Version Description
- February 28, 2019 =
- Improvement: Country names are now shown instead of two letter codes where appropriate.
- Improvement: Updated the service whitelist to reflect additions to the Facebook IP ranges.
- Improvement: Added alerting for when the WAF is disabled for any reason.
- Improvement: Additional alerting and troubleshooting steps for WAF configuration issues.
- Change: Live Traffic human/bot status will additionally be based on the browscap record in security-only mode.
- Change: Added dismissible prompt to switch Live Traffic to security-only mode.
- Fix: The scan issues alerting option is now set correctly for new installations.
- Fix: Fixed a transparency issue with flags for Switzerland and Nepal.
- Fix: Fixed the malware link image rendering in scan issue emails and switched to always use https.
- Fix: WAF-related scheduled tasks are now more resilient to connection timeouts or memory issues.
- Fix: Fixed Wordfence Central connection flow within the first time experience.
Download this release
Release Info
Developer | wfryan |
Plugin | Wordfence Security – Firewall & Malware Scan |
Version | 7.2.3 |
Comparing to | |
See all releases |
Code changes from version 7.2.2 to 7.2.3
- css/{activity-report-widget.1550163483.css → activity-report-widget.1551370846.css} +0 -0
- css/{diff.1550163483.css → diff.1551370846.css} +0 -0
- css/{dt_table.1550163483.css → dt_table.1551370846.css} +0 -0
- css/{fullLog.1550163483.css → fullLog.1551370846.css} +0 -0
- css/{iptraf.1550163483.css → iptraf.1551370846.css} +0 -0
- css/{jquery-ui-timepicker-addon.1550163483.css → jquery-ui-timepicker-addon.1551370846.css} +0 -0
- css/{jquery-ui.min.1550163483.css → jquery-ui.min.1551370846.css} +0 -0
- css/{jquery-ui.structure.min.1550163483.css → jquery-ui.structure.min.1551370846.css} +0 -0
- css/{jquery-ui.theme.min.1550163483.css → jquery-ui.theme.min.1551370846.css} +0 -0
- css/{main.1550163483.css → main.1551370846.css} +0 -0
- css/{phpinfo.1550163483.css → phpinfo.1551370846.css} +0 -0
- css/{wf-adminbar.1550163483.css → wf-adminbar.1551370846.css} +0 -0
- css/{wf-colorbox.1550163483.css → wf-colorbox.1551370846.css} +0 -0
- css/{wf-font-awesome.1550163483.css → wf-font-awesome.1551370846.css} +0 -0
- css/{wf-global.1550163483.css → wf-global.1551370846.css} +0 -0
- css/{wf-ionicons.1550163483.css → wf-ionicons.1551370846.css} +0 -0
- css/{wf-onboarding.1550163483.css → wf-onboarding.1551370846.css} +0 -0
- css/{wf-roboto-font.1550163483.css → wf-roboto-font.1551370846.css} +0 -0
- css/{wfselect2.min.1550163483.css → wfselect2.min.1551370846.css} +0 -0
- css/{wordfenceBox.1550163483.css → wordfenceBox.1551370846.css} +0 -0
- images/flags.png +0 -0
- js/{Chart.bundle.min.1550163483.js → Chart.bundle.min.1551370846.js} +0 -0
- js/{admin.1550163483.js → admin.1551370846.js} +0 -0
- js/{admin.ajaxWatcher.1550163483.js → admin.ajaxWatcher.1551370846.js} +0 -0
- js/{admin.liveTraffic.1550163483.js → admin.liveTraffic.1551370846.js} +0 -0
- js/{date.1550163483.js → date.1551370846.js} +0 -0
- js/{jquery-ui-timepicker-addon.1550163483.js → jquery-ui-timepicker-addon.1551370846.js} +0 -0
- js/{jquery.colorbox-min.1550163483.js → jquery.colorbox-min.1551370846.js} +0 -0
- js/{jquery.colorbox.1550163483.js → jquery.colorbox.1551370846.js} +0 -0
- js/{jquery.dataTables.min.1550163483.js → jquery.dataTables.min.1551370846.js} +0 -0
- js/{jquery.qrcode.min.1550163483.js → jquery.qrcode.min.1551370846.js} +0 -0
- js/{jquery.tmpl.min.1550163483.js → jquery.tmpl.min.1551370846.js} +0 -0
- js/{jquery.tools.min.1550163483.js → jquery.tools.min.1551370846.js} +0 -0
- js/{knockout-3.3.0.1550163483.js → knockout-3.3.0.1551370846.js} +0 -0
- js/{perf.1550163483.js → perf.1551370846.js} +0 -0
- js/{wfdashboard.1550163483.js → wfdashboard.1551370846.js} +0 -0
- js/{wfdropdown.1550163483.js → wfdropdown.1551370846.js} +0 -0
- js/{wfglobal.1550163483.js → wfglobal.1551370846.js} +8 -0
- js/{wfpopover.1550163483.js → wfpopover.1551370846.js} +0 -0
- js/{wfselect2.min.1550163483.js → wfselect2.min.1551370846.js} +0 -0
- lib/email_newIssues.php +9 -8
- lib/menu_dashboard.php +45 -0
- lib/menu_options.php +2 -0
- lib/menu_scanner.php +1 -0
- lib/menu_tools_livetraffic.php +28 -0
- lib/rest-api/wfRESTConfigController.php +2 -0
- lib/wfAPI.php +5 -0
- lib/wfConfig.php +15 -0
- lib/wfIssues.php +2 -1
- lib/wfLog.php +85 -6
- lib/wfScanEngine.php +23 -0
- lib/wfSupportController.php +6 -0
- lib/wordfenceClass.php +97 -24
- lib/wordfenceConstants.php +0 -3
- models/block/wfRateLimit.php +43 -0
- models/firewall/wfFirewall.php +64 -0
- models/scanner/wfScanner.php +10 -0
- readme.txt +14 -1
- vendor/wordfence/wf-waf/src/lib/waf.php +24 -6
- views/common/modal-prompt.php +2 -2
- views/dashboard/options-group-alert.php +11 -0
- views/reports/activity-report-email-inline.php +2 -2
- views/reports/activity-report.php +4 -4
- views/scanner/issue-wafStatus.php +25 -0
- views/scanner/options-group-general.php +1 -0
- views/waf/option-rules.php +6 -4
- waf/bootstrap.php +17 -3
- wordfence.php +3 -3
css/{activity-report-widget.1550163483.css → activity-report-widget.1551370846.css}
RENAMED
File without changes
|
css/{diff.1550163483.css → diff.1551370846.css}
RENAMED
File without changes
|
css/{dt_table.1550163483.css → dt_table.1551370846.css}
RENAMED
File without changes
|
css/{fullLog.1550163483.css → fullLog.1551370846.css}
RENAMED
File without changes
|
css/{iptraf.1550163483.css → iptraf.1551370846.css}
RENAMED
File without changes
|
css/{jquery-ui-timepicker-addon.1550163483.css → jquery-ui-timepicker-addon.1551370846.css}
RENAMED
File without changes
|
css/{jquery-ui.min.1550163483.css → jquery-ui.min.1551370846.css}
RENAMED
File without changes
|
css/{jquery-ui.structure.min.1550163483.css → jquery-ui.structure.min.1551370846.css}
RENAMED
File without changes
|
css/{jquery-ui.theme.min.1550163483.css → jquery-ui.theme.min.1551370846.css}
RENAMED
File without changes
|
css/{main.1550163483.css → main.1551370846.css}
RENAMED
File without changes
|
css/{phpinfo.1550163483.css → phpinfo.1551370846.css}
RENAMED
File without changes
|
css/{wf-adminbar.1550163483.css → wf-adminbar.1551370846.css}
RENAMED
File without changes
|
css/{wf-colorbox.1550163483.css → wf-colorbox.1551370846.css}
RENAMED
File without changes
|
css/{wf-font-awesome.1550163483.css → wf-font-awesome.1551370846.css}
RENAMED
File without changes
|
css/{wf-global.1550163483.css → wf-global.1551370846.css}
RENAMED
File without changes
|
css/{wf-ionicons.1550163483.css → wf-ionicons.1551370846.css}
RENAMED
File without changes
|
css/{wf-onboarding.1550163483.css → wf-onboarding.1551370846.css}
RENAMED
File without changes
|
css/{wf-roboto-font.1550163483.css → wf-roboto-font.1551370846.css}
RENAMED
File without changes
|
css/{wfselect2.min.1550163483.css → wfselect2.min.1551370846.css}
RENAMED
File without changes
|
css/{wordfenceBox.1550163483.css → wordfenceBox.1551370846.css}
RENAMED
File without changes
|
images/flags.png
CHANGED
Binary file
|
js/{Chart.bundle.min.1550163483.js → Chart.bundle.min.1551370846.js}
RENAMED
File without changes
|
js/{admin.1550163483.js → admin.1551370846.js}
RENAMED
File without changes
|
js/{admin.ajaxWatcher.1550163483.js → admin.ajaxWatcher.1551370846.js}
RENAMED
File without changes
|
js/{admin.liveTraffic.1550163483.js → admin.liveTraffic.1551370846.js}
RENAMED
File without changes
|
js/{date.1550163483.js → date.1551370846.js}
RENAMED
File without changes
|
js/{jquery-ui-timepicker-addon.1550163483.js → jquery-ui-timepicker-addon.1551370846.js}
RENAMED
File without changes
|
js/{jquery.colorbox-min.1550163483.js → jquery.colorbox-min.1551370846.js}
RENAMED
File without changes
|
js/{jquery.colorbox.1550163483.js → jquery.colorbox.1551370846.js}
RENAMED
File without changes
|
js/{jquery.dataTables.min.1550163483.js → jquery.dataTables.min.1551370846.js}
RENAMED
File without changes
|
js/{jquery.qrcode.min.1550163483.js → jquery.qrcode.min.1551370846.js}
RENAMED
File without changes
|
js/{jquery.tmpl.min.1550163483.js → jquery.tmpl.min.1551370846.js}
RENAMED
File without changes
|
js/{jquery.tools.min.1550163483.js → jquery.tools.min.1551370846.js}
RENAMED
File without changes
|
js/{knockout-3.3.0.1550163483.js → knockout-3.3.0.1551370846.js}
RENAMED
File without changes
|
js/{perf.1550163483.js → perf.1551370846.js}
RENAMED
File without changes
|
js/{wfdashboard.1550163483.js → wfdashboard.1551370846.js}
RENAMED
File without changes
|
js/{wfdropdown.1550163483.js → wfdropdown.1551370846.js}
RENAMED
File without changes
|
js/{wfglobal.1550163483.js → wfglobal.1551370846.js}
RENAMED
@@ -36,6 +36,14 @@
|
|
36 |
function(){ jQuery('#wordfenceMisconfiguredHowGetIPsNotice').fadeOut(); }
|
37 |
);
|
38 |
},
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
39 |
dismissAdminNotice: function(nid) {
|
40 |
this.ajax('wordfence_dismissAdminNotice', {
|
41 |
id: nid
|
36 |
function(){ jQuery('#wordfenceMisconfiguredHowGetIPsNotice').fadeOut(); }
|
37 |
);
|
38 |
},
|
39 |
+
switchLiveTrafficSecurityOnlyChoice: function(choice) {
|
40 |
+
this.ajax('wordfence_switchLiveTrafficSecurityOnlyChoice', {
|
41 |
+
choice: choice
|
42 |
+
},
|
43 |
+
function(res){ jQuery('#switchLiveTrafficSecurityOnlyChoice').fadeOut(); },
|
44 |
+
function(){ jQuery('#switchLiveTrafficSecurityOnlyChoice').fadeOut(); }
|
45 |
+
);
|
46 |
+
},
|
47 |
dismissAdminNotice: function(nid) {
|
48 |
this.ajax('wordfence_dismissAdminNotice', {
|
49 |
id: nid
|
js/{wfpopover.1550163483.js → wfpopover.1551370846.js}
RENAMED
File without changes
|
js/{wfselect2.min.1550163483.js → wfselect2.min.1551370846.js}
RENAMED
File without changes
|
lib/email_newIssues.php
CHANGED
@@ -62,6 +62,9 @@ foreach ($severitySections as $severityLevel => $severityLabel):
|
|
62 |
if ($i['type'] == 'coreUnknown') {
|
63 |
echo '<p>' . __('The core files scan has not run because this version is not currently indexed by Wordfence. New WordPress versions may take up to a day to be indexed.', 'wordfence') . '</p>';
|
64 |
}
|
|
|
|
|
|
|
65 |
|
66 |
$showWPParagraph = !empty($i['tmplData']['vulnerable']) || isset($i['tmplData']['wpURL']);
|
67 |
if ($showWPParagraph) {
|
@@ -81,14 +84,12 @@ foreach ($severitySections as $severityLevel => $severityLabel):
|
|
81 |
}
|
82 |
?>
|
83 |
|
84 |
-
<?php
|
85 |
-
|
86 |
-
|
87 |
-
|
88 |
-
|
89 |
-
|
90 |
-
'txt' => base64_encode($i['tmplData']['badURL'])
|
91 |
-
), '', '&') ?>" alt="" /></p>
|
92 |
<?php endif ?>
|
93 |
|
94 |
<?php } } ?>
|
62 |
if ($i['type'] == 'coreUnknown') {
|
63 |
echo '<p>' . __('The core files scan has not run because this version is not currently indexed by Wordfence. New WordPress versions may take up to a day to be indexed.', 'wordfence') . '</p>';
|
64 |
}
|
65 |
+
else if ($i['type'] == 'wafStatus') {
|
66 |
+
echo '<p>' . __('Firewall issues may be caused by file permission changes or other technical problems.', 'wordfence') . ' <a href="' . wfSupportController::esc_supportURL(wfSupportController::ITEM_SCAN_RESULT_WAF_DISABLED) . '" target="_blank" rel="nofollow noreferrer noopener">' . __('More Details and Instructions', 'wordfence') . '</a></p>';
|
67 |
+
}
|
68 |
|
69 |
$showWPParagraph = !empty($i['tmplData']['vulnerable']) || isset($i['tmplData']['wpURL']);
|
70 |
if ($showWPParagraph) {
|
84 |
}
|
85 |
?>
|
86 |
|
87 |
+
<?php
|
88 |
+
if (!empty($i['tmplData']['badURL'])):
|
89 |
+
$api = new wfAPI(wfConfig::get('apiKey'), wfUtils::getWPVersion());
|
90 |
+
$url = set_url_scheme($api->getTextImageURL($i['tmplData']['badURL']), 'https');
|
91 |
+
?>
|
92 |
+
<p><img src="<?php echo esc_url($url) ?>" alt="The malicious URL matched" /></p>
|
|
|
