Acunetix WP Security - Version 2.2.41

Version Description

Release Info

Developer	hallsofmontezuma
Plugin	Acunetix WP Security
Version	2.2.41
Comparing to
See all releases

Code changes from version 2.2.4 to 2.2.41

Files changed (3) hide show

database.php +151 -0
readme.txt +1 -1
securityscan.php +1 -1

database.php ADDED Viewed

	@@ -0,0 +1,151 @@


1	+ <?php
2	+ /*
3	+ Thank you Philipp Heinze.
4	+ */
5	+
6	+ function mrt_sub3(){
7	+ ?>
8	+ <div class=wrap>
9	+ <h2><?php _e('WP - Database Security') ?></h2>
10	+ <div style="height:299px"><br />
11	+ <i>Make a backup before using this tool:</i>
12	+ <p>Change your database table prefix to mitigate zero-day SQL Injection attacks.</p>
13	+ <form action='' method='post' name='prefixchanging'>
14	+ <?php
15	+ if (function_exists('wp_nonce_field')) {
16	+ wp_nonce_field('prefix-changer-change_prefix');
17	+ }
18	+ ?>
19	+ Please Change the current:<input type="Text" name="prefix_n" value="<?php echo($GLOBALS['table_prefix']);?>" size="10" maxlength="10"> prefix to something different (i.e. use the random password generator).<br />
20	+ Allowed Chars are all latin Alphanumeric Chars as well as the Chars <strong>-</strong> and <strong>_</strong>.
21	+ <input type='submit' name='renameprefix' value='Start Renaming'/>
22	+ </form>
23	+
24	+ <?php
25	+ if (isset($_POST['prefix_n'])) {
26	+ check_admin_referer('prefix-changer-change_prefix');
27	+ $wpdb =& $GLOBALS['wpdb'];
28	+ $newpref = ereg_replace("[^0-9a-zA-Z_-]", "", $_POST['prefix_n']);
29	+ //checking if user has enough rights to alter the Tablestructure
30	+ $rights = $wpdb->get_results("SHOW GRANTS FOR '".DB_USER."'@'".DB_HOST."'", ARRAY_N);
31	+ foreach ($rights as $right) {
32	+ if (ereg("ALTER(.)(\\|`".str_replace("_", "\\_", DB_NAME)."`)\.(\\|`".DB_HOST."`) TO '".DB_USER."'@'".DB_HOST."'", $right[0]) \|\| ereg("ALL PRIVILEGES ON (\\|`".str_replace("_", "\\_", DB_NAME)."`)\.(\*\|`".DB_HOST."`) TO '".DB_USER."'@'".DB_HOST."'", $right[0])) {
33	+ $rightsenough = true;
34	+ $rightstomuch = true;
35	+ break;
36	+ } else {
37	+ if (ereg("ALTER(.*)`".DB_NAME."`", $right[0])) {
38	+ $rightsenough = true;
39	+ break;
40	+ }
41	+ }
42	+ }
43	+ if (!isset($rightsenough) && $rightsenough != true) {
44	+ exit('<font color="#ff0000">Your User which is used to access your Wordpress Tables/Database, hasn\'t enough rights( is missing ALTER-right) to alter your Tablestructure.<br />');
45	+ }
46	+ if (isset($rightstomuch) && $rightstomuch === true) {
47	+ echo ('<font color="#FF9B05">Your currently used User to Access the Wordpress Database, holds too many rights. '.
48	+ 'We suggest that you limit his rights or to use another User with more limited rights instead, to increase your Security.</font><br />');
49	+ }
50	+ if ($newpref == $GLOBALS['table_prefix']) {
51	+ exit ("No change: Please select a new table_prefix value.</div>");
52	+ } elseif (strlen($newpref) < strlen($_POST['prefix_n'])){
53	+ echo ("You used some Chars which aren't allowed within Tablenames".
54	+ "The sanitized prefix is used instead: " . $newpref);
55	+ }
56	+
57	+ echo("<h2>Started Prefix Changer:</h2>");
58	+
59	+ //we rename the tables before we change the Config file, so We can aviod changed Configs, without changed prefixes.
60	+ echo("<h3>  Start Renaming of Tables:</h3>");
61	+ $oldtables = $wpdb->get_results("SHOW TABLES LIKE '".$GLOBALS['table_prefix']."%'", ARRAY_N);//retrieving all tables named with the prefix on start
62	+ $table_c = count($oldtables);
63	+ $table_s = 0;//holds the count of successful changed tables.
64	+ $table_f[] = '';//holds all table names which failed to be changed
65	+ for($i = 0; $i < $table_c; $i++) {//renaming each table to the new prefix
66	+ $wpdb->hide_errors();
67	+ $table_n = str_replace($GLOBALS['table_prefix'], $newpref, $oldtables[$i][0]);
68	+ echo "   Renaming ".$oldtables[$i][0]." to $table_n:";
69	+ $table_r = $wpdb->query("RENAME TABLE ".$oldtables[$i][0]." TO $table_n");
70	+ if ($table_r === 0) {
71	+ echo ('<font color="#00ff00"> Success</font><br />');
72	+ $table_s++;
73	+ } elseif ($table_r === FALSE) {
74	+ echo ('<font color="#ff0000"> Failed</font><br />');
75	+ $table_f[] = $oldtables[$i][0];
76	+ }
