	+ 'label' => 'Hide WordPress version <a href="http://docs.wordfence.com/en/Wordfence_options#Hide_WordPress_version" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
869	),
870	array(
871	'id' => 'showAdminBarMenu',

874	),
875	array(
876	'id' => 'other_blockBadPOST',
877	+ 'label' => 'Block IPs who send POST requests with blank User-Agent and Referer <a href="http://docs.wordfence.com/en/Wordfence_options#Block_IP.27s_who_send_POST_requests_with_blank_User-Agent_and_Referer" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
878	),
879	array(
880	'id' => 'other_noAnonMemberComments',
881	+ 'label' => 'Hold anonymous comments using member emails for moderation <a href="http://docs.wordfence.com/en/Wordfence_options#Hold_anonymous_comments_using_member_emails_for_moderation" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
882	),
883	array(
884	'id' => 'other_scanComments',
885	+ 'label' => 'Filter comments for malware and phishing URLs <a href="http://docs.wordfence.com/en/Wordfence_options#Filter_comments_for_malware_and_phishing_URL.27s" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
886	),
887	array(
888	'id' => 'other_pwStrengthOnUpdate',
889	+ 'label' => 'Check password strength on profile update <a href="http://docs.wordfence.com/en/Wordfence_options#Check_password_strength_on_profile_update" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
890	),
891	array(
892	'id' => 'other_WFNet',
893	+ 'label' => 'Participate in the Real-Time WordPress Security Network <a href="http://docs.wordfence.com/en/Wordfence_options#Participate_in_the_Real-Time_WordPress_Security_Network" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
894	+ ),
895	+ array(
896	+ 'id' => 'other_bypassLitespeedNoabort',
897	+ 'label' => 'Bypass the LiteSpeed "noabort" check <a href="https://docs.wordfence.com/en/Wordfence_options#Bypass_the_LiteSpeed_noabort_check" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
898	),
899	);
900	foreach ($options as $o):

904	<div class="wf-col-sm-7">
905	<div class="wf-checkbox"><input type="checkbox" id="<?php echo $o['id']; ?>" class="wfConfigElem" name="<?php echo $o['id']; ?>" value="1" <?php $w->cb($o['id']); ?> <?php if (!wfConfig::get('isPaid') && isset($o['premium']) && $o['premium']) { echo 'disabled'; } ?>></div>
906	<?php if (isset($o['help']) \|\| (!wfConfig::get('isPaid') && isset($o['premium']) && $o['premium'])): ?>
907	+ <span class="wf-help-block"><?php if (!wfConfig::get('isPaid') && isset($o['premium']) && $o['premium']) { echo '<span style="color: #F00;">Premium Feature</span> This feature requires a <a href="https://www.wordfence.com/gnl1optPdOnly1/wordfence-signup/" target="_blank" rel="noopener noreferrer">Wordfence Premium Key</a>. '; } ?><?php if (isset($o['help'])) { echo $o['help']; } ?></span>
908	<?php endif; ?>
909	</div>
910	</div>
911	<?php endforeach; ?>
912	<div class="wf-form-group">
913	+ <label for="maxMem" class="wf-col-sm-5 wf-control-label">How much memory should Wordfence request when scanning <a href="http://docs.wordfence.com/en/Wordfence_options#How_much_memory_should_Wordfence_request_when_scanning" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
914	<div class="wf-col-sm-7">
915	<div class="wf-form-inline">
916	<input type="text" class="wf-form-control" name="maxMem" id="maxMem" value="<?php $w->f( 'maxMem' ); ?>">

919	</div>
920	</div>
921	<div class="wf-form-group">
922	+ <label for="maxExecutionTime" class="wf-col-sm-5 wf-control-label">Maximum execution time for each scan stage <a href="http://docs.wordfence.com/en/Wordfence_options#Maximum_execution_time_for_each_scan_stage" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
923	<div class="wf-col-sm-7">
924	<input type="text" class="wf-form-control" name="maxExecutionTime" id="maxExecutionTime" value="<?php $w->f( 'maxExecutionTime' ); ?>">
925	<span class="wf-help-block">Blank for default. Must be greater than 9.</span>
926	</div>
927	</div>
928	<div class="wf-form-group">
929	+ <label for="actUpdateInterval" class="wf-col-sm-5 wf-control-label">Update interval in seconds (2 is default) <a href="http://docs.wordfence.com/en/Wordfence_options#Update_interval_in_seconds" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
930	<div class="wf-col-sm-7">
931	<input type="text" class="wf-form-control" name="actUpdateInterval" id="actUpdateInterval" value="<?php $w->f( 'actUpdateInterval' ); ?>">
932	<span class="wf-help-block">Setting higher will reduce browser traffic but slow scan starts, live traffic & status updates.</span>

936	$options = array( //Contents should already be HTML-escaped as needed
937	array(
938	'id' => 'liveActivityPauseEnabled',
939	+ 'label' => 'Pause live updates when window loses focus <a href="http://docs.wordfence.com/en/Wordfence_options#Pause_live_updates_when_window_loses_focus" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
940	),
941	array(
942	'id' => 'deleteTablesOnDeact',
943	+ 'label' => 'Delete Wordfence tables and data on deactivation <a href="http://docs.wordfence.com/en/Wordfence_options#Delete_Wordfence_tables_and_data_on_deactivation.3F" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
944	),
945	array(
946	'id' => 'disableCookies',
947	+ 'label' => 'Disable Wordfence Cookies <a href="http://docs.wordfence.com/en/Wordfence_options#Disable_Wordfence_Cookies" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
948	'help' => 'When enabled, all visits in live traffic will appear to be new visits.',
949	),
950	array(
951	'id' => 'disableCodeExecutionUploads',
952	+ 'label' => 'Disable Code Execution for Uploads directory <a href="http://docs.wordfence.com/en/Wordfence_options#Disable_Code_Execution_for_Uploads_directory" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
953	),
954	array(
955	'id' => 'ajaxWatcherDisabled_front',

974	<div class="wf-col-sm-7">
975	<div class="wf-checkbox"><input type="checkbox" id="<?php echo $o['id']; ?>" class="wfConfigElem" name="<?php echo $o['id']; ?>" value="1" <?php $w->cb($o['id']); ?> <?php if (!wfConfig::get('isPaid') && isset($o['premium']) && $o['premium']) { echo 'disabled'; } ?>></div>
976	<?php if (isset($o['help']) \|\| (!wfConfig::get('isPaid') && isset($o['premium']) && $o['premium'])): ?>
977	+ <span class="wf-help-block"><?php if (!wfConfig::get('isPaid') && isset($o['premium']) && $o['premium']) { echo '<span style="color: #F00;">Premium Feature</span> This feature requires a <a href="https://www.wordfence.com/gnl1optPdOnly1/wordfence-signup/" target="_blank" rel="noopener noreferrer">Wordfence Premium Key</a>. '; } ?><?php if (isset($o['help'])) { echo $o['help']; } ?></span>
978	<?php endif; ?>
979	</div>
980	</div>
981	<?php endforeach; ?>
982
983	<div class="wfMarker" id="wfMarkerExportOptions"></div>
984	+ <h3>Exporting and Importing Wordfence Settings <a href="http://docs.wordfence.com/en/Wordfence_options#Exporting_and_Importing_Wordfence_Settings" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></h3>
985	<div class="wf-form-group">
986	<label for="exportSettingsBut" class="wf-col-sm-5 wf-control-label">Export this site's Wordfence settings for import on another site</label>
987	<div class="wf-col-sm-7">

1048	<p>
1049	If you use the free edition of Wordfence, you don't need to worry about entering an API key in the "API Key"
1050	field above. One is automatically created for you. If you choose to <a
1051	+ href="https://www.wordfence.com/gnl1optUpg1/wordfence-signup/" target="_blank" rel="noopener noreferrer">upgrade to Wordfence Premium
1052	edition</a>, you will receive an API key. You will need to copy and paste that key into the "API Key"
1053	field above and hit "Save" to activate your key.
1054	</p>

1167
1168	<p>
1169	Thanks for completing this tour and I'm very happy to have you as our newest Wordfence customer. Don't
1170	+ forget to <a href="http://wordpress.org/extend/plugins/wordfence/" target="_blank" rel="noopener noreferrer">rate us 5 stars if you
1171	love Wordfence</a>.<br/>
1172	<br/>
1173	<strong>Mark Maunder</strong> - Wordfence Creator.

lib/menu_scan.php CHANGED Viewed

	@@ -61,7 +61,7 @@ $sigUpdateTime = wfConfig::get('signatureUpdateTime');
61	<table border="0" class="wfIssue" cellspacing="0" cellpadding="0">
62	<tr>
63	<th>URL:</th>
64	- <td><a href="${data.url}" target="_blank">${data.url}</a></td>
65	<tr>
66	<th>Severity:</th>
67	<td>{{if severity == '1'}}Critical{{else}}Warning{{/if}}</td>
	@@ -81,7 +81,7 @@ $sigUpdateTime = wfConfig::get('signatureUpdateTime');
81	<ul>
82	<li><h3>Tools:</h3></li>
83	{{if data.fileExists}}
84	- <li><a target="_blank" href="${WFAD.makeViewFileLink(data.file)}">View the file</a></li>
85	{{/if}}
86	<li><a href="#" onclick="WFAD.hideFile('${id}', 'delete'); return false;">Hide this file in <em>.htaccess</em></a></li>
87	{{if data.canDelete}}
	@@ -118,7 +118,7 @@ $sigUpdateTime = wfConfig::get('signatureUpdateTime');
118	<table border="0" class="wfIssue" cellspacing="0" cellpadding="0">
119	<tr>
120	<th>URL:</th>
121	- <td><a href="${data.url}" target="_blank">${data.url}</a></td>
122	<tr>
123	<th>Severity:</th>
124	<td>{{if severity == '1'}}Critical{{else}}Warning{{/if}}</td>
	@@ -138,7 +138,7 @@ $sigUpdateTime = wfConfig::get('signatureUpdateTime');
138	<ul>
139	<li><h3>Tools:</h3></li>
140	{{if data.fileExists}}
141	- <li><a target="_blank" href="${WFAD.makeViewFileLink(data.file)}">View the file</a></li>
142	{{/if}}
143	<li><a href="#" onclick="WFAD.hideFile('${id}', 'delete'); return false;">Hide this file in <em>.htaccess</em></a></li>
144	{{if data.canDelete}}
	@@ -174,7 +174,7 @@ $sigUpdateTime = wfConfig::get('signatureUpdateTime');
174	<h2>${shortMsg}</h2>
175	<p>
176	<table border="0" class="wfIssue" cellspacing="0" cellpadding="0">
177	- <tr><th>URL:</th><td><a href="${data.url}" target="_blank">${data.url}</a></td>
178	<tr><th>Severity:</th><td>{{if severity == '1'}}Critical{{else}}Warning{{/if}}</td></tr>
179	<tr><th>Status</th><td>
180	{{if status == 'new' }}New{{/if}}
	@@ -217,7 +217,7 @@ $sigUpdateTime = wfConfig::get('signatureUpdateTime');
217	<h2>${shortMsg}</h2>
218	<p>
219	<table border="0" class="wfIssue" cellspacing="0" cellpadding="0">
220	- <tr><th>URL:</th><td><a href="${data.url}" target="_blank">${data.url}</a></td>
221	<tr><th>Severity:</th><td>{{if severity == '1'}}Critical{{else}}Warning{{/if}}</td></tr>
222	<tr><th>Status</th><td>
223	{{if status == 'new' }}New{{/if}}
	@@ -269,7 +269,7 @@ $sigUpdateTime = wfConfig::get('signatureUpdateTime');
269	<tr><th><span class="wf-hidden-xs">Theme </span>Name:</th><td>${data.name}</td></tr>
270	<tr><th>Current <span class="wf-hidden-xs">Theme </span>Version:</th><td>${data.version}</td></tr>
271	<tr><th>New <span class="wf-hidden-xs">Theme </span>Version:</th><td>${data.newVersion}</td></tr>
272	- <tr><th><span class="wf-hidden-xs">Theme </span>URL:</th><td><a href="${data.URL}" target="_blank"><span class="wf-hidden-xs wf-split-word">${data.URL}</span><span class="wf-visible-xs">View</span></a></td></tr>
273	<tr><th>Severity:</th><td>{{if severity == '1'}}Critical{{else}}Warning{{/if}}</td></tr>
274	<tr><th>Status</th><td>
275	{{if status == 'new' }}New{{/if}}
	@@ -307,8 +307,8 @@ $sigUpdateTime = wfConfig::get('signatureUpdateTime');
307	<p>
308	<table border="0" class="wfIssue" cellspacing="0" cellpadding="0">
309	<tr><th><span class="wf-hidden-xs">Plugin </span>Name:</th><td>${data.Name}</td></tr>
310	- {{if data.PluginURI}}<tr><th><span class="wf-hidden-xs">Plugin </span>Website:</th><td><a href="${data.PluginURI}" target="_blank"><span class="wf-hidden-xs wf-split-word">${data.PluginURI}</span><span class="wf-visible-xs">View</span></a></td></tr>{{/if}}
311	- <tr><th>Changelog:</th><td><a href="${data.wpURL}/#developers" target="_blank"><span class="wf-hidden-xs wf-split-word">${data.wpURL}/#developers</span><span class="wf-visible-xs">View</span></a></td></tr>
312	<tr><th>Current <span class="wf-hidden-xs">Plugin </span>Version:</th><td>${data.Version}</td></tr>
313	<tr><th>New <span class="wf-hidden-xs">Plugin </span>Version:</th><td>${data.newVersion}</td></tr>
314	<tr><th>Severity:</th><td>{{if severity == '1'}}Critical{{else}}Warning{{/if}}</td></tr>
	@@ -348,7 +348,7 @@ $sigUpdateTime = wfConfig::get('signatureUpdateTime');
348	<p>
349	<table border="0" class="wfIssue" cellspacing="0" cellpadding="0">
350	<tr><th><span class="wf-hidden-xs">Plugin </span>Name:</th><td>${data.Name}</td></tr>
351	- {{if data.PluginURI}}<tr><th><span class="wf-hidden-xs">Plugin </span>Website:</th><td><a href="${data.PluginURI}" target="_blank"><span class="wf-hidden-xs wf-split-word">${data.PluginURI}</span><span class="wf-visible-xs">View</span></a></td></tr>{{/if}}
352	<tr><th>Current <span class="wf-hidden-xs">Plugin </span>Version:</th><td>${data.Version}</td></tr>
353	<tr><th>Severity:</th><td>{{if severity == '1'}}Critical{{else}}Warning{{/if}}</td></tr>
354	<tr><th>Status</th><td>
	@@ -385,8 +385,8 @@ $sigUpdateTime = wfConfig::get('signatureUpdateTime');
385	<p>
386	<table border="0" class="wfIssue" cellspacing="0" cellpadding="0">
387	<tr><th><span class="wf-hidden-xs">Plugin </span>Name:</th><td>${data.name}</td></tr>
388	- {{if data.homepage}}<tr><th><span class="wf-hidden-xs">Plugin </span>Website:</th><td><a href="${data.homepage}" target="_blank"><span class="wf-hidden-xs wf-split-word">${data.homepage}</span><span class="wf-visible-xs">View</span></a></td></tr>{{/if}}
389	- {{if data.wpURL}}<tr><th>Repository<span class="wf-hidden-xs"> Link</span>:</th><td><a href="${data.wpURL}" target="_blank"><span class="wf-hidden-xs wf-split-word">${data.wpURL}</span><span class="wf-visible-xs">View</span></a></td></tr>{{/if}}
390	<tr><th>Current <span class="wf-hidden-xs">Plugin </span>Version:</th><td>${data.version}</td></tr>
391	<tr><th>Last Updated:</th><td>${data.dateUpdated}</td></tr>
392	<tr><th>Severity:</th><td>{{if severity == '1'}}Critical{{else}}Warning{{/if}}</td></tr>
	@@ -425,8 +425,8 @@ $sigUpdateTime = wfConfig::get('signatureUpdateTime');
425	<p>
426	<table border="0" class="wfIssue" cellspacing="0" cellpadding="0">
427	<tr><th><span class="wf-hidden-xs">Plugin </span>Name:</th><td>${data.Name}</td></tr>
428	- {{if data.PluginURI}}<tr><th><span class="wf-hidden-xs">Plugin </span>Website:</th><td><a href="${data.PluginURI}" target="_blank"><span class="wf-hidden-xs wf-split-word">${data.PluginURI}</span><span class="wf-visible-xs">View</span></a></td></tr>{{/if}}
429	- {{if data.wpURL}}<tr><th>Repository<span class="wf-hidden-xs"> Link</span>:</th><td><a href="${data.wpURL}" target="_blank"><span class="wf-hidden-xs wf-split-word">${data.wpURL}</span><span class="wf-visible-xs">View</span></a></td></tr>{{/if}}
430	<tr><th>Current <span class="wf-hidden-xs">Plugin </span>Version:</th><td>${data.Version}</td></tr>
431	<tr><th>Severity:</th><td>{{if severity == '1'}}Critical{{else}}Warning{{/if}}</td></tr>
432	<tr><th>Status</th><td>
	@@ -579,7 +579,7 @@ $sigUpdateTime = wfConfig::get('signatureUpdateTime');
579	<div class="wfIssueOptions">
580	<ul>
581	<li><h3>Tools:</h3></li>
582	- <li><a target="_blank" href="${data.editUserLink}">Edit this user</a></li>
583	</ul>
584	</div>
585	<div class="wfIssueOptions">
	@@ -628,7 +628,7 @@ $sigUpdateTime = wfConfig::get('signatureUpdateTime');
628	<div class="WfIssueOptions">
629	<ul>
630	<li><h3>Tools:</h3></li>
631	- <li><a target="_blank" href="${data.editCommentLink}">Edit this ${data.type}</a></li>
632	</ul>
633	</div>
634	<div class="wfIssueOptions">
	@@ -674,7 +674,7 @@ $sigUpdateTime = wfConfig::get('signatureUpdateTime');
674	<div class="wfIssueOptions">
675	<ul>
676	<li><h3>Tools:</h3></li>
677	- <li><a target="_blank" href="${data.editPostLink}">Edit this ${data.type}</a></li>
678	</ul>
679	</div>
680	<div class="wfIssueOptions">
	@@ -703,9 +703,9 @@ $sigUpdateTime = wfConfig::get('signatureUpdateTime');
703	<p>
704	<table border="0" class="wfIssue" cellspacing="0" cellpadding="0">
705	{{if data.isMultisite}}
706	- <tr><th>Title:</th><td><a href="${data.permalink}" target="_blank">${data.postTitle}</a></td></tr>
707	{{else}}
708	- <tr><th>Title:</th><td><a href="${data.permalink}" target="_blank">${data.postTitle}</a></td></tr>
709	{{/if}}
710	<tr><th>Bad URL:</th><td><strong class="wfWarn wf-split-word">${data.badURL}</strong></td></tr>
711	<tr><th>Posted on:</th><td>${data.postDate}</td></tr>
	@@ -728,7 +728,7 @@ $sigUpdateTime = wfConfig::get('signatureUpdateTime');
728	<div class="wfIssueOptions">
729	<ul>
730	<li><h3>Tools:</h3></li>
731	- <li><a target="_blank" href="${data.editPostLink}">Edit this ${data.type}</a></li>
732	</ul>
733	</div>
734	<div class="wfIssueOptions">
	@@ -780,7 +780,7 @@ $sigUpdateTime = wfConfig::get('signatureUpdateTime');
780	<ul>
781	<li><h3>Tools:</h3></li>
782	{{if data.fileExists}}
783	- <li><a target="_blank" href="${WFAD.makeViewFileLink(data.file)}">View the file.</a></li>
784	{{/if}}
785	{{if data.canFix}}
786	<li><a href="#" onclick="WFAD.restoreFile('${id}'); return false;">Restore the original version of this file.</a></li>
	@@ -789,7 +789,7 @@ $sigUpdateTime = wfConfig::get('signatureUpdateTime');
789	<li><a href="#" onclick="WFAD.deleteFile('${id}'); return false;">Delete this file (can't be undone)</a></li>
790	{{/if}}
791	{{if data.canDiff}}
792	- <li><a href="${WFAD.makeDiffLink(data)}" target="_blank">See how the file has changed.</a></li>
793	{{/if}}
794	</ul>
795	{{if data.canFix}}
	@@ -885,7 +885,7 @@ $sigUpdateTime = wfConfig::get('signatureUpdateTime');
885	<ul>
886	<li><h3>Tools:</h3></li>
887	{{if data.optionExists}}
888	- <li><a target="_blank" href="${WFAD.makeViewOptionLink(data.option_name, data.site_id)}">View this option.</a></li>
889	{{/if}}
890	{{if data.canDelete}}
891	<li><a href="#" onclick="WFAD.deleteDatabaseOption('${id}'); return false;">Delete this option from the database (can't be undone)</a></li>