|
|
93 |
<?php endif ?>
|
94 |
|
95 |
<?php } } ?>
|
lib/menu_dashboard.php
CHANGED
@@ -422,3 +422,48 @@ else if (wfConfig::get('touppPromptNeeded')) {
|
|
422 |
</div>
|
423 |
</script>
|
424 |
<?php endif; ?>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
422 |
</div>
|
423 |
</script>
|
424 |
<?php endif; ?>
|
425 |
+
<?php
|
426 |
+
$hostSetting = false;
|
427 |
+
$recordAll = wfConfig::liveTrafficEnabled($hostSetting);
|
428 |
+
|
429 |
+
if ($recordAll && !$hostSetting && !wfUtils::truthyToBoolean(wfConfig::get('switchLiveTrafficSecurityOnlyChoice'))):
|
430 |
+
?>
|
431 |
+
<script type="application/javascript">
|
432 |
+
(function($) {
|
433 |
+
$(function() {
|
434 |
+
var prompt = $('#wfLiveTrafficMigration').tmpl();
|
435 |
+
var promptHTML = $("<div />").append(prompt).html();
|
436 |
+
WFAD.colorboxHTML((WFAD.isSmallScreen ? '300px' : '700px'), promptHTML, {overlayClose: false, closeButton: false, className: 'wf-modal', onComplete: function() {
|
437 |
+
$('#wf-livetrafficmigrate-no').on('click', function(e) {
|
438 |
+
e.preventDefault();
|
439 |
+
e.stopPropagation();
|
440 |
+
|
441 |
+
wordfenceExt.switchLiveTrafficSecurityOnlyChoice('no');
|
442 |
+
WFAD.colorboxClose();
|
443 |
+
});
|
444 |
+
|
445 |
+
$('#wf-livetrafficmigrate-yes').on('click', function(e) {
|
446 |
+
e.preventDefault();
|
447 |
+
e.stopPropagation();
|
448 |
+
|
449 |
+
wordfenceExt.switchLiveTrafficSecurityOnlyChoice('yes');
|
450 |
+
WFAD.colorboxClose();
|
451 |
+
});
|
452 |
+
}});
|
453 |
+
});
|
454 |
+
})(jQuery);
|
455 |
+
</script>
|
456 |
+
<script type="text/x-jquery-template" id="wfLiveTrafficMigration">
|
457 |
+
<?php
|
458 |
+
echo wfView::create('common/modal-prompt', array(
|
459 |
+
'title' => __('Recommended Settings Change', 'wordfence'),
|
460 |
+
'messageHTML' => '<p>' . __('Greetings! The default configuration for Wordfence Live Traffic has changed. The new default saves only logins and blocked requests, while this site is currently recording all traffic. Would you like to change to the new default?', 'wordfence') . '</p>' . (!wfRateLimit::identicalHumanBotRateLimits() ? '<p>' . __('Rate limiting based on type of request (human vs crawler) may be less accurate because this prevents loading the extra JavaScript used for that identification.', 'wordfence') . '</p>' : ''),
|
461 |
+
'primaryButton' => array('id' => 'wf-livetrafficmigrate-yes', 'label' => __('Yes Please', 'wordfence'), 'link' => '#', 'type' => 'wf-btn-primary'),
|
462 |
+
'secondaryButtons' => array(
|
463 |
+
array('id' => 'wf-livetrafficmigrate-no', 'label' => __('No Thanks', 'wordfence'), 'link' => '#', 'type' => 'wf-btn-default'),
|
464 |
+
array('id' => 'wf-livetrafficmigrate-learn', 'label' => __('Learn More', 'wordfence'), 'link' => wfSupportController::supportURL(wfSupportController::ITEM_NOTICE_SWITCH_LIVE_TRAFFIC), 'type' => 'wf-btn-default', 'target' => '_blank', 'rel' => 'noopener noreferrer'),
|
465 |
+
),
|
466 |
+
))->render();
|
467 |
+
?>
|
468 |
+
</script>
|
469 |
+
<?php endif; ?>
|
lib/menu_options.php
CHANGED
@@ -87,6 +87,7 @@ if (isset($_GET['source']) && wfPage::isValidPage($_GET['source'])) {
|
|
87 |
'wf-option-notification-scanStatus' => __('Scan Status', 'wordfence'),
|
88 |
'wf-option-alertOn-update' => __('Email me when Wordfence is automatically updated', 'wordfence'),
|
89 |
'wf-option-alertOn-wordfenceDeactivated' => __('Email me if Wordfence is deactivated', 'wordfence'),
|
|
|
90 |
'wf-option-alertOn-scanIssues' => __('Alert me with scan results for issues of this severity level', 'wordfence'),
|
91 |
'wf-option-alertOn-block' => __('Alert when an IP address is blocked', 'wordfence'),
|
92 |
'wf-option-alertOn-loginLockout' => __('Alert when someone is locked out from login', 'wordfence'),
|
@@ -165,6 +166,7 @@ if (isset($_GET['source']) && wfPage::isValidPage($_GET['source'])) {
|
|
165 |
'wf-option-scansEnabled-suspiciousAdminUsers' => __('Scan for admin users created outside of WordPress', 'wordfence'),
|
166 |
'wf-option-scansEnabled-passwds' => __('Check the strength of passwords', 'wordfence'),
|
167 |
'wf-option-scansEnabled-diskSpace' => __('Monitor disk space', 'wordfence'),
|
|
|
168 |
'wf-option-scansEnabled-dns' => __('Scan for unauthorized DNS changes', 'wordfence'),
|
169 |
'wf-option-other-scanOutside' => __('Scan files outside your WordPress installation', 'wordfence'),
|
170 |
'wf-option-scansEnabled-scanImages' => __('Scan images, binary, and other files as if they were executable', 'wordfence'),
|
87 |
'wf-option-notification-scanStatus' => __('Scan Status', 'wordfence'),
|
88 |
'wf-option-alertOn-update' => __('Email me when Wordfence is automatically updated', 'wordfence'),
|
89 |
'wf-option-alertOn-wordfenceDeactivated' => __('Email me if Wordfence is deactivated', 'wordfence'),
|
90 |
+
'wf-option-alertOn-wafDeactivated' => __('Email me if the Wordfence Web Application Firewall is turned off', 'wordfence'),
|
91 |
'wf-option-alertOn-scanIssues' => __('Alert me with scan results for issues of this severity level', 'wordfence'),
|
92 |
'wf-option-alertOn-block' => __('Alert when an IP address is blocked', 'wordfence'),
|
93 |
'wf-option-alertOn-loginLockout' => __('Alert when someone is locked out from login', 'wordfence'),
|
166 |
'wf-option-scansEnabled-suspiciousAdminUsers' => __('Scan for admin users created outside of WordPress', 'wordfence'),
|
167 |
'wf-option-scansEnabled-passwds' => __('Check the strength of passwords', 'wordfence'),
|
168 |
'wf-option-scansEnabled-diskSpace' => __('Monitor disk space', 'wordfence'),
|
169 |
+
'wf-option-scansEnabled-wafStatus' => __('Monitor Web Application Firewall status', 'wordfence'),
|
170 |
'wf-option-scansEnabled-dns' => __('Scan for unauthorized DNS changes', 'wordfence'),
|
171 |
'wf-option-other-scanOutside' => __('Scan files outside your WordPress installation', 'wordfence'),
|
172 |
'wf-option-scansEnabled-scanImages' => __('Scan images, binary, and other files as if they were executable', 'wordfence'),
|
lib/menu_scanner.php
CHANGED
@@ -256,6 +256,7 @@ echo wfView::create('scanner/issue-publiclyAccessible')->render();
|
|
256 |
echo wfView::create('scanner/issue-coreUnknown')->render();
|
257 |
echo wfView::create('scanner/issue-dnsChange')->render();
|
258 |
echo wfView::create('scanner/issue-diskSpace')->render();
|
|
|
259 |
echo wfView::create('scanner/issue-geoipSupport')->render();
|
260 |
echo wfView::create('scanner/issue-easyPassword')->render();
|
261 |
echo wfView::create('scanner/issue-commentBadURL')->render();
|
256 |
echo wfView::create('scanner/issue-coreUnknown')->render();
|
257 |
echo wfView::create('scanner/issue-dnsChange')->render();
|
258 |
echo wfView::create('scanner/issue-diskSpace')->render();
|
259 |
+
echo wfView::create('scanner/issue-wafStatus')->render();
|
260 |
echo wfView::create('scanner/issue-geoipSupport')->render();
|
261 |
echo wfView::create('scanner/issue-easyPassword')->render();
|
262 |
echo wfView::create('scanner/issue-commentBadURL')->render();
|
lib/menu_tools_livetraffic.php
CHANGED
@@ -6,6 +6,34 @@ $w = new wfConfig();
|
|
6 |
(function($) {
|
7 |
$(function() {
|
8 |
document.title = "<?php esc_attr_e('Live Traffic', 'wordfence'); ?>" + " \u2039 " + WFAD.basePageName;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
9 |
});
|
10 |
})(jQuery);
|
11 |
</script>
|
6 |
(function($) {
|
7 |
$(function() {
|
8 |
document.title = "<?php esc_attr_e('Live Traffic', 'wordfence'); ?>" + " \u2039 " + WFAD.basePageName;
|
9 |
+
|
10 |
+
//Hash-based option block linking
|
11 |
+
if (window.location.hash) {
|
12 |
+
var hashes = WFAD.parseHashes();
|
13 |
+
var hash = hashes[hashes.length - 1];
|
14 |
+
var block = $('.wf-block[data-persistence-key="' + hash + '"]');
|
15 |
+
if (block.length) {
|
16 |
+
if (!block.hasClass('wf-active')) {
|
17 |
+
block.find('.wf-block-content').slideDown({
|
18 |
+
always: function() {
|
19 |
+
block.addClass('wf-active');
|
20 |
+
$('html, body').animate({
|
21 |
+
scrollTop: block.offset().top - 100
|
22 |
+
}, 1000);
|
23 |
+
}
|
24 |
+
});
|
25 |
+
|
26 |
+
WFAD.ajax('wordfence_saveDisclosureState', {name: block.data('persistenceKey'), state: true}, function() {});
|
27 |
+
}
|
28 |
+
else {
|
29 |
+
$('html, body').animate({
|
30 |
+
scrollTop: block.offset().top - 100
|
31 |
+
}, 1000);
|
32 |
+
}
|
33 |
+
|
34 |
+
history.replaceState('', document.title, window.location.pathname + window.location.search);
|
35 |
+
}
|
36 |
+
}
|
37 |
});
|
38 |
})(jQuery);
|
39 |
</script>
|
lib/rest-api/wfRESTConfigController.php
CHANGED
@@ -217,6 +217,8 @@ class wfRESTConfigController extends wfRESTBaseController {
|
|
217 |
* @return mixed|WP_REST_Response
|
218 |
*/
|
219 |
public function premiumConnect($request) {
|
|
|
|
|
220 |
// Store values sent by Central.
|
221 |
$wordfenceCentralPK = $request['public-key'];
|
222 |
$wordfenceCentralSiteData = $request['site-data'];
|
217 |
* @return mixed|WP_REST_Response
|
218 |
*/
|
219 |
public function premiumConnect($request) {
|
220 |
+
require_once WORDFENCE_PATH . '/vendor/paragonie/sodium_compat/autoload.php';
|
221 |
+
|
222 |
// Store values sent by Central.
|
223 |
$wordfenceCentralPK = $request['public-key'];
|
224 |
$wordfenceCentralSiteData = $request['site-data'];
|
lib/wfAPI.php
CHANGED
@@ -221,6 +221,11 @@ class wfAPI {
|
|
221 |
}
|
222 |
return wp_http_supports(array('ssl'));
|
223 |
}
|
|
|
|
|
|
|
|
|
|
|
224 |
}
|
225 |
|
226 |
class wfAPICallSSLUnavailableException extends Exception {
|
221 |
}
|
222 |
return wp_http_supports(array('ssl'));
|
223 |
}
|
224 |
+
|
225 |
+
public function getTextImageURL($text) {
|
226 |
+
$apiURL = $this->getAPIURL();
|
227 |
+
return rtrim($apiURL, '/') . '/v' . WORDFENCE_API_VERSION . '/?' . $this->makeAPIQueryString() . '&' . self::buildQuery(array('action' => 'image', 'txt' => base64_encode($text)));
|
228 |
+
}
|
229 |
}
|
230 |
|
231 |
class wfAPICallSSLUnavailableException extends Exception {
|
lib/wfConfig.php
CHANGED
@@ -45,6 +45,7 @@ class wfConfig {
|
|
45 |
"alertOn_nonAdminLogin" => array('value' => false, 'autoload' => self::AUTOLOAD),
|
46 |
"alertOn_firstNonAdminLoginOnly" => array('value' => false, 'autoload' => self::AUTOLOAD),
|
47 |
"alertOn_wordfenceDeactivated" => array('value' => true, 'autoload' => self::AUTOLOAD),
|
|
|
48 |
"liveTrafficEnabled" => array('value' => false, 'autoload' => self::AUTOLOAD),
|
49 |
"advancedCommentScanning" => array('value' => true, 'autoload' => self::AUTOLOAD),
|
50 |
"checkSpamIP" => array('value' => true, 'autoload' => self::AUTOLOAD),
|
@@ -70,6 +71,7 @@ class wfConfig {
|
|
70 |
"scansEnabled_suspiciousOptions" => array('value' => true, 'autoload' => self::AUTOLOAD),
|
71 |
"scansEnabled_passwds" => array('value' => true, 'autoload' => self::AUTOLOAD),
|
72 |
"scansEnabled_diskSpace" => array('value' => true, 'autoload' => self::AUTOLOAD),
|
|
|
73 |
"scansEnabled_options" => array('value' => true, 'autoload' => self::AUTOLOAD),
|
74 |
"scansEnabled_wpscan_fullPathDisclosure" => array('value' => true, 'autoload' => self::AUTOLOAD),
|
75 |
"scansEnabled_wpscan_directoryListingEnabled" => array('value' => true, 'autoload' => self::AUTOLOAD),
|
@@ -1312,6 +1314,17 @@ Options -ExecCGI
|
|
1312 |
$wafConfig->unsetConfig('learningModeGracePeriod');
|
1313 |
}
|
1314 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1315 |
$saved = true;
|
1316 |
break;
|
1317 |
}
|
@@ -1853,6 +1866,7 @@ Options -ExecCGI
|
|
1853 |
'scansEnabled_suspiciousOptions',
|
1854 |
'scansEnabled_passwds',
|
1855 |
'scansEnabled_diskSpace',
|
|
|
1856 |
'scansEnabled_options',
|
1857 |
'scansEnabled_wpscan_fullPathDisclosure',
|
1858 |
