Version Description
Download this release
Release Info
Developer | hallsofmontezuma |
Plugin | Acunetix WP Security |
Version | 2.2.43 |
Comparing to | |
See all releases |
Code changes from version 2.2.53 to 2.2.43
- functions.php +3 -8
- readme.txt +9 -15
- scanner.php +7 -9
- securityscan.php +4 -52
- support.php +2 -2
- trunk/database.php +151 -0
- trunk/functions.php +128 -0
- {js → trunk/js}/scripts.js +0 -0
- trunk/password_tools.php +21 -0
- trunk/readme.txt +99 -0
- trunk/scanner.php +31 -0
- trunk/screenshot-1.jpg +0 -0
- trunk/screenshot-2.jpg +0 -0
- trunk/scripts.js +30 -0
- trunk/securityscan.php +109 -0
- style.css → trunk/style.css +0 -0
- trunk/support.php +14 -0
functions.php
CHANGED
@@ -81,14 +81,14 @@ function mrt_get_serverinfo() {
|
|
81 |
<?php
|
82 |
function mrt_check_table_prefix(){
|
83 |
if($GLOBALS['table_prefix']=='wp_'){
|
84 |
-
echo '<font color="red">Your table prefix should not be <i>wp_</i>. <a href="admin.php?page=database">
|
85 |
}else{
|
86 |
echo '<font color="green">Your table prefix is not <i>wp_</i>.</font><br />';
|
87 |
}
|
88 |
}
|
89 |
|
90 |
function mrt_errorsoff(){
|
91 |
-
echo '<font color="green">WordPress DB Errors turned off
|
92 |
}
|
93 |
|
94 |
function mrt_wpdberrors()
|
@@ -99,7 +99,7 @@ function mrt_wpdberrors()
|
|
99 |
}
|
100 |
|
101 |
function mrt_version_removal(){
|
102 |
-
echo '<font color="green">Your WordPress version is successfully hidden
|
103 |
}
|
104 |
|
105 |
function mrt_remove_wp_version()
|
@@ -119,10 +119,5 @@ if ($wp_version < 2.5) $g2k5 = '<font color="red">You need version 2.5. Please
|
|
119 |
echo "<b>" . $wp_version . "</b>   " ;echo $g2k5;
|
120 |
}
|
121 |
|
122 |
-
|
123 |
-
function mrt_javascript(){
|
124 |
-
$siteurl = get_option('siteurl');
|
125 |
-
?><script language="JavaScript" type="text/javascript" src="<?php echo $siteurl;?>/wp-content/plugins/wp-security-scan/js/scripts.js"></script><?php
|
126 |
-
}
|
127 |
?>
|
128 |
|
81 |
<?php
|
82 |
function mrt_check_table_prefix(){
|
83 |
if($GLOBALS['table_prefix']=='wp_'){
|
84 |
+
echo '<font color="red">Your table prefix should not be <i>wp_</i>. Please <a href="' . ABSPATH . 'wp-admin/admin.php?page=database">click here</a> to change it.</font><br />';
|
85 |
}else{
|
86 |
echo '<font color="green">Your table prefix is not <i>wp_</i>.</font><br />';
|
87 |
}
|
88 |
}
|
89 |
|
90 |
function mrt_errorsoff(){
|
91 |
+
echo '<font color="green">WordPress DB Errors turned off</font><br />';
|
92 |
}
|
93 |
|
94 |
function mrt_wpdberrors()
|
99 |
}
|
100 |
|
101 |
function mrt_version_removal(){
|
102 |
+
echo '<font color="green">Your WordPress version is successfully hidden</font><br />';
|
103 |
}
|
104 |
|
105 |
function mrt_remove_wp_version()
|
119 |
echo "<b>" . $wp_version . "</b>   " ;echo $g2k5;
|
120 |
}
|
121 |
|
|
|
|
|
|
|
|
|
|
|
122 |
?>
|
123 |
|
readme.txt
CHANGED
@@ -1,11 +1,10 @@
|
|
1 |
=== Plugin Name ===
|
2 |
Contributors: hallsofmontezuma
|
3 |
Donate link: http://semperfiwebdesign.com
|
4 |
-
Tags: security, securityscan, chmod, permissions
|
5 |
-
plugins, private, protection, tracking, wordpress
|
6 |
Requires at least: 2.0
|
7 |
Tested up to: 2.5
|
8 |
-
Stable tag: 2.2.