61	<table border="0" class="wfIssue" cellspacing="0" cellpadding="0">
62	<tr>
63	<th>URL:</th>
64	+ <td><a href="${data.url}" target="_blank" rel="noopener noreferrer">${data.url}</a></td>
65	<tr>
66	<th>Severity:</th>
67	<td>{{if severity == '1'}}Critical{{else}}Warning{{/if}}</td>

81	<ul>
82	<li><h3>Tools:</h3></li>
83	{{if data.fileExists}}
84	+ <li><a target="_blank" rel="noopener noreferrer" href="${WFAD.makeViewFileLink(data.file)}">View the file</a></li>
85	{{/if}}
86	<li><a href="#" onclick="WFAD.hideFile('${id}', 'delete'); return false;">Hide this file in <em>.htaccess</em></a></li>
87	{{if data.canDelete}}

118	<table border="0" class="wfIssue" cellspacing="0" cellpadding="0">
119	<tr>
120	<th>URL:</th>
121	+ <td><a href="${data.url}" target="_blank" rel="noopener noreferrer">${data.url}</a></td>
122	<tr>
123	<th>Severity:</th>
124	<td>{{if severity == '1'}}Critical{{else}}Warning{{/if}}</td>

138	<ul>
139	<li><h3>Tools:</h3></li>
140	{{if data.fileExists}}
141	+ <li><a target="_blank" rel="noopener noreferrer" href="${WFAD.makeViewFileLink(data.file)}">View the file</a></li>
142	{{/if}}
143	<li><a href="#" onclick="WFAD.hideFile('${id}', 'delete'); return false;">Hide this file in <em>.htaccess</em></a></li>
144	{{if data.canDelete}}

174	<h2>${shortMsg}</h2>
175	<p>
176	<table border="0" class="wfIssue" cellspacing="0" cellpadding="0">
177	+ <tr><th>URL:</th><td><a href="${data.url}" target="_blank" rel="noopener noreferrer">${data.url}</a></td>
178	<tr><th>Severity:</th><td>{{if severity == '1'}}Critical{{else}}Warning{{/if}}</td></tr>
179	<tr><th>Status</th><td>
180	{{if status == 'new' }}New{{/if}}

217	<h2>${shortMsg}</h2>
218	<p>
219	<table border="0" class="wfIssue" cellspacing="0" cellpadding="0">
220	+ <tr><th>URL:</th><td><a href="${data.url}" target="_blank" rel="noopener noreferrer">${data.url}</a></td>
221	<tr><th>Severity:</th><td>{{if severity == '1'}}Critical{{else}}Warning{{/if}}</td></tr>
222	<tr><th>Status</th><td>
223	{{if status == 'new' }}New{{/if}}

269	<tr><th><span class="wf-hidden-xs">Theme </span>Name:</th><td>${data.name}</td></tr>
270	<tr><th>Current <span class="wf-hidden-xs">Theme </span>Version:</th><td>${data.version}</td></tr>
271	<tr><th>New <span class="wf-hidden-xs">Theme </span>Version:</th><td>${data.newVersion}</td></tr>
272	+ <tr><th><span class="wf-hidden-xs">Theme </span>URL:</th><td><a href="${data.URL}" target="_blank" rel="noopener noreferrer"><span class="wf-hidden-xs wf-split-word">${data.URL}</span><span class="wf-visible-xs">View</span></a></td></tr>
273	<tr><th>Severity:</th><td>{{if severity == '1'}}Critical{{else}}Warning{{/if}}</td></tr>
274	<tr><th>Status</th><td>
275	{{if status == 'new' }}New{{/if}}

307	<p>
308	<table border="0" class="wfIssue" cellspacing="0" cellpadding="0">
309	<tr><th><span class="wf-hidden-xs">Plugin </span>Name:</th><td>${data.Name}</td></tr>
310	+ {{if data.PluginURI}}<tr><th><span class="wf-hidden-xs">Plugin </span>Website:</th><td><a href="${data.PluginURI}" target="_blank" rel="noopener noreferrer"><span class="wf-hidden-xs wf-split-word">${data.PluginURI}</span><span class="wf-visible-xs">View</span></a></td></tr>{{/if}}
311	+ <tr><th>Changelog:</th><td><a href="${data.wpURL}/#developers" target="_blank" rel="noopener noreferrer"><span class="wf-hidden-xs wf-split-word">${data.wpURL}/#developers</span><span class="wf-visible-xs">View</span></a></td></tr>
312	<tr><th>Current <span class="wf-hidden-xs">Plugin </span>Version:</th><td>${data.Version}</td></tr>
313	<tr><th>New <span class="wf-hidden-xs">Plugin </span>Version:</th><td>${data.newVersion}</td></tr>
314	<tr><th>Severity:</th><td>{{if severity == '1'}}Critical{{else}}Warning{{/if}}</td></tr>

348	<p>
349	<table border="0" class="wfIssue" cellspacing="0" cellpadding="0">
350	<tr><th><span class="wf-hidden-xs">Plugin </span>Name:</th><td>${data.Name}</td></tr>
351	+ {{if data.PluginURI}}<tr><th><span class="wf-hidden-xs">Plugin </span>Website:</th><td><a href="${data.PluginURI}" target="_blank" rel="noopener noreferrer"><span class="wf-hidden-xs wf-split-word">${data.PluginURI}</span><span class="wf-visible-xs">View</span></a></td></tr>{{/if}}
352	<tr><th>Current <span class="wf-hidden-xs">Plugin </span>Version:</th><td>${data.Version}</td></tr>
353	<tr><th>Severity:</th><td>{{if severity == '1'}}Critical{{else}}Warning{{/if}}</td></tr>
354	<tr><th>Status</th><td>

385	<p>
386	<table border="0" class="wfIssue" cellspacing="0" cellpadding="0">
387	<tr><th><span class="wf-hidden-xs">Plugin </span>Name:</th><td>${data.name}</td></tr>
388	+ {{if data.homepage}}<tr><th><span class="wf-hidden-xs">Plugin </span>Website:</th><td><a href="${data.homepage}" target="_blank" rel="noopener noreferrer"><span class="wf-hidden-xs wf-split-word">${data.homepage}</span><span class="wf-visible-xs">View</span></a></td></tr>{{/if}}
389	+ {{if data.wpURL}}<tr><th>Repository<span class="wf-hidden-xs"> Link</span>:</th><td><a href="${data.wpURL}" target="_blank" rel="noopener noreferrer"><span class="wf-hidden-xs wf-split-word">${data.wpURL}</span><span class="wf-visible-xs">View</span></a></td></tr>{{/if}}
390	<tr><th>Current <span class="wf-hidden-xs">Plugin </span>Version:</th><td>${data.version}</td></tr>
391	<tr><th>Last Updated:</th><td>${data.dateUpdated}</td></tr>
392	<tr><th>Severity:</th><td>{{if severity == '1'}}Critical{{else}}Warning{{/if}}</td></tr>

425	<p>
426	<table border="0" class="wfIssue" cellspacing="0" cellpadding="0">
427	<tr><th><span class="wf-hidden-xs">Plugin </span>Name:</th><td>${data.Name}</td></tr>
428	+ {{if data.PluginURI}}<tr><th><span class="wf-hidden-xs">Plugin </span>Website:</th><td><a href="${data.PluginURI}" target="_blank" rel="noopener noreferrer"><span class="wf-hidden-xs wf-split-word">${data.PluginURI}</span><span class="wf-visible-xs">View</span></a></td></tr>{{/if}}
429	+ {{if data.wpURL}}<tr><th>Repository<span class="wf-hidden-xs"> Link</span>:</th><td><a href="${data.wpURL}" target="_blank" rel="noopener noreferrer"><span class="wf-hidden-xs wf-split-word">${data.wpURL}</span><span class="wf-visible-xs">View</span></a></td></tr>{{/if}}
430	<tr><th>Current <span class="wf-hidden-xs">Plugin </span>Version:</th><td>${data.Version}</td></tr>
431	<tr><th>Severity:</th><td>{{if severity == '1'}}Critical{{else}}Warning{{/if}}</td></tr>
432	<tr><th>Status</th><td>

579	<div class="wfIssueOptions">
580	<ul>
581	<li><h3>Tools:</h3></li>
582	+ <li><a target="_blank" rel="noopener noreferrer" href="${data.editUserLink}">Edit this user</a></li>
583	</ul>
584	</div>
585	<div class="wfIssueOptions">

628	<div class="WfIssueOptions">
629	<ul>
630	<li><h3>Tools:</h3></li>
631	+ <li><a target="_blank" rel="noopener noreferrer" href="${data.editCommentLink}">Edit this ${data.type}</a></li>
632	</ul>
633	</div>
634	<div class="wfIssueOptions">

674	<div class="wfIssueOptions">
675	<ul>
676	<li><h3>Tools:</h3></li>
677	+ <li><a target="_blank" rel="noopener noreferrer" href="${data.editPostLink}">Edit this ${data.type}</a></li>
678	</ul>
679	</div>
680	<div class="wfIssueOptions">

703	<p>
704	<table border="0" class="wfIssue" cellspacing="0" cellpadding="0">
705	{{if data.isMultisite}}
706	+ <tr><th>Title:</th><td><a href="${data.permalink}" target="_blank" rel="noopener noreferrer">${data.postTitle}</a></td></tr>
707	{{else}}
708	+ <tr><th>Title:</th><td><a href="${data.permalink}" target="_blank" rel="noopener noreferrer">${data.postTitle}</a></td></tr>
709	{{/if}}
710	<tr><th>Bad URL:</th><td><strong class="wfWarn wf-split-word">${data.badURL}</strong></td></tr>
711	<tr><th>Posted on:</th><td>${data.postDate}</td></tr>

728	<div class="wfIssueOptions">
729	<ul>
730	<li><h3>Tools:</h3></li>
731	+ <li><a target="_blank" rel="noopener noreferrer" href="${data.editPostLink}">Edit this ${data.type}</a></li>
732	</ul>
733	</div>
734	<div class="wfIssueOptions">

780	<ul>
781	<li><h3>Tools:</h3></li>
782	{{if data.fileExists}}
783	+ <li><a target="_blank" rel="noopener noreferrer" href="${WFAD.makeViewFileLink(data.file)}">View the file.</a></li>
784	{{/if}}
785	{{if data.canFix}}
786	<li><a href="#" onclick="WFAD.restoreFile('${id}'); return false;">Restore the original version of this file.</a></li>

789	<li><a href="#" onclick="WFAD.deleteFile('${id}'); return false;">Delete this file (can't be undone)</a></li>
790	{{/if}}
791	{{if data.canDiff}}
792	+ <li><a href="${WFAD.makeDiffLink(data)}" target="_blank" rel="noopener noreferrer">See how the file has changed.</a></li>
793	{{/if}}
794	</ul>
795	{{if data.canFix}}

885	<ul>
886	<li><h3>Tools:</h3></li>
887	{{if data.optionExists}}
888	+ <li><a target="_blank" rel="noopener noreferrer" href="${WFAD.makeViewOptionLink(data.option_name, data.site_id)}">View this option.</a></li>
889	{{/if}}
890	{{if data.canDelete}}
891	<li><a href="#" onclick="WFAD.deleteDatabaseOption('${id}'); return false;">Delete this option from the database (can't be undone)</a></li>

lib/menu_scan_options.php CHANGED Viewed

	@@ -3,44 +3,44 @@ $w = new wfConfig();
3	?>
4	<div class="wordfenceModeElem" id="wordfenceMode_scanOptions"></div>
5	<form id="wfConfigForm-scanOptions" class="wf-form-horizontal">
6	- <h3>Scans to include <a href="http://docs.wordfence.com/en/Wordfence_options#Scans_to_Include" target="_blank" class="wfhelp"></a></h3>
7	<?php
8	$options = array( //Contents should already be HTML-escaped as needed
9	array(
10	'id' => 'scansEnabled_checkHowGetIPs',
11	- 'label' => 'Scan for misconfigured How does Wordfence get IPs <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_misconfigured_How_does_Wordfence_get_IPs" target="_blank" class="wfhelp"></a>',
12	),
13	array(
14	'id' => 'scansEnabled_checkReadableConfig',
15	- 'label' => 'Scan for publicly accessible configuration, backup, or log files <a href="http://docs.wordfence.com/en/Wordfence_options#Configuration_Readable" target="_blank" class="wfhelp"></a>',
16	),
17	array(
18	'id' => 'scansEnabled_suspectedFiles',
19	- 'label' => 'Scan for publicly accessible quarantined files <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_publicly_accessible_quarantined_files" target="_blank" class="wfhelp"></a>',
20	),
21	array(
22	'id' => 'scansEnabled_core',
23	- 'label' => 'Scan core files against repository versions for changes <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_core_files_against_repository_version_for_changes" target="_blank" class="wfhelp"></a>',
24	),
25	array(
26	'id' => 'scansEnabled_themes',
27	- 'label' => 'Scan theme files against repository versions for changes <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_theme_files_against_repository_versions_for_changes" target="_blank" class="wfhelp"></a>',
28	),
29	array(
30	'id' => 'scansEnabled_plugins',
31	- 'label' => 'Scan plugin files against repository versions for changes <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_plugin_files_against_repository_versions_for_changes" target="_blank" class="wfhelp"></a>',
32	),
33	array(
34	'id' => 'scansEnabled_coreUnknown',
35	- 'label' => 'Scan wp-admin and wp-includes for files not bundled with WordPress <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_wordpress_core_for_unknown_files" target="_blank" class="wfhelp"></a>',
36	),
37	array(
38	'id' => 'scansEnabled_malware',
39	- 'label' => 'Scan for signatures of known malicious files <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_signatures_of_known_malicious_files" target="_blank" class="wfhelp"></a>',
40	),
41	array(
42	'id' => 'scansEnabled_fileContents',
43	- 'label' => 'Scan file contents for backdoors, trojans and suspicious code <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_file_contents_for_backdoors.2C_trojans_and_suspicious_code" target="_blank" class="wfhelp"></a>',
44	'help' => '<a href="#add-more-rules" class="do-show" data-selector="#scan_include_extra">+ Add additional signatures</a>',
45	'subs' => array(
46	array(
	@@ -57,47 +57,47 @@ $w = new wfConfig();
57	),
58	array(
59	'id' => 'scansEnabled_posts',
60	- 'label' => 'Scan posts for known dangerous URLs and suspicious content <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_posts_for_known_dangerous_URLs_and_suspicious_content" target="_blank" class="wfhelp"></a>',
61	),
62	array(
63	'id' => 'scansEnabled_comments',
64	- 'label' => 'Scan comments for known dangerous URLs and suspicious content <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_comments_for_known_dangerous_URLs_and_suspicious_content" target="_blank" class="wfhelp"></a>',
65	),
66	array(
67	'id' => 'scansEnabled_oldVersions',
68	- 'label' => 'Scan for out of date plugins, themes and WordPress versions <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_out_of_date_plugins.2C_themes_and_WordPress_versions" target="_blank" class="wfhelp"></a>',
69	),
70	array(
71	'id' => 'scansEnabled_suspiciousAdminUsers',
72	- 'label' => 'Scan for admin users created outside of WordPress <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_admin_users_created_outside_of_WordPress" target="_blank" class="wfhelp"></a>',
73	),
74	array(
75	'id' => 'scansEnabled_passwds',
76	- 'label' => 'Check the strength of passwords <a href="http://docs.wordfence.com/en/Wordfence_options#Check_the_strength_of_passwords" target="_blank" class="wfhelp"></a>',
77	),
78	array(
79	'id' => 'scansEnabled_diskSpace',
80	- 'label' => 'Monitor disk space<a href="http://docs.wordfence.com/en/Wordfence_options#Monitor_disk_space" target="_blank" class="wfhelp"></a>',
81	),
82	array(
83	'id' => 'scansEnabled_dns',
84	- 'label' => 'Scan for unauthorized DNS changes <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_unauthorized_DNS_changes" target="_blank" class="wfhelp"></a>',
85	),
86	array(
87	'id' => 'other_scanOutside',
88	- 'label' => 'Scan files outside your WordPress installation <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_files_outside_your_WordPress_installation" target="_blank" class="wfhelp"></a>',
89	),
90	array(
91	'id' => 'scansEnabled_scanImages',
92	- 'label' => 'Scan images, binary, and other files as if they were executable <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_image_files_as_if_they_were_executable" target="_blank" class="wfhelp"></a>',
93	),
94	array(
95	'id' => 'scansEnabled_highSense',
96	- 'label' => 'Enable HIGH SENSITIVITY scanning (may give false positives) <a href="http://docs.wordfence.com/en/Wordfence_options#Enable_HIGH_SENSITIVITY_scanning" target="_blank" class="wfhelp"></a>',
97	),
98	array(
99	'id' => 'lowResourceScansEnabled',
100	- 'label' => 'Use low resource scanning (reduces server load by lengthening the scan duration) <a href="http://docs.wordfence.com/en/Wordfence_options#Use_low_resource_scanning" target="_blank" class="wfhelp"></a>',
101	),
102	);
103	foreach ($options as $o):
	@@ -107,7 +107,7 @@ $w = new wfConfig();
107	<div class="wf-col-sm-7">
108	<div class="wf-checkbox"><input type="checkbox" id="<?php echo $o['id']; ?>" class="wfConfigElem" name="<?php echo $o['id']; ?>" value="1" <?php $w->cb($o['id']); ?> <?php if (!wfConfig::get('isPaid') && isset($o['premium']) && $o['premium']) { echo 'disabled'; } ?>></div>
109	<?php if (isset($o['help']) \|\| (!wfConfig::get('isPaid') && isset($o['premium']) && $o['premium'])): ?>
110	- <span class="wf-help-block"><?php if (!wfConfig::get('isPaid') && isset($o['premium']) && $o['premium']) { echo '<span style="color: #F00;">Premium Feature</span> This feature requires a <a href="https://www.wordfence.com/gnl1optPdOnly1/wordfence-signup/" target="_blank">Wordfence Premium Key</a>. '; } ?><?php if (isset($o['help'])) { echo $o['help']; } ?></span>
111	<?php endif; ?>
112	</div>
113	</div>
	@@ -132,20 +132,20 @@ $w = new wfConfig();
132	endforeach;
133	?>
134	<div class="wf-form-group">
135	- <label for="scan_exclude" class="wf-col-sm-5 wf-control-label">Exclude files from scan that match these wildcard patterns (one per line) <a href="http://docs.wordfence.com/en/Wordfence_options#Exclude_files_from_scan_that_match_these_wildcard_patterns." target="_blank" class="wfhelp"></a></label>
136	<div class="wf-col-sm-7">
137	<textarea id="scan_exclude" class="wf-form-control" rows="4" name="scan_exclude"><?php echo wfUtils::cleanupOneEntryPerLine($w->getHTML( 'scan_exclude' )); ?></textarea>
138	</div>
139	</div>
140	<div class="wf-form-group">
141	- <label for="scan_maxIssues" class="wf-col-sm-5 wf-control-label">Limit the number of issues sent in the scan results email <a href="https://docs.wordfence.com/en/Wordfence_options#Limit_the_number_of_issues_sent_in_the_scan_results_email" target="_blank" class="wfhelp"></a></label>
142	<div class="wf-col-sm-7">
143	<input type="text" class="wf-form-control" name="scan_maxIssues" id="scan_maxIssues" value="<?php $w->f( 'scan_maxIssues' ); ?>">
144	<span class="wf-help-block">0 or empty means unlimited issues will be sent.</span>
145	</div>
146	</div>
147	<div class="wf-form-group">
148	- <label for="scan_maxDuration" class="wf-col-sm-5 wf-control-label">Time limit that a scan can run in seconds <a href="http://docs.wordfence.com/en/Wordfence_options#Time_limit_that_a_scan_can_run_in_seconds" target="_blank" class="wfhelp"></a></label>
149	<div class="wf-col-sm-7">
150	<input type="text" class="wf-form-control" name="scan_maxDuration" id="scan_maxDuration" value="<?php $w->f( 'scan_maxDuration' ); ?>">
151	<span class="wf-help-block">0 or empty means the default of <?php echo wfUtils::makeDuration(WORDFENCE_DEFAULT_MAX_SCAN_TIME); ?> will be used.</span>