'scansEnabled_wpscan_directoryListingEnabled',
|
@@ -2006,6 +2020,7 @@ Options -ExecCGI
|
|
2006 |
'scansEnabled_suspiciousOptions',
|
2007 |
'scansEnabled_passwds',
|
2008 |
'scansEnabled_diskSpace',
|
|
|
2009 |
'scansEnabled_options',
|
2010 |
'scansEnabled_wpscan_fullPathDisclosure',
|
2011 |
'scansEnabled_wpscan_directoryListingEnabled',
|
45 |
"alertOn_nonAdminLogin" => array('value' => false, 'autoload' => self::AUTOLOAD),
|
46 |
"alertOn_firstNonAdminLoginOnly" => array('value' => false, 'autoload' => self::AUTOLOAD),
|
47 |
"alertOn_wordfenceDeactivated" => array('value' => true, 'autoload' => self::AUTOLOAD),
|
48 |
+
"alertOn_wafDeactivated" => array('value' => true, 'autoload' => self::AUTOLOAD),
|
49 |
"liveTrafficEnabled" => array('value' => false, 'autoload' => self::AUTOLOAD),
|
50 |
"advancedCommentScanning" => array('value' => true, 'autoload' => self::AUTOLOAD),
|
51 |
"checkSpamIP" => array('value' => true, 'autoload' => self::AUTOLOAD),
|
71 |
"scansEnabled_suspiciousOptions" => array('value' => true, 'autoload' => self::AUTOLOAD),
|
72 |
"scansEnabled_passwds" => array('value' => true, 'autoload' => self::AUTOLOAD),
|
73 |
"scansEnabled_diskSpace" => array('value' => true, 'autoload' => self::AUTOLOAD),
|
74 |
+
'scansEnabled_wafStatus' => array('value' => true, 'autoload' => self::AUTOLOAD),
|
75 |
"scansEnabled_options" => array('value' => true, 'autoload' => self::AUTOLOAD),
|
76 |
"scansEnabled_wpscan_fullPathDisclosure" => array('value' => true, 'autoload' => self::AUTOLOAD),
|
77 |
"scansEnabled_wpscan_directoryListingEnabled" => array('value' => true, 'autoload' => self::AUTOLOAD),
|
1314 |
$wafConfig->unsetConfig('learningModeGracePeriod');
|
1315 |
}
|
1316 |
|
1317 |
+
$firewall = new wfFirewall();
|
1318 |
+
$firewall->syncStatus(true);
|
1319 |
+
|
1320 |
+
if ($value == wfFirewall::FIREWALL_MODE_DISABLED) {
|
1321 |
+
if (wfConfig::get('alertOn_wafDeactivated')) {
|
1322 |
+
$currentUser = wp_get_current_user();
|
1323 |
+
$username = $currentUser->user_login;
|
1324 |
+
wordfence::alert(__('Wordfence WAF Deactivated', 'wordfence'), sprintf(__('A user with username "%s" deactivated the Wordfence Web Application Firewall on your WordPress site.', 'wordfence'), $username), wfUtils::getIP());
|
1325 |
+
}
|
1326 |
+
}
|
1327 |
+
|
1328 |
$saved = true;
|
1329 |
break;
|
1330 |
}
|
1866 |
'scansEnabled_suspiciousOptions',
|
1867 |
'scansEnabled_passwds',
|
1868 |
'scansEnabled_diskSpace',
|
1869 |
+
'scansEnabled_wafStatus',
|
1870 |
'scansEnabled_options',
|
1871 |
'scansEnabled_wpscan_fullPathDisclosure',
|
1872 |
'scansEnabled_wpscan_directoryListingEnabled',
|
2020 |
'scansEnabled_suspiciousOptions',
|
2021 |
'scansEnabled_passwds',
|
2022 |
'scansEnabled_diskSpace',
|
2023 |
+
'scansEnabled_wafStatus',
|
2024 |
'scansEnabled_options',
|
2025 |
'scansEnabled_wpscan_fullPathDisclosure',
|
2026 |
'scansEnabled_wpscan_directoryListingEnabled',
|
lib/wfIssues.php
CHANGED
@@ -65,6 +65,7 @@ class wfIssues {
|
|
65 |
'timelimit' => wfIssues::SEVERITY_HIGH,
|
66 |
'checkHowGetIPs' => wfIssues::SEVERITY_HIGH,
|
67 |
'diskSpace' => wfIssues::SEVERITY_HIGH,
|
|
|
68 |
'configReadable' => wfIssues::SEVERITY_CRITICAL,
|
69 |
'wfPluginVulnerable' => wfIssues::SEVERITY_HIGH,
|
70 |
'coreUnknown' => wfIssues::SEVERITY_HIGH,
|
@@ -84,7 +85,7 @@ class wfIssues {
|
|
84 |
);
|
85 |
|
86 |
public static function validIssueTypes() {
|
87 |
-
return array('checkHowGetIPs', 'checkSpamIP', 'commentBadURL', 'configReadable', 'coreUnknown', 'database', 'diskSpace', 'dnsChange', 'easyPassword', 'file', 'geoipSupport', 'knownfile', 'optionBadURL', 'postBadTitle', 'postBadURL', 'publiclyAccessible', 'spamvertizeCheck', 'suspiciousAdminUsers', 'timelimit', 'wfPluginAbandoned', 'wfPluginRemoved', 'wfPluginUpgrade', 'wfPluginVulnerable', 'wfThemeUpgrade', 'wfUpgrade', 'wpscan_directoryList', 'wpscan_fullPathDiscl');
|
88 |
}
|
89 |
|
90 |
public static function statusPrep(){
|
65 |
'timelimit' => wfIssues::SEVERITY_HIGH,
|
66 |
'checkHowGetIPs' => wfIssues::SEVERITY_HIGH,
|
67 |
'diskSpace' => wfIssues::SEVERITY_HIGH,
|
68 |
+
'wafStatus' => wfIssues::SEVERITY_CRITICAL,
|
69 |
'configReadable' => wfIssues::SEVERITY_CRITICAL,
|
70 |
'wfPluginVulnerable' => wfIssues::SEVERITY_HIGH,
|
71 |
'coreUnknown' => wfIssues::SEVERITY_HIGH,
|
85 |
);
|
86 |
|
87 |
public static function validIssueTypes() {
|
88 |
+
return array('checkHowGetIPs', 'checkSpamIP', 'commentBadURL', 'configReadable', 'coreUnknown', 'database', 'diskSpace', 'wafStatus', 'dnsChange', 'easyPassword', 'file', 'geoipSupport', 'knownfile', 'optionBadURL', 'postBadTitle', 'postBadURL', 'publiclyAccessible', 'spamvertizeCheck', 'suspiciousAdminUsers', 'timelimit', 'wfPluginAbandoned', 'wfPluginRemoved', 'wfPluginUpgrade', 'wfPluginVulnerable', 'wfThemeUpgrade', 'wfUpgrade', 'wpscan_directoryList', 'wpscan_fullPathDiscl');
|
89 |
}
|
90 |
|
91 |
public static function statusPrep(){
|
lib/wfLog.php
CHANGED
@@ -339,17 +339,32 @@ class wfLog {
|
|
339 |
$sqlArgs = array($afterTime, $limit);
|
340 |
}
|
341 |
if($hitType == 'hits'){
|
|
|
|
|
|
|
342 |
if($type == 'hit'){
|
343 |
$typeSQL = " ";
|
344 |
} else if($type == 'crawler'){
|
345 |
-
|
346 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
347 |
} else if($type == 'gCrawler'){
|
348 |
$typeSQL = " and isGoogle = 1 ";
|
349 |
} else if($type == '404'){
|
350 |
$typeSQL = " and statusCode = 404 ";
|
351 |
} else if($type == 'human'){
|
352 |
-
$
|
|
|
|
|
|
|
|
|
|
|
|
|
353 |
} else if($type == 'ruser'){
|
354 |
$typeSQL = " and userID > 0 ";
|
355 |
} else {
|
@@ -360,6 +375,25 @@ class wfLog {
|
|
360 |
LEFT JOIN {$wpdb->users} u on h.userID = u.ID
|
361 |
where ctime > %f $IPSQL $typeSQL order by ctime desc limit %d");
|
362 |
$results = call_user_func_array(array($this->getDB(), 'querySelect'), $sqlArgs);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
363 |
|
364 |
} else if($hitType == 'logins'){
|
365 |
array_unshift($sqlArgs, "select l.*, u.display_name from {$this->loginsTable} l
|
@@ -387,7 +421,7 @@ class wfLog {
|
|
387 |
$ourURL = parse_url(site_url());
|
388 |
$ourHost = strtolower($ourURL['host']);
|
389 |
$ourHost = preg_replace('/^www\./i', '', $ourHost);
|
390 |
-
$browscap =
|
391 |
|
392 |
$patternBlocks = wfBlock::patternBlocks(true);
|
393 |
|
@@ -466,6 +500,10 @@ class wfLog {
|
|
466 |
'isMobile' => !empty($b['isMobileDevice']) ? $b['isMobileDevice'] : "",
|
467 |
'isCrawler' => !empty($b['Crawler']) ? $b['Crawler'] : "",
|
468 |
);
|
|
|
|
|
|
|
|
|
469 |
}
|
470 |
else {
|
471 |
$IP = wfUtils::getIP();
|
@@ -1402,8 +1440,31 @@ class wfLiveTrafficQuery {
|
|
1402 |
*/
|
1403 |
public function execute() {
|
1404 |
global $wpdb;
|
1405 |
-
$
|
|
|
|
|
1406 |
$results = $wpdb->get_results($sql, ARRAY_A);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1407 |
$this->getWFLog()->processGetHitsResults('', $results);
|
1408 |
|
1409 |
$verifyCrawlers = false;
|
@@ -1431,10 +1492,13 @@ class wfLiveTrafficQuery {
|
|
1431 |
}
|
1432 |
|
1433 |
/**
|
|
|
|
|
|
|
1434 |
* @return string
|
1435 |
* @throws wfLiveTrafficQueryException
|
1436 |
*/
|
1437 |
-
public function buildQuery() {
|
1438 |
global $wpdb;
|
1439 |
$filters = $this->getFilters();
|
1440 |
$groupBy = $this->getGroupBy();
|
@@ -1452,6 +1516,21 @@ class wfLiveTrafficQuery {
|
|
1452 |
}
|
1453 |
|
1454 |
if ($filters instanceof wfLiveTrafficQueryFilterCollection) {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1455 |
$filtersSQL = $filters->toSQL();
|
1456 |
if ($filtersSQL) {
|
1457 |
$wheres[] = $filtersSQL;
|
339 |
$sqlArgs = array($afterTime, $limit);
|
340 |
}
|
341 |
if($hitType == 'hits'){
|
342 |
+
$securityOnly = !wfConfig::liveTrafficEnabled();
|
343 |
+
$delayedHumanBotFiltering = false;
|
344 |
+
|
345 |
if($type == 'hit'){
|
346 |
$typeSQL = " ";
|
347 |
} else if($type == 'crawler'){
|
348 |
+
if ($securityOnly) {
|
349 |
+
$typeSQL = " ";
|
350 |
+
$delayedHumanBotFiltering = true;
|
351 |
+
}
|
352 |
+
else {
|
353 |
+
$now = time();
|
354 |
+
$typeSQL = " and jsRun = 0 and {$now} - ctime > 30 ";
|
355 |
+
}
|
356 |
} else if($type == 'gCrawler'){
|
357 |
$typeSQL = " and isGoogle = 1 ";
|
358 |
} else if($type == '404'){
|
359 |
$typeSQL = " and statusCode = 404 ";
|
360 |
} else if($type == 'human'){
|
361 |
+
if ($securityOnly) {
|
362 |
+
$typeSQL = " ";
|
363 |
+
$delayedHumanBotFiltering = true;
|
364 |
+
}
|
365 |
+
else {
|
366 |
+
$typeSQL = " and jsRun = 1 ";
|
367 |
+
}
|
368 |
} else if($type == 'ruser'){
|
369 |
$typeSQL = " and userID > 0 ";
|
370 |
} else {
|
375 |
LEFT JOIN {$wpdb->users} u on h.userID = u.ID
|
376 |
where ctime > %f $IPSQL $typeSQL order by ctime desc limit %d");
|
377 |
$results = call_user_func_array(array($this->getDB(), 'querySelect'), $sqlArgs);
|
378 |
+
|
379 |
+
if ($delayedHumanBotFiltering) {
|
380 |
+
$browscap = wfBrowscap::shared();
|
381 |
+
foreach ($results as $index => $res) {
|
382 |
+
if ($res['UA']) {
|
383 |
+
$b = $browscap->getBrowser($res['UA']);
|
384 |
+
if ($b && $b['Parent'] != 'DefaultProperties') {
|
385 |
+
$jsRun = wfUtils::truthyToBoolean($res['jsRun']);
|
386 |
+
if (!wfConfig::liveTrafficEnabled() && !$jsRun) {
|
387 |
+
$jsRun = !(isset($b['Crawler']) && $b['Crawler']);
|
388 |
+
}
|
389 |
+
|
390 |
+
if ($type == 'crawler' && $jsRun || $type == 'human' && !$jsRun) {
|
391 |
+
unset($results[$index]);
|
392 |
+
}
|
393 |
+
}
|
394 |
+
}
|
395 |
+
}
|
396 |
+
}
|
397 |
|
398 |
} else if($hitType == 'logins'){
|
399 |
array_unshift($sqlArgs, "select l.*, u.display_name from {$this->loginsTable} l
|
421 |
$ourURL = parse_url(site_url());
|
422 |
$ourHost = strtolower($ourURL['host']);
|
423 |
$ourHost = preg_replace('/^www\./i', '', $ourHost);
|
424 |
+
$browscap = wfBrowscap::shared();
|
425 |
|
426 |
$patternBlocks = wfBlock::patternBlocks(true);
|
427 |
|
500 |
'isMobile' => !empty($b['isMobileDevice']) ? $b['isMobileDevice'] : "",
|
501 |
'isCrawler' => !empty($b['Crawler']) ? $b['Crawler'] : "",
|
502 |
);
|
503 |
+
|
504 |
+
if (isset($res['jsRun']) && !wfConfig::liveTrafficEnabled() && !wfUtils::truthyToBoolean($res['jsRun'])) {
|
505 |
+
$res['jsRun'] = !(isset($b['Crawler']) && $b['Crawler']) ? '1' : '0';
|
506 |
+
}
|
507 |
}
|
508 |
else {
|
509 |
$IP = wfUtils::getIP();
|
1440 |
*/
|
1441 |
public function execute() {
|
1442 |
global $wpdb;
|
1443 |
+
$delayedHumanBotFiltering = false;
|
1444 |
+
$humanOnly = false;
|
1445 |
+
$sql = $this->buildQuery($delayedHumanBotFiltering, $humanOnly);
|
1446 |
$results = $wpdb->get_results($sql, ARRAY_A);
|
1447 |
+
|
1448 |
+
if ($delayedHumanBotFiltering) {
|
1449 |
+
$browscap = wfBrowscap::shared();
|
1450 |
+
foreach ($results as $index => $res) {
|
1451 |
+
if ($res['UA']) {
|
1452 |
+
$b = $browscap->getBrowser($res['UA']);
|
1453 |
+
$jsRun = wfUtils::truthyToBoolean($res['jsRun']);
|
1454 |
+
if ($b && $b['Parent'] != 'DefaultProperties') {
|
1455 |
+
$jsRun = wfUtils::truthyToBoolean($res['jsRun']);
|
1456 |
+
if (!wfConfig::liveTrafficEnabled() && !$jsRun) {
|
1457 |
+
$jsRun = !(isset($b['Crawler']) && $b['Crawler']);
|
1458 |
+
}
|
1459 |
+
}
|
1460 |
+
|
1461 |
+
if (!$humanOnly && $jsRun || $humanOnly && !$jsRun) {
|
1462 |
+
unset($results[$index]);
|
1463 |
+
}
|
1464 |
+
}
|
1465 |
+
}
|
1466 |
+
}
|
1467 |
+
|
1468 |
$this->getWFLog()->processGetHitsResults('', $results);
|
1469 |
|
1470 |
$verifyCrawlers = false;
|
1492 |
}
|
1493 |
|
1494 |
/**
|
1495 |
+
* @param mixed $delayedHumanBotFiltering Whether or not human/bot filtering should be applied in PHP rather than SQL.
|
1496 |
+
* @param mixed $humanOnly When using delayed filtering, whether to show only humans or only bots.