|
9 |
|
10 |
Scans your WordPress installation for security vulnerabilities.
|
11 |
|
@@ -18,24 +17,19 @@ corrective actions.
|
|
18 |
-file permissions<br />
|
19 |
-database security<br />
|
20 |
-version hiding
|
21 |
-
-WordPress admin protection/security
|
22 |
|
23 |
-
**Future Releases
|
|
|
24 |
*one-click change file/folder permissions<br />
|
25 |
-
*test for XSS vulnerabilities
|
26 |
-
*intrusion detection/prevention<br />
|
27 |
-
*lock out/log incorrect login attempts<br />
|
28 |
-
*user enumeration protection<br />
|
29 |
|
30 |
-
== Installation ==
|
31 |
|
32 |
-
|
33 |
-
2. Upload the zip file to the `/wp-content/plugins/` directory
|
34 |
-
3. Unzip.
|
35 |
-
4. Activate the plugin through the 'Plugins' menu in WordPress
|
36 |
|
|
|
37 |
|
38 |
-
|
|
|
39 |
|
40 |
== Frequently Asked Questions ==
|
41 |
|
1 |
=== Plugin Name ===
|
2 |
Contributors: hallsofmontezuma
|
3 |
Donate link: http://semperfiwebdesign.com
|
4 |
+
Tags: security, securityscan, chmod, permissions
|
|
|
5 |
Requires at least: 2.0
|
6 |
Tested up to: 2.5
|
7 |
+
Stable tag: 2.2.43
|
8 |
|
9 |
Scans your WordPress installation for security vulnerabilities.
|
10 |
|
17 |
-file permissions<br />
|
18 |
-database security<br />
|
19 |
-version hiding
|
|
|
20 |
|
21 |
+
**Future Releases**
|
22 |
+
|
23 |
*one-click change file/folder permissions<br />
|
24 |
+
*test for XSS vulnerabilities
|
|
|
|
|
|
|
25 |
|
|
|
26 |
|
27 |
+
Currently in <b>beta</b>, so use at your own risk if you like testing plugins.
|
|
|
|
|
|
|
28 |
|
29 |
+
== Installation ==
|
30 |
|
31 |
+
1. Upload `securityscan.php` to the `/wp-content/plugins/` directory
|
32 |
+
2. Activate the plugin through the 'Plugins' menu in WordPress
|
33 |
|
34 |
== Frequently Asked Questions ==
|
35 |
|
scanner.php
CHANGED
@@ -12,19 +12,17 @@ function mrt_sub0(){?>
|
|
12 |
<!-- <th style="border:0px;"><b>Change Permissions</b></th>-->
|
13 |
</tr>
|
14 |
<?php
|
15 |
-
check_perms("root directory","../","
|
16 |
-
check_perms("wp-includes/","../wp-includes","
|
17 |
check_perms(".htaccess","../.htaccess","0644");
|
18 |
check_perms("wp-admin/index.php","index.php","0644");
|
19 |
-
check_perms("wp-admin/js/","js/","
|
20 |
-
check_perms("wp-content/themes/","../wp-content/themes","
|
21 |
-
check_perms("wp-content/plugins/","../wp-content/plugins","
|
22 |
-
check_perms("wp-admin/","../wp-admin","
|
23 |
-
check_perms("wp-content/","../wp-content","
|
24 |
?>
|
25 |
</table>
|
26 |
-
|
27 |
-
|
28 |
</div>
|
29 |
Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
|
30 |
</div><?}
|
12 |
<!-- <th style="border:0px;"><b>Change Permissions</b></th>-->
|
13 |
</tr>
|
14 |
<?php
|
15 |
+
check_perms("root directory","../","0745");
|
16 |
+
check_perms("wp-includes/","../wp-includes","0447");
|
17 |
check_perms(".htaccess","../.htaccess","0644");
|
18 |
check_perms("wp-admin/index.php","index.php","0644");
|
19 |
+
check_perms("wp-admin/js/","js/","0775");
|
20 |
+
check_perms("wp-content/themes/","../wp-content/themes","0745");
|
21 |
+
check_perms("wp-content/plugins/","../wp-content/plugins","0745");
|
22 |
+
check_perms("wp-admin/","../wp-admin","0745");
|
23 |
+
check_perms("wp-content/","../wp-content","0745");
|
24 |
?>
|
25 |
</table>
|
|
|
|
|
26 |
</div>
|
27 |
Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
|
28 |
</div><?}
|
securityscan.php
CHANGED
@@ -4,27 +4,9 @@ Plugin Name: WP Security Scan
|
|
4 |
Plugin URI: http://wordpress.org/extend/plugins/wp-security-scan/
|
5 |
Description: Perform security scan of WordPress installation.