3	?>
4	<div class="wordfenceModeElem" id="wordfenceMode_scanOptions"></div>
5	<form id="wfConfigForm-scanOptions" class="wf-form-horizontal">
6	+ <h3>Scans to include <a href="http://docs.wordfence.com/en/Wordfence_options#Scans_to_Include" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></h3>
7	<?php
8	$options = array( //Contents should already be HTML-escaped as needed
9	array(
10	'id' => 'scansEnabled_checkHowGetIPs',
11	+ 'label' => 'Scan for misconfigured How does Wordfence get IPs <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_misconfigured_How_does_Wordfence_get_IPs" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
12	),
13	array(
14	'id' => 'scansEnabled_checkReadableConfig',
15	+ 'label' => 'Scan for publicly accessible configuration, backup, or log files <a href="http://docs.wordfence.com/en/Wordfence_options#Configuration_Readable" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
16	),
17	array(
18	'id' => 'scansEnabled_suspectedFiles',
19	+ 'label' => 'Scan for publicly accessible quarantined files <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_publicly_accessible_quarantined_files" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
20	),
21	array(
22	'id' => 'scansEnabled_core',
23	+ 'label' => 'Scan core files against repository versions for changes <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_core_files_against_repository_version_for_changes" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
24	),
25	array(
26	'id' => 'scansEnabled_themes',
27	+ 'label' => 'Scan theme files against repository versions for changes <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_theme_files_against_repository_versions_for_changes" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
28	),
29	array(
30	'id' => 'scansEnabled_plugins',
31	+ 'label' => 'Scan plugin files against repository versions for changes <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_plugin_files_against_repository_versions_for_changes" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
32	),
33	array(
34	'id' => 'scansEnabled_coreUnknown',
35	+ 'label' => 'Scan wp-admin and wp-includes for files not bundled with WordPress <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_wordpress_core_for_unknown_files" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
36	),
37	array(
38	'id' => 'scansEnabled_malware',
39	+ 'label' => 'Scan for signatures of known malicious files <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_signatures_of_known_malicious_files" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
40	),
41	array(
42	'id' => 'scansEnabled_fileContents',
43	+ 'label' => 'Scan file contents for backdoors, trojans and suspicious code <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_file_contents_for_backdoors.2C_trojans_and_suspicious_code" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
44	'help' => '<a href="#add-more-rules" class="do-show" data-selector="#scan_include_extra">+ Add additional signatures</a>',
45	'subs' => array(
46	array(

57	),
58	array(
59	'id' => 'scansEnabled_posts',
60	+ 'label' => 'Scan posts for known dangerous URLs and suspicious content <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_posts_for_known_dangerous_URLs_and_suspicious_content" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
61	),
62	array(
63	'id' => 'scansEnabled_comments',
64	+ 'label' => 'Scan comments for known dangerous URLs and suspicious content <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_comments_for_known_dangerous_URLs_and_suspicious_content" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
65	),
66	array(
67	'id' => 'scansEnabled_oldVersions',
68	+ 'label' => 'Scan for out of date plugins, themes and WordPress versions <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_out_of_date_plugins.2C_themes_and_WordPress_versions" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
69	),
70	array(
71	'id' => 'scansEnabled_suspiciousAdminUsers',
72	+ 'label' => 'Scan for admin users created outside of WordPress <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_admin_users_created_outside_of_WordPress" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
73	),
74	array(
75	'id' => 'scansEnabled_passwds',
76	+ 'label' => 'Check the strength of passwords <a href="http://docs.wordfence.com/en/Wordfence_options#Check_the_strength_of_passwords" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
77	),
78	array(
79	'id' => 'scansEnabled_diskSpace',
80	+ 'label' => 'Monitor disk space<a href="http://docs.wordfence.com/en/Wordfence_options#Monitor_disk_space" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
81	),
82	array(
83	'id' => 'scansEnabled_dns',
84	+ 'label' => 'Scan for unauthorized DNS changes <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_unauthorized_DNS_changes" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
85	),
86	array(
87	'id' => 'other_scanOutside',
88	+ 'label' => 'Scan files outside your WordPress installation <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_files_outside_your_WordPress_installation" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
89	),
90	array(
91	'id' => 'scansEnabled_scanImages',
92	+ 'label' => 'Scan images, binary, and other files as if they were executable <a href="http://docs.wordfence.com/en/Wordfence_options#Scan_image_files_as_if_they_were_executable" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
93	),
94	array(
95	'id' => 'scansEnabled_highSense',
96	+ 'label' => 'Enable HIGH SENSITIVITY scanning (may give false positives) <a href="http://docs.wordfence.com/en/Wordfence_options#Enable_HIGH_SENSITIVITY_scanning" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
97	),
98	array(
99	'id' => 'lowResourceScansEnabled',
100	+ 'label' => 'Use low resource scanning (reduces server load by lengthening the scan duration) <a href="http://docs.wordfence.com/en/Wordfence_options#Use_low_resource_scanning" target="_blank" rel="noopener noreferrer" class="wfhelp"></a>',
101	),
102	);
103	foreach ($options as $o):

107	<div class="wf-col-sm-7">
108	<div class="wf-checkbox"><input type="checkbox" id="<?php echo $o['id']; ?>" class="wfConfigElem" name="<?php echo $o['id']; ?>" value="1" <?php $w->cb($o['id']); ?> <?php if (!wfConfig::get('isPaid') && isset($o['premium']) && $o['premium']) { echo 'disabled'; } ?>></div>
109	<?php if (isset($o['help']) \|\| (!wfConfig::get('isPaid') && isset($o['premium']) && $o['premium'])): ?>
110	+ <span class="wf-help-block"><?php if (!wfConfig::get('isPaid') && isset($o['premium']) && $o['premium']) { echo '<span style="color: #F00;">Premium Feature</span> This feature requires a <a href="https://www.wordfence.com/gnl1optPdOnly1/wordfence-signup/" target="_blank" rel="noopener noreferrer">Wordfence Premium Key</a>. '; } ?><?php if (isset($o['help'])) { echo $o['help']; } ?></span>
111	<?php endif; ?>
112	</div>
113	</div>

132	endforeach;
133	?>
134	<div class="wf-form-group">
135	+ <label for="scan_exclude" class="wf-col-sm-5 wf-control-label">Exclude files from scan that match these wildcard patterns (one per line) <a href="http://docs.wordfence.com/en/Wordfence_options#Exclude_files_from_scan_that_match_these_wildcard_patterns." target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
136	<div class="wf-col-sm-7">
137	<textarea id="scan_exclude" class="wf-form-control" rows="4" name="scan_exclude"><?php echo wfUtils::cleanupOneEntryPerLine($w->getHTML( 'scan_exclude' )); ?></textarea>
138	</div>
139	</div>
140	<div class="wf-form-group">
141	+ <label for="scan_maxIssues" class="wf-col-sm-5 wf-control-label">Limit the number of issues sent in the scan results email <a href="https://docs.wordfence.com/en/Wordfence_options#Limit_the_number_of_issues_sent_in_the_scan_results_email" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
142	<div class="wf-col-sm-7">
143	<input type="text" class="wf-form-control" name="scan_maxIssues" id="scan_maxIssues" value="<?php $w->f( 'scan_maxIssues' ); ?>">
144	<span class="wf-help-block">0 or empty means unlimited issues will be sent.</span>
145	</div>
146	</div>
147	<div class="wf-form-group">
148	+ <label for="scan_maxDuration" class="wf-col-sm-5 wf-control-label">Time limit that a scan can run in seconds <a href="http://docs.wordfence.com/en/Wordfence_options#Time_limit_that_a_scan_can_run_in_seconds" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></label>
149	<div class="wf-col-sm-7">
150	<input type="text" class="wf-form-control" name="scan_maxDuration" id="scan_maxDuration" value="<?php $w->f( 'scan_maxDuration' ); ?>">
151	<span class="wf-help-block">0 or empty means the default of <?php echo wfUtils::makeDuration(WORDFENCE_DEFAULT_MAX_SCAN_TIME); ?> will be used.</span>

lib/menu_scan_scan.php CHANGED Viewed

	@@ -1,7 +1,7 @@
1	<div class="wordfenceModeElem" id="wordfenceMode_scan"></div>
2	<div class="wf-alert wf-alert-danger" id="wf-scan-failed" style="display: none;">
3	<h4>Scan Failed</h4>
4	- <p>The current scan looks like it has failed. Its last status update was <span id="wf-scan-failed-time-ago"></span> ago. You may continue to wait in case it resumes or cancel and restart the scan. Some sites may need adjustments to run scans reliably. <a href="https://docs.wordfence.com/en/My_scans_don%27t_finish._What_would_cause_that%3F" target="_blank">Click here for steps you can try.</a></p>
5	</div>
6	<div class="wordfenceScanButton wf-center">
7	<a href="#" id="wfStartScanButton1" class="wfStartScanButton button button-primary" onclick="wordfenceAdmin.startScan(); return false;">Start a Wordfence Scan</a><br />
	@@ -26,7 +26,7 @@
26	<?php if (wfConfig::get('scansEnabled_fileContents')): ?>
27	<div>
28	<p class="wf-success">You are running the Premium version of the Threat Defense Feed which is
29	- updated in real-time as new threats emerge. <a href="https://www.wordfence.com/zz13/sign-in/" target="_blank">Protect additional sites.</a></p>
30	</div>
31	<?php else: ?>
32	<div class="wfSecure">Premium scanning enabled</div>
	@@ -44,7 +44,7 @@
44	<p>As new threats emerge, the Threat Defense Feed is updated to detect these new hacks. The Premium
45	version of the Threat Defense Feed is updated in real-time protecting you immediately. As a free
46	user <strong>you are receiving the community version</strong> of the feed which is updated 30 days later.</p>
47	- <p class="center"><a class="wf-btn wf-btn-primary wf-btn-callout" href="https://www.wordfence.com/gnl1scanUpgrade/wordfence-signup/" target="_blank">Get Premium</a></p>
48	</div>
49
50	<?php } ?>
	@@ -87,14 +87,14 @@
87	?>
88	</div></div></div>
89	<div class="consoleFooter">
90	-  <a href="#" target="_blank" class="wfALogViewLink" id="wfALogViewLink">View activity log</a>
91	</div>
92
93	<div class="wf-premium-callout">
94	<h3>Need help with a hacked website?</h3>
95	<p>Our team of security experts will clean the infection and remove malicious content. Once your site is restored we will provide a detailed report of our findings. All for an affordable rate.</p>
96	<?php if (!wfConfig::get('isPaid')) { ?><p><strong>Includes a 1 year Wordfence Premium license.</strong></p><?php } ?>
97	- <p class="center"><a class="wf-btn wf-btn-primary wf-btn-callout" href="https://www.wordfence.com/gnl1scanGetHelp/wordfence-site-cleanings/" target="_blank">Get Help</a></p>
98	</div>
99	</div>
100	<div id="wfScanIssuesWrapper" style="margin-top: 20px;">


1	<div class="wordfenceModeElem" id="wordfenceMode_scan"></div>
2	<div class="wf-alert wf-alert-danger" id="wf-scan-failed" style="display: none;">
3	<h4>Scan Failed</h4>
4	+ <p>The current scan looks like it has failed. Its last status update was <span id="wf-scan-failed-time-ago"></span> ago. You may continue to wait in case it resumes or cancel and restart the scan. Some sites may need adjustments to run scans reliably. <a href="https://docs.wordfence.com/en/My_scans_don%27t_finish._What_would_cause_that%3F" target="_blank" rel="noopener noreferrer">Click here for steps you can try.</a></p>
5	</div>
6	<div class="wordfenceScanButton wf-center">
7	<a href="#" id="wfStartScanButton1" class="wfStartScanButton button button-primary" onclick="wordfenceAdmin.startScan(); return false;">Start a Wordfence Scan</a><br />

26	<?php if (wfConfig::get('scansEnabled_fileContents')): ?>
27	<div>
28	<p class="wf-success">You are running the Premium version of the Threat Defense Feed which is
29	+ updated in real-time as new threats emerge. <a href="https://www.wordfence.com/zz13/sign-in/" target="_blank" rel="noopener noreferrer">Protect additional sites.</a></p>
30	</div>
31	<?php else: ?>
32	<div class="wfSecure">Premium scanning enabled</div>

44	<p>As new threats emerge, the Threat Defense Feed is updated to detect these new hacks. The Premium
45	version of the Threat Defense Feed is updated in real-time protecting you immediately. As a free
46	user <strong>you are receiving the community version</strong> of the feed which is updated 30 days later.</p>
47	+ <p class="center"><a class="wf-btn wf-btn-primary wf-btn-callout" href="https://www.wordfence.com/gnl1scanUpgrade/wordfence-signup/" target="_blank" rel="noopener noreferrer">Get Premium</a></p>
48	</div>
49
50	<?php } ?>

87	?>
88	</div></div></div>
89	<div class="consoleFooter">
90	+  <a href="#" target="_blank" rel="noopener noreferrer" class="wfALogViewLink" id="wfALogViewLink">View activity log</a>
91	</div>
92
93	<div class="wf-premium-callout">
94	<h3>Need help with a hacked website?</h3>
95	<p>Our team of security experts will clean the infection and remove malicious content. Once your site is restored we will provide a detailed report of our findings. All for an affordable rate.</p>
96	<?php if (!wfConfig::get('isPaid')) { ?><p><strong>Includes a 1 year Wordfence Premium license.</strong></p><?php } ?>
97	+ <p class="center"><a class="wf-btn wf-btn-primary wf-btn-callout" href="https://www.wordfence.com/gnl1scanGetHelp/wordfence-site-cleanings/" target="_blank" rel="noopener noreferrer">Get Help</a></p>
98	</div>
99	</div>
100	<div id="wfScanIssuesWrapper" style="margin-top: 20px;">

lib/menu_scan_schedule.php CHANGED Viewed

	@@ -11,7 +11,7 @@
11	<li>Access to Premium Support</li>
12	<li>Discounts of up to 90% available for multiyear and multi-license purchases</li>
13	</ul>
14	- <p class="center"><a class="wf-btn wf-btn-primary wf-btn-callout" href="https://www.wordfence.com/gnl1scanSched1/wordfence-signup/" target="_blank">Get Premium</a></p>
15	</div>
16	<?php } ?>
17	<?php $schedMode = wfConfig::get('isPaid') ? wfConfig::get('schedMode', 'auto') : 'auto'; ?>
	@@ -268,7 +268,7 @@ if(wfConfig::get('isPaid')){
268	} else {
269	?>
270	If you would like access to this premium feature, please
271	- <a href="https://www.wordfence.com/gnl1scanSched2/wordfence-signup/" target="_blank">upgrade to our Premium version</a>.
272	</p>
273	<?php
274	}


11	<li>Access to Premium Support</li>
12	<li>Discounts of up to 90% available for multiyear and multi-license purchases</li>
13	</ul>
14	+ <p class="center"><a class="wf-btn wf-btn-primary wf-btn-callout" href="https://www.wordfence.com/gnl1scanSched1/wordfence-signup/" target="_blank" rel="noopener noreferrer">Get Premium</a></p>
15	</div>
16	<?php } ?>
17	<?php $schedMode = wfConfig::get('isPaid') ? wfConfig::get('schedMode', 'auto') : 'auto'; ?>