|
1497 |
+
*
|
1498 |
* @return string
|
1499 |
* @throws wfLiveTrafficQueryException
|
1500 |
*/
|
1501 |
+
public function buildQuery(&$delayedHumanBotFiltering = null, &$humanOnly) {
|
1502 |
global $wpdb;
|
1503 |
$filters = $this->getFilters();
|
1504 |
$groupBy = $this->getGroupBy();
|
1516 |
}
|
1517 |
|
1518 |
if ($filters instanceof wfLiveTrafficQueryFilterCollection) {
|
1519 |
+
if (!wfConfig::liveTrafficEnabled()) {
|
1520 |
+
$individualFilters = $filters->getFilters();
|
1521 |
+
foreach ($individualFilters as $index => $f) {
|
1522 |
+
if ($f->getParam() == 'jsRun' && $delayedHumanBotFiltering !== null && $humanOnly !== null) {
|
1523 |
+
$humanOnly = wfUtils::truthyToBoolean($f->getValue());
|
1524 |
+
if ($f->getOperator() == '!=') {
|
1525 |
+
$humanOnly = !$humanOnly;
|
1526 |
+
}
|
1527 |
+
$delayedHumanBotFiltering = true;
|
1528 |
+
unset($individualFilters[$index]);
|
1529 |
+
}
|
1530 |
+
}
|
1531 |
+
$filters->setFilters($individualFilters);
|
1532 |
+
}
|
1533 |
+
|
1534 |
$filtersSQL = $filters->toSQL();
|
1535 |
if ($filtersSQL) {
|
1536 |
$wheres[] = $filtersSQL;
|
lib/wfScanEngine.php
CHANGED
@@ -1409,6 +1409,29 @@ class wfScanEngine {
|
|
1409 |
wfIssues::statusEnd($this->statusIDX['diskSpace'], $haveIssues);
|
1410 |
$this->scanController->completeStage(wfScanner::STAGE_SERVER_STATE, $haveIssues);
|
1411 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1412 |
private function scan_dns(){
|
1413 |
if(! function_exists('dns_get_record')){
|
1414 |
$this->status(1, 'info', "Skipping DNS scan because this system does not support dns_get_record()");
|
1409 |
wfIssues::statusEnd($this->statusIDX['diskSpace'], $haveIssues);
|
1410 |
$this->scanController->completeStage(wfScanner::STAGE_SERVER_STATE, $haveIssues);
|
1411 |
}
|
1412 |
+
private function scan_wafStatus() {
|
1413 |
+
$this->statusIDX['wafStatus'] = wfIssues::statusStart(__('Checking Web Application Firewall status', 'wordfence'));
|
1414 |
+
$this->scanController->startStage(wfScanner::STAGE_SERVER_STATE);
|
1415 |
+
|
1416 |
+
$haveIssues = wfIssues::STATUS_SECURE;
|
1417 |
+
$added = false;
|
1418 |
+
$firewall = new wfFirewall();
|
1419 |
+
if (wfConfig::get('waf_status') !== $firewall->firewallMode() && $firewall->firewallMode() == wfFirewall::FIREWALL_MODE_DISABLED) {
|
1420 |
+
$added = $this->addIssue('wafStatus',
|
1421 |
+
wfIssues::SEVERITY_CRITICAL,
|
1422 |
+
'wafStatus',
|
1423 |
+
'wafStatus' . $firewall->firewallMode(),
|
1424 |
+
__('Web Application Firewall is disabled', 'wordfence'),
|
1425 |
+
sprintf(__('Wordfence\'s Web Application Firewall has been unexpectedly disabled. If you see a notice at the top of the Wordfence admin pages that says "The Wordfence Web Application Firewall cannot run," click the link in that message to rebuild the configuration. If this does not work, you may need to fix file permissions. <a href="%s" target="_blank" rel="noopener noreferrer">More Details</a>', 'wordfence'), wfSupportController::esc_supportURL(wfSupportController::ITEM_SCAN_RESULT_WAF_DISABLED)),
|
1426 |
+
array('wafStatus' => $firewall->firewallMode(), 'wafStatusDisplay' => $firewall->displayText())
|
1427 |
+
);
|
1428 |
+
}
|
1429 |
+
|
1430 |
+
if ($added == wfIssues::ISSUE_ADDED || $added == wfIssues::ISSUE_UPDATED) { $haveIssues = wfIssues::STATUS_PROBLEM; }
|
1431 |
+
else if ($haveIssues != wfIssues::STATUS_SECURE && ($added == wfIssues::ISSUE_IGNOREP || $added == wfIssues::ISSUE_IGNOREC)) { $haveIssues = wfIssues::STATUS_IGNORED; }
|
1432 |
+
wfIssues::statusEnd($this->statusIDX['wafStatus'], $haveIssues);
|
1433 |
+
$this->scanController->completeStage(wfScanner::STAGE_SERVER_STATE, $haveIssues);
|
1434 |
+
}
|
1435 |
private function scan_dns(){
|
1436 |
if(! function_exists('dns_get_record')){
|
1437 |
$this->status(1, 'info', "Skipping DNS scan because this system does not support dns_get_record()");
|
lib/wfSupportController.php
CHANGED
@@ -10,6 +10,7 @@ class wfSupportController {
|
|
10 |
const ITEM_NOTICE_WAF_INACCESSIBLE_CONFIG = 'notice-waf-inaccessible-config';
|
11 |
const ITEM_NOTICE_WAF_READ_ONLY_WARNING = 'notice-waf-read-only-warning';
|
12 |
const ITEM_NOTICE_MISCONFIGURED_HOW_GET_IPS = 'notice-misconfigured-how-get-ips';
|
|
|
13 |
|
14 |
const ITEM_LOCKED_OUT = 'locked-out';
|
15 |
const ITEM_AJAX_BLOCKED = 'ajax-blocked';
|
@@ -121,6 +122,7 @@ class wfSupportController {
|
|
121 |
const ITEM_SCAN_OPTION_UNKNOWN_ADMINS = 'scan-option-unknown-admins';
|
122 |
const ITEM_SCAN_OPTION_PASSWORD_STRENGTH = 'scan-option-password-strength';
|
123 |
const ITEM_SCAN_OPTION_DISK_SPACE = 'scan-option-disk-space';
|
|
|
124 |
const ITEM_SCAN_OPTION_DNS_CHANGES = 'scan-option-dns-changes';
|
125 |
const ITEM_SCAN_OPTION_OUTSIDE_WORDPRESS = 'scan-option-outside-wordpress';
|
126 |
const ITEM_SCAN_OPTION_IMAGES_EXECUTABLE = 'scan-option-images-executable';
|
@@ -142,6 +144,7 @@ class wfSupportController {
|
|
142 |
const ITEM_SCAN_RESULT_PLUGIN_REMOVED = 'scan-result-plugin-removed';
|
143 |
const ITEM_SCAN_RESULT_OPTION_MALWARE_URL = 'scan-result-option-malware-url';
|
144 |
const ITEM_SCAN_RESULT_GEOIP_UPDATE = 'scan-result-geoip-update';
|
|
|
145 |
|
146 |
const ITEM_TOOLS_TWO_FACTOR = 'tools-two-factor';
|
147 |
const ITEM_TOOLS_LIVE_TRAFFIC = 'tools-live-traffic';
|
@@ -178,6 +181,7 @@ class wfSupportController {
|
|
178 |
case self::ITEM_NOTICE_WAF_INACCESSIBLE_CONFIG:
|
179 |
case self::ITEM_NOTICE_WAF_READ_ONLY_WARNING:
|
180 |
case self::ITEM_NOTICE_MISCONFIGURED_HOW_GET_IPS:
|
|
|
181 |
|
182 |
case self::ITEM_LOCKED_OUT:
|
183 |
case self::ITEM_AJAX_BLOCKED:
|
@@ -294,6 +298,7 @@ class wfSupportController {
|
|
294 |
case self::ITEM_SCAN_OPTION_UNKNOWN_ADMINS:
|
295 |
case self::ITEM_SCAN_OPTION_PASSWORD_STRENGTH:
|
296 |
case self::ITEM_SCAN_OPTION_DISK_SPACE:
|
|
|
297 |
case self::ITEM_SCAN_OPTION_DNS_CHANGES:
|
298 |
case self::ITEM_SCAN_OPTION_OUTSIDE_WORDPRESS:
|
299 |
case self::ITEM_SCAN_OPTION_IMAGES_EXECUTABLE:
|
@@ -310,6 +315,7 @@ class wfSupportController {
|
|
310 |
case self::ITEM_SCAN_RESULT_PLUGIN_REMOVED:
|
311 |
case self::ITEM_SCAN_RESULT_OPTION_MALWARE_URL:
|
312 |
case self::ITEM_SCAN_RESULT_GEOIP_UPDATE:
|
|
|
313 |
|
314 |
case self::ITEM_TOOLS_TWO_FACTOR:
|
315 |
case self::ITEM_TOOLS_LIVE_TRAFFIC:
|
10 |
const ITEM_NOTICE_WAF_INACCESSIBLE_CONFIG = 'notice-waf-inaccessible-config';
|
11 |
const ITEM_NOTICE_WAF_READ_ONLY_WARNING = 'notice-waf-read-only-warning';
|
12 |
const ITEM_NOTICE_MISCONFIGURED_HOW_GET_IPS = 'notice-misconfigured-how-get-ips';
|
13 |
+
const ITEM_NOTICE_SWITCH_LIVE_TRAFFIC = 'notice-switch-live-traffic';
|
14 |
|
15 |
const ITEM_LOCKED_OUT = 'locked-out';
|
16 |
const ITEM_AJAX_BLOCKED = 'ajax-blocked';
|
122 |
const ITEM_SCAN_OPTION_UNKNOWN_ADMINS = 'scan-option-unknown-admins';
|
123 |
const ITEM_SCAN_OPTION_PASSWORD_STRENGTH = 'scan-option-password-strength';
|
124 |
const ITEM_SCAN_OPTION_DISK_SPACE = 'scan-option-disk-space';
|
125 |
+
const ITEM_SCAN_OPTION_WAF_STATUS = 'scan-option-waf-status';
|
126 |
const ITEM_SCAN_OPTION_DNS_CHANGES = 'scan-option-dns-changes';
|
127 |
const ITEM_SCAN_OPTION_OUTSIDE_WORDPRESS = 'scan-option-outside-wordpress';
|
128 |
const ITEM_SCAN_OPTION_IMAGES_EXECUTABLE = 'scan-option-images-executable';
|
144 |
const ITEM_SCAN_RESULT_PLUGIN_REMOVED = 'scan-result-plugin-removed';
|
145 |
const ITEM_SCAN_RESULT_OPTION_MALWARE_URL = 'scan-result-option-malware-url';
|
146 |
const ITEM_SCAN_RESULT_GEOIP_UPDATE = 'scan-result-geoip-update';
|
147 |
+
const ITEM_SCAN_RESULT_WAF_DISABLED = 'scan-result-waf-disabled';
|
148 |
|
149 |
const ITEM_TOOLS_TWO_FACTOR = 'tools-two-factor';
|
150 |
const ITEM_TOOLS_LIVE_TRAFFIC = 'tools-live-traffic';
|
181 |
case self::ITEM_NOTICE_WAF_INACCESSIBLE_CONFIG:
|
182 |
case self::ITEM_NOTICE_WAF_READ_ONLY_WARNING:
|
183 |
case self::ITEM_NOTICE_MISCONFIGURED_HOW_GET_IPS:
|
184 |
+
case self::ITEM_NOTICE_SWITCH_LIVE_TRAFFIC:
|
185 |
|
186 |
case self::ITEM_LOCKED_OUT:
|
187 |
case self::ITEM_AJAX_BLOCKED:
|
298 |
case self::ITEM_SCAN_OPTION_UNKNOWN_ADMINS:
|
299 |
case self::ITEM_SCAN_OPTION_PASSWORD_STRENGTH:
|
300 |
case self::ITEM_SCAN_OPTION_DISK_SPACE:
|
301 |
+
case self::ITEM_SCAN_OPTION_WAF_STATUS:
|
302 |
case self::ITEM_SCAN_OPTION_DNS_CHANGES:
|
303 |
case self::ITEM_SCAN_OPTION_OUTSIDE_WORDPRESS:
|
304 |
case self::ITEM_SCAN_OPTION_IMAGES_EXECUTABLE:
|
315 |
case self::ITEM_SCAN_RESULT_PLUGIN_REMOVED:
|
316 |
case self::ITEM_SCAN_RESULT_OPTION_MALWARE_URL:
|
317 |
case self::ITEM_SCAN_RESULT_GEOIP_UPDATE:
|
318 |
+
case self::ITEM_SCAN_RESULT_WAF_DISABLED:
|
319 |
|
320 |
case self::ITEM_TOOLS_TWO_FACTOR:
|
321 |
case self::ITEM_TOOLS_LIVE_TRAFFIC:
|
lib/wordfenceClass.php
CHANGED
@@ -171,7 +171,6 @@ class wordfence {
|
|
171 |
try {
|
172 |
$keyType = wfAPI::KEY_TYPE_FREE;
|
173 |
$keyData = $api->call('ping_api_key', array(), array('supportHash' => wfConfig::get('supportHash', ''), 'whitelistHash' => wfConfig::get('whitelistHash', '')));
|
174 |
-
wfConfig::set('useNoc3Secure', isset($keyData['n3']) ? wfUtils::truthyToBoolean($keyData['n3']) : false);
|
175 |
if (isset($keyData['_isPaidKey'])) {
|
176 |
$keyType = wfConfig::get('keyType');
|
177 |
}
|
@@ -240,7 +239,6 @@ class wordfence {
|
|
240 |
}
|
241 |
catch(Exception $e){
|
242 |
wordfence::status(4, 'error', "Could not verify Wordfence License: " . $e->getMessage());
|
243 |
-
wfConfig::set('useNoc3Secure', false);
|
244 |
}
|
245 |
|
246 |
$allowMySQLi = wfConfig::testDB();
|
@@ -982,13 +980,15 @@ SQL
|
|
982 |
// Set the default scan options based on scan type.
|
983 |
if (!wfConfig::get('config720Migration', false)) {
|
984 |
// Replace critical/warning checkboxes with setting based on numeric severity value.
|
985 |
-
|
986 |
-
|
987 |
-
|
988 |
-
|
989 |
-
|
990 |
-
|
991 |
-
|
|
|
|
|
992 |
}
|
993 |
|
994 |
// Update severity for existing issues where they are still using the old severity values.
|
@@ -1021,6 +1021,12 @@ SQL
|
|
1021 |
|
1022 |
wfConfig::set('config720Migration', true);
|
1023 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
1024 |
|
1025 |
//Check the How does Wordfence get IPs setting
|
1026 |
wfUtils::requestDetectProxyCallback();
|
@@ -2018,6 +2024,9 @@ SQL
|
|
2018 |
$waf->getStorageEngine()->setConfig('wafStatus', 'enabled');
|
2019 |
$waf->getStorageEngine()->setConfig('learningModeGracePeriodEnabled', 0);
|
2020 |
$waf->getStorageEngine()->unsetConfig('learningModeGracePeriod');
|
|
|
|
|
|
|
2021 |
}
|
2022 |
}
|
2023 |
}
|
@@ -2909,7 +2918,7 @@ SQL
|
|
2909 |
}
|
2910 |
|
2911 |
try {
|
2912 |
-
$response = wp_remote_post(
|
2913 |
'timeout' => 1,
|
2914 |
'user-agent' => "Wordfence.com UA " . (defined('WORDFENCE_VERSION') ? WORDFENCE_VERSION : '[Unknown version]'),
|
2915 |
'body' => 'IPs=' . rawurlencode(json_encode($toSend)),
|
@@ -2981,7 +2990,7 @@ SQL
|
|
2981 |
$toSend = array_values($toSend);
|
2982 |
|
2983 |
try {
|
2984 |
-
$response = wp_remote_post(
|
2985 |
'timeout' => 1,
|
2986 |
'user-agent' => "Wordfence.com UA " . (defined('WORDFENCE_VERSION') ? WORDFENCE_VERSION : '[Unknown version]'),
|
2987 |
'body' => 'IPs=' . rawurlencode(json_encode($toSend)),
|
@@ -3037,7 +3046,7 @@ SQL
|
|
3037 |
}
|
3038 |
|
3039 |
try {
|
3040 |
-
$result = wp_remote_get(
|
3041 |
'&IP=' . rawurlencode(filter_var($IP, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) ? wfUtils::inet_aton($IP) : wfUtils::inet_pton($IP)) .
|
3042 |
'&t=' . rawurlencode($hitType) .