|
6 |
Author: Michael Torbert
|
7 |
-
Version: 2.2.
|
8 |
Author URI: http://semperfiwebdesign.com/
|
9 |
*/
|
10 |
-
|
11 |
-
/*
|
12 |
-
Copyright (C) 2008 semperfiwebdesign.com (michael AT semperfiwebdesign DOT com)
|
13 |
-
|
14 |
-
This program is free software; you can redistribute it and/or modify
|
15 |
-
it under the terms of the GNU General Public License as published by
|
16 |
-
the Free Software Foundation; either version 3 of the License, or
|
17 |
-
(at your option) any later version.
|
18 |
-
|
19 |
-
This program is distributed in the hope that it will be useful,
|
20 |
-
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
21 |
-
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
22 |
-
GNU General Public License for more details.
|
23 |
-
|
24 |
-
You should have received a copy of the GNU General Public License
|
25 |
-
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
26 |
-
*/
|
27 |
-
|
28 |
require_once(ABSPATH."wp-content/plugins/wp-security-scan/support.php");
|
29 |
require_once(ABSPATH."wp-content/plugins/wp-security-scan/scanner.php");
|
30 |
require_once(ABSPATH."wp-content/plugins/wp-security-scan/password_tools.php");
|
@@ -32,8 +14,6 @@ require_once(ABSPATH."wp-content/plugins/wp-security-scan/database.php");
|
|
32 |
require_once(ABSPATH."wp-content/plugins/wp-security-scan/functions.php");
|
33 |
require_once(ABSPATH."wp-content/plugins/wp-security-scan/scripts.js");
|
34 |
|
35 |
-
add_action( 'admin_notices', mrt_update_notice, 5 );
|
36 |
-
add_action('admin_head', 'mrt_hd');
|
37 |
add_action("init",mrt_wpdberrors,1);
|
38 |
add_action("parse_query",mrt_wpdberrors,1);
|
39 |
add_action('admin_menu', 'add_men_pg');
|
@@ -47,16 +27,6 @@ add_submenu_page(__FILE__, 'Database', 'Database', 8, 'database', 'mrt_sub3');
|
|
47 |
add_submenu_page(__FILE__, 'Support', 'Support', 8, 'support', 'mrt_sub2');
|
48 |
}}
|
49 |
|
50 |
-
function mrt_update_notice(){
|
51 |
-
/*$mrt_version = "2.2.52";
|
52 |
-
$mrt_latest = fgets(fopen("http://semperfiwebdesign.com/wp-security-scan.html", "r"));
|
53 |
-
echo $mrt_latest . " and " . $mrt_version;
|
54 |
-
if($mrt_latest > $mrt_version)
|
55 |
-
echo "New Version Available";
|
56 |
-
else
|
57 |
-
echo "Latest Version";
|
58 |
-
*/ }
|
59 |
-
|
60 |
function mrt_opt_mng_pg() {
|
61 |
?>
|
62 |
<!--<div id='update-nag'>A new version of WP Security Scan is available!</div>-->
|
@@ -69,26 +39,17 @@ function mrt_opt_mng_pg() {
|
|
69 |
<br /><div style="float: left;width: 600px; height: 410px;border: 1px solid #999;margin: 0 15px 15px 0;padding: 5px;">
|
70 |
<div width=600px style="text-align:center;font-weight:bold;"><h3>Initial Scan</h3></div>
|
71 |
<?php
|
72 |
-
global $wpdb;
|
73 |
mrt_check_version();
|
74 |
mrt_check_table_prefix();
|
75 |
mrt_version_removal();
|
76 |
mrt_errorsoff();
|
77 |
-
|
78 |
-
|
79 |
-
$name = $wpdb->get_var("SELECT user_login FROM $wpdb->users WHERE user_login='admin'");
|
80 |
-
if ($name=="admin"){
|
81 |
-
echo '<font color="red">"admin" user exists.</font>';
|
82 |
-
}
|
83 |
-
else{
|
84 |
-
echo '<font color="green">No user "admin".</font>';
|
85 |
-
}
|
86 |
?>
|
|
|
87 |
<br /><br />
|
88 |
<hr align=center size=2 width=500px>
|
89 |
<br /><br />
|
90 |