268	} else {
269	?>
270	If you would like access to this premium feature, please
271	+ <a href="https://www.wordfence.com/gnl1scanSched2/wordfence-signup/" target="_blank" rel="noopener noreferrer">upgrade to our Premium version</a>.
272	</p>
273	<?php
274	}

lib/menu_tools_diagnostic.php CHANGED Viewed

	@@ -448,7 +448,7 @@ if (!isset($sendingDiagnosticEmail)) { $sendingDiagnosticEmail = false; }
448	foreach ($errorLogs as $log => $readable): ?>
449	<tr>
450	<td style="width: 100%"><?php echo esc_html($log) . ' (' . wfUtils::formatBytes(filesize($log)) . ')'; ?></td>
451	- <td style="white-space: nowrap; text-align: right;"><?php echo ($readable ? '<a href="#" data-logfile="' . esc_html($log) . '" class="downloadLogFile" target="_blank">Download</a>' : '<em>Requires downloading from the server directly</em>'); ?></td>
452	</tr>
453	<?php endforeach;
454	endif; ?>
	@@ -468,19 +468,19 @@ if (!isset($sendingDiagnosticEmail)) { $sendingDiagnosticEmail = false; }
468	<ul>
469	<li>
470	<a href="<?php echo wfUtils::siteURLRelative(); ?>?_wfsf=sysinfo&nonce=<?php echo wp_create_nonce('wp-ajax'); ?>"
471	- target="_blank">Click to view your system's configuration in a new window</a>
472	<a href="https://docs.wordfence.com/en/Wordfence_diagnostics#Click_to_view_your_system.27s_configuration_in_a_new_window"
473	- target="_blank" class="wfhelp"></a></li>
474	<li>
475	<a href="<?php echo wfUtils::siteURLRelative(); ?>?_wfsf=testmem&nonce=<?php echo wp_create_nonce('wp-ajax'); ?>"
476	- target="_blank">Test your WordPress host's available memory</a>
477	<a href="https://docs.wordfence.com/en/Wordfence_diagnostics#Test_your_WordPress_host.27s_available_memory"
478	- target="_blank" class="wfhelp"></a>
479	</li>
480	<li>
481	Send a test email from this WordPress server to an email address:<a
482	href="https://docs.wordfence.com/en/Wordfence_diagnostics#Send_a_test_email_from_this_WordPress_server_to_an_email_address"
483	- target="_blank" class="wfhelp"></a>
484	<input type="text" id="testEmailDest" value="" size="20" maxlength="255" class="wfConfigElem"/>
485	<input class="wf-btn wf-btn-default" type="button" value="Send Test Email"
486	onclick="WFAD.sendTestEmail(jQuery('#testEmailDest').val());"/>
	@@ -489,7 +489,7 @@ if (!isset($sendingDiagnosticEmail)) { $sendingDiagnosticEmail = false; }
489
490	<?php if (!WFWAF_SUBDIRECTORY_INSTALL): ?>
491	<div id="updateWAFRules">
492	- <h3>Firewall Rules <a href="https://docs.wordfence.com/en/Wordfence_diagnostics#Firewall_Rules" target="_blank" class="wfhelp"></a></h3>
493
494	<p>
495	<button type="button" onclick="WFAD.wafUpdateRules()" class="wf-btn wf-btn-primary">
	@@ -539,7 +539,7 @@ if (!isset($sendingDiagnosticEmail)) { $sendingDiagnosticEmail = false; }
539	<tr>
540	<th>Enable debugging mode (increases database load)<a
541	href="https://docs.wordfence.com/en/Wordfence_diagnostics#Enable_debugging_mode_.28increases_database_load.29"
542	- target="_blank" class="wfhelp"></a></th>
543	<td><input type="checkbox" id="debugOn" class="wfConfigElem" name="debugOn"
544	value="1" <?php $w->cb('debugOn'); ?> /></td>
545	</tr>
	@@ -547,7 +547,7 @@ if (!isset($sendingDiagnosticEmail)) { $sendingDiagnosticEmail = false; }
547	<tr>
548	<th>Start all scans remotely<a
549	href="https://docs.wordfence.com/en/Wordfence_diagnostics#Start_all_scans_remotely"
550	- target="_blank" class="wfhelp"></a></th>
551	<td><input type="checkbox" id="startScansRemotely" class="wfConfigElem" name="startScansRemotely"
552	value="1" <?php $w->cb('startScansRemotely'); ?> />
553	(Try this if your scans aren't starting and your site is publicly accessible)
	@@ -557,7 +557,7 @@ if (!isset($sendingDiagnosticEmail)) { $sendingDiagnosticEmail = false; }
557	<tr>
558	<th><label class="wf-plain" for="ssl_verify">Enable SSL Verification</label><a
559	href="https://docs.wordfence.com/en/Wordfence_diagnostics#Enable_SSL_Verification"
560	- target="_blank" class="wfhelp"></a>
561	</th>
562	<td style="vertical-align: top;"><input type="checkbox" id="ssl_verify" class="wfConfigElem"
563	name="ssl_verify"
	@@ -570,7 +570,7 @@ if (!isset($sendingDiagnosticEmail)) { $sendingDiagnosticEmail = false; }
570	<tr>
571	<th><label class="wf-plain" for="betaThreatDefenseFeed">Enable beta threat defense feed</label><a
572	href="https://docs.wordfence.com/en/Wordfence_diagnostics#Enable_beta_threat_defense_feed"
573	- target="_blank" class="wfhelp"></a></th>
574	<td style="vertical-align: top;"><input type="checkbox" id="betaThreatDefenseFeed"
575	class="wfConfigElem"
576	name="betaThreatDefenseFeed"


448	foreach ($errorLogs as $log => $readable): ?>
449	<tr>
450	<td style="width: 100%"><?php echo esc_html($log) . ' (' . wfUtils::formatBytes(filesize($log)) . ')'; ?></td>
451	+ <td style="white-space: nowrap; text-align: right;"><?php echo ($readable ? '<a href="#" data-logfile="' . esc_html($log) . '" class="downloadLogFile" target="_blank" rel="noopener noreferrer">Download</a>' : '<em>Requires downloading from the server directly</em>'); ?></td>
452	</tr>
453	<?php endforeach;
454	endif; ?>

468	<ul>
469	<li>
470	<a href="<?php echo wfUtils::siteURLRelative(); ?>?_wfsf=sysinfo&nonce=<?php echo wp_create_nonce('wp-ajax'); ?>"
471	+ target="_blank" rel="noopener noreferrer">Click to view your system's configuration in a new window</a>
472	<a href="https://docs.wordfence.com/en/Wordfence_diagnostics#Click_to_view_your_system.27s_configuration_in_a_new_window"
473	+ target="_blank" rel="noopener noreferrer" class="wfhelp"></a></li>
474	<li>
475	<a href="<?php echo wfUtils::siteURLRelative(); ?>?_wfsf=testmem&nonce=<?php echo wp_create_nonce('wp-ajax'); ?>"
476	+ target="_blank" rel="noopener noreferrer">Test your WordPress host's available memory</a>
477	<a href="https://docs.wordfence.com/en/Wordfence_diagnostics#Test_your_WordPress_host.27s_available_memory"
478	+ target="_blank" rel="noopener noreferrer" class="wfhelp"></a>
479	</li>
480	<li>
481	Send a test email from this WordPress server to an email address:<a
482	href="https://docs.wordfence.com/en/Wordfence_diagnostics#Send_a_test_email_from_this_WordPress_server_to_an_email_address"
483	+ target="_blank" rel="noopener noreferrer" class="wfhelp"></a>
484	<input type="text" id="testEmailDest" value="" size="20" maxlength="255" class="wfConfigElem"/>
485	<input class="wf-btn wf-btn-default" type="button" value="Send Test Email"
486	onclick="WFAD.sendTestEmail(jQuery('#testEmailDest').val());"/>

489
490	<?php if (!WFWAF_SUBDIRECTORY_INSTALL): ?>
491	<div id="updateWAFRules">
492	+ <h3>Firewall Rules <a href="https://docs.wordfence.com/en/Wordfence_diagnostics#Firewall_Rules" target="_blank" rel="noopener noreferrer" class="wfhelp"></a></h3>
493
494	<p>
495	<button type="button" onclick="WFAD.wafUpdateRules()" class="wf-btn wf-btn-primary">

539	<tr>
540	<th>Enable debugging mode (increases database load)<a
541	href="https://docs.wordfence.com/en/Wordfence_diagnostics#Enable_debugging_mode_.28increases_database_load.29"
542	+ target="_blank" rel="noopener noreferrer" class="wfhelp"></a></th>
543	<td><input type="checkbox" id="debugOn" class="wfConfigElem" name="debugOn"
544	value="1" <?php $w->cb('debugOn'); ?> /></td>
545	</tr>

547	<tr>
548	<th>Start all scans remotely<a
549	href="https://docs.wordfence.com/en/Wordfence_diagnostics#Start_all_scans_remotely"
550	+ target="_blank" rel="noopener noreferrer" class="wfhelp"></a></th>
551	<td><input type="checkbox" id="startScansRemotely" class="wfConfigElem" name="startScansRemotely"
552	value="1" <?php $w->cb('startScansRemotely'); ?> />
553	(Try this if your scans aren't starting and your site is publicly accessible)

557	<tr>
558	<th><label class="wf-plain" for="ssl_verify">Enable SSL Verification</label><a
559	href="https://docs.wordfence.com/en/Wordfence_diagnostics#Enable_SSL_Verification"
560	+ target="_blank" rel="noopener noreferrer" class="wfhelp"></a>
561	</th>
562	<td style="vertical-align: top;"><input type="checkbox" id="ssl_verify" class="wfConfigElem"
563	name="ssl_verify"

570	<tr>
571	<th><label class="wf-plain" for="betaThreatDefenseFeed">Enable beta threat defense feed</label><a
572	href="https://docs.wordfence.com/en/Wordfence_diagnostics#Enable_beta_threat_defense_feed"
573	+ target="_blank" rel="noopener noreferrer" class="wfhelp"></a></th>
574	<td style="vertical-align: top;"><input type="checkbox" id="betaThreatDefenseFeed"
575	class="wfConfigElem"
576	name="betaThreatDefenseFeed"

lib/menu_tools_passwd.php CHANGED Viewed

	@@ -1,4 +1,4 @@
1	- <div class="wordfenceHelpLink"><a href="<?php echo $helpLink; ?>" target="_blank" class="wfhelp"></a><a href="<?php echo $helpLink; ?>" target="_blank"><?php echo $helpLabel; ?></a></div>
2	<div>
3	<div id="wordfenceMode_passwd"></div>
4	<?php if (!wfConfig::get('isPaid')) { ?>
	@@ -13,7 +13,7 @@
13	<li>Access to Premium Support</li>
14	<li>Discounts of up to 90% available for multiyear and multi-license purchases</li>
15	</ul>
16	- <p class="center"><a class="wf-btn wf-btn-primary wf-btn-callout" href="https://www.wordfence.com/gnl1pwAuditUp1/wordfence-signup/" target="_blank">Get Premium</a></p>
17	</div>
18	<?php } ?>
19
	@@ -169,7 +169,7 @@
169	} else {
170	?>
171	If you would like access to this premium feature, please
172	- <a href="https://www.wordfence.com/gnl1pwAuditUp2/wordfence-signup/" target="_blank">upgrade to our premium version</a>.
173	</p>
174	<?php
175	}


1	+ <div class="wordfenceHelpLink"><a href="<?php echo $helpLink; ?>" target="_blank" rel="noopener noreferrer" class="wfhelp"></a><a href="<?php echo $helpLink; ?>" target="_blank" rel="noopener noreferrer"><?php echo $helpLabel; ?></a></div>
2	<div>
3	<div id="wordfenceMode_passwd"></div>
4	<?php if (!wfConfig::get('isPaid')) { ?>

13	<li>Access to Premium Support</li>
14	<li>Discounts of up to 90% available for multiyear and multi-license purchases</li>
15	</ul>
16	+ <p class="center"><a class="wf-btn wf-btn-primary wf-btn-callout" href="https://www.wordfence.com/gnl1pwAuditUp1/wordfence-signup/" target="_blank" rel="noopener noreferrer">Get Premium</a></p>
17	</div>
18	<?php } ?>
19

169	} else {
170	?>
171	If you would like access to this premium feature, please
172	+ <a href="https://www.wordfence.com/gnl1pwAuditUp2/wordfence-signup/" target="_blank" rel="noopener noreferrer">upgrade to our premium version</a>.
173	</p>
174	<?php
175	}

lib/menu_tools_twoFactor.php CHANGED Viewed

	@@ -1,4 +1,4 @@
1	- <div class="wordfenceHelpLink"><a href="<?php echo $helpLink; ?>" target="_blank" class="wfhelp"></a><a href="<?php echo $helpLink; ?>" target="_blank"><?php echo $helpLabel; ?></a></div>
2	<div>
3	<div class="wordfenceModeElem" id="wordfenceMode_twoFactor"></div>
4	<?php if(! wfConfig::get('isPaid')){ ?>
	@@ -19,7 +19,7 @@
19	<li>Discounts of up to 90% available for multiyear and multi-license purchases</li>
20	</ul>
21
22	- <p class="center"><a class="wf-btn wf-btn-primary wf-btn-callout" href="https://www.wordfence.com/gnl1twoFac1/wordfence-signup/" target="_blank">Get Premium</a></p>
23	</div>
24	<?php } ?>
25
	@@ -74,7 +74,7 @@
74	<table class="wfConfigForm">
75	<tr>
76	<td><input type="checkbox" class="twoFactorOption" id="loginSec_requireAdminTwoFactor" name="loginSec_requireAdminTwoFactor"<?php echo wfConfig::get('loginSec_requireAdminTwoFactor') ? ' checked' : ''; ?>></td>
77	- <th>Require Cellphone Sign-in for all Administrators<a href="<?php echo $helpLink; ?>" target="_blank" class="wfhelp"></a><br>
78	<em>This setting requires at least one administrator to have Cellphone Sign-in enabled. On multisite, this option applies only to super admins.</em></th>
79	</tr>
80	<tr>
	@@ -82,7 +82,7 @@
82	$allowSeparatePrompt = ini_get('output_buffering') > 0;
83	?>
84	<td><input type="checkbox" class="twoFactorOption" id="loginSec_enableSeparateTwoFactor" name="loginSec_enableSeparateTwoFactor"<?php echo wfConfig::get('loginSec_enableSeparateTwoFactor') ? ' checked' : ''; echo ($allowSeparatePrompt ? '' : ' disabled'); ?>></td>
85	- <th>Enable Separate Prompt for Two Factor Code<a href="<?php echo $helpLink; ?>" target="_blank" class="wfhelp"></a><br>
86	<em>This setting changes the behavior for obtaining the two factor authentication code from using the password field to showing a separate prompt. If your theme overrides the default login page, you may not be able to use this option.</em>
87	<?php echo ($allowSeparatePrompt ? '' : '<br><strong>This setting will be ignored because the PHP configuration option <code>output_buffering</code> is off.</strong>'); ?></th>
88	</tr>
	@@ -170,7 +170,7 @@ if(wfConfig::get('isPaid')){
170	} else {
171	?>
172	If you would like access to this premium feature, please
173	- <a href="https://www.wordfence.com/gnl1twoFac2/wordfence-signup/" target="_blank">upgrade to our premium version</a>.
174	<?php
175	}
176	?>


1	+ <div class="wordfenceHelpLink"><a href="<?php echo $helpLink; ?>" target="_blank" rel="noopener noreferrer" class="wfhelp"></a><a href="<?php echo $helpLink; ?>" target="_blank" rel="noopener noreferrer"><?php echo $helpLabel; ?></a></div>
2	<div>
3	<div class="wordfenceModeElem" id="wordfenceMode_twoFactor"></div>
4	<?php if(! wfConfig::get('isPaid')){ ?>

19	<li>Discounts of up to 90% available for multiyear and multi-license purchases</li>
20	</ul>
21
22	+ <p class="center"><a class="wf-btn wf-btn-primary wf-btn-callout" href="https://www.wordfence.com/gnl1twoFac1/wordfence-signup/" target="_blank" rel="noopener noreferrer">Get Premium</a></p>
23	</div>
24	<?php } ?>
25

74	<table class="wfConfigForm">
75	<tr>
76	<td><input type="checkbox" class="twoFactorOption" id="loginSec_requireAdminTwoFactor" name="loginSec_requireAdminTwoFactor"<?php echo wfConfig::get('loginSec_requireAdminTwoFactor') ? ' checked' : ''; ?>></td>
77	+ <th>Require Cellphone Sign-in for all Administrators<a href="<?php echo $helpLink; ?>" target="_blank" rel="noopener noreferrer" class="wfhelp"></a><br>
78	<em>This setting requires at least one administrator to have Cellphone Sign-in enabled. On multisite, this option applies only to super admins.</em></th>
79	</tr>
80	<tr>

82	$allowSeparatePrompt = ini_get('output_buffering') > 0;
83	?>
84	<td><input type="checkbox" class="twoFactorOption" id="loginSec_enableSeparateTwoFactor" name="loginSec_enableSeparateTwoFactor"<?php echo wfConfig::get('loginSec_enableSeparateTwoFactor') ? ' checked' : ''; echo ($allowSeparatePrompt ? '' : ' disabled'); ?>></td>
85	+ <th>Enable Separate Prompt for Two Factor Code<a href="<?php echo $helpLink; ?>" target="_blank" rel="noopener noreferrer" class="wfhelp"></a><br>
86	<em>This setting changes the behavior for obtaining the two factor authentication code from using the password field to showing a separate prompt. If your theme overrides the default login page, you may not be able to use this option.</em>
87	<?php echo ($allowSeparatePrompt ? '' : '<br><strong>This setting will be ignored because the PHP configuration option <code>output_buffering</code> is off.</strong>'); ?></th>
88	</tr>

170	} else {
171	?>
172	If you would like access to this premium feature, please
173	+ <a href="https://www.wordfence.com/gnl1twoFac2/wordfence-signup/" target="_blank" rel="noopener noreferrer">upgrade to our premium version</a>.
174	<?php
175	}
176	?>

lib/menu_tools_whois.php CHANGED Viewed

	@@ -1,4 +1,4 @@
1	- <div class="wordfenceHelpLink"><a href="<?php echo $helpLink; ?>" target="_blank" class="wfhelp"></a><a href="<?php echo $helpLink; ?>" target="_blank"><?php echo $helpLabel; ?></a></div>
2	<div>
3	<div class="wordfenceModeElem" id="wordfenceMode_whois"></div>
4	<?php


1	+ <div class="wordfenceHelpLink"><a href="<?php echo $helpLink; ?>" target="_blank" rel="noopener noreferrer" class="wfhelp"></a><a href="<?php echo $helpLink; ?>" target="_blank" rel="noopener noreferrer"><?php echo $helpLabel; ?></a></div>
2	<div>
3	<div class="wordfenceModeElem" id="wordfenceMode_whois"></div>
4	<?php

lib/pageTitle.php CHANGED Viewed

	@@ -25,6 +25,6 @@
25	</li>
26	</ul>
27	<?php endif; ?>
28	- <?php if (isset($helpLink)): ?><div class="wordfenceHelpLink"><a href="<?php echo $helpLink; ?>" target="_blank" class="wfhelp"></a><a href="<?php echo $helpLink; ?>" target="_blank"><?php echo $helpLabel; ?></a></div><?php endif; ?>
29	</div>
30	</div>