77	+ }//changing some "hardcoded" wp values within the tables
78	+ echo ("<h3>  Start changing Databasesettings:</h3>");
79	+ if ($wpdb->query("UPDATE ".$newpref."options SET option_name='".$newpref."user_roles' WHERE option_name='".$GLOBALS['table_prefix']."user_roles' LIMIT 1") <> 1) {
80	+ echo ('   Changing values in table '.$newpref.'options: 1/1 <font color="#ff0000">Failed</font><br />');
81	+ } else {
82	+ echo ('   Changing values in table '.$GLOBALS['table_prefix'].'options 1/1: <font color="#00ff00">Success</font><br />');
83	+ }
84	+ if ($wpdb->query("UPDATE ".$newpref."usermeta SET meta_key='".$newpref."capabilities' WHERE meta_key='".$GLOBALS['table_prefix']."capabilities'") <> 1) {
85	+ echo ('   Changing values in table '.$GLOBALS['table_prefix'].'usermeta 1/3: <font color="#ff0000">Failed</font><br />');
86	+ } else {
87	+ echo ('   Changing values in table '.$GLOBALS['table_prefix'].'usermeta 1/3: <font color="#00ff00">Success</font><br />');
88	+ }
89	+ if ($wpdb->query("UPDATE ".$newpref."usermeta SET meta_key='".$newpref."user_level' WHERE meta_key='".$GLOBALS['table_prefix']."user_level'") === FALSE)
90	+ {
91	+ echo ('   Changing values in table '.$GLOBALS['table_prefix'].'usermeta 2/3: <font color="#ff0000">Failed</font><br />');
92	+ } else {
93	+ echo ('   Changing values in table '.$GLOBALS['table_prefix'].'usermeta 2/3: <font color="#00ff00">Success</font><br />');
94	+ }
95	+ if ($wpdb->query("UPDATE ".$newpref."usermeta SET meta_key='".$newpref."autosave_draft_ids' WHERE meta_key='".$GLOBALS['table_prefix']."autosave_draft_ids'") === 0) {
96	+ echo ('   Changing values in table '.$GLOBALS['table_prefix'].'usermeta 3/3: <font color="#000000">Value doesn\'t exist</font><br />');
97	+ } else {
98	+ echo ('   Changing values in table '.$GLOBALS['table_prefix'].'usermeta 3/3: <font color="#00ff00">Success</font><br />');
99	+ }
100	+
101	+ if ($table_s == 0) {
102	+ exit('<font color="#ff0000">Some Error occured, it wasn\'t possible to change any Tableprefix. Please retry, no changes are done to your wp-config File.</font><br />');
103	+ } elseif ($table_s < $table_c) {
104	+ echo('<font color="#ff0000">It wasn\'t possible to rename some of your Tables prefix. Please change them manually. Following you\'ll see all failed tables:<br />');
105	+ for ($i = 1; $i < count($tables_f); $i++) {
106	+ echo ($tables_f[$i])."<br />";
107	+ }
108	+ exit('No changes where done to your wp-config File.</font><br />');
109	+ }
110	+
111	+ echo("<h3>Changing Config File:</h3>");
112	+ $conf_f = "../wp-config.php";
113	+
114	+ @chmod($conf_f, 0777);//making the the config readable to change the prefix
115	+ if (!is_writeable($conf_f)) {//when automatic config file changing isn't possible the user get's all needed information to do it manually
116	+ echo('  1/1 file writeable: <font color="#ff0000">Not Writeable</font><br />');
117	+ echo('<b>Please make your wp-config.php file writable for this process.</b>');
118	+ die("</div>");
119	+ } else {//changing if possible the config file automatically
120	+ echo('  1/3 file writeable: <font color="#00ff00"> Writeable</font><br />');
121	+ $handle = @fopen($conf_f, "r+");
122	+ if ($handle) {
123	+ while (!feof($handle)) {
124	+ $lines[] = fgets($handle, 4096);
125	+ }//while feof
126	+ fclose($handle);
127	+ $handle = @fopen($conf_f, "w+");
128	+ foreach ($lines as $line) {
129	+ if (strpos($line, $GLOBALS['table_prefix'])) {
130	+ $line = str_replace($GLOBALS['table_prefix'], $newpref, $line);
131	+ echo('  2/3 <font color="#00ff00">table prefix changed!</font><br />');
132	+ }//if strpos
133	+ fwrite($handle, $line);
134	+ }//foreach $lines
135	+ fclose($handle);
136	+ if (chmod ($conf_f, 0644)) {
137	+ echo('  3/3 <font color="#00ff00">Config files permission set to 644, for security purpose.</font><br />');
138	+ } else {
139	+ echo ('  3/3 wasn\'t able to set chmod to 644, please check if your files permission is set back to 644!<br />');
140	+ }//if chmod
141	+ }//if handle
142	+ }//if is_writeable
143	+
144	+ }//if prefix
145	+ ?>
146	+ </div>
147	+ Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
148	+ </div>
149	+ <?php
150	+ }//function prefix_changer
151	+ ?>