<div width=600px style="text-align:center;font-weight:bold;"><h3>Future Releases</h3></div>
|
91 |
-
<ul><li>one-click change file/folder permissions</li><li>test for XSS vulnerabilities</li
|
92 |
</div>
|
93 |
<div style="float: left; height: 410;border: 1px solid #999;margin: 0 15px 15px 0;padding: 5px;">
|
94 |
<?php mrt_get_serverinfo(); ?>
|
@@ -97,13 +58,4 @@ if ($name=="admin"){
|
|
97 |
</div>
|
98 |
Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
|
99 |
</div>
|
100 |
-
<?php }
|
101 |
-
|
102 |
-
function mrt_hd()
|
103 |
-
{
|
104 |
-
$siteurl = get_option('siteurl');?>
|
105 |
-
<script language="JavaScript" type="text/javascript" src="<?php echo $siteurl;?>/wp-content/plugins/wp-security-scan/js/scripts.js"></script>
|
106 |
-
<link rel="stylesheet" type="text/css" href="<?php echo $siteurl;?>/wp-content/plugins/wp-security-scan/style.css" />
|
107 |
-
<?php }
|
108 |
-
?>
|
109 |
-
|
4 |
Plugin URI: http://wordpress.org/extend/plugins/wp-security-scan/
|
5 |
Description: Perform security scan of WordPress installation.
|
6 |
Author: Michael Torbert
|
7 |
+
Version: 2.2.43
|
8 |
Author URI: http://semperfiwebdesign.com/
|
9 |
*/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10 |
require_once(ABSPATH."wp-content/plugins/wp-security-scan/support.php");
|
11 |
require_once(ABSPATH."wp-content/plugins/wp-security-scan/scanner.php");
|
12 |
require_once(ABSPATH."wp-content/plugins/wp-security-scan/password_tools.php");
|
14 |
require_once(ABSPATH."wp-content/plugins/wp-security-scan/functions.php");
|
15 |
require_once(ABSPATH."wp-content/plugins/wp-security-scan/scripts.js");
|
16 |
|
|
|
|
|
17 |
add_action("init",mrt_wpdberrors,1);
|
18 |
add_action("parse_query",mrt_wpdberrors,1);
|
19 |
add_action('admin_menu', 'add_men_pg');
|
27 |
add_submenu_page(__FILE__, 'Support', 'Support', 8, 'support', 'mrt_sub2');
|
28 |
}}
|
29 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
30 |
function mrt_opt_mng_pg() {
|
31 |
?>
|
32 |
<!--<div id='update-nag'>A new version of WP Security Scan is available!</div>-->
|
39 |
<br /><div style="float: left;width: 600px; height: 410px;border: 1px solid #999;margin: 0 15px 15px 0;padding: 5px;">
|
40 |
<div width=600px style="text-align:center;font-weight:bold;"><h3>Initial Scan</h3></div>
|
41 |
<?php
|
|
|
42 |
mrt_check_version();
|
43 |
mrt_check_table_prefix();
|
44 |
mrt_version_removal();
|
45 |
mrt_errorsoff();
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46 |
?>
|
47 |
+
|
48 |
<br /><br />
|
49 |
<hr align=center size=2 width=500px>
|
50 |
<br /><br />
|
51 |
<div width=600px style="text-align:center;font-weight:bold;"><h3>Future Releases</h3></div>
|
52 |
+
<ul><li>one-click change file/folder permissions</li><li>test for XSS vulnerabilities</li></ul>
|
53 |
</div>
|
54 |
<div style="float: left; height: 410;border: 1px solid #999;margin: 0 15px 15px 0;padding: 5px;">
|
55 |
<?php mrt_get_serverinfo(); ?>
|
58 |
</div>
|
59 |
Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
|
60 |
</div>
|
61 |
+
<?php } ?>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
support.php
CHANGED
@@ -6,9 +6,9 @@ function mrt_sub2(){
|
|
6 |
<h2><?php _e('WP - Security Support') ?></h2>
|
7 |
<div style="height:299px">
|
8 |
<br /><br />support page coming soon...