25	</li>
26	</ul>
27	<?php endif; ?>
28	+ <?php if (isset($helpLink)): ?><div class="wordfenceHelpLink"><a href="<?php echo $helpLink; ?>" target="_blank" rel="noopener noreferrer" class="wfhelp"></a><a href="<?php echo $helpLink; ?>" target="_blank" rel="noopener noreferrer"><?php echo $helpLabel; ?></a></div><?php endif; ?>
29	</div>
30	</div>

lib/unknownFiles.php CHANGED Viewed

	@@ -139,7 +139,7 @@ if($fileList){
139	</tr>
140	<?php
141	for($i = 0; $i < sizeof($files); $i++){
142	- echo '<tr><td>' . wfUtils::formatBytes($files[$i][2]) . '</td><td>' . wfUtils::makeTimeAgo(time() - $files[$i][3]) . ' ago.</td><td>' . $files[$i][5] . '</td><td>' . $files[$i][6] . '</td><td>' . $files[$i][7] . '</td><td><a href="' . $files[$i][4] . '" target="_blank">' . $files[$i][1] . '</a></td></tr>';
143	}
144	echo "</table>";
145	} else {


139	</tr>
140	<?php
141	for($i = 0; $i < sizeof($files); $i++){
142	+ echo '<tr><td>' . wfUtils::formatBytes($files[$i][2]) . '</td><td>' . wfUtils::makeTimeAgo(time() - $files[$i][3]) . ' ago.</td><td>' . $files[$i][5] . '</td><td>' . $files[$i][6] . '</td><td>' . $files[$i][7] . '</td><td><a href="' . $files[$i][4] . '" target="_blank" rel="noopener noreferrer">' . $files[$i][1] . '</a></td></tr>';
143	}
144	echo "</table>";
145	} else {

lib/wfActivityReport.php CHANGED Viewed

	@@ -634,7 +634,7 @@ class wfRecentlyModifiedFiles extends wfDirectoryIterator {
634	public function __construct($directory = ABSPATH, $max_files_per_directory = 20000, $max_iterations = 250000, $time_range = 604800) {
635	parent::__construct($directory, $max_files_per_directory, $max_iterations);
636	$this->time_range = $time_range;
637	- $excluded_directories = explode(',', (~~string)~~ wfConfig::get('email_summary_excluded_directories'));
638	$this->excluded_directories = array();
639	foreach ($excluded_directories as $index => $path) {
640	if (($dir = realpath(ABSPATH . $path)) !== false) {


634	public function __construct($directory = ABSPATH, $max_files_per_directory = 20000, $max_iterations = 250000, $time_range = 604800) {
635	parent::__construct($directory, $max_files_per_directory, $max_iterations);
636	$this->time_range = $time_range;
637	+ $excluded_directories = explode("\n", wfUtils::cleanupOneEntryPerLine(wfConfig::get('email_summary_excluded_directories', '')));
638	$this->excluded_directories = array();
639	foreach ($excluded_directories as $index => $path) {
640	if (($dir = realpath(ABSPATH . $path)) !== false) {

lib/wfConfig.php CHANGED Viewed

	@@ -78,6 +78,7 @@ class wfConfig {
78	"other_pwStrengthOnUpdate" => array('value' => true, 'autoload' => self::AUTOLOAD),
79	"other_WFNet" => array('value' => true, 'autoload' => self::AUTOLOAD),
80	"other_scanOutside" => array('value' => false, 'autoload' => self::AUTOLOAD),

81	"deleteTablesOnDeact" => array('value' => false, 'autoload' => self::AUTOLOAD),
82	"autoUpdate" => array('value' => false, 'autoload' => self::AUTOLOAD),
83	"disableCookies" => array('value' => false, 'autoload' => self::AUTOLOAD),
	@@ -744,7 +745,7 @@ SQL
744	}
745	public static function autoUpdate(){
746	try {
747	- if(getenv('noabort') != '1' && stristr($_SERVER['SERVER_SOFTWARE'], 'litespeed') !== false){
748	$lastEmail = self::get('lastLiteSpdEmail', false);
749	if( (! $lastEmail) \|\| (time() - (int)$lastEmail > (86400 * 30))){
750	self::set('lastLiteSpdEmail', time());


78	"other_pwStrengthOnUpdate" => array('value' => true, 'autoload' => self::AUTOLOAD),
79	"other_WFNet" => array('value' => true, 'autoload' => self::AUTOLOAD),
80	"other_scanOutside" => array('value' => false, 'autoload' => self::AUTOLOAD),
81	+ "other_bypassLitespeedNoabort" => array('value' => false, 'autoload' => self::AUTOLOAD),
82	"deleteTablesOnDeact" => array('value' => false, 'autoload' => self::AUTOLOAD),
83	"autoUpdate" => array('value' => false, 'autoload' => self::AUTOLOAD),
84	"disableCookies" => array('value' => false, 'autoload' => self::AUTOLOAD),

745	}
746	public static function autoUpdate(){
747	try {
748	+ if (!wfConfig::get('other_bypassLitespeedNoabort', false) && getenv('noabort') != '1' && stristr($_SERVER['SERVER_SOFTWARE'], 'litespeed') !== false) {
749	$lastEmail = self::get('lastLiteSpdEmail', false);
750	if( (! $lastEmail) \|\| (time() - (int)$lastEmail > (86400 * 30))){
751	self::set('lastLiteSpdEmail', time());

lib/wfCrypt.php CHANGED Viewed

	@@ -30,16 +30,10 @@ ENDKEY;
30	return $key;
31	}
32	public static function makeSymHexKey($length){
33	- $~~charset='ABCDEF0123456789'~~;
34	- $str = '';
35	- $count = strlen($charset);
36	- while($length--) {
37	- $str .= $charset[mt_rand(0, $count-1)];
38	- }
39	- return $str;
40	}
41	- public static function pubCrypt($symKey){ #encrypts a symmetric key and returns it base64
42	- openssl_public_encrypt($symKey, $encSymKey, self::getPubKey(), ~~OPENSSL_PKCS1_PADDING~~); //~~OPENSSL_PKCS1_PADDING~~ ~~is the~~ default ~~but~~ ~~setting~~ ~~explicitly because that's what we expect on the server~~.
43	return base64_encode($encSymKey);
44	}
45	}


30	return $key;
31	}
32	public static function makeSymHexKey($length){
33	+ return bin2hex(wfWAFUtils::random_bytes($length / 2));






34	}
35	+ public static function pubCrypt($symKey){ //encrypts a symmetric key and returns it base64
36	+ openssl_public_encrypt($symKey, $encSymKey, self::getPubKey(), OPENSSL_PKCS1_OAEP_PADDING); //The default OPENSSL_PKCS1_PADDING is deprecated.
37	return base64_encode($encSymKey);
38	}
39	}

lib/wfDashboard.php CHANGED Viewed

@@ -53,6 +53,21 @@ class wfDashboard {
             			unset($data['notifications']);
+            		}
             		wfConfig::set_ser('dashboardData', $data);
+            	}


53
54	unset($data['notifications']);
55	}
56	+
57	+ if (isset($data['revoked'])) {
58	+ foreach ($data['revoked'] as $r) {
59	+ if (!isset($r['id'])) {
60	+ continue;
61	+ }
62	+
63	+ $notification = wfNotification::getNotificationForID($r['id']);
64	+ if ($notification !== null) {
65	+ $notification->markAsRead();
66	+ }
67	+ }
68	+
69	+ unset($data['revoked']);
70	+ }
71	wfConfig::set_ser('dashboardData', $data);
72	}
73

lib/wfDiagnostic.php CHANGED Viewed

	@@ -69,7 +69,7 @@ class wfDiagnostic
69	'userCanTruncate' => 'Checking if MySQL user has <code>TRUNCATE</code> privilege',
70	),
71	'PHP' => array(
72	- 'phpVersion' => 'PHP version >= PHP 5.2.4<br><em> (<a href="https://wordpress.org/about/requirements/" target="_blank">Minimum version required by WordPress</a>)</em>',
73	'processOwner' => 'Process Owner',
74	'hasOpenSSL' => 'Checking for OpenSSL support',
75	'hasCurl' => 'Checking for cURL support',


69	'userCanTruncate' => 'Checking if MySQL user has <code>TRUNCATE</code> privilege',
70	),
71	'PHP' => array(
72	+ 'phpVersion' => 'PHP version >= PHP 5.2.4<br><em> (<a href="https://wordpress.org/about/requirements/" target="_blank" rel="noopener noreferrer">Minimum version required by WordPress</a>)</em>',
73	'processOwner' => 'Process Owner',
74	'hasOpenSSL' => 'Checking for OpenSSL support',
75	'hasCurl' => 'Checking for cURL support',

lib/wfScanEngine.php CHANGED Viewed

	@@ -230,7 +230,7 @@ class wfScanEngine {
230	}
231
232	if ((time() - $this->startTime) > $timeLimit){
233	- $error = 'The scan time limit of ' . wfUtils::makeDuration($timeLimit) . ' has been exceeded and the scan will be terminated. This limit can be customized on the options page. <a href="http://docs.wordfence.com/en/Scan_time_limit" target="_blank">Get More Information</a>';
234	$this->addIssue('timelimit', 1, md5($this->startTime), md5($this->startTime), 'Scan Time Limit Exceeded', $error, array());
235	$summary = $this->i->getSummaryItems();
236	$this->status(1, 'info', '-------------------');
	@@ -442,7 +442,7 @@ class wfScanEngine {
442	else {
443	$shortMsg = 'Your site is listed on Google\'s Safe Browsing malware list.';
444	}
445	- $longMsg = "The URL " . esc_html($url) . " is on the malware list. More info available at <a href=\"http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=" . urlencode($url) . "&client=googlechrome&hl=en-US\" target=\"_blank\">Google Safe Browsing diagnostic page</a>.";
446	$data['gsb'] = $badList;
447	}
448	else if ($badList == 'googpub-phish-shavar') {
	@@ -453,7 +453,7 @@ class wfScanEngine {
453	else {
454	$shortMsg = 'Your site is listed on Google\'s Safe Browsing phishing list.';
455	}
456	- $longMsg = "The URL " . esc_html($url) . " is on the phishing list. More info available at <a href=\"http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=" . urlencode($url) . "&client=googlechrome&hl=en-US\" target=\"_blank\">Google Safe Browsing diagnostic page</a>.";
457	$data['gsb'] = $badList;
458	}
459	else if ($badList == 'wordfence-dbl') {
	@@ -525,7 +525,7 @@ class wfScanEngine {
525	$haveIssues = wfIssues::STATUS_FAILED;
526	}
527	else if ($recommendation == 'UNKNOWN') {
528	- $added = $this->addIssue('checkHowGetIPs', 2, 'checkHowGetIPs', 'checkHowGetIPs' . $recommendation . WORDFENCE_VERSION, "Unable to accurately detect IPs", 'Wordfence was unable to validate a test request to your website. This can happen if your website is behind a proxy that does not use one of the standard ways to convey the IP of the request or it is unreachable publicly. IP blocking and live traffic information may not be accurate. <a href="https://docs.wordfence.com/en/Misconfigured_how_get_IPs_notice " target="_blank">Get More Information</a>', array());
529	if ($added == wfIssues::ISSUE_ADDED \|\| $added == wfIssues::ISSUE_UPDATED) { $haveIssues = wfIssues::STATUS_PROBLEM; }
530	else if ($added == wfIssues::ISSUE_IGNOREP \|\| $added == wfIssues::ISSUE_IGNOREC) { $haveIssues = wfIssues::STATUS_IGNORED; }
531	}
	@@ -544,7 +544,7 @@ class wfScanEngine {
544	$extraMsg = ' This site appears to be behind Cloudflare, so using the Cloudflare "CF-Connecting-IP" HTTP header will resolve to the correct IPs.';
545	}
546
547	- $added = $this->addIssue('checkHowGetIPs', 2, 'checkHowGetIPs', 'checkHowGetIPs' . $recommendation . WORDFENCE_VERSION, "'How does Wordfence get IPs' is misconfigured", 'A test request to this website was detected on a different value for this setting. IP blocking and live traffic information may not be accurate. <a href="https://docs.wordfence.com/en/Misconfigured_how_get_IPs_notice " target="_blank">Get More Information</a>' . $extraMsg, array('recommendation' => $recommendation));
548	if ($added == wfIssues::ISSUE_ADDED \|\| $added == wfIssues::ISSUE_UPDATED) { $haveIssues = wfIssues::STATUS_PROBLEM; }
549	else if ($added == wfIssues::ISSUE_IGNOREP \|\| $added == wfIssues::ISSUE_IGNOREC) { $haveIssues = wfIssues::STATUS_IGNORED; }
550	}
	@@ -601,7 +601,7 @@ class wfScanEngine {
601	$key,
602	$key,
603	'Publicly accessible config, backup, or log file found: ' . esc_html($pathFromRoot),
604	- '<a href="' . $test->getUrl() . '" target="_blank">' . $test->getUrl() . '</a> is publicly
605	accessible and may expose sensitive information about your site. Files such as this one are commonly
606	checked for by scanners such as WPScan and should be removed or made inaccessible.',
607	array(
	@@ -797,7 +797,7 @@ class wfScanEngine {
797	$key,
798	$key,
799	'Publicly accessible quarantined file found: ' . esc_html($file),
800	- '<a href="' . $test->getUrl() . '" target="_blank">' . $test->getUrl() . '</a> is publicly
801	accessible and may expose source code or sensitive information about your site. Files such as this one are commonly
802	checked for by scanners and should be removed or made inaccessible.',
803	array(
	@@ -911,7 +911,7 @@ class wfScanEngine {
911
912	if ($result['badList'] == 'goog-malware-shavar') {
913	$shortMsg = "{$uctype} contains a suspected malware URL: " . esc_html($title);
914	- $longMsg = "This " . esc_html($type) . " contains a suspected malware URL listed on Google's list of malware sites. The URL is: " . esc_html($result['URL']) . " - More info available at <a href=\"http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=" . urlencode($result['URL']) . "&client=googlechrome&hl=en-US\" target=\"_blank\">Google Safe Browsing diagnostic page</a>.";
915	}
916	else if ($result['badList'] == 'googpub-phish-shavar') {
917	$shortMsg = "{$uctype} contains a suspected phishing site URL: " . esc_html($title);
	@@ -1029,7 +1029,7 @@ class wfScanEngine {
1029
1030	if ($result['badList'] == 'goog-malware-shavar') {
1031	$shortMsg = "$uctype with author " . esc_html($author) . " contains a suspected malware URL.";
1032	- $longMsg = "This " . esc_html($type) . " contains a suspected malware URL listed on Google's list of malware sites. The URL is: " . esc_html($result['URL']) . " - More info available at <a href=\"http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=" . urlencode($result['URL']) . "&client=googlechrome&hl=en-US\" target=\"_blank\">Google Safe Browsing diagnostic page</a>.";
1033	}
1034	else if ($result['badList'] == 'googpub-phish-shavar') {
1035	$shortMsg = "$uctype contains a suspected phishing site URL.";
	@@ -1559,7 +1559,7 @@ class wfScanEngine {
1559	else {
1560	$longMsg .= ' It may have compatibility problems with the current version of WordPress or unknown security issues.';
1561	}
1562	- $longMsg .= ' <a href="https://docs.wordfence.com/en/Understanding_scan_results#Plugin_appears_to_be_abandoned" target="_blank">Get more information.</a>';
1563	$added = $this->addIssue('wfPluginAbandoned', $severity, $key, $key, $shortMsg, $longMsg, $statusArray);
1564	if ($added == wfIssues::ISSUE_ADDED \|\| $added == wfIssues::ISSUE_UPDATED) { $haveIssues = wfIssues::STATUS_PROBLEM; }
1565	else if ($haveIssues != wfIssues::STATUS_PROBLEM && ($added == wfIssues::ISSUE_IGNOREP \|\| $added == wfIssues::ISSUE_IGNOREC)) { $haveIssues = wfIssues::STATUS_IGNORED; }
	@@ -1589,7 +1589,7 @@ class wfScanEngine {
1589	else {
1590	$longMsg = 'It may have compatibility problems with the current version of WordPress or unknown security issues.';
1591	}
1592	- $longMsg .= ' <a href="https://docs.wordfence.com/en/Understanding_scan_results#Plugin_has_been_removed_from_wordpress.org" target="_blank">Get more information.</a>';
1593	$added = $this->addIssue('wfPluginRemoved', 1, $key, $key, $shortMsg, $longMsg, $pluginData);
1594	if ($added == wfIssues::ISSUE_ADDED \|\| $added == wfIssues::ISSUE_UPDATED) { $haveIssues = wfIssues::STATUS_PROBLEM; }
1595	else if ($haveIssues != wfIssues::STATUS_PROBLEM && ($added == wfIssues::ISSUE_IGNOREP \|\| $added == wfIssues::ISSUE_IGNOREC)) { $haveIssues = wfIssues::STATUS_IGNORED; }
	@@ -1610,7 +1610,7 @@ class wfScanEngine {
1610
1611	$key = 'wfPluginVulnerable' . ' ' . $plugin['pluginFile'] . ' ' . $plugin['Version'];
1612	$shortMsg = "The Plugin \"" . $plugin['Name'] . "\" has an unpatched security vulnerability.";
1613	- $longMsg = 'To protect your site from this vulnerability, the safest option is to deactivate and completely remove ' . esc_html($plugin['Name']) . ' until the developer releases a security fix. <a href="https://docs.wordfence.com/en/Understanding_scan_results#Plugin_has_an_unpatched_security_vulnerability" target="_blank">Get more information.</a>';
1614	$added = $this->addIssue('wfPluginVulnerable', 1, $key, $key, $shortMsg, $longMsg, $plugin);
1615	if ($added == wfIssues::ISSUE_ADDED \|\| $added == wfIssues::ISSUE_UPDATED) { $haveIssues = wfIssues::STATUS_PROBLEM; }
1616	else if ($haveIssues != wfIssues::STATUS_PROBLEM && ($added == wfIssues::ISSUE_IGNOREP \|\| $added == wfIssues::ISSUE_IGNOREC)) { $haveIssues = wfIssues::STATUS_IGNORED; }


230	}
231
232	if ((time() - $this->startTime) > $timeLimit){
233	+ $error = 'The scan time limit of ' . wfUtils::makeDuration($timeLimit) . ' has been exceeded and the scan will be terminated. This limit can be customized on the options page. <a href="http://docs.wordfence.com/en/Scan_time_limit" target="_blank" rel="noopener noreferrer">Get More Information</a>';
234	$this->addIssue('timelimit', 1, md5($this->startTime), md5($this->startTime), 'Scan Time Limit Exceeded', $error, array());
235	$summary = $this->i->getSummaryItems();
236	$this->status(1, 'info', '-------------------');