readme.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Donate link: http://semperfiwebdesign.com
4	Tags: security, securityscan, chmod, permissions
5	Requires at least: 2.0
6	Tested up to: 2.5
7	- Stable tag: 2.2.4
8
9	Scans your WordPress installation for security vulnerabilities.
10


4	Tags: security, securityscan, chmod, permissions
5	Requires at least: 2.0
6	Tested up to: 2.5
7	+ Stable tag: 2.2.41
8
9	Scans your WordPress installation for security vulnerabilities.
10

securityscan.php CHANGED Viewed

	@@ -4,7 +4,7 @@ Plugin Name: WP Security Scan
4	Plugin URI: http://wordpress.org/extend/plugins/wp-security-scan/
5	Description: Perform security scan of WordPress installation.
6	Author: Michael Torbert
7	- Version: 2.2.4
8	Author URI: http://semperfiwebdesign.com/
9	*/
10	require_once(ABSPATH."wp-content/plugins/wp-security-scan/support.php");


4	Plugin URI: http://wordpress.org/extend/plugins/wp-security-scan/
5	Description: Perform security scan of WordPress installation.
6	Author: Michael Torbert
7	+ Version: 2.2.41
8	Author URI: http://semperfiwebdesign.com/
9	*/
10	require_once(ABSPATH."wp-content/plugins/wp-security-scan/support.php");