|
9 |
-
<br /><br /><
|
10 |
<em>For comments, suggestions, bug reporting, etc email <a href="mailto:michael@semperfiwebdesign.com">michael@semperfiwebdesign.com</a></em>
|
11 |
-
</div>
|
12 |
Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
|
13 |
</div>
|
14 |
<?}?>
|
6 |
<h2><?php _e('WP - Security Support') ?></h2>
|
7 |
<div style="height:299px">
|
8 |
<br /><br />support page coming soon...
|
9 |
+
<br /><br /><br />
|
10 |
<em>For comments, suggestions, bug reporting, etc email <a href="mailto:michael@semperfiwebdesign.com">michael@semperfiwebdesign.com</a></em>
|
11 |
+
</div>
|
12 |
Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
|
13 |
</div>
|
14 |
<?}?>
|
trunk/database.php
ADDED
@@ -0,0 +1,151 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
/*
|
3 |
+
Thank you Philipp Heinze.
|
4 |
+
*/
|
5 |
+
|
6 |
+
function mrt_sub3(){
|
7 |
+
?>
|
8 |
+
<div class=wrap>
|
9 |
+
<h2><?php _e('WP - Database Security') ?></h2>
|
10 |
+
<div style="height:299px"><br />
|
11 |
+
<i>Make a backup before using this tool:</i>
|
12 |
+
<p>Change your database table prefix to mitigate zero-day SQL Injection attacks.</p>
|
13 |
+
<form action='' method='post' name='prefixchanging'>
|
14 |
+
<?php
|
15 |
+
if (function_exists('wp_nonce_field')) {
|
16 |
+
wp_nonce_field('prefix-changer-change_prefix');
|
17 |
+
}
|
18 |
+
?>
|
19 |
+
Please Change the current:<input type="Text" name="prefix_n" value="<?php echo($GLOBALS['table_prefix']);?>" size="10" maxlength="10"> prefix to something different (i.e. use the random password generator).<br />
|
20 |
+
Allowed Chars are all latin Alphanumeric Chars as well as the Chars <strong>-</strong> and <strong>_</strong>.
|
21 |
+
<input type='submit' name='renameprefix' value='Start Renaming'/>
|
22 |
+
</form>
|
23 |
+
|
24 |
+
<?php
|
25 |
+
if (isset($_POST['prefix_n'])) {
|
26 |
+
check_admin_referer('prefix-changer-change_prefix');
|
27 |
+
$wpdb =& $GLOBALS['wpdb'];
|
28 |
+
$newpref = ereg_replace("[^0-9a-zA-Z_-]", "", $_POST['prefix_n']);
|
29 |
+
//checking if user has enough rights to alter the Tablestructure
|
30 |
+
$rights = $wpdb->get_results("SHOW GRANTS FOR '".DB_USER."'@'".DB_HOST."'", ARRAY_N);
|
31 |
+
foreach ($rights as $right) {
|
32 |
+
if (ereg("ALTER(.*)(\*|`".str_replace("_", "\\_", DB_NAME)."`)\.(\*|`".DB_HOST."`) TO '".DB_USER."'@'".DB_HOST."'", $right[0]) || ereg("ALL PRIVILEGES ON (\*|`".str_replace("_", "\\_", DB_NAME)."`)\.(\*|`".DB_HOST."`) TO '".DB_USER."'@'".DB_HOST."'", $right[0])) {
|
33 |
+
$rightsenough = true;
|
34 |
+
$rightstomuch = true;
|
35 |
+
break;
|
36 |
+
} else {
|
37 |
+
if (ereg("ALTER(.*)`".DB_NAME."`", $right[0])) {
|
38 |
+
$rightsenough = true;
|
39 |
+
break;
|
40 |
+
}
|
41 |
+
}
|
42 |
+
}
|
43 |
+
if (!isset($rightsenough) && $rightsenough != true) {
|
44 |
+
exit('<font color="#ff0000">Your User which is used to access your Wordpress Tables/Database, hasn\'t enough rights( is missing ALTER-right) to alter your Tablestructure.<br />');
|
45 |
+
}
|
46 |
+
if (isset($rightstomuch) && $rightstomuch === true) {
|
47 |
+
echo ('<font color="#FF9B05">Your currently used User to Access the Wordpress Database, holds too many rights. '.
|
48 |
+
'We suggest that you limit his rights or to use another User with more limited rights instead, to increase your Security.</font><br />');
|
49 |
+
}
|
50 |
+
if ($newpref == $GLOBALS['table_prefix']) {
|
51 |
+
exit ("No change: Please select a new table_prefix value.</div>");
|
52 |
+
} elseif (strlen($newpref) < strlen($_POST['prefix_n'])){
|
53 |
+
echo ("You used some Chars which aren't allowed within Tablenames".