442	else {
443	$shortMsg = 'Your site is listed on Google\'s Safe Browsing malware list.';
444	}
445	+ $longMsg = "The URL " . esc_html($url) . " is on the malware list. More info available at <a href=\"http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=" . urlencode($url) . "&client=googlechrome&hl=en-US\" target=\"_blank\" rel=\"noopener noreferrer\">Google Safe Browsing diagnostic page</a>.";
446	$data['gsb'] = $badList;
447	}
448	else if ($badList == 'googpub-phish-shavar') {

453	else {
454	$shortMsg = 'Your site is listed on Google\'s Safe Browsing phishing list.';
455	}
456	+ $longMsg = "The URL " . esc_html($url) . " is on the phishing list. More info available at <a href=\"http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=" . urlencode($url) . "&client=googlechrome&hl=en-US\" target=\"_blank\" rel=\"noopener noreferrer\">Google Safe Browsing diagnostic page</a>.";
457	$data['gsb'] = $badList;
458	}
459	else if ($badList == 'wordfence-dbl') {

525	$haveIssues = wfIssues::STATUS_FAILED;
526	}
527	else if ($recommendation == 'UNKNOWN') {
528	+ $added = $this->addIssue('checkHowGetIPs', 2, 'checkHowGetIPs', 'checkHowGetIPs' . $recommendation . WORDFENCE_VERSION, "Unable to accurately detect IPs", 'Wordfence was unable to validate a test request to your website. This can happen if your website is behind a proxy that does not use one of the standard ways to convey the IP of the request or it is unreachable publicly. IP blocking and live traffic information may not be accurate. <a href="https://docs.wordfence.com/en/Misconfigured_how_get_IPs_notice " target="_blank" rel="noopener noreferrer">Get More Information</a>', array());
529	if ($added == wfIssues::ISSUE_ADDED \|\| $added == wfIssues::ISSUE_UPDATED) { $haveIssues = wfIssues::STATUS_PROBLEM; }
530	else if ($added == wfIssues::ISSUE_IGNOREP \|\| $added == wfIssues::ISSUE_IGNOREC) { $haveIssues = wfIssues::STATUS_IGNORED; }
531	}

544	$extraMsg = ' This site appears to be behind Cloudflare, so using the Cloudflare "CF-Connecting-IP" HTTP header will resolve to the correct IPs.';
545	}
546
547	+ $added = $this->addIssue('checkHowGetIPs', 2, 'checkHowGetIPs', 'checkHowGetIPs' . $recommendation . WORDFENCE_VERSION, "'How does Wordfence get IPs' is misconfigured", 'A test request to this website was detected on a different value for this setting. IP blocking and live traffic information may not be accurate. <a href="https://docs.wordfence.com/en/Misconfigured_how_get_IPs_notice " target="_blank" rel="noopener noreferrer">Get More Information</a>' . $extraMsg, array('recommendation' => $recommendation));
548	if ($added == wfIssues::ISSUE_ADDED \|\| $added == wfIssues::ISSUE_UPDATED) { $haveIssues = wfIssues::STATUS_PROBLEM; }
549	else if ($added == wfIssues::ISSUE_IGNOREP \|\| $added == wfIssues::ISSUE_IGNOREC) { $haveIssues = wfIssues::STATUS_IGNORED; }
550	}

601	$key,
602	$key,
603	'Publicly accessible config, backup, or log file found: ' . esc_html($pathFromRoot),
604	+ '<a href="' . $test->getUrl() . '" target="_blank" rel="noopener noreferrer">' . $test->getUrl() . '</a> is publicly
605	accessible and may expose sensitive information about your site. Files such as this one are commonly
606	checked for by scanners such as WPScan and should be removed or made inaccessible.',
607	array(

797	$key,
798	$key,
799	'Publicly accessible quarantined file found: ' . esc_html($file),
800	+ '<a href="' . $test->getUrl() . '" target="_blank" rel="noopener noreferrer">' . $test->getUrl() . '</a> is publicly
801	accessible and may expose source code or sensitive information about your site. Files such as this one are commonly
802	checked for by scanners and should be removed or made inaccessible.',
803	array(

911
912	if ($result['badList'] == 'goog-malware-shavar') {
913	$shortMsg = "{$uctype} contains a suspected malware URL: " . esc_html($title);
914	+ $longMsg = "This " . esc_html($type) . " contains a suspected malware URL listed on Google's list of malware sites. The URL is: " . esc_html($result['URL']) . " - More info available at <a href=\"http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=" . urlencode($result['URL']) . "&client=googlechrome&hl=en-US\" target=\"_blank\" rel=\"noopener noreferrer\">Google Safe Browsing diagnostic page</a>.";
915	}
916	else if ($result['badList'] == 'googpub-phish-shavar') {
917	$shortMsg = "{$uctype} contains a suspected phishing site URL: " . esc_html($title);

1029
1030	if ($result['badList'] == 'goog-malware-shavar') {
1031	$shortMsg = "$uctype with author " . esc_html($author) . " contains a suspected malware URL.";
1032	+ $longMsg = "This " . esc_html($type) . " contains a suspected malware URL listed on Google's list of malware sites. The URL is: " . esc_html($result['URL']) . " - More info available at <a href=\"http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=" . urlencode($result['URL']) . "&client=googlechrome&hl=en-US\" target=\"_blank\" rel=\"noopener noreferrer\">Google Safe Browsing diagnostic page</a>.";
1033	}
1034	else if ($result['badList'] == 'googpub-phish-shavar') {
1035	$shortMsg = "$uctype contains a suspected phishing site URL.";

1559	else {
1560	$longMsg .= ' It may have compatibility problems with the current version of WordPress or unknown security issues.';
1561	}
1562	+ $longMsg .= ' <a href="https://docs.wordfence.com/en/Understanding_scan_results#Plugin_appears_to_be_abandoned" target="_blank" rel="noopener noreferrer">Get more information.</a>';
1563	$added = $this->addIssue('wfPluginAbandoned', $severity, $key, $key, $shortMsg, $longMsg, $statusArray);
1564	if ($added == wfIssues::ISSUE_ADDED \|\| $added == wfIssues::ISSUE_UPDATED) { $haveIssues = wfIssues::STATUS_PROBLEM; }
1565	else if ($haveIssues != wfIssues::STATUS_PROBLEM && ($added == wfIssues::ISSUE_IGNOREP \|\| $added == wfIssues::ISSUE_IGNOREC)) { $haveIssues = wfIssues::STATUS_IGNORED; }

1589	else {
1590	$longMsg = 'It may have compatibility problems with the current version of WordPress or unknown security issues.';
1591	}
1592	+ $longMsg .= ' <a href="https://docs.wordfence.com/en/Understanding_scan_results#Plugin_has_been_removed_from_wordpress.org" target="_blank" rel="noopener noreferrer">Get more information.</a>';
1593	$added = $this->addIssue('wfPluginRemoved', 1, $key, $key, $shortMsg, $longMsg, $pluginData);
1594	if ($added == wfIssues::ISSUE_ADDED \|\| $added == wfIssues::ISSUE_UPDATED) { $haveIssues = wfIssues::STATUS_PROBLEM; }
1595	else if ($haveIssues != wfIssues::STATUS_PROBLEM && ($added == wfIssues::ISSUE_IGNOREP \|\| $added == wfIssues::ISSUE_IGNOREC)) { $haveIssues = wfIssues::STATUS_IGNORED; }

1610
1611	$key = 'wfPluginVulnerable' . ' ' . $plugin['pluginFile'] . ' ' . $plugin['Version'];
1612	$shortMsg = "The Plugin \"" . $plugin['Name'] . "\" has an unpatched security vulnerability.";
1613	+ $longMsg = 'To protect your site from this vulnerability, the safest option is to deactivate and completely remove ' . esc_html($plugin['Name']) . ' until the developer releases a security fix. <a href="https://docs.wordfence.com/en/Understanding_scan_results#Plugin_has_an_unpatched_security_vulnerability" target="_blank" rel="noopener noreferrer">Get more information.</a>';
1614	$added = $this->addIssue('wfPluginVulnerable', 1, $key, $key, $shortMsg, $longMsg, $plugin);
1615	if ($added == wfIssues::ISSUE_ADDED \|\| $added == wfIssues::ISSUE_UPDATED) { $haveIssues = wfIssues::STATUS_PROBLEM; }
1616	else if ($haveIssues != wfIssues::STATUS_PROBLEM && ($added == wfIssues::ISSUE_IGNOREP \|\| $added == wfIssues::ISSUE_IGNOREC)) { $haveIssues = wfIssues::STATUS_IGNORED; }

lib/wfUnlockMsg.php CHANGED Viewed

	@@ -1,4 +1,4 @@
1	- If you are a site administrator and have been accidentally locked out, please enter your email in the box below and click "Send". If the email address you enter belongs to a known site administrator or someone set to receive Wordfence alerts, we will send you an email to help you regain access. <a href="https://docs.wordfence.com/en/Help!_I_locked_myself_out_and_can't_get_back_in._What_can_I_do%3F" target="_blank">Please read this FAQ entry if this does not work.</a>
2	<br /><br />
3	<form method="POST" id="unlock-form" action="#">
4	<?php require_once(ABSPATH .'wp-includes/pluggable.php'); ?>


1	+ If you are a site administrator and have been accidentally locked out, please enter your email in the box below and click "Send". If the email address you enter belongs to a known site administrator or someone set to receive Wordfence alerts, we will send you an email to help you regain access. <a href="https://docs.wordfence.com/en/Help!_I_locked_myself_out_and_can't_get_back_in._What_can_I_do%3F" target="_blank" rel="noopener noreferrer">Please read this FAQ entry if this does not work.</a>
2	<br /><br />
3	<form method="POST" id="unlock-form" action="#">
4	<?php require_once(ABSPATH .'wp-includes/pluggable.php'); ?>

lib/wfUpdateCheck.php CHANGED Viewed

	@@ -112,6 +112,11 @@ class wfUpdateCheck {
112	}
113
114	$pluginFile = wfUtils::getPluginBaseDir() . $plugin;





115	$valsArray = (array) $vals;
116
117	$slug = (isset($valsArray['slug']) ? $valsArray['slug'] : null);
	@@ -156,6 +161,11 @@ class wfUpdateCheck {
156	}
157
158	$pluginFile = wfUtils::getPluginBaseDir() . $plugin;





159	$valsArray = (array) $vals;
160
161	$data = get_plugin_data($pluginFile);
	@@ -183,6 +193,10 @@ class wfUpdateCheck {
183	//Get the remaining plugins (not in the wordpress.org repo for whatever reason)
184	foreach ($installedPlugins as $plugin => $data) {
185	$pluginFile = wfUtils::getPluginBaseDir() . $plugin;




186	$data = get_plugin_data($pluginFile);
187
188	$slug = null;
	@@ -286,6 +300,11 @@ class wfUpdateCheck {
286	if (!empty($update_plugins->response)) {
287	foreach ($update_plugins->response as $plugin => $vals) {
288	$pluginFile = wfUtils::getPluginBaseDir() . $plugin;





289	$valsArray = (array) $vals;
290	$data = get_plugin_data($pluginFile);
291
	@@ -313,6 +332,11 @@ class wfUpdateCheck {
313	if (!empty($update_plugins->no_update)) {
314	foreach ($update_plugins->no_update as $plugin => $vals) {
315	$pluginFile = wfUtils::getPluginBaseDir() . $plugin;





316	$valsArray = (array) $vals;
317	$data = get_plugin_data($pluginFile);
318
	@@ -340,6 +364,10 @@ class wfUpdateCheck {
340	//Get the remaining plugins (not in the wordpress.org repo for whatever reason)
341	foreach ($installedPlugins as $plugin => $data) {
342	$pluginFile = wfUtils::getPluginBaseDir() . $plugin;




343	$data = get_plugin_data($pluginFile);
344
345	$slug = null;


112	}
113
114	$pluginFile = wfUtils::getPluginBaseDir() . $plugin;
115	+ if (!file_exists($pluginFile)) { //Plugin has been removed since the update status was pulled
116	+ unset($installedPlugins[$plugin]);
117	+ continue;
118	+ }
119	+
120	$valsArray = (array) $vals;
121
122	$slug = (isset($valsArray['slug']) ? $valsArray['slug'] : null);

161	}
162
163	$pluginFile = wfUtils::getPluginBaseDir() . $plugin;
164	+ if (!file_exists($pluginFile)) { //Plugin has been removed since the update status was pulled
165	+ unset($installedPlugins[$plugin]);
166	+ continue;
167	+ }
168	+
169	$valsArray = (array) $vals;
170
171	$data = get_plugin_data($pluginFile);

193	//Get the remaining plugins (not in the wordpress.org repo for whatever reason)
194	foreach ($installedPlugins as $plugin => $data) {
195	$pluginFile = wfUtils::getPluginBaseDir() . $plugin;
196	+ if (!file_exists($pluginFile)) { //Plugin has been removed since the list was generated
197	+ continue;
198	+ }
199	+
200	$data = get_plugin_data($pluginFile);
201
202	$slug = null;

300	if (!empty($update_plugins->response)) {
301	foreach ($update_plugins->response as $plugin => $vals) {
302	$pluginFile = wfUtils::getPluginBaseDir() . $plugin;
303	+ if (!file_exists($pluginFile)) { //Plugin has been removed since the update status was pulled
304	+ unset($installedPlugins[$plugin]);
305	+ continue;
306	+ }
307	+
308	$valsArray = (array) $vals;
309	$data = get_plugin_data($pluginFile);
310

332	if (!empty($update_plugins->no_update)) {
333	foreach ($update_plugins->no_update as $plugin => $vals) {
334	$pluginFile = wfUtils::getPluginBaseDir() . $plugin;
335	+ if (!file_exists($pluginFile)) { //Plugin has been removed since the update status was pulled
336	+ unset($installedPlugins[$plugin]);
337	+ continue;
338	+ }
339	+
340	$valsArray = (array) $vals;
341	$data = get_plugin_data($pluginFile);
342

364	//Get the remaining plugins (not in the wordpress.org repo for whatever reason)
365	foreach ($installedPlugins as $plugin => $data) {
366	$pluginFile = wfUtils::getPluginBaseDir() . $plugin;
367	+ if (!file_exists($pluginFile)) { //Plugin has been removed since the update status was pulled
368	+ continue;
369	+ }
370	+
371	$data = get_plugin_data($pluginFile);
372
373	$slug = null;

lib/wfUtils.php CHANGED Viewed

	@@ -2024,11 +2024,11 @@ class wfUtils {
2024	* Formats and returns the given timestamp using the time zone set for the WordPress installation.
2025	*
2026	* @param string $format See the PHP docs on DateTime for the format options.
2027	- * @param int\|~~null~~ $timestamp Assumed to be in UTC. If ~~null~~, defaults to the current timestamp.
2028	* @return string
2029	*/
2030	- public static function formatLocalTime($format, $timestamp = ~~null~~) {
2031	- if ($timestamp === ~~null~~) {
2032	$timestamp = time();
2033	}
2034
	@@ -2042,7 +2042,17 @@ class wfUtils {
2042	else {
2043	$gmt = get_option('gmt_offset');
2044	if (!empty($gmt)) {
2045	- ~~$dt->setTimezone(new~~ ~~DateTimeZone~~(~~'Etc/GMT'~~ ~~. ($gmt~~ < ~~0 ? '+' : '-'~~) ~~. abs($gmt))); //The Etc/GMT timezones have the +- signs flipped~~










2046	}
2047	}
2048	return $dt->format($format);
	@@ -2078,11 +2088,12 @@ class wfWebServerInfo {
2078	*/
2079	public static function createFromEnvironment() {
2080	$serverInfo = new self;

2081	if (stripos($_SERVER['SERVER_SOFTWARE'], 'apache') !== false) {
2082	$serverInfo->setSoftware(self::APACHE);
2083	$serverInfo->setSoftwareName('apache');
2084	}
2085	- if (stripos($_SERVER['SERVER_SOFTWARE'], 'litespeed') !== false) {
2086	$serverInfo->setSoftware(self::LITESPEED);
2087	$serverInfo->setSoftwareName('litespeed');
2088	}
	@@ -2095,7 +2106,7 @@ class wfWebServerInfo {
2095	$serverInfo->setSoftwareName('iis');
2096	}
2097
2098	- $serverInfo->setHandler(~~php_sapi_name(~~));
2099
2100	return $serverInfo;
2101	}


2024	* Formats and returns the given timestamp using the time zone set for the WordPress installation.
2025	*
2026	* @param string $format See the PHP docs on DateTime for the format options.
2027	+ * @param int\|bool $timestamp Assumed to be in UTC. If false, defaults to the current timestamp.
2028	* @return string
2029	*/
2030	+ public static function formatLocalTime($format, $timestamp = false) {
2031	+ if ($timestamp === false) {
2032	$timestamp = time();
2033	}
2034

2042	else {
2043	$gmt = get_option('gmt_offset');
2044	if (!empty($gmt)) {
2045	+ if (PHP_VERSION_ID < 50510) {
2046	+ $dtStr = gmdate("c", $timestamp + $gmt * 3600); //Have to do it this way because of < PHP 5.5.10
2047	+ $dt = new DateTime($dtStr, $utc);
2048	+ }
2049	+ else {
2050	+ $direction = ($gmt > 0 ? '+' : '-');
2051	+ $gmt = abs($gmt);
2052	+ $h = (int) $gmt;
2053	+ $m = ($gmt - $h) * 60;
2054	+ $dt->setTimezone(new DateTimeZone($direction . str_pad($h, 2, '0', STR_PAD_LEFT) . str_pad($m, 2, '0', STR_PAD_LEFT)));
2055	+ }
2056	}
2057	}
2058	return $dt->format($format);

2088	*/
2089	public static function createFromEnvironment() {
2090	$serverInfo = new self;
2091	+ $sapi = php_sapi_name();
2092	if (stripos($_SERVER['SERVER_SOFTWARE'], 'apache') !== false) {
2093	$serverInfo->setSoftware(self::APACHE);
2094	$serverInfo->setSoftwareName('apache');
2095	}
2096	+ if (stripos($_SERVER['SERVER_SOFTWARE'], 'litespeed') !== false \|\| $sapi == 'litespeed') {
2097	$serverInfo->setSoftware(self::LITESPEED);
2098	$serverInfo->setSoftwareName('litespeed');
2099	}