|
3043 |
'&type=' . $endpointType,
|
@@ -3717,6 +3726,16 @@ SQL
|
|
3717 |
}
|
3718 |
return array('ok' => 1);
|
3719 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3720 |
public static function ajax_dismissAdminNotice_callback() {
|
3721 |
if (isset($_POST['id'])) {
|
3722 |
wfAdminNoticeQueue::removeAdminNotice($_POST['id']);
|
@@ -5539,7 +5558,7 @@ HTML;
|
|
5539 |
'activityLogUpdate', 'ticker', 'loadIssues', 'updateIssueStatus', 'deleteIssue', 'updateAllIssues',
|
5540 |
'avatarLookup', 'reverseLookup', 'unlockOutIP', 'unblockRange', 'whois', 'recentTraffic', 'unblockIP',
|
5541 |
'blockIP', 'permBlockIP', 'loadStaticPanel', 'updateIPPreview', 'downloadHtaccess', 'downloadLogFile', 'checkHtaccess',
|
5542 |
-
'updateConfig', 'autoUpdateChoice', 'misconfiguredHowGetIPsChoice', 'dismissAdminNotice',
|
5543 |
'killScan', 'saveCountryBlocking', 'tourClosed',
|
5544 |
'downgradeLicense', 'addTwoFactor', 'twoFacActivate', 'twoFacDel',
|
5545 |
'loadTwoFactor', 'sendTestEmail',
|
@@ -5756,6 +5775,61 @@ HTML;
|
|
5756 |
$warningAdded = true;
|
5757 |
}
|
5758 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5759 |
if (wfAdminNoticeQueue::enqueueAdminNotices()) {
|
5760 |
$warningAdded = true;
|
5761 |
}
|
@@ -5797,18 +5871,15 @@ HTML;
|
|
5797 |
|
5798 |
if (!empty($_GET['page']) && $_GET['page'] === 'WordfenceWAF' && !empty($_GET['wafconfigrebuild']) && !WFWAF_SUBDIRECTORY_INSTALL) {
|
5799 |
check_admin_referer('wafconfigrebuild', 'waf-nonce');
|
5800 |
-
|
5801 |
-
|
5802 |
-
if (
|
5803 |
-
$
|
5804 |
-
|
5805 |
-
|
5806 |
-
} else {
|
5807 |
-
$wafMenuURL = admin_url('admin.php?page=WordfenceWAF');
|
5808 |
-
}
|
5809 |
-
wp_redirect($wafMenuURL);
|
5810 |
-
exit;
|
5811 |
}
|
|
|
|
|
5812 |
}
|
5813 |
|
5814 |
$notificationCount = count(wfNotification::notifications());
|
@@ -6622,6 +6693,8 @@ to your httpd.conf if using Apache, or find documentation on how to disable dire
|
|
6622 |
wfWAF::getInstance()->getStorageEngine()->unsetConfig('learningModeGracePeriod');
|
6623 |
}
|
6624 |
wfWAF::getInstance()->getStorageEngine()->setConfig('wafStatus', $_POST['wafStatus']);
|
|
|
|
|
6625 |
}
|
6626 |
|
6627 |
break;
|
171 |
try {
|
172 |
$keyType = wfAPI::KEY_TYPE_FREE;
|
173 |
$keyData = $api->call('ping_api_key', array(), array('supportHash' => wfConfig::get('supportHash', ''), 'whitelistHash' => wfConfig::get('whitelistHash', '')));
|
|
|
174 |
if (isset($keyData['_isPaidKey'])) {
|
175 |
$keyType = wfConfig::get('keyType');
|
176 |
}
|
239 |
}
|
240 |
catch(Exception $e){
|
241 |
wordfence::status(4, 'error', "Could not verify Wordfence License: " . $e->getMessage());
|
|
|
242 |
}
|
243 |
|
244 |
$allowMySQLi = wfConfig::testDB();
|
980 |
// Set the default scan options based on scan type.
|
981 |
if (!wfConfig::get('config720Migration', false)) {
|
982 |
// Replace critical/warning checkboxes with setting based on numeric severity value.
|
983 |
+
if (wfConfig::hasCachedOption('alertOn_critical') && wfConfig::hasCachedOption('alertOn_warnings')) {
|
984 |
+
$alertOnCritical = wfConfig::get('alertOn_critical');
|
985 |
+
$alertOnWarnings = wfConfig::get('alertOn_warnings');
|
986 |
+
wfConfig::set('alertOn_scanIssues', $alertOnCritical || $alertOnWarnings);
|
987 |
+
if ($alertOnCritical && ! $alertOnWarnings) {
|
988 |
+
wfConfig::set('alertOn_severityLevel', wfIssues::SEVERITY_HIGH);
|
989 |
+
} else {
|
990 |
+
wfConfig::set('alertOn_severityLevel', wfIssues::SEVERITY_LOW);
|
991 |
+
}
|
992 |
}
|
993 |
|
994 |
// Update severity for existing issues where they are still using the old severity values.
|
1021 |
|
1022 |
wfConfig::set('config720Migration', true);
|
1023 |
}
|
1024 |
+
|
1025 |
+
//7.2.3
|
1026 |
+
if (wfConfig::get('waf_status') === false) {
|
1027 |
+
$firewall = new wfFirewall();
|
1028 |
+
$firewall->syncStatus(true);
|
1029 |
+
}
|
1030 |
|
1031 |
//Check the How does Wordfence get IPs setting
|
1032 |
wfUtils::requestDetectProxyCallback();
|
2024 |
$waf->getStorageEngine()->setConfig('wafStatus', 'enabled');
|
2025 |
$waf->getStorageEngine()->setConfig('learningModeGracePeriodEnabled', 0);
|
2026 |
$waf->getStorageEngine()->unsetConfig('learningModeGracePeriod');
|
2027 |
+
|
2028 |
+
$firewall = new wfFirewall();
|
2029 |
+
$firewall->syncStatus(true);
|
2030 |
}
|
2031 |
}
|
2032 |
}
|
2918 |
}
|
2919 |
|
2920 |
try {
|
2921 |
+
$response = wp_remote_post(WORDFENCE_HACKATTEMPT_URL_SEC . 'multipleHackAttempts/?k=' . rawurlencode(wfConfig::get('apiKey')) . '&t=brute', array(
|
2922 |
'timeout' => 1,
|
2923 |
'user-agent' => "Wordfence.com UA " . (defined('WORDFENCE_VERSION') ? WORDFENCE_VERSION : '[Unknown version]'),
|
2924 |
'body' => 'IPs=' . rawurlencode(json_encode($toSend)),
|
2990 |
$toSend = array_values($toSend);
|
2991 |
|
2992 |
try {
|
2993 |
+
$response = wp_remote_post(WORDFENCE_HACKATTEMPT_URL_SEC . 'multipleHackAttempts/?k=' . rawurlencode(wfConfig::get('apiKey')) . '&t=brute', array(
|
2994 |
'timeout' => 1,
|
2995 |
'user-agent' => "Wordfence.com UA " . (defined('WORDFENCE_VERSION') ? WORDFENCE_VERSION : '[Unknown version]'),
|
2996 |
'body' => 'IPs=' . rawurlencode(json_encode($toSend)),
|
3046 |
}
|
3047 |
|
3048 |
try {
|
3049 |
+
$result = wp_remote_get(WORDFENCE_HACKATTEMPT_URL_SEC . 'hackAttempt/?k=' . rawurlencode(wfConfig::get('apiKey')) .
|
3050 |
'&IP=' . rawurlencode(filter_var($IP, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) ? wfUtils::inet_aton($IP) : wfUtils::inet_pton($IP)) .
|
3051 |
'&t=' . rawurlencode($hitType) .
|
3052 |
'&type=' . $endpointType,
|
3726 |
}
|
3727 |
return array('ok' => 1);
|
3728 |
}
|
3729 |
+
public static function ajax_switchLiveTrafficSecurityOnlyChoice_callback() {
|
3730 |
+
$choice = $_POST['choice'];
|
3731 |
+
if ($choice == 'yes') {
|
3732 |
+
wfConfig::set('liveTrafficEnabled', false);
|
3733 |
+
}
|
3734 |
+
else {
|
3735 |
+
wfConfig::set('switchLiveTrafficSecurityOnlyChoice', '1');
|
3736 |
+
}
|
3737 |
+
return array('ok' => 1);
|
3738 |
+
}
|
3739 |
public static function ajax_dismissAdminNotice_callback() {
|
3740 |
if (isset($_POST['id'])) {
|
3741 |
wfAdminNoticeQueue::removeAdminNotice($_POST['id']);
|
5558 |
'activityLogUpdate', 'ticker', 'loadIssues', 'updateIssueStatus', 'deleteIssue', 'updateAllIssues',
|
5559 |
'avatarLookup', 'reverseLookup', 'unlockOutIP', 'unblockRange', 'whois', 'recentTraffic', 'unblockIP',
|
5560 |
'blockIP', 'permBlockIP', 'loadStaticPanel', 'updateIPPreview', 'downloadHtaccess', 'downloadLogFile', 'checkHtaccess',
|
5561 |
+
'updateConfig', 'autoUpdateChoice', 'misconfiguredHowGetIPsChoice', 'switchLiveTrafficSecurityOnlyChoice', 'dismissAdminNotice',
|
5562 |
'killScan', 'saveCountryBlocking', 'tourClosed',
|
5563 |
'downgradeLicense', 'addTwoFactor', 'twoFacActivate', 'twoFacDel',
|
5564 |
'loadTwoFactor', 'sendTestEmail',
|
5775 |
$warningAdded = true;
|
5776 |
}
|
5777 |
|
5778 |
+
//Check WAF rules status
|
5779 |
+
$firewall = new wfFirewall();
|
5780 |
+
if ($firewall->firewallMode() != wfFirewall::FIREWALL_MODE_DISABLED) {
|
5781 |
+
try {
|
5782 |
+
$lastChecked = (int) wfWAF::getInstance()->getStorageEngine()->getConfig('lastRuleUpdateCheck', null, 'transient');
|
5783 |
+
$lastUpdated = (int) wfWAF::getInstance()->getStorageEngine()->getConfig('rulesLastUpdated', null, 'transient');
|
5784 |
+
$threshold = time() - (86400 * (wfConfig::get('isPaid') ? 2.5 : 9)); //Refresh rate + 2 days
|
5785 |
+
if ($lastChecked > 0 && $lastUpdated > 0 && $lastChecked < $threshold) {
|
5786 |
+
$nextUpdate = PHP_INT_MAX;
|
5787 |
+
$cron = (array) wfWAF::getInstance()->getStorageEngine()->getConfig('cron', null, 'livewaf');
|
5788 |
+
if (is_array($cron)) {
|
5789 |
+
/** @var wfWAFCronEvent $event */
|
5790 |
+
foreach ($cron as $index => $event) {
|
5791 |
+
if ($event instanceof wfWAFCronFetchRulesEvent) {
|
5792 |
+
$event->setWaf(wfWAF::getInstance());
|
5793 |
+
if (!$event->isInPast()) {
|
5794 |
+
$nextUpdate = min($nextUpdate, $event->getFireTime());
|
5795 |
+
}
|
5796 |
+
}
|
5797 |
+
}
|
5798 |
+
}
|
5799 |
+
|
5800 |
+
$message = sprintf(__('The last rules update for the Wordfence Web Application Firewall was unsuccessful. The last successful update check was %s, so this site may be missing new rules added since then.', 'wordfence'), wfUtils::formatLocalTime(get_option('date_format') . ' ' . get_option('time_format'), $lastChecked));
|
5801 |
+
|
5802 |
+
if (!$firewall->isSubDirectoryInstallation()) {
|
5803 |
+
if ($nextUpdate < PHP_INT_MAX) {
|
5804 |
+
$message .= ' ' . sprintf(__('You may wait for the next automatic attempt at %s or try to <a href="%s">Manually Update</a> by clicking the "Manually Refresh Rules" button below the Rules list.', 'wordfence'), wfUtils::formatLocalTime(get_option('date_format') . ' ' . get_option('time_format'), $nextUpdate), esc_url(network_admin_url('admin.php?page=WordfenceWAF&subpage=waf_options#wf-option-wafRules')));
|
5805 |
+
}
|
5806 |
+
else {
|
5807 |
+
$message .= ' ' . sprintf(__('You may wait for the next automatic attempt or try to <a href="%s">Manually Update</a> by clicking the "Manually Refresh Rules" button below the Rules list.', 'wordfence'), esc_url(network_admin_url('admin.php?page=WordfenceWAF&subpage=waf_options#waf-rules-next-update')));
|
5808 |
+
}
|
5809 |
+
}
|
5810 |
+
else {
|
5811 |
+
if ($nextUpdate < PHP_INT_MAX) {
|
5812 |
+
$message .= ' ' . sprintf(__('You may wait for the next automatic attempt at %s or log into the parent site to manually update by clicking the "Manually Refresh Rules" button below the Rules list.', 'wordfence'), wfUtils::formatLocalTime(get_option('date_format') . ' ' . get_option('time_format'), $nextUpdate));
|
5813 |
+
}
|
5814 |
+
else {
|
5815 |
+
$message .= ' ' . __('You may wait for the next automatic attempt or log into the parent site to manually update by clicking the "Manually Refresh Rules" button below the Rules list.', 'wordfence');
|
5816 |
+
}
|
5817 |
+
}
|
5818 |
+
|
5819 |
+
wfAdminNoticeQueue::addAdminNotice(wfAdminNotice::SEVERITY_CRITICAL, $message, 'waf-rules-failed');
|
5820 |
+
}
|
5821 |
+
else {
|
5822 |
+
wfAdminNoticeQueue::removeAdminNotice(false, 'waf-rules-failed');
|
5823 |
+
}
|
5824 |
+
}
|
5825 |
+
catch (wfWAFStorageFileException $e) {
|
5826 |
+
error_log($e->getMessage());
|
5827 |
+
}
|
5828 |
+
}
|
5829 |
+
else {
|
5830 |
+
wfAdminNoticeQueue::removeAdminNotice(false, 'waf-rules-failed');
|
5831 |
+
}
|
5832 |
+
|
5833 |
if (wfAdminNoticeQueue::enqueueAdminNotices()) {
|
5834 |
$warningAdded = true;
|
5835 |
}
|
5871 |
|
5872 |
if (!empty($_GET['page']) && $_GET['page'] === 'WordfenceWAF' && !empty($_GET['wafconfigrebuild']) && !WFWAF_SUBDIRECTORY_INSTALL) {
|
5873 |
check_admin_referer('wafconfigrebuild', 'waf-nonce');
|
5874 |
+
|
5875 |
+
wfWAF::getInstance()->uninstall();
|
5876 |
+
if (function_exists('network_admin_url') && is_multisite()) {
|
5877 |
+
$wafMenuURL = network_admin_url('admin.php?page=WordfenceWAF');
|
5878 |
+
} else {
|
5879 |
+
$wafMenuURL = admin_url('admin.php?page=WordfenceWAF');
|
|
|
|
|
|
|
|
|
|
|
5880 |
}
|
5881 |
+
wp_redirect($wafMenuURL);
|
5882 |
+
exit;
|
5883 |
}
|
5884 |
|
5885 |
$notificationCount = count(wfNotification::notifications());
|
6693 |
wfWAF::getInstance()->getStorageEngine()->unsetConfig('learningModeGracePeriod');
|
6694 |
}
|
6695 |
wfWAF::getInstance()->getStorageEngine()->setConfig('wafStatus', $_POST['wafStatus']);
|
6696 |
+
$firewall = new wfFirewall();
|
6697 |
+
$firewall->syncStatus(true);
|
6698 |
}
|
6699 |
|
6700 |
break;
|
lib/wordfenceConstants.php
CHANGED
@@ -3,10 +3,7 @@ define('WORDFENCE_API_VERSION', '2.26');
|
|
3 |
define('WORDFENCE_API_URL_SEC', 'https://noc1.wordfence.com/');
|
4 |
define('WORDFENCE_API_URL_NONSEC', 'http://noc1.wordfence.com/');
|
5 |
define('WORDFENCE_API_URL_BASE_SEC', WORDFENCE_API_URL_SEC . 'v' . WORDFENCE_API_VERSION . '/');
|
6 |
-
define('WORDFENCE_API_URL_BASE_NONSEC', WORDFENCE_API_URL_NONSEC . 'v' . WORDFENCE_API_VERSION . '/');
|
7 |
define('WORDFENCE_BREACH_URL_BASE_SEC', WORDFENCE_API_URL_SEC . 'passwords/');
|
8 |
-
define('WORDFENCE_BREACH_URL_BASE_NONSEC', WORDFENCE_API_URL_NONSEC . 'passwords/');
|
9 |
-
define('WORDFENCE_HACKATTEMPT_URL', 'http://noc3.wordfence.com/');
|
10 |
define('WORDFENCE_HACKATTEMPT_URL_SEC', 'https://noc3.wordfence.com/');
|
11 |
if (!defined('WORDFENCE_CENTRAL_URL_SEC')) { define('WORDFENCE_CENTRAL_URL_SEC', 'https://www.wordfence.com/central'); }
|
12 |
if (!defined('WORDFENCE_CENTRAL_API_URL_SEC')) { define('WORDFENCE_CENTRAL_API_URL_SEC', 'https://www.wordfence.com/api/wf'); }
|
3 |
define('WORDFENCE_API_URL_SEC', 'https://noc1.wordfence.com/');
|
4 |
define('WORDFENCE_API_URL_NONSEC', 'http://noc1.wordfence.com/');
|
5 |
define('WORDFENCE_API_URL_BASE_SEC', WORDFENCE_API_URL_SEC . 'v' . WORDFENCE_API_VERSION . '/');
|
|
|
6 |
define('WORDFENCE_BREACH_URL_BASE_SEC', WORDFENCE_API_URL_SEC . 'passwords/');
|
|
|
|
|
7 |
define('WORDFENCE_HACKATTEMPT_URL_SEC', 'https://noc3.wordfence.com/');
|
8 |
if (!defined('WORDFENCE_CENTRAL_URL_SEC')) { define('WORDFENCE_CENTRAL_URL_SEC', 'https://www.wordfence.com/central'); }
|
9 |
if (!defined('WORDFENCE_CENTRAL_API_URL_SEC')) { define('WORDFENCE_CENTRAL_API_URL_SEC', 'https://www.wordfence.com/api/wf'); }
|
models/block/wfRateLimit.php
CHANGED
@@ -66,6 +66,33 @@ class wfRateLimit {
|
|
66 |
return $_cachedHuman404s;
|
67 |
}
|
68 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
69 |
public static function mightRateLimit($hitType) {
|
70 |
if (!wfConfig::get('firewallEnabled')) {
|
71 |
return false;
|
@@ -179,6 +206,22 @@ class wfRateLimit {
|
|
179 |
return true;
|
180 |
}
|
181 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
182 |
public function shouldEnforce($hitType) {
|
183 |
switch ($this->_type) {
|
184 |
case self::TYPE_GLOBAL:
|
66 |
return $_cachedHuman404s;
|
67 |
}
|
68 |
|
69 |
+
/**
|
70 |
+
* Returns whether or not humans and bots have the same rate limits configured.