|
54 |
+
"The sanitized prefix is used instead: " . $newpref);
|
55 |
+
}
|
56 |
+
|
57 |
+
echo("<h2>Started Prefix Changer:</h2>");
|
58 |
+
|
59 |
+
//we rename the tables before we change the Config file, so We can aviod changed Configs, without changed prefixes.
|
60 |
+
echo("<h3> Start Renaming of Tables:</h3>");
|
61 |
+
$oldtables = $wpdb->get_results("SHOW TABLES LIKE '".$GLOBALS['table_prefix']."%'", ARRAY_N);//retrieving all tables named with the prefix on start
|
62 |
+
$table_c = count($oldtables);
|
63 |
+
$table_s = 0;//holds the count of successful changed tables.
|
64 |
+
$table_f[] = '';//holds all table names which failed to be changed
|
65 |
+
for($i = 0; $i < $table_c; $i++) {//renaming each table to the new prefix
|
66 |
+
$wpdb->hide_errors();
|
67 |
+
$table_n = str_replace($GLOBALS['table_prefix'], $newpref, $oldtables[$i][0]);
|
68 |
+
echo " Renaming ".$oldtables[$i][0]." to $table_n:";
|
69 |
+
$table_r = $wpdb->query("RENAME TABLE ".$oldtables[$i][0]." TO $table_n");
|
70 |
+
if ($table_r === 0) {
|
71 |
+
echo ('<font color="#00ff00"> Success</font><br />');
|
72 |
+
$table_s++;
|
73 |
+
} elseif ($table_r === FALSE) {
|
74 |
+
echo ('<font color="#ff0000"> Failed</font><br />');
|
75 |
+
$table_f[] = $oldtables[$i][0];
|
76 |
+
}
|
77 |
+
}//changing some "hardcoded" wp values within the tables
|
78 |
+
echo ("<h3> Start changing Databasesettings:</h3>");
|
79 |
+
if ($wpdb->query("UPDATE ".$newpref."options SET option_name='".$newpref."user_roles' WHERE option_name='".$GLOBALS['table_prefix']."user_roles' LIMIT 1") <> 1) {
|
80 |
+
echo (' Changing values in table '.$newpref.'options: 1/1 <font color="#ff0000">Failed</font><br />');
|
81 |
+
} else {
|
82 |
+
echo (' Changing values in table '.$GLOBALS['table_prefix'].'options 1/1: <font color="#00ff00">Success</font><br />');
|
83 |
+
}
|
84 |
+
if ($wpdb->query("UPDATE ".$newpref."usermeta SET meta_key='".$newpref."capabilities' WHERE meta_key='".$GLOBALS['table_prefix']."capabilities'") <> 1) {
|
85 |
+
echo (' Changing values in table '.$GLOBALS['table_prefix'].'usermeta 1/3: <font color="#ff0000">Failed</font><br />');
|
86 |
+
} else {
|
87 |
+
echo (' Changing values in table '.$GLOBALS['table_prefix'].'usermeta 1/3: <font color="#00ff00">Success</font><br />');
|
88 |
+
}
|
89 |
+
if ($wpdb->query("UPDATE ".$newpref."usermeta SET meta_key='".$newpref."user_level' WHERE meta_key='".$GLOBALS['table_prefix']."user_level'") === FALSE)
|
90 |
+
{
|
91 |
+
echo (' Changing values in table '.$GLOBALS['table_prefix'].'usermeta 2/3: <font color="#ff0000">Failed</font><br />');
|
92 |
+
} else {
|
93 |
+
echo (' Changing values in table '.$GLOBALS['table_prefix'].'usermeta 2/3: <font color="#00ff00">Success</font><br />');
|
94 |
+
}
|
95 |
+
if ($wpdb->query("UPDATE ".$newpref."usermeta SET meta_key='".$newpref."autosave_draft_ids' WHERE meta_key='".$GLOBALS['table_prefix']."autosave_draft_ids'") === 0) {
|
96 |
+
echo (' Changing values in table '.$GLOBALS['table_prefix'].'usermeta 3/3: <font color="#000000">Value doesn\'t exist</font><br />');
|
97 |
+
} else {
|
98 |
+
echo (' Changing values in table '.$GLOBALS['table_prefix'].'usermeta 3/3: <font color="#00ff00">Success</font><br />');
|
99 |
+
}
|
100 |
+
|
101 |
+
if ($table_s == 0) {
|