2106	$serverInfo->setSoftwareName('iis');
2107	}
2108
2109	+ $serverInfo->setHandler($sapi);
2110
2111	return $serverInfo;
2112	}

lib/wordfenceClass.php CHANGED Viewed

	@@ -938,7 +938,7 @@ SQL
938	}
939	public static function _pluginPageActionLinks($links) {
940	if (!wfConfig::get('isPaid')) {
941	- $links = array_merge(array('aWordfencePluginCallout' => '<a href="https://www.wordfence.com/zz12/wordfence-signup/" target="_blank"><strong style="color: #11967A; display: inline;">Upgrade To Premium</strong></a>'), $links);
942	}
943	return $links;
944	}
	@@ -2317,7 +2317,7 @@ SQL
2317	}
2318	public static function ajax_addTwoFactor_callback(){
2319	if(! wfConfig::get('isPaid')){
2320	- return array('errorMsg' => 'Cellphone Sign-in is only available to paid members. <a href="https://www.wordfence.com/gnl1twoFac3/wordfence-signup/" target="_blank">Click here to upgrade now.</a>');
2321	}
2322	$username = sanitize_text_field($_POST['username']);
2323	$phone = sanitize_text_field($_POST['phone']);
	@@ -3013,6 +3013,7 @@ SQL
3013	if (!empty($opts['email_summary_enabled'])) {
3014	wfConfig::set('email_summary_enabled', 1);
3015	wfConfig::set('email_summary_interval', $opts['email_summary_interval']);

3016	wfConfig::set('email_summary_excluded_directories', $opts['email_summary_excluded_directories']);
3017	wfActivityReport::scheduleCronJob();
3018	} else {
	@@ -3774,8 +3775,8 @@ HTACCESS;
3774	The <code>wp-config.php</code> file contains your database credentials which you will need to restore normal site operations.
3775	Your site will <b>NOT</b> function once the <code>wp-config.php</code> has been deleted.
3776	<p>
3777	- <a class='wf-btn wf-btn-default' href='/?_wfsf=download&nonce=" . wp_create_nonce('wp-ajax') . "&file=". rawurlencode($file) ."' target='_blank' onclick=\"jQuery('#wp-config-force-delete').show();\">Download a backup copy</a>
3778	- <a style='display:none' id='wp-config-force-delete' class='wf-btn wf-btn-default' href='#' target='_blank' onclick='WFAD.deleteFile($issueID, true); return false;'>Delete wp-config.php</a>
3779	</p>",
3780	);
3781	}
	@@ -4029,10 +4030,10 @@ HTACCESS;
4029	$suspended = wp_suspend_cache_addition();
4030	wp_suspend_cache_addition(true);
4031	$auditType = $_POST['auditType'];
4032	- $symKey = wfCrypt::makeSymHexKey(32); #hex digits ~~which~~ is ~~128~~ ~~bits~~
4033	$admins = "";
4034	$users = "";
4035	- $query = $wpdb->prepare("~~select~~ ID, AES_ENCRYPT(user_pass, %s) as crypt_pass ~~from~~ " . $wpdb->users, $symKey);
4036	$dbh = $wpdb->dbh;
4037	$useMySQLi = (is_object($dbh) && $wpdb->use_mysqli);
4038	if ($useMySQLi) { //If direct-access MySQLi is available, we use it to minimize the memory footprint instead of letting it fetch everything into an array first
	@@ -4044,9 +4045,10 @@ HTACCESS;
4044	}
4045	while ($rec = $result->fetch_assoc()) {
4046	$isAdmin = wfUtils::isAdmin($rec['ID']);
4047	- if($isAdmin && ($auditType == 'admin' \|\| $auditType == 'both') ) {
4048	$admins .= $rec['ID'] . ':' . base64_encode($rec['crypt_pass']) . '\|';
4049	- } ~~else if($auditType == 'user' \|\| $auditType == 'both') {~~

4050	$users .= $rec['ID'] . ':' . base64_encode($rec['crypt_pass']) . '\|';
4051	}
4052	}
	@@ -4076,7 +4078,8 @@ HTACCESS;
4076	'email' => $email,
4077	'pubCryptSymKey' => wfCrypt::pubCrypt($symKey),
4078	'users' => $users,
4079	- 'admins' => $admins

4080	), true); //Force SSL
4081	if(is_array($res)){
4082	if(isset($res['ok']) && $res['ok'] == '1'){
	@@ -4991,7 +4994,7 @@ HTML;
4991	<a class="wf-btn wf-btn-default wf-btn-sm wf-dismiss-link" href="#" onclick="wordfenceExt.adminEmailChoice(\'no\'); return false;">Dismiss</a></p></div>';
4992	}
4993	public static function wafReadOnlyNotice() {
4994	- echo '<div id="wordfenceWAFReadOnlyNotice" class="fade error"><p><strong>The Wordfence Web Application Firewall is in read-only mode.</strong> PHP is currently running as a command line user and to avoid file permission issues, the WAF is running in read-only mode. It will automatically resume normal operation when run normally by a web server. <a class="wfhelp" target="_blank" href="https://docs.wordfence.com/en/Web_Application_Firewall_FAQ#What_is_read-only_mode.3F"></a></p></div>';
4995	}
4996	public static function misconfiguredHowGetIPsNotice() {
4997	$url = network_admin_url('admin.php?page=WordfenceSecOpt');
	@@ -5028,7 +5031,7 @@ HTML;
5028	$recommendationMsg = 'This site appears to be behind Cloudflare, so using the Cloudflare "CF-Connecting-IP" HTTP header will resolve to the correct IPs.';
5029	}
5030	echo '<div id="wordfenceMisconfiguredHowGetIPsNotice" class="fade error"><p><strong>Your \'How does Wordfence get IPs\' setting is misconfigured.</strong> ' . $existingMsg . ' ' . $recommendationMsg . ' <a href="#" onclick="wordfenceExt.misconfiguredHowGetIPsChoice(\'yes\'); return false;">Click here to use the recommended setting</a> or <a href="' . $url . '">visit the options page</a> to manually update it.</p><p>
5031	- <a class="wf-btn wf-btn-default wf-btn-sm wf-dismiss-link" href="#" onclick="wordfenceExt.misconfiguredHowGetIPsChoice(\'no\'); return false;">Dismiss</a> <a class="wfhelp" target="_blank" href="https://docs.wordfence.com/en/Misconfigured_how_get_IPs_notice"></a></p></div>';
5032	}
5033	public static function autoUpdateNotice(){
5034	echo '<div id="wordfenceAutoUpdateChoice" class="fade error"><p><strong>Do you want Wordfence to stay up-to-date automatically?</strong>   <a href="#" onclick="wordfenceExt.autoUpdateChoice(\'yes\'); return false;">Yes, enable auto-update.</a>  \|  <a href="#" onclick="wordfenceExt.autoUpdateChoice(\'no\'); return false;">No thanks.</a></p></div>';
	@@ -5148,7 +5151,7 @@ HTML;
5148	echo <<<JQUERY
5149	<script type="text/javascript">
5150	jQuery(document).ready(function($) {
5151	- $('#wfMenuCallout').closest('a').attr('target', '_blank');
5152	});
5153	</script>
5154	JQUERY;
	@@ -5683,7 +5686,7 @@ vulnerable code runs. This PHP setting currently refers to an unknown file at:</
5683
5684	<pre class='wf-pre'>%s</pre>
5685
5686	- <p>Automatic uninstallation cannot be completed, but you may still be able to <a href='%s' target='_blank'>manually uninstall extended protection</a>.</p>
5687	",
5688	esc_html($currentAutoPrependFile),
5689	esc_url('https://docs.wordfence.com/en/Web_Application_Firewall_FAQ#How_can_I_remove_the_firewall_setup_manually.3F')
	@@ -7335,7 +7338,7 @@ LIMIT %d", $lastSendTime, $limit));
7335	<a class="wf-btn wf-btn-default wf-btn-sm wf-dismiss-link" href="' . esc_url($dismissURL) . '">Dismiss</a>
7336	<br>
7337	<em style="font-size: 85%;">If you cannot complete the setup process,
7338	- <a target="_blank" href="https://docs.wordfence.com/en/Web_Application_Firewall_Setup">click here for help</a>.</em>
7339	</div>';
7340	}
7341


938	}
939	public static function _pluginPageActionLinks($links) {
940	if (!wfConfig::get('isPaid')) {
941	+ $links = array_merge(array('aWordfencePluginCallout' => '<a href="https://www.wordfence.com/zz12/wordfence-signup/" target="_blank" rel="noopener noreferrer"><strong style="color: #11967A; display: inline;">Upgrade To Premium</strong></a>'), $links);
942	}
943	return $links;
944	}

2317	}
2318	public static function ajax_addTwoFactor_callback(){
2319	if(! wfConfig::get('isPaid')){
2320	+ return array('errorMsg' => 'Cellphone Sign-in is only available to paid members. <a href="https://www.wordfence.com/gnl1twoFac3/wordfence-signup/" target="_blank" rel="noopener noreferrer">Click here to upgrade now.</a>');
2321	}
2322	$username = sanitize_text_field($_POST['username']);
2323	$phone = sanitize_text_field($_POST['phone']);

3013	if (!empty($opts['email_summary_enabled'])) {
3014	wfConfig::set('email_summary_enabled', 1);
3015	wfConfig::set('email_summary_interval', $opts['email_summary_interval']);
3016	+ $opts['email_summary_excluded_directories'] = wfUtils::cleanupOneEntryPerLine($opts['email_summary_excluded_directories']);
3017	wfConfig::set('email_summary_excluded_directories', $opts['email_summary_excluded_directories']);
3018	wfActivityReport::scheduleCronJob();
3019	} else {

3775	The <code>wp-config.php</code> file contains your database credentials which you will need to restore normal site operations.
3776	Your site will <b>NOT</b> function once the <code>wp-config.php</code> has been deleted.
3777	<p>
3778	+ <a class='wf-btn wf-btn-default' href='/?_wfsf=download&nonce=" . wp_create_nonce('wp-ajax') . "&file=". rawurlencode($file) ."' target='_blank' rel=\"noopener noreferrer\" onclick=\"jQuery('#wp-config-force-delete').show();\">Download a backup copy</a>
3779	+ <a style='display:none' id='wp-config-force-delete' class='wf-btn wf-btn-default' href='#' target='_blank' rel=\"noopener noreferrer\" onclick='WFAD.deleteFile($issueID, true); return false;'>Delete wp-config.php</a>
3780	</p>",
3781	);
3782	}

4030	$suspended = wp_suspend_cache_addition();
4031	wp_suspend_cache_addition(true);
4032	$auditType = $_POST['auditType'];
4033	+ $symKey = wfCrypt::makeSymHexKey(32); //hex digits, so 128 bit -- 256 bit is supported in MySQL 5.7.4 but many are using older
4034	$admins = "";
4035	$users = "";
4036	+ $query = $wpdb->prepare("SELECT ID, AES_ENCRYPT(user_pass, %s) AS crypt_pass FROM " . $wpdb->users, $symKey);
4037	$dbh = $wpdb->dbh;
4038	$useMySQLi = (is_object($dbh) && $wpdb->use_mysqli);
4039	if ($useMySQLi) { //If direct-access MySQLi is available, we use it to minimize the memory footprint instead of letting it fetch everything into an array first

4045	}
4046	while ($rec = $result->fetch_assoc()) {
4047	$isAdmin = wfUtils::isAdmin($rec['ID']);
4048	+ if ($isAdmin && ($auditType == 'admin' \|\| $auditType == 'both')) {
4049	$admins .= $rec['ID'] . ':' . base64_encode($rec['crypt_pass']) . '\|';
4050	+ }
4051	+ else if($auditType == 'user' \|\| $auditType == 'both') {
4052	$users .= $rec['ID'] . ':' . base64_encode($rec['crypt_pass']) . '\|';
4053	}
4054	}

4078	'email' => $email,
4079	'pubCryptSymKey' => wfCrypt::pubCrypt($symKey),
4080	'users' => $users,
4081	+ 'admins' => $admins,
4082	+ 'type' => 2,
4083	), true); //Force SSL
4084	if(is_array($res)){
4085	if(isset($res['ok']) && $res['ok'] == '1'){

4994	<a class="wf-btn wf-btn-default wf-btn-sm wf-dismiss-link" href="#" onclick="wordfenceExt.adminEmailChoice(\'no\'); return false;">Dismiss</a></p></div>';
4995	}
4996	public static function wafReadOnlyNotice() {
4997	+ echo '<div id="wordfenceWAFReadOnlyNotice" class="fade error"><p><strong>The Wordfence Web Application Firewall is in read-only mode.</strong> PHP is currently running as a command line user and to avoid file permission issues, the WAF is running in read-only mode. It will automatically resume normal operation when run normally by a web server. <a class="wfhelp" target="_blank" rel="noopener noreferrer" href="https://docs.wordfence.com/en/Web_Application_Firewall_FAQ#What_is_read-only_mode.3F"></a></p></div>';
4998	}
4999	public static function misconfiguredHowGetIPsNotice() {
5000	$url = network_admin_url('admin.php?page=WordfenceSecOpt');

5031	$recommendationMsg = 'This site appears to be behind Cloudflare, so using the Cloudflare "CF-Connecting-IP" HTTP header will resolve to the correct IPs.';
5032	}
5033	echo '<div id="wordfenceMisconfiguredHowGetIPsNotice" class="fade error"><p><strong>Your \'How does Wordfence get IPs\' setting is misconfigured.</strong> ' . $existingMsg . ' ' . $recommendationMsg . ' <a href="#" onclick="wordfenceExt.misconfiguredHowGetIPsChoice(\'yes\'); return false;">Click here to use the recommended setting</a> or <a href="' . $url . '">visit the options page</a> to manually update it.</p><p>
5034	+ <a class="wf-btn wf-btn-default wf-btn-sm wf-dismiss-link" href="#" onclick="wordfenceExt.misconfiguredHowGetIPsChoice(\'no\'); return false;">Dismiss</a> <a class="wfhelp" target="_blank" rel="noopener noreferrer" href="https://docs.wordfence.com/en/Misconfigured_how_get_IPs_notice"></a></p></div>';
5035	}
5036	public static function autoUpdateNotice(){
5037	echo '<div id="wordfenceAutoUpdateChoice" class="fade error"><p><strong>Do you want Wordfence to stay up-to-date automatically?</strong>   <a href="#" onclick="wordfenceExt.autoUpdateChoice(\'yes\'); return false;">Yes, enable auto-update.</a>  \|  <a href="#" onclick="wordfenceExt.autoUpdateChoice(\'no\'); return false;">No thanks.</a></p></div>';

5151	echo <<<JQUERY
5152	<script type="text/javascript">
5153	jQuery(document).ready(function($) {
5154	+ $('#wfMenuCallout').closest('a').attr('target', '_blank').attr('rel', 'noopener noreferrer');
5155	});
5156	</script>
5157	JQUERY;

5686
5687	<pre class='wf-pre'>%s</pre>
5688
5689	+ <p>Automatic uninstallation cannot be completed, but you may still be able to <a href='%s' target='_blank' rel=\"noopener noreferrer\">manually uninstall extended protection</a>.</p>
5690	",
5691	esc_html($currentAutoPrependFile),
5692	esc_url('https://docs.wordfence.com/en/Web_Application_Firewall_FAQ#How_can_I_remove_the_firewall_setup_manually.3F')

7338	<a class="wf-btn wf-btn-default wf-btn-sm wf-dismiss-link" href="' . esc_url($dismissURL) . '">Dismiss</a>
7339	<br>
7340	<em style="font-size: 85%;">If you cannot complete the setup process,
7341	+ <a target="_blank" rel="noopener noreferrer" href="https://docs.wordfence.com/en/Web_Application_Firewall_Setup">click here for help</a>.</em>
7342	</div>';
7343	}
7344

lib/wordfenceScanner.php CHANGED Viewed

	@@ -481,7 +481,7 @@ class wordfenceScanner {
481	'ignoreP' => $this->path . $file,
482	'ignoreC' => md5_file($this->path . $file),
483	'shortMsg' => "File contains suspected malware URL: " . esc_html($this->path . $file),
484	- 'longMsg' => "This file contains a suspected malware URL listed on Google's list of malware sites. Wordfence decodes " . esc_html($this->patterns['word3']) . " when scanning files so the URL may not be visible if you view this file. The URL is: " . esc_html($result['URL']) . " - More info available at <a href=\"http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=" . urlencode($result['URL']) . "&client=googlechrome&hl=en-US\" target=\"_blank\">Google Safe Browsing diagnostic page</a>.",
485	'data' => array_merge(array(
486	'file' => $file,
487	'shac' => $record->SHAC,


481	'ignoreP' => $this->path . $file,
482	'ignoreC' => md5_file($this->path . $file),
483	'shortMsg' => "File contains suspected malware URL: " . esc_html($this->path . $file),
484	+ 'longMsg' => "This file contains a suspected malware URL listed on Google's list of malware sites. Wordfence decodes " . esc_html($this->patterns['word3']) . " when scanning files so the URL may not be visible if you view this file. The URL is: " . esc_html($result['URL']) . " - More info available at <a href=\"http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=" . urlencode($result['URL']) . "&client=googlechrome&hl=en-US\" target=\"_blank\" rel=\"noopener noreferrer\">Google Safe Browsing diagnostic page</a>.",
485	'data' => array_merge(array(
486	'file' => $file,
487	'shac' => $record->SHAC,

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: mmaunder
3	Tags: security, secure, security plugin, wordpress security, login security, firewall, malware, antivirus, web application firewall, block hackers, country blocking
4	Requires at least: 3.9
5	Tested up to: 4.8.0
6	- Stable tag: 6.3.11
7
8	Secure your website with the most comprehensive WordPress security plugin. Firewall, malware scan, blocking, live traffic, login security & more.
9
	@@ -160,6 +160,16 @@ Secure your website with Wordfence.
160
161	== Changelog ==
162










163	= 6.3.11 =
164	* Improvement: The scan will alert for plugins that have not been updated in 2+ years or have been removed from the wordpress.org directory. It will also indicate if there is a known vulnerability.
165	* Improvement: Added a self-check to the scan to detect if it has stalled.