|
71 |
+
*
|
72 |
+
* @return bool
|
73 |
+
*/
|
74 |
+
public static function identicalHumanBotRateLimits() {
|
75 |
+
$humanViews = self::humanViewsRateLimit();
|
76 |
+
$crawlerViews = self::crawlerViewsRateLimit();
|
77 |
+
if ($humanViews->isEnabled() != $crawlerViews->isEnabled()) {
|
78 |
+
return false;
|
79 |
+
}
|
80 |
+
if ($humanViews->limit() != $crawlerViews->limit()) {
|
81 |
+
return false;
|
82 |
+
}
|
83 |
+
|
84 |
+
$human404s = self::human404sRateLimit();
|
85 |
+
$crawler404s = self::crawler404sRateLimit();
|
86 |
+
if ($human404s->isEnabled() != $crawler404s->isEnabled()) {
|
87 |
+
return false;
|
88 |
+
}
|
89 |
+
if ($human404s->limit() != $crawler404s->limit()) {
|
90 |
+
return false;
|
91 |
+
}
|
92 |
+
|
93 |
+
return true;
|
94 |
+
}
|
95 |
+
|
96 |
public static function mightRateLimit($hitType) {
|
97 |
if (!wfConfig::get('firewallEnabled')) {
|
98 |
return false;
|
206 |
return true;
|
207 |
}
|
208 |
|
209 |
+
public function limit() {
|
210 |
+
switch ($this->_type) {
|
211 |
+
case self::TYPE_GLOBAL:
|
212 |
+
return wfConfig::getInt('maxGlobalRequests');
|
213 |
+
case self::TYPE_CRAWLER_VIEWS:
|
214 |
+
return wfConfig::getInt('maxRequestsCrawlers');
|
215 |
+
case self::TYPE_CRAWLER_404S:
|
216 |
+
return wfConfig::getInt('max404Crawlers');
|
217 |
+
case self::TYPE_HUMAN_VIEWS:
|
218 |
+
return wfConfig::getInt('maxRequestsHumans');
|
219 |
+
case self::TYPE_HUMAN_404S:
|
220 |
+
return wfConfig::getInt('max404Humans');
|
221 |
+
}
|
222 |
+
return -1;
|
223 |
+
}
|
224 |
+
|
225 |
public function shouldEnforce($hitType) {
|
226 |
switch ($this->_type) {
|
227 |
case self::TYPE_GLOBAL:
|
models/firewall/wfFirewall.php
CHANGED
@@ -15,6 +15,70 @@ class wfFirewall
|
|
15 |
const BLACKLIST_MODE_DISABLED = 'disabled';
|
16 |
const BLACKLIST_MODE_ENABLED = 'enabled';
|
17 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
18 |
/**
|
19 |
* Tests the WAF configuration and returns true if successful.
|
20 |
*
|
15 |
const BLACKLIST_MODE_DISABLED = 'disabled';
|
16 |
const BLACKLIST_MODE_ENABLED = 'enabled';
|
17 |
|
18 |
+
/**
|
19 |
+
* Returns a string suitable for display of the firewall status.
|
20 |
+
*
|
21 |
+
* @param null|string $status
|
22 |
+
* @param null|string $protection
|
23 |
+
* @return string
|
24 |
+
*/
|
25 |
+
public function displayText($status = null, $protection = null) {
|
26 |
+
if ($status === null) { $status = $this->firewallMode(); }
|
27 |
+
if ($protection === null) { $protection = $this->protectionMode(); }
|
28 |
+
|
29 |
+
switch ($status) {
|
30 |
+
case self::FIREWALL_MODE_ENABLED:
|
31 |
+
$statusText = __('Enabled', 'wordfence');
|
32 |
+
break;
|
33 |
+
case self::FIREWALL_MODE_LEARNING:
|
34 |
+
$statusText = __('Learning Mode', 'wordfence');
|
35 |
+
break;
|
36 |
+
default:
|
37 |
+
return __('Disabled', 'wordfence');
|
38 |
+
}
|
39 |
+
|
40 |
+
switch ($protection) {
|
41 |
+
case self::PROTECTION_MODE_EXTENDED:
|
42 |
+
$protectionText = __('Extended Protection', 'wordfence');
|
43 |
+
break;
|
44 |
+
default:
|
45 |
+
$protectionText = __('Basic Protection', 'wordfence');
|
46 |
+
break;
|
47 |
+
}
|
48 |
+
|
49 |
+
return sprintf('%s (%s)', $statusText, $protectionText);
|
50 |
+
}
|
51 |
+
|
52 |
+
/**
|
53 |
+
* Syncs the status from WAF to the wfConfig table if $toDatabase is true, the reverse if false.
|
54 |
+
*
|
55 |
+
* @param bool $toDatabase
|
56 |
+
*/
|
57 |
+
public function syncStatus($toDatabase = true) {
|
58 |
+
if ($toDatabase) {
|
59 |
+
try {
|
60 |
+
$status = wfWAF::getInstance()->getStorageEngine()->getConfig('wafStatus');
|
61 |
+
if (in_array($status, array(self::FIREWALL_MODE_DISABLED, self::FIREWALL_MODE_LEARNING, self::FIREWALL_MODE_ENABLED))) {
|
62 |
+
wfConfig::set('waf_status', $status);
|
63 |
+
}
|
64 |
+
}
|
65 |
+
catch (Exception $e) {
|
66 |
+
//Ignore
|
67 |
+
}
|
68 |
+
}
|
69 |
+
else {
|
70 |
+
try {
|
71 |
+
$status = wfConfig::get('waf_status');
|
72 |
+
if (in_array($status, array(self::FIREWALL_MODE_DISABLED, self::FIREWALL_MODE_LEARNING, self::FIREWALL_MODE_ENABLED))) {
|
73 |
+
wfWAF::getInstance()->getStorageEngine()->setConfig('wafStatus', $status);
|
74 |
+
}
|
75 |
+
}
|
76 |
+
catch (Exception $e) {
|
77 |
+
//Ignore
|
78 |
+
}
|
79 |
+
}
|
80 |
+
}
|
81 |
+
|
82 |
/**
|
83 |
* Tests the WAF configuration and returns true if successful.
|
84 |
*
|
models/scanner/wfScanner.php
CHANGED
@@ -155,12 +155,15 @@ class wfScanner {
|
|
155 |
*/
|
156 |
public static function quickScanTypeOptions() {
|
157 |
$oldVersions = true;
|
|
|
158 |
if (wfConfig::get('scanType') == self::SCAN_TYPE_CUSTOM) { //Obey the setting in custom if that's the true scan type
|
159 |
$oldVersions = wfConfig::get('scansEnabled_oldVersions');
|
|
|
160 |
}
|
161 |
|
162 |
return array_merge(self::_inactiveScanOptions(), array(
|
163 |
'scansEnabled_oldVersions' => $oldVersions,
|
|
|
164 |
));
|
165 |
}
|
166 |
|
@@ -177,6 +180,7 @@ class wfScanner {
|
|
177 |
'scansEnabled_fileContentsGSB' => true,
|
178 |
'scansEnabled_suspiciousOptions' => true,
|
179 |
'scansEnabled_oldVersions' => true,
|
|
|
180 |
'lowResourceScansEnabled' => true,
|
181 |
'scan_exclude' => wfConfig::get('scan_exclude', ''),
|
182 |
'scan_include_extra' => wfConfig::get('scan_include_extra', ''),
|
@@ -209,6 +213,7 @@ class wfScanner {
|
|
209 |
'scansEnabled_suspiciousAdminUsers' => true,
|
210 |
'scansEnabled_passwds' => true,
|
211 |
'scansEnabled_diskSpace' => true,
|
|
|
212 |
'scansEnabled_dns' => true,
|
213 |
'scan_exclude' => wfConfig::get('scan_exclude', ''),
|
214 |
'scan_include_extra' => wfConfig::get('scan_include_extra', ''),
|
@@ -243,6 +248,7 @@ class wfScanner {
|
|
243 |
'scansEnabled_suspiciousAdminUsers' => true,
|
244 |
'scansEnabled_passwds' => true,
|
245 |
'scansEnabled_diskSpace' => true,
|
|
|
246 |
'scansEnabled_dns' => true,
|
247 |
'other_scanOutside' => true,
|
248 |
'scansEnabled_scanImages' => true,
|
@@ -298,6 +304,7 @@ class wfScanner {
|
|
298 |
'scansEnabled_suspiciousAdminUsers' => false,
|
299 |
'scansEnabled_passwds' => false,
|
300 |
'scansEnabled_diskSpace' => false,
|
|
|
301 |
'scansEnabled_dns' => false,
|
302 |
'other_scanOutside' => false,
|
303 |
'scansEnabled_scanImages' => false,
|
@@ -352,6 +359,7 @@ class wfScanner {
|
|
352 |
'lowResourceScansEnabled' => 0,
|
353 |
'scan_exclude' => 0,
|
354 |
'scansEnabled_geoipSupport' => 0,
|
|
|
355 |
);
|
356 |
}
|
357 |
|
@@ -496,6 +504,7 @@ class wfScanner {
|
|
496 |
$options = array(
|
497 |
'scansEnabled_checkHowGetIPs',
|
498 |
'scansEnabled_diskSpace',
|
|
|
499 |
'scansEnabled_dns',
|
500 |
'scansEnabled_geoipSupport',
|
501 |
);
|
@@ -857,6 +866,7 @@ class wfScanner {
|
|
857 |
'checkHowGetIPs' => array('scansEnabled_checkHowGetIPs'),
|
858 |
'dns' => array('scansEnabled_dns'),
|
859 |
'diskSpace' => array('scansEnabled_diskSpace'),
|
|
|
860 |
'geoipSupport' => array('scansEnabled_geoipSupport'),
|
861 |
'knownFiles' => ($this->scanType() != self::SCAN_TYPE_QUICK), //Always runs except for quick, options are scansEnabled_core, scansEnabled_themes, scansEnabled_plugins, scansEnabled_coreUnknown, scansEnabled_malware
|
862 |
'checkReadableConfig' => array('scansEnabled_checkReadableConfig'),
|
155 |
*/
|
156 |
public static function quickScanTypeOptions() {
|
157 |
$oldVersions = true;
|
158 |
+
$wafStatus = true;
|
159 |
if (wfConfig::get('scanType') == self::SCAN_TYPE_CUSTOM) { //Obey the setting in custom if that's the true scan type
|
160 |
$oldVersions = wfConfig::get('scansEnabled_oldVersions');
|
161 |
+
$wafStatus = wfConfig::get('scansEnabled_wafStatus');
|
162 |
}
|
163 |
|
164 |
return array_merge(self::_inactiveScanOptions(), array(
|
165 |
'scansEnabled_oldVersions' => $oldVersions,
|
166 |
+
'scansEnabled_wafStatus' => $wafStatus,
|
167 |
));
|
168 |
}
|
169 |
|
180 |
'scansEnabled_fileContentsGSB' => true,
|
181 |
'scansEnabled_suspiciousOptions' => true,
|
182 |
'scansEnabled_oldVersions' => true,
|
183 |
+
'scansEnabled_wafStatus' => true,
|
184 |
'lowResourceScansEnabled' => true,
|
185 |
'scan_exclude' => wfConfig::get('scan_exclude', ''),
|
186 |
'scan_include_extra' => wfConfig::get('scan_include_extra', ''),
|
213 |
'scansEnabled_suspiciousAdminUsers' => true,
|
214 |
'scansEnabled_passwds' => true,
|
215 |
'scansEnabled_diskSpace' => true,
|
216 |
+
'scansEnabled_wafStatus' => true,
|
217 |
'scansEnabled_dns' => true,
|
218 |
'scan_exclude' => wfConfig::get('scan_exclude', ''),
|
219 |
'scan_include_extra' => wfConfig::get('scan_include_extra', ''),
|
248 |
'scansEnabled_suspiciousAdminUsers' => true,
|
249 |
'scansEnabled_passwds' => true,
|
250 |
'scansEnabled_diskSpace' => true,
|
251 |
+
'scansEnabled_wafStatus' => true,
|
252 |
'scansEnabled_dns' => true,
|
253 |
'other_scanOutside' => true,
|
254 |
'scansEnabled_scanImages' => true,
|
304 |
'scansEnabled_suspiciousAdminUsers' => false,
|
305 |
'scansEnabled_passwds' => false,
|
306 |
'scansEnabled_diskSpace' => false,
|
307 |
+
'scansEnabled_wafStatus' => false,
|
308 |
'scansEnabled_dns' => false,
|
309 |
'other_scanOutside' => false,
|
310 |
'scansEnabled_scanImages' => false,
|
359 |
'lowResourceScansEnabled' => 0,
|
360 |
'scan_exclude' => 0,
|
361 |
'scansEnabled_geoipSupport' => 0,
|
362 |
+
'scansEnabled_wafStatus' => 0,
|
363 |
);
|
364 |
}
|
365 |
|
504 |
$options = array(
|
505 |
'scansEnabled_checkHowGetIPs',
|
506 |
'scansEnabled_diskSpace',
|
507 |
+
'scansEnabled_wafStatus',
|
508 |
'scansEnabled_dns',
|
509 |
'scansEnabled_geoipSupport',
|
510 |
);
|
866 |
'checkHowGetIPs' => array('scansEnabled_checkHowGetIPs'),
|
867 |
'dns' => array('scansEnabled_dns'),
|
868 |
'diskSpace' => array('scansEnabled_diskSpace'),
|
869 |
+
'wafStatus' => array('scansEnabled_wafStatus'),
|
870 |
'geoipSupport' => array('scansEnabled_geoipSupport'),
|
871 |
'knownFiles' => ($this->scanType() != self::SCAN_TYPE_QUICK), //Always runs except for quick, options are scansEnabled_core, scansEnabled_themes, scansEnabled_plugins, scansEnabled_coreUnknown, scansEnabled_malware
|
872 |
'checkReadableConfig' => array('scansEnabled_checkReadableConfig'),
|
readme.txt
CHANGED
@@ -4,7 +4,7 @@ Tags: security, firewall, malware scanner, web application firewall, antivirus,
|
|
4 |
Requires at least: 3.9
|
5 |
Requires PHP: 5.3
|
6 |
Tested up to: 5.1
|
7 |
-
Stable tag: 7.2.
|
8 |
|
9 |
Secure your website with the most comprehensive WordPress security plugin. Firewall, malware scan, blocking, live traffic, login security & more.