3	Tags: security, secure, security plugin, wordpress security, login security, firewall, malware, antivirus, web application firewall, block hackers, country blocking
4	Requires at least: 3.9
5	Tested up to: 4.8.0
6	+ Stable tag: 6.3.12
7
8	Secure your website with the most comprehensive WordPress security plugin. Firewall, malware scan, blocking, live traffic, login security & more.
9

160
161	== Changelog ==
162
163	+ = 6.3.12 =
164	+ * Improvement: Adjusted the password audit to use a better cryptographic padding option.
165	+ * Improvement: Improved the option value entry process for the modified files exclusion list.
166	+ * Improvement: Added rel="noopener noreferrer" to all external links from the plugin for better interoperability with other scanners.
167	+ * Improvement: Added support to the WAF for validating URLs for future use in rules.
168	+ * Fix: Time formatting will now correctly handle :30 and :45 time zone offsets.
169	+ * Fix: Hosts using mod_lsapi will now be detected as Litespeed for WAF optimization.
170	+ * Fix: Added an option to allow automatic updates to function on Litespeed servers that have the global noabort set rather than site-local.
171	+ * Fix: Fixed a PHP notice that could occur when running a scan immediately after removing a plugin.
172	+
173	= 6.3.11 =
174	* Improvement: The scan will alert for plugins that have not been updated in 2+ years or have been removed from the wordpress.org directory. It will also indicate if there is a known vulnerability.
175	* Improvement: Added a self-check to the scan to detect if it has stalled.

vendor/wordfence/wf-waf/src/init.php CHANGED Viewed

	@@ -4,7 +4,7 @@ define('WFWAF_VERSION', '1.0.3');
4	define('WFWAF_PATH', dirname(__FILE__) . '/');
5	define('WFWAF_LIB_PATH', WFWAF_PATH . 'lib/');
6	define('WFWAF_VIEW_PATH', WFWAF_PATH . 'views/');
7	- define('WFWAF_API_URL_SEC', 'https://noc4.wordfence.com/v1.7/');
8	if (!defined('WFWAF_DEBUG')) {
9	define('WFWAF_DEBUG', false);
10	}


4	define('WFWAF_PATH', dirname(__FILE__) . '/');
5	define('WFWAF_LIB_PATH', WFWAF_PATH . 'lib/');
6	define('WFWAF_VIEW_PATH', WFWAF_PATH . 'views/');
7	+ define('WFWAF_API_URL_SEC', 'https://noc4.wordfence.com/v1.8/');
8	if (!defined('WFWAF_DEBUG')) {
9	define('WFWAF_DEBUG', false);
10	}

vendor/wordfence/wf-waf/src/lib/rules.php CHANGED Viewed

@@ -458,6 +458,18 @@ class wfWAFRuleComparison implements wfWAFRuleInterface {
             		'md5equals',
             		'filepatternsmatch',
             		'filehasphp',
             	);
             	/**
@@ -945,6 +957,124 @@ class wfWAFRuleComparison implements wfWAFRuleInterface {
             	public function _resetErrorsHandler($errno, $errstr, $errfile, $errline) {
             		//Do nothing
+            	}
             	/**
             	 * @return mixed


458	'md5equals',
459	'filepatternsmatch',
460	'filehasphp',
461	+ 'islocalurl',
462	+ 'isremoteurl',
463	+ 'isvalidurl',
464	+ 'isnotvalidurl',
465	+ 'urlhostequals',
466	+ 'urlhostnotequals',
467	+ 'urlhostmatches',
468	+ 'urlhostnotmatches',
469	+ 'urlschemeequals',
470	+ 'urlschemenotequals',
471	+ 'urlschemematches',
472	+ 'urlschemenotmatches',
473	);
474
475	/**

957	public function _resetErrorsHandler($errno, $errstr, $errfile, $errline) {
958	//Do nothing
959	}
960	+
961	+ public function isLocalURL($subject) {
962	+ if (empty($subject)) {
963	+ return false;
964	+ }
965	+
966	+ $parsed = wfWAFUtils::parse_url((string) $subject);
967	+ if (!isset($parsed['host'])) {
968	+ return true;
969	+ }
970	+
971	+ $guessSiteURL = sprintf('%s://%s/', wfWAF::getInstance()->getRequest()->getProtocol(), wfWAF::getInstance()->getRequest()->getHost());
972	+ $siteURL = wfWAF::getInstance()->getStorageEngine()->getConfig('siteURL') ? wfWAF::getInstance()->getStorageEngine()->getConfig('siteURL') : $guessSiteURL;
973	+ $homeURL = wfWAF::getInstance()->getStorageEngine()->getConfig('homeURL') ? wfWAF::getInstance()->getStorageEngine()->getConfig('homeURL') : $guessSiteURL;
974	+
975	+ $siteHost = wfWAFUtils::parse_url($siteURL, PHP_URL_HOST);
976	+ $homeHost = wfWAFUtils::parse_url($homeURL, PHP_URL_HOST);
977	+
978	+ return (is_string($siteHost) && strtolower($parsed['host']) == strtolower($siteHost)) \|\| (is_string($homeHost) && strtolower($parsed['host']) == strtolower($homeHost));
979	+ }
980	+
981	+ public function isRemoteURL($subject) {
982	+ if (empty($subject)) {
983	+ return false;
984	+ }
985	+
986	+ return !$this->isLocalURL($subject);
987	+ }
988	+
989	+ public function isValidURL($subject) {
990	+ if ($subject === null) {
991	+ return false;
992	+ }
993	+ return wfWAFUtils::validate_url((string) $subject) !== false;
994	+ }
995	+
996	+ public function isNotValidURL($subject) {
997	+ if ($subject === null) {
998	+ return false;
999	+ }
1000	+ return !$this->isValidURL($subject);
1001	+ }
1002	+
1003	+ public function urlHostEquals($subject) {
1004	+ if ($subject === null) {
1005	+ return false;
1006	+ }
1007	+ $host = wfWAFUtils::parse_url((string) $subject, PHP_URL_HOST);
1008	+ if (!is_string($host)) {
1009	+ return wfWAFUtils::strlen($this->getExpected()) == 0;
1010	+ }
1011	+
1012	+ return strtolower($host) == strtolower($this->getExpected());
1013	+ }
1014	+
1015	+ public function urlHostNotEquals($subject) {
1016	+ if ($subject === null) {
1017	+ return false;
1018	+ }
1019	+ return !$this->urlHostEquals($subject);
1020	+ }
1021	+
1022	+ public function urlHostMatches($subject) {
1023	+ if ($subject === null) {
1024	+ return false;
1025	+ }
1026	+ $host = wfWAFUtils::parse_url((string) $subject, PHP_URL_HOST);
1027	+ if (!is_string($host)) {
1028	+ return false;
1029	+ }
1030	+
1031	+ return preg_match((string) $this->getExpected(), $host, $this->matches) > 0;
1032	+ }
1033	+
1034	+ public function urlHostNotMatches($subject) {
1035	+ if ($subject === null) {
1036	+ return false;
1037	+ }
1038	+ return !$this->urlHostMatches($subject);
1039	+ }
1040	+
1041	+ public function urlSchemeEquals($subject) {
1042	+ if ($subject === null) {
1043	+ return false;
1044	+ }
1045	+ $scheme = wfWAFUtils::parse_url((string) $subject, PHP_URL_SCHEME);
1046	+ if (!is_string($scheme)) {
1047	+ return wfWAFUtils::strlen($this->getExpected()) == 0;
1048	+ }
1049	+
1050	+ return strtolower($scheme) == strtolower($this->getExpected());
1051	+ }
1052	+
1053	+ public function urlSchemeNotEquals($subject) {
1054	+ if ($subject === null) {
1055	+ return false;
1056	+ }
1057	+ return !$this->urlSchemeEquals($subject);
1058	+ }
1059	+
1060	+ public function urlSchemeMatches($subject) {
1061	+ if ($subject === null) {
1062	+ return false;
1063	+ }
1064	+ $scheme = wfWAFUtils::parse_url((string) $subject, PHP_URL_SCHEME);
1065	+ if (!is_string($scheme)) {
1066	+ return false;
1067	+ }
1068	+
1069	+ return preg_match((string) $this->getExpected(), $scheme, $this->matches) > 0;
1070	+ }
1071	+
1072	+ public function urlSchemeNotMatches($subject) {
1073	+ if ($subject === null) {
1074	+ return false;
1075	+ }
1076	+ return !$this->urlSchemeMatches($subject);
1077	+ }
1078
1079	/**
1080	* @return mixed

vendor/wordfence/wf-waf/src/lib/utils.php CHANGED Viewed

@@ -755,6 +755,84 @@ class wfWAFUtils {
             		return ($bin_network === $bin_ip);
+            	}
             	public static function rawPOSTBody() {
             		global $HTTP_RAW_POST_DATA;
             		if (empty($HTTP_RAW_POST_DATA)) { //Defined if always_populate_raw_post_data is on, PHP < 7, and the encoding type is not multipart/form-data


755	return ($bin_network === $bin_ip);
756	}
757
758	+ /**
759	+ * Behaves exactly like PHP's parse_url but uses WP's compatibility fixes for early PHP 5 versions.
760	+ *
761	+ * @param string $url
762	+ * @param int $component
763	+ * @return mixed
764	+ */
765	+ public static function parse_url($url, $component = -1) {
766	+ $to_unset = array();
767	+ $url = strval($url);
768	+
769	+ if (substr($url, 0, 2) === '//') {
770	+ $to_unset[] = 'scheme';
771	+ $url = 'placeholder:' . $url;
772	+ }
773	+ elseif (substr($url, 0, 1) === '/') {
774	+ $to_unset[] = 'scheme';
775	+ $to_unset[] = 'host';
776	+ $url = 'placeholder://placeholder' . $url;
777	+ }
778	+
779	+ $parts = @parse_url($url);
780	+
781	+ if ($parts === false) { // Parsing failure
782	+ return $parts;
783	+ }
784	+
785	+ // Remove the placeholder values
786	+ foreach ($to_unset as $key) {
787	+ unset($parts[$key]);
788	+ }
789	+
790	+ if ($component === -1) {
791	+ return $parts;
792	+ }
793	+
794	+ $translation = array(
795	+ PHP_URL_SCHEME => 'scheme',
796	+ PHP_URL_HOST => 'host',
797	+ PHP_URL_PORT => 'port',
798	+ PHP_URL_USER => 'user',
799	+ PHP_URL_PASS => 'pass',
800	+ PHP_URL_PATH => 'path',
801	+ PHP_URL_QUERY => 'query',
802	+ PHP_URL_FRAGMENT => 'fragment',
803	+ );
804	+
805	+ $key = false;
806	+ if (isset($translation[$component])) {
807	+ $key = $translation[$component];
808	+ }
809	+
810	+ if ($key !== false && is_array($parts) && isset($parts[$key])) {
811	+ return $parts[$key];
812	+ }
813	+
814	+ return null;
815	+ }
816	+
817	+ /**
818	+ * Validates the URL, supporting both scheme-relative and path-relative formats.
819	+ *
820	+ * @param $url
821	+ * @return mixed
822	+ */
823	+ public static function validate_url($url) {
824	+ $url = strval($url);
825	+
826	+ if (substr($url, 0, 2) === '//') {
827	+ $url = 'placeholder:' . $url;
828	+ }
829	+ elseif (substr($url, 0, 1) === '/') {
830	+ $url = 'placeholder://placeholder' . $url;
831	+ }
832	+
833	+ return filter_var($url, FILTER_VALIDATE_URL);
834	+ }
835	+
836	public static function rawPOSTBody() {
837	global $HTTP_RAW_POST_DATA;
838	if (empty($HTTP_RAW_POST_DATA)) { //Defined if always_populate_raw_post_data is on, PHP < 7, and the encoding type is not multipart/form-data

vendor/wordfence/wf-waf/src/views/403-blacklist.php CHANGED Viewed

	@@ -207,7 +207,7 @@ $payload = "-----BEGIN REPORT-----\n" . implode("\n", str_split($message, 60)) .
207
208	<h4>2. Click this button and you will be prompted to paste the text above.</h4>
209
210	- <p><a href="#" id="reportButton" class="btn disabled" target="_blank">Report Problem</a></p>
211
212	<p style="color: #999999;margin-top: 2rem;"><em>Generated by Wordfence at <?php echo gmdate('D, j M Y G:i:s T', wfWAFUtils::normalizedTime()); ?>.<br>Your computer's time: <script type="application/javascript">document.write(new Date().toUTCString());</script>.</em></p>
213


207
208	<h4>2. Click this button and you will be prompted to paste the text above.</h4>
209
210	+ <p><a href="#" id="reportButton" class="btn disabled" target="_blank" rel="noopener noreferrer">Report Problem</a></p>
211
212	<p style="color: #999999;margin-top: 2rem;"><em>Generated by Wordfence at <?php echo gmdate('D, j M Y G:i:s T', wfWAFUtils::normalizedTime()); ?>.<br>Your computer's time: <script type="application/javascript">document.write(new Date().toUTCString());</script>.</em></p>
213

vendor/wordfence/wf-waf/src/views/503-lockout.php CHANGED Viewed

	@@ -20,7 +20,7 @@ $nonce = $waf->createNonce('wf-form');
20	if (!empty($siteURL) && !empty($nonce)) : ?>
21	<br />
22
23	- If you are a site administrator and have been accidentally locked out, please enter your email in the box below and click "Send". If the email address you enter belongs to a known site administrator or someone set to receive Wordfence alerts, we will send you an email to help you regain access. <a href="https://docs.wordfence.com/en/Help!_I_locked_myself_out_and_can't_get_back_in._What_can_I_do%3F" target="_blank">Please read this FAQ entry if this does not work.</a>
24	<br /><br />
25	<form method="POST" id="unlock-form" action="#">
26	<input type="hidden" name="nonce" value="<?php echo $nonce; ?>" />


20	if (!empty($siteURL) && !empty($nonce)) : ?>
21	<br />
22
23	+ If you are a site administrator and have been accidentally locked out, please enter your email in the box below and click "Send". If the email address you enter belongs to a known site administrator or someone set to receive Wordfence alerts, we will send you an email to help you regain access. <a href="https://docs.wordfence.com/en/Help!_I_locked_myself_out_and_can't_get_back_in._What_can_I_do%3F" target="_blank" rel="noopener noreferrer">Please read this FAQ entry if this does not work.</a>
24	<br /><br />
25	<form method="POST" id="unlock-form" action="#">
26	<input type="hidden" name="nonce" value="<?php echo $nonce; ?>" />

vendor/wordfence/wf-waf/src/views/503.php CHANGED Viewed

	@@ -22,7 +22,7 @@ $nonce = $waf->createNonce('wf-form');
22	if (!empty($siteURL) && !empty($nonce)) : ?>
23	<br />
24
25	- If you are a site administrator and have been accidentally locked out, please enter your email in the box below and click "Send". If the email address you enter belongs to a known site administrator or someone set to receive Wordfence alerts, we will send you an email to help you regain access. <a href="https://docs.wordfence.com/en/Help!_I_locked_myself_out_and_can't_get_back_in._What_can_I_do%3F" target="_blank">Please read this FAQ entry if this does not work.</a>
26	<br /><br />
27	<form method="POST" id="unlock-form" action="#">
28	<input type="hidden" name="nonce" value="<?php echo $nonce; ?>" />


22	if (!empty($siteURL) && !empty($nonce)) : ?>
23	<br />
24
25	+ If you are a site administrator and have been accidentally locked out, please enter your email in the box below and click "Send". If the email address you enter belongs to a known site administrator or someone set to receive Wordfence alerts, we will send you an email to help you regain access. <a href="https://docs.wordfence.com/en/Help!_I_locked_myself_out_and_can't_get_back_in._What_can_I_do%3F" target="_blank" rel="noopener noreferrer">Please read this FAQ entry if this does not work.</a>
26	<br /><br />
27	<form method="POST" id="unlock-form" action="#">
28	<input type="hidden" name="nonce" value="<?php echo $nonce; ?>" />

views/marketing/rightrail.php CHANGED Viewed

	@@ -1,10 +1,10 @@
1	<?php if (!wfConfig::get('isPaid')) { ?>
2	<div id="wordfenceRightRail" class="<?php echo wfStyle::rightRailClasses(); ?>">
3	<ul>
4	- <li><a href="https://www.wordfence.com/gnl1rightRailGetPremium/wordfence-signup/" target="_blank"><img src="<?php echo wfUtils::getBaseURL() . 'images/rr_premium.png'; ?>" alt="Upgrade your protection - Get Wordfence Premium"></a></li>
5	- <li><a href="https://www.wordfence.com/gnl1rightRailSiteCleaning/wordfence-site-cleanings/" target="_blank"><img src="<?php echo wfUtils::getBaseURL() . 'images/rr_sitecleaning.jpg'; ?>" alt="Have you been hacked? Get help from Wordfence"></a></li>
6	<li>
7	- <p class="center"><strong>Would you like to remove these ads?</strong><br><a href="https://www.wordfence.com/gnl1rightRailBottomUpgrade/wordfence-signup/" target="_blank">Get Premium</a></p>
8	</li>
9	</ul>
10	</div>


1	<?php if (!wfConfig::get('isPaid')) { ?>
2	<div id="wordfenceRightRail" class="<?php echo wfStyle::rightRailClasses(); ?>">
3	<ul>
4	+ <li><a href="https://www.wordfence.com/gnl1rightRailGetPremium/wordfence-signup/" target="_blank" rel="noopener noreferrer"><img src="<?php echo wfUtils::getBaseURL() . 'images/rr_premium.png'; ?>" alt="Upgrade your protection - Get Wordfence Premium"></a></li>
5	+ <li><a href="https://www.wordfence.com/gnl1rightRailSiteCleaning/wordfence-site-cleanings/" target="_blank" rel="noopener noreferrer"><img src="<?php echo wfUtils::getBaseURL() . 'images/rr_sitecleaning.jpg'; ?>" alt="Have you been hacked? Get help from Wordfence"></a></li>
6	<li>
7	+ <p class="center"><strong>Would you like to remove these ads?</strong><br><a href="https://www.wordfence.com/gnl1rightRailBottomUpgrade/wordfence-signup/" target="_blank" rel="noopener noreferrer">Get Premium</a></p>
8	</li>
9	</ul>
10	</div>

wordfence.php CHANGED Viewed

	@@ -4,14 +4,14 @@ Plugin Name: Wordfence Security
4	Plugin URI: http://www.wordfence.com/
5	Description: Wordfence Security - Anti-virus, Firewall and Malware Scan
6	Author: Wordfence
7	- Version: 6.3.11
8	Author URI: http://www.wordfence.com/
9	Network: true
10	*/
11	if(defined('WP_INSTALLING') && WP_INSTALLING){
12	return;
13	}
14	- define('WORDFENCE_VERSION', '6.3.11');
15	define('WORDFENCE_BASENAME', function_exists('plugin_basename') ? plugin_basename(__FILE__) :
16	basename(dirname(__FILE__)) . '/' . basename(__FILE__));
17


4	Plugin URI: http://www.wordfence.com/
5	Description: Wordfence Security - Anti-virus, Firewall and Malware Scan
6	Author: Wordfence
7	+ Version: 6.3.12
8	Author URI: http://www.wordfence.com/
9	Network: true
10	*/
11	if(defined('WP_INSTALLING') && WP_INSTALLING){
12	return;
13	}
14	+ define('WORDFENCE_VERSION', '6.3.12');
15	define('WORDFENCE_BASENAME', function_exists('plugin_basename') ? plugin_basename(__FILE__) :
16	basename(dirname(__FILE__)) . '/' . basename(__FILE__));
17

Wordfence Security – Firewall & Malware Scan - Version 6.3.12

Version Description

Release Info

Code changes from version 6.3.11 to 6.3.12