|
10 |
|
@@ -177,6 +177,19 @@ Secure your website with Wordfence.
|
|
177 |
|
178 |
== Changelog ==
|
179 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
180 |
= 7.2.2 - February 14, 2019 =
|
181 |
* Improvement: Updated GeoIP database.
|
182 |
* Fix: Syncing requests from Wordfence Central no longer appear in Live Traffic.
|
4 |
Requires at least: 3.9
|
5 |
Requires PHP: 5.3
|
6 |
Tested up to: 5.1
|
7 |
+
Stable tag: 7.2.3
|
8 |
|
9 |
Secure your website with the most comprehensive WordPress security plugin. Firewall, malware scan, blocking, live traffic, login security & more.
|
10 |
|
177 |
|
178 |
== Changelog ==
|
179 |
|
180 |
+
= 7.2.3 - February 28, 2019 =
|
181 |
+
* Improvement: Country names are now shown instead of two letter codes where appropriate.
|
182 |
+
* Improvement: Updated the service whitelist to reflect additions to the Facebook IP ranges.
|
183 |
+
* Improvement: Added alerting for when the WAF is disabled for any reason.
|
184 |
+
* Improvement: Additional alerting and troubleshooting steps for WAF configuration issues.
|
185 |
+
* Change: Live Traffic human/bot status will additionally be based on the browscap record in security-only mode.
|
186 |
+
* Change: Added dismissible prompt to switch Live Traffic to security-only mode.
|
187 |
+
* Fix: The scan issues alerting option is now set correctly for new installations.
|
188 |
+
* Fix: Fixed a transparency issue with flags for Switzerland and Nepal.
|
189 |
+
* Fix: Fixed the malware link image rendering in scan issue emails and switched to always use https.
|
190 |
+
* Fix: WAF-related scheduled tasks are now more resilient to connection timeouts or memory issues.
|
191 |
+
* Fix: Fixed Wordfence Central connection flow within the first time experience.
|
192 |
+
|
193 |
= 7.2.2 - February 14, 2019 =
|
194 |
* Improvement: Updated GeoIP database.
|
195 |
* Fix: Syncing requests from Wordfence Central no longer appear in Live Traffic.
|
vendor/wordfence/wf-waf/src/lib/waf.php
CHANGED
@@ -182,31 +182,44 @@ auEa+7b+FGTKs7dUo2BNGR7OVifK4GZ8w/ajS0TelhrSRi3BBQCGXLzUO/UURUAh
|
|
182 |
public function runCron() {
|
183 |
if (!wfWAFStorageFile::allowFileWriting()) { return false; }
|
184 |
|
|
|
|
|
185 |
if ((
|
186 |
-
$
|
187 |
-
$
|
188 |
) &&
|
189 |
-
$
|
190 |
) {
|
191 |
$this->sendAttackData();
|
192 |
}
|
193 |
-
$cron = $
|
|
|
|
|
194 |
if (is_array($cron)) {
|
195 |
/** @var wfWAFCronEvent $event */
|
196 |
foreach ($cron as $index => $event) {
|
197 |
$event->setWaf($this);
|
198 |
if ($event->isInPast()) {
|
199 |
-
$event
|
200 |
$newEvent = $event->reschedule();
|
201 |
if ($newEvent instanceof wfWAFCronEvent && $newEvent !== $event) {
|
202 |
$cron[$index] = $newEvent;
|
|
|
203 |
} else {
|
204 |
unset($cron[$index]);
|
205 |
}
|
206 |
}
|
207 |
}
|
208 |
}
|
209 |
-
$
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
210 |
}
|
211 |
|
212 |
/**
|
@@ -1853,6 +1866,11 @@ class wfWAFCronFetchRulesEvent extends wfWAFCronEvent {
|
|
1853 |
error_log($e->getMessage());
|
1854 |
$success = false;
|
1855 |
}
|
|
|
|
|
|
|
|
|
|
|
1856 |
return $success;
|
1857 |
}
|
1858 |
|
182 |
public function runCron() {
|
183 |
if (!wfWAFStorageFile::allowFileWriting()) { return false; }
|
184 |
|
185 |
+
$storage = $this->getStorageEngine();
|
186 |
+
|
187 |
if ((
|
188 |
+
$storage->getConfig('attackDataNextInterval', null, 'transient') === null ||
|
189 |
+
$storage->getConfig('attackDataNextInterval', time() + 0xffff, 'transient') <= time()
|
190 |
) &&
|
191 |
+
$storage->hasPreviousAttackData(microtime(true) - (60 * 5))
|
192 |
) {
|
193 |
$this->sendAttackData();
|
194 |
}
|
195 |
+
$cron = $storage->getConfig('cron', null, 'livewaf');
|
196 |
+
$run = array();
|
197 |
+
$updated = false;
|
198 |
if (is_array($cron)) {
|
199 |
/** @var wfWAFCronEvent $event */
|
200 |
foreach ($cron as $index => $event) {
|
201 |
$event->setWaf($this);
|
202 |
if ($event->isInPast()) {
|
203 |
+
$run[$index] = $event;
|
204 |
$newEvent = $event->reschedule();
|
205 |
if ($newEvent instanceof wfWAFCronEvent && $newEvent !== $event) {
|
206 |
$cron[$index] = $newEvent;
|
207 |
+
$updated = true;
|
208 |
} else {
|
209 |
unset($cron[$index]);
|
210 |
}
|
211 |
}
|
212 |
}
|
213 |
}
|
214 |
+
$storage->setConfig('cron', $cron, 'livewaf');
|
215 |
+
|
216 |
+
if ($updated && method_exists($storage, 'saveConfig')) {
|
217 |
+
$storage->saveConfig('livewaf');
|
218 |
+
}
|
219 |
+
|
220 |
+
foreach ($run as $index => $event) {
|
221 |
+
$event->fire();
|
222 |
+
}
|
223 |
}
|
224 |
|
225 |
/**
|
1866 |
error_log($e->getMessage());
|
1867 |
$success = false;
|
1868 |
}
|
1869 |
+
|
1870 |
+
if ($success) {
|
1871 |
+
$waf->getStorageEngine()->setConfig('lastRuleUpdateCheck', time(), 'transient');
|
1872 |
+
}
|
1873 |
+
|
1874 |
return $success;
|
1875 |
}
|
1876 |
|
views/common/modal-prompt.php
CHANGED
@@ -10,7 +10,7 @@ if (!defined('WORDFENCE_VERSION')) { exit; }
|
|
10 |
* @var string $message The message for the prompt.
|
11 |
* @var string $messageHTML The raw HTML message for the prompt. This supersedes $message.
|
12 |
* @var array $primaryButton The parameters for the primary button. The array is in the format array('id' => <element id>, 'label' => <button text>, 'link' => <href value>)
|
13 |
-
* @var array $secondaryButtons The parameters for any secondary buttons. It is an array of arrays in the format array('id' => <element id>, 'label' => <button text>, 'link' => <href value>). The ordering of entries is the right-to-left order the buttons will be displayed.
|
14 |
*/
|
15 |
|
16 |
if (!isset($titleHTML)) {
|
@@ -43,7 +43,7 @@ $secondaryButtons = array_reverse($secondaryButtons);
|
|
43 |
<div class="wf-modal-footer">
|
44 |
<ul class="wf-flex-horizontal wf-flex-align-right wf-full-width">
|
45 |
<?php foreach ($secondaryButtons as $button): ?>
|
46 |
-
<li class="wf-padding-add-left-small"><a href="<?php echo esc_attr($button['link']); ?>" class="wf-btn <?php echo isset($button['type']) ? $button['type'] : 'wf-btn-default'; ?> wf-btn-callout-subtle" id="<?php echo esc_attr($button['id']); ?>"
|
47 |
<?php endforeach; ?>
|
48 |
<li class="wf-padding-add-left-small"><a href="<?php echo esc_attr($primaryButton['link']); ?>" class="wf-btn <?php echo isset($primaryButton['type']) ? $primaryButton['type'] : 'wf-btn-primary'; ?> wf-btn-callout-subtle" id="<?php echo esc_attr($primaryButton['id']); ?>"><?php echo isset($primaryButton['labelHTML']) ? $primaryButton['labelHTML'] : esc_html($primaryButton['label']); ?></a></li>
|
49 |
</ul>
|
10 |
* @var string $message The message for the prompt.
|
11 |
* @var string $messageHTML The raw HTML message for the prompt. This supersedes $message.
|
12 |
* @var array $primaryButton The parameters for the primary button. The array is in the format array('id' => <element id>, 'label' => <button text>, 'link' => <href value>)
|
13 |
+
* @var array $secondaryButtons The parameters for any secondary buttons. It is an array of arrays in the format array('id' => <element id>, 'label' => <button text>, 'link' => <href value>, 'target' => <target value, optional>, 'rel' => <rel value, optional>). The ordering of entries is the right-to-left order the buttons will be displayed.
|
14 |
*/
|
15 |
|
16 |
if (!isset($titleHTML)) {
|
43 |
<div class="wf-modal-footer">
|
44 |
<ul class="wf-flex-horizontal wf-flex-align-right wf-full-width">
|
45 |
<?php foreach ($secondaryButtons as $button): ?>
|
46 |
+
<li class="wf-padding-add-left-small"><a href="<?php echo esc_attr($button['link']); ?>" class="wf-btn <?php echo isset($button['type']) ? $button['type'] : 'wf-btn-default'; ?> wf-btn-callout-subtle" id="<?php echo esc_attr($button['id']); ?>"<?php if (isset($button['target'])) { echo ' target="' . esc_attr($button['target']) . '"'; } ?><?php if (isset($button['rel'])) { echo ' rel="' . esc_attr($button['rel']) . '"'; } ?>><?php echo isset($button['labelHTML']) ? $button['labelHTML'] : esc_html($button['label']); ?></a></li>
|
47 |
<?php endforeach; ?>
|
48 |
<li class="wf-padding-add-left-small"><a href="<?php echo esc_attr($primaryButton['link']); ?>" class="wf-btn <?php echo isset($primaryButton['type']) ? $primaryButton['type'] : 'wf-btn-primary'; ?> wf-btn-callout-subtle" id="<?php echo esc_attr($primaryButton['id']); ?>"><?php echo isset($primaryButton['labelHTML']) ? $primaryButton['labelHTML'] : esc_html($primaryButton['label']); ?></a></li>
|
49 |
</ul>
|
views/dashboard/options-group-alert.php
CHANGED
@@ -49,6 +49,17 @@ if (!isset($collapseable)) {
|
|
49 |
))->render();
|
50 |
?>
|
51 |
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
52 |
<li>
|
53 |
|
54 |
<?php
|
49 |
))->render();
|
50 |
?>
|
51 |
</li>
|
52 |
+
<li>
|
53 |
+
<?php
|
54 |
+
echo wfView::create('options/option-toggled', array(
|
55 |
+
'optionName' => 'alertOn_wafDeactivated',
|
56 |
+
'enabledValue' => 1,
|
57 |
+
'disabledValue' => 0,
|
58 |
+
'value' => wfConfig::get('alertOn_wafDeactivated') ? 1 : 0,
|
59 |
+
'title' => __('Email me if the Wordfence Web Application Firewall is turned off', 'wordfence'),
|
60 |
+
))->render();
|
61 |
+
?>
|
62 |
+
</li>
|
63 |
<li>
|
64 |
|
65 |
<?php
|
views/reports/activity-report-email-inline.php
CHANGED
@@ -161,7 +161,7 @@ h6 a:visited { color: purple !important; }
|
|
161 |
<span class="wf-flag <?php echo esc_attr('wf-flag-' . $key); ?>" style="display: inline-block;vertical-align: middle;
|
162 |
margin: 0;padding: 0; border: 0;background-repeat: no-repeat;background-position: <?php echo $offset; ?>;width: 16px;height: 11px;background-image: url('<?php echo esc_attr(wfUtils::getBaseURL() . 'images/flags.png'); ?>')"></span>
|
163 |
|
164 |
-
<?php echo esc_html($row->
|
165 |
<?php else: ?>
|
166 |
<?php _e('(Unknown)', 'wordfence'); ?>
|
167 |
<?php endif ?>
|
@@ -215,7 +215,7 @@ h6 a:visited { color: purple !important; }
|
|
215 |
<span class="wf-flag <?php echo esc_attr('wf-flag-' . $key); ?>" style="display: inline-block;vertical-align: middle;
|
216 |
margin: 0;padding: 0; border: 0;background-repeat: no-repeat;background-position: <?php echo $offset; ?>;width: 16px;height: 11px;background-image: url('<?php echo esc_attr(wfUtils::getBaseURL() . 'images/flags.png'); ?>')"></span>
|
217 |
|
218 |
-
<?php echo esc_html($row->
|
219 |
<?php else: ?>
|
220 |
<?php _e('(Unknown)', 'wordfence'); ?>
|
221 |
<?php endif ?>
|
161 |
<span class="wf-flag <?php echo esc_attr('wf-flag-' . $key); ?>" style="display: inline-block;vertical-align: middle;
|
162 |
margin: 0;padding: 0; border: 0;background-repeat: no-repeat;background-position: <?php echo $offset; ?>;width: 16px;height: 11px;background-image: url('<?php echo esc_attr(wfUtils::getBaseURL() . 'images/flags.png'); ?>')"></span>
|
163 |
|
164 |
+
<?php echo esc_html($row->countryName) ?>
|
165 |
<?php else: ?>
|
166 |
<?php _e('(Unknown)', 'wordfence'); ?>
|
167 |
<?php endif ?>
|
215 |
<span class="wf-flag <?php echo esc_attr('wf-flag-' . $key); ?>" style="display: inline-block;vertical-align: middle;
|
216 |
margin: 0;padding: 0; border: 0;background-repeat: no-repeat;background-position: <?php echo $offset; ?>;width: 16px;height: 11px;background-image: url('<?php echo esc_attr(wfUtils::getBaseURL() . 'images/flags.png'); ?>')"></span>
|
217 |
|
218 |
+
<?php echo esc_html($row->countryName) ?>
|
219 |
<?php else: ?>
|
220 |
<?php _e('(Unknown)', 'wordfence'); ?>
|
221 |
<?php endif ?>
|
views/reports/activity-report.php
CHANGED
@@ -13,8 +13,8 @@ if (!defined('WORDFENCE_VERSION')) { exit; }
|
|
13 |
<table class="wf-striped-table wf-fixed-table">
|
14 |
<thead>
|
15 |
<tr>
|
16 |
-
<th width="
|
17 |
-
<th width="
|
18 |
<th width="25%"><?php _e('Block Count', 'wordfence'); ?></th>
|
19 |
</tr>
|
20 |
</thead>
|
@@ -29,7 +29,7 @@ if (!defined('WORDFENCE_VERSION')) { exit; }
|
|
29 |
<?php if ($row->countryCode): ?>
|
30 |
<span class="wf-flag <?php echo esc_attr('wf-flag-' . strtolower($row->countryCode)); ?>" title="<?php echo esc_attr($row->countryName); ?>"></span>
|
31 |
|
32 |
-
<?php echo esc_html($row->
|
33 |
<?php else: ?>
|
34 |
<?php _e('(Unknown)', 'wordfence'); ?>
|
35 |
<?php endif ?>
|
@@ -73,7 +73,7 @@ if (!defined('WORDFENCE_VERSION')) { exit; }
|
|
73 |
<?php if ($row->countryCode): ?>
|
74 |
<span class="wf-flag <?php echo esc_attr('wf-flag-' . strtolower($row->countryCode)); ?>" title="<?php echo esc_attr($row->countryName); ?>"></span>
|
75 |
|
76 |
-
<?php echo esc_html($row->
|
77 |
<?php else: ?>
|
78 |
<?php _e('(Unknown)', 'wordfence'); ?>
|
79 |
<?php endif ?>
|
13 |
<table class="wf-striped-table wf-fixed-table">
|
14 |
<thead>
|
15 |
<tr>
|
16 |
+
<th width="40%"><?php _e('IP', 'wordfence'); ?></th>
|
17 |
+
<th width="35%"><?php _e('Country', 'wordfence'); ?></th>
|
18 |
<th width="25%"><?php _e('Block Count', 'wordfence'); ?></th>
|
19 |
</tr>
|
20 |
</thead>
|
29 |
<?php if ($row->countryCode): ?>
|
30 |
<span class="wf-flag <?php echo esc_attr('wf-flag-' . strtolower($row->countryCode)); ?>" title="<?php echo esc_attr($row->countryName); ?>"></span>
|
31 |
|
32 |
+
<?php echo esc_html($row->countryName) ?>
|
33 |
<?php else: ?>
|
34 |
<?php _e('(Unknown)', 'wordfence'); ?>
|
35 |
<?php endif ?>
|
73 |
<?php if ($row->countryCode): ?>
|
74 |
<span class="wf-flag <?php echo esc_attr('wf-flag-' . strtolower($row->countryCode)); ?>" title="<?php echo esc_attr($row->countryName); ?>"></span>
|
75 |
|
76 |
+
<?php echo esc_html($row->countryName) ?>
|
77 |
<?php else: ?>
|
78 |
<?php _e('(Unknown)', 'wordfence'); ?>
|
79 |
<?php endif ?>
|
views/scanner/issue-wafStatus.php
ADDED
@@ -0,0 +1,25 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
if (!defined('WORDFENCE_VERSION')) { exit; }
|
3 |
+
/**
|
4 |
+
* Presents an issue template.
|
5 |
+
*/
|
6 |
+
echo wfView::create('scanner/issue-base', array(
|
7 |
+
'internalType' => 'wafStatus',
|
8 |
+
'displayType' => __('WAF Status', 'wordfence'),
|
9 |
+
'iconSVG' => '<svg viewBox="0 0 116.8 91.77"><path d="M112.17,35.72A57.35,57.35,0,0,0,81.08,4.63a57.88,57.88,0,0,0-45.36,0A57.38,57.38,0,0,0,4.63,35.72,58.26,58.26,0,0,0,9.19,89.88a4,4,0,0,0,3.52,1.89h91.38a4,4,0,0,0,3.52-1.89,58.25,58.25,0,0,0,4.56-54.16ZM52.5,10.79a8.34,8.34,0,0,1,14.24,5.9,8,8,0,0,1-2.44,5.9,8.34,8.34,0,0,1-11.8,0,8,8,0,0,1-2.44-5.9,8,8,0,0,1,2.44-5.9ZM22.59,64.3a8,8,0,0,1-5.9,2.45,8,8,0,0,1-5.9-2.45,8.34,8.34,0,0,1,0-11.8,8,8,0,0,1,5.9-2.45,8,8,0,0,1,5.9,2.45,8.35,8.35,0,0,1,0,11.8ZM35.1,35.1a8.34,8.34,0,0,1-11.8,0,8.34,8.34,0,0,1,0-11.8,8.35,8.35,0,0,1,11.8,0,8.34,8.34,0,0,1,0,11.8ZM72,35.65l-6.59,24.9a12.39,12.39,0,0,1,4.7,5.93,12.54,12.54,0,0,1-5.41,15.25A12.2,12.2,0,0,1,55.21,83a12,12,0,0,1-7.63-5.8,12.49,12.49,0,0,1,2.8-15.94,12.42,12.42,0,0,1,7-2.84l6.59-24.9a4.1,4.1,0,0,1,2-2.57A3.88,3.88,0,0,1,69,30.57a4.27,4.27,0,0,1,3,5.08Zm9.68-.56a8.34,8.34,0,0,1,0-11.8,8.34,8.34,0,0,1,14.24,5.9A8.34,8.34,0,0,1,81.7,35.1ZM106,64.3a8.34,8.34,0,1,1-11.8-11.8A8.34,8.34,0,1,1,106,64.3Zm0,0"/></svg>',
|
10 |
+
'summaryControls' => array(wfView::create('scanner/issue-control-ignore', array('ignoreP' => __('Ignore', 'wordfence'))), wfView::create('scanner/issue-control-show-details')),
|
11 |
+
'detailPairs' => array(
|
12 |
+
__('Status', 'wordfence') => '${data.wafStatusDisplay}',
|
13 |
+
null,
|
14 |
+
__('Details', 'wordfence') => '{{html longMsg}}',
|
15 |
+
),
|
16 |
+
'detailControls' => array(
|
17 |
+
'<a href="#" class="wf-btn wf-btn-default wf-btn-callout-subtle wf-issue-control-mark-fixed">' . __('Mark as Fixed', 'wordfence') . '</a>',
|
18 |
+
),
|
19 |
+
'textOutput' => (isset($textOutput) ? $textOutput : null),
|
20 |
+
'textOutputDetailPairs' => array(
|
21 |
+
__('Status', 'wordfence') => '$data.wafStatusDisplay',
|
22 |
+
null,
|
23 |
+
__('Details', 'wordfence') => '$longMsg',
|
24 |
+
),
|
25 |
+
))->render();
|
views/scanner/options-group-general.php
CHANGED
@@ -49,6 +49,7 @@ if (!isset($collapseable)) {
|
|
49 |
array('key' => 'scansEnabled_suspiciousAdminUsers', 'label' => __('Scan for admin users created outside of WordPress', 'wordfence'), 'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_SCAN_OPTION_UNKNOWN_ADMINS)),
|
50 |
array('key' => 'scansEnabled_passwds', 'label' => __('Check the strength of passwords', 'wordfence'), 'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_SCAN_OPTION_PASSWORD_STRENGTH)),
|
51 |
array('key' => 'scansEnabled_diskSpace', 'label' => __('Monitor disk space', 'wordfence'), 'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_SCAN_OPTION_DISK_SPACE)),
|
|
|
52 |
array('key' => 'scansEnabled_dns', 'label' => __('Scan for unauthorized DNS changes', 'wordfence'), 'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_SCAN_OPTION_DNS_CHANGES)),
|
53 |
array('key' => 'other_scanOutside', 'label' => __('Scan files outside your WordPress installation', 'wordfence'), 'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_SCAN_OPTION_OUTSIDE_WORDPRESS)),
|
54 |
array('key' => 'scansEnabled_scanImages', 'label' => __('Scan images, binary, and other files as if they were executable', 'wordfence'), 'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_SCAN_OPTION_IMAGES_EXECUTABLE)),
|
49 |
array('key' => 'scansEnabled_suspiciousAdminUsers', 'label' => __('Scan for admin users created outside of WordPress', 'wordfence'), 'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_SCAN_OPTION_UNKNOWN_ADMINS)),
|
50 |
array('key' => 'scansEnabled_passwds', 'label' => __('Check the strength of passwords', 'wordfence'), 'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_SCAN_OPTION_PASSWORD_STRENGTH)),
|
51 |
array('key' => 'scansEnabled_diskSpace', 'label' => __('Monitor disk space', 'wordfence'), 'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_SCAN_OPTION_DISK_SPACE)),
|
52 |
+
array('key' => 'scansEnabled_wafStatus', 'label' => __('Monitor Web Application Firewall status', 'wordfence'), 'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_SCAN_OPTION_WAF_STATUS)),
|
53 |
array('key' => 'scansEnabled_dns', 'label' => __('Scan for unauthorized DNS changes', 'wordfence'), 'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_SCAN_OPTION_DNS_CHANGES)),
|
54 |
array('key' => 'other_scanOutside', 'label' => __('Scan files outside your WordPress installation', 'wordfence'), 'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_SCAN_OPTION_OUTSIDE_WORDPRESS)),
|
55 |
array('key' => 'scansEnabled_scanImages', 'label' => __('Scan images, binary, and other files as if they were executable', 'wordfence'), 'helpLink' => wfSupportController::supportURL(wfSupportController::ITEM_SCAN_OPTION_IMAGES_EXECUTABLE)),
|
views/waf/option-rules.php
CHANGED
@@ -6,7 +6,7 @@ if (!defined('WORDFENCE_VERSION')) { exit; }
|
|
6 |
<li class="wf-option-subtitle"><?php echo ($firewall->isSubDirectoryInstallation() ? __('You are currently running the WAF from another WordPress installation. These rules can be disabled or enabled once you configure the firewall to run correctly on this site.', 'wordfence') : ''); ?></li>
|
7 |
<li id="waf-rules-wrapper" class="wf-add-top"></li>
|
8 |
<?php if (!WFWAF_SUBDIRECTORY_INSTALL): ?>
|
9 |
-
<li>
|
10 |
<ul class="wf-option wf-option-footer wf-padding-no-bottom">
|
11 |
<li><a class="wf-btn wf-btn-default waf-rules-refresh" href="#"><?php _e('Manually Refresh Rules', 'wordfence'); ?></a> </li>
|
12 |
<li class="wf-padding-add-top-xs-small"><em id="waf-rules-next-update"></em></li>
|
@@ -29,9 +29,11 @@ if (!defined('WORDFENCE_VERSION')) { exit; }
|
|
29 |
if (is_array($cron)) {
|
30 |
/** @var wfWAFCronEvent $event */
|
31 |
foreach ($cron as $index => $event) {
|
32 |
-
$event
|
33 |
-
|
34 |
-
|
|
|
|
|
35 |
}
|
36 |
}
|
37 |
}
|
6 |
<li class="wf-option-subtitle"><?php echo ($firewall->isSubDirectoryInstallation() ? __('You are currently running the WAF from another WordPress installation. These rules can be disabled or enabled once you configure the firewall to run correctly on this site.', 'wordfence') : ''); ?></li>
|
7 |
<li id="waf-rules-wrapper" class="wf-add-top"></li>
|
8 |
<?php if (!WFWAF_SUBDIRECTORY_INSTALL): ?>
|
9 |
+
<li id="waf-rules-manual-update">
|
10 |
<ul class="wf-option wf-option-footer wf-padding-no-bottom">
|
11 |
<li><a class="wf-btn wf-btn-default waf-rules-refresh" href="#"><?php _e('Manually Refresh Rules', 'wordfence'); ?></a> </li>
|
12 |
<li class="wf-padding-add-top-xs-small"><em id="waf-rules-next-update"></em></li>
|
29 |
if (is_array($cron)) {
|
30 |
/** @var wfWAFCronEvent $event */
|
31 |
foreach ($cron as $index => $event) {
|
32 |
+
if ($event instanceof wfWAFCronFetchRulesEvent) {
|
33 |
+
$event->setWaf(wfWAF::getInstance());
|
34 |
+
if (!$event->isInPast()) {
|
35 |
+
$nextUpdate = min($nextUpdate, $event->getFireTime());
|
36 |
+
}
|
37 |
}
|
38 |
}
|
39 |
}
|
waf/bootstrap.php
CHANGED
@@ -436,27 +436,33 @@ class wfWAFWordPress extends wfWAF {
|
|
436 |
/**
|
437 |
* Removed sending attack data. Attack data is sent in @see wordfence::veryFirstAction
|
438 |
*/
|
439 |
-
$
|
|
|
|
|
|
|
440 |
if (is_array($cron)) {
|
441 |
/** @var wfWAFCronEvent $event */
|
442 |
$cronDeduplication = array();
|
443 |
foreach ($cron as $index => $event) {
|
444 |
$event->setWaf($this);
|
445 |
if ($event->isInPast()) {
|
446 |
-
$event
|
447 |
$newEvent = $event->reschedule();
|
448 |
$className = get_class($newEvent);
|
449 |
if ($newEvent instanceof wfWAFCronEvent && $newEvent !== $event && !in_array($className, $cronDeduplication)) {
|
450 |
$cron[$index] = $newEvent;
|
451 |
$cronDeduplication[] = $className;
|
|
|
452 |
} else {
|
453 |
unset($cron[$index]);
|
|
|
454 |
}
|
455 |
}
|
456 |
else {
|
457 |
$className = get_class($event);
|
458 |
if (in_array($className, $cronDeduplication)) {
|
459 |
unset($cron[$index]);
|
|
|
460 |
}
|
461 |
else {
|
462 |
$cronDeduplication[] = $className;
|
@@ -464,7 +470,15 @@ class wfWAFWordPress extends wfWAF {
|
|
464 |
}
|
465 |
}
|
466 |
}
|
467 |
-
$
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
468 |
}
|
469 |
|
470 |
/**
|
436 |
/**
|
437 |
* Removed sending attack data. Attack data is sent in @see wordfence::veryFirstAction
|
438 |
*/
|
439 |
+
$storage = $this->getStorageEngine();
|
440 |
+
$cron = (array) $storage->getConfig('cron', null, 'livewaf');
|
441 |
+
$run = array();
|
442 |
+
$updated = false;
|
443 |
if (is_array($cron)) {
|
444 |
/** @var wfWAFCronEvent $event */
|
445 |
$cronDeduplication = array();
|
446 |
foreach ($cron as $index => $event) {
|
447 |
$event->setWaf($this);
|
448 |
if ($event->isInPast()) {
|
449 |
+
$run[$index] = $event;
|
450 |
$newEvent = $event->reschedule();
|
451 |
$className = get_class($newEvent);
|
452 |
if ($newEvent instanceof wfWAFCronEvent && $newEvent !== $event && !in_array($className, $cronDeduplication)) {
|
453 |
$cron[$index] = $newEvent;
|
454 |
$cronDeduplication[] = $className;
|
455 |
+
$updated = true;
|
456 |
} else {
|
457 |
unset($cron[$index]);
|
458 |
+
$updated = true;
|
459 |
}
|
460 |
}
|
461 |
else {
|
462 |
$className = get_class($event);
|
463 |
if (in_array($className, $cronDeduplication)) {
|
464 |
unset($cron[$index]);
|
465 |
+
$updated = true;
|
466 |
}
|
467 |
else {
|
468 |
$cronDeduplication[] = $className;
|
470 |
}
|
471 |
}
|
472 |
}
|
473 |
+
$storage->setConfig('cron', $cron, 'livewaf');
|
474 |
+
|
475 |
+
if ($updated && method_exists($storage, 'saveConfig')) {
|
476 |
+
$storage->saveConfig('livewaf');
|
477 |
+
}
|
478 |
+
|
479 |
+
foreach ($run as $index => $event) {
|
480 |
+
$event->fire();
|
481 |
+
}
|
482 |
}
|
483 |
|
484 |
/**
|
wordfence.php
CHANGED
@@ -4,7 +4,7 @@ Plugin Name: Wordfence Security
|
|
4 |
Plugin URI: http://www.wordfence.com/
|
5 |
Description: Wordfence Security - Anti-virus, Firewall and Malware Scan
|
6 |
Author: Wordfence
|
7 |
-
Version: 7.2.
|
8 |
Author URI: http://www.wordfence.com/
|
9 |
Network: true
|
10 |
*/
|
@@ -15,8 +15,8 @@ if(defined('WP_INSTALLING') && WP_INSTALLING){
|
|
15 |
if (!defined('ABSPATH')) {
|
16 |
exit;
|
17 |
}
|
18 |
-
define('WORDFENCE_VERSION', '7.2.
|
19 |
-
define('WORDFENCE_BUILD_NUMBER', '
|
20 |
define('WORDFENCE_BASENAME', function_exists('plugin_basename') ? plugin_basename(__FILE__) :
|
21 |
basename(dirname(__FILE__)) . '/' . basename(__FILE__));
|
22 |
|
4 |
Plugin URI: http://www.wordfence.com/
|
5 |
Description: Wordfence Security - Anti-virus, Firewall and Malware Scan
|
6 |
Author: Wordfence
|
7 |
+
Version: 7.2.3
|
8 |
Author URI: http://www.wordfence.com/
|
9 |
Network: true
|
10 |
*/
|
15 |
if (!defined('ABSPATH')) {
|
16 |
exit;
|
17 |
}
|
18 |
+
define('WORDFENCE_VERSION', '7.2.3');
|
19 |
+
define('WORDFENCE_BUILD_NUMBER', '1551370846');
|
20 |
define('WORDFENCE_BASENAME', function_exists('plugin_basename') ? plugin_basename(__FILE__) :
|
21 |
basename(dirname(__FILE__)) . '/' . basename(__FILE__));
|
22 |
|