102 |
+
exit('<font color="#ff0000">Some Error occured, it wasn\'t possible to change any Tableprefix. Please retry, no changes are done to your wp-config File.</font><br />');
|
103 |
+
} elseif ($table_s < $table_c) {
|
104 |
+
echo('<font color="#ff0000">It wasn\'t possible to rename some of your Tables prefix. Please change them manually. Following you\'ll see all failed tables:<br />');
|
105 |
+
for ($i = 1; $i < count($tables_f); $i++) {
|
106 |
+
echo ($tables_f[$i])."<br />";
|
107 |
+
}
|
108 |
+
exit('No changes where done to your wp-config File.</font><br />');
|
109 |
+
}
|
110 |
+
|
111 |
+
echo("<h3>Changing Config File:</h3>");
|
112 |
+
$conf_f = "../wp-config.php";
|
113 |
+
|
114 |
+
@chmod($conf_f, 0777);//making the the config readable to change the prefix
|
115 |
+
if (!is_writeable($conf_f)) {//when automatic config file changing isn't possible the user get's all needed information to do it manually
|
116 |
+
echo(' 1/1 file writeable: <font color="#ff0000">Not Writeable</font><br />');
|
117 |
+
echo('<b>Please make your wp-config.php file writable for this process.</b>');
|
118 |
+
die("</div>");
|
119 |
+
} else {//changing if possible the config file automatically
|
120 |
+
echo(' 1/3 file writeable: <font color="#00ff00"> Writeable</font><br />');
|
121 |
+
$handle = @fopen($conf_f, "r+");
|
122 |
+
if ($handle) {
|
123 |
+
while (!feof($handle)) {
|
124 |
+
$lines[] = fgets($handle, 4096);
|
125 |
+
}//while feof
|
126 |
+
fclose($handle);
|
127 |
+
$handle = @fopen($conf_f, "w+");
|
128 |
+
foreach ($lines as $line) {
|
129 |
+
if (strpos($line, $GLOBALS['table_prefix'])) {
|
130 |
+
$line = str_replace($GLOBALS['table_prefix'], $newpref, $line);
|
131 |
+
echo(' 2/3 <font color="#00ff00">table prefix changed!</font><br />');
|
132 |
+
}//if strpos
|
133 |
+
fwrite($handle, $line);
|
134 |
+
}//foreach $lines
|
135 |
+
fclose($handle);
|
136 |
+
if (chmod ($conf_f, 0644)) {
|
137 |
+
echo(' 3/3 <font color="#00ff00">Config files permission set to 644, for security purpose.</font><br />');
|
138 |
+
} else {
|
139 |
+
echo (' 3/3 wasn\'t able to set chmod to 644, please check if your files permission is set back to 644!<br />');
|
140 |
+
}//if chmod
|
141 |
+
}//if handle
|
142 |
+
}//if is_writeable
|
143 |
+
|
144 |
+
}//if prefix
|
145 |
+
?>
|
146 |
+
</div>
|
147 |
+
Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
|
148 |
+
</div>
|
149 |
+
<?php
|
150 |
+
}//function prefix_changer
|
151 |
+
?>
|
trunk/functions.php
ADDED
@@ -0,0 +1,128 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
function make_seed() {
|
4 |
+
list($usec, $sec) = explode(' ', microtime());
|
5 |
+
return (float) $sec + ((float) $usec * 100000);
|
6 |
+
}
|
7 |
+
|
8 |
+
function make_password($password_length){
|
9 |
+
srand(make_seed());
|
10 |
+
$alfa = "!@123!@4567!@890qwer!@tyuiopa@!sdfghjkl@!zxcvbn@!mQWERTYUIO@!PASDFGH@!JKLZXCVBNM!@";
|
11 |
+
$token = "";
|
12 |
+
for($i = 0; $i < $password_length; $i ++) {
|
13 |
+
$token .= $alfa[rand(0, strlen($alfa))];
|
14 |
+
}
|
15 |
+
return $token;
|
16 |
+
}
|
17 |
+
|
18 |
+
function check_perms($name,$path,$perm)
|
19 |
+
{
|
20 |
+
clearstatcache();
|
21 |
+
// $configmod = fileperms($path);
|
22 |
+
$configmod = substr(sprintf(".%o.", fileperms($path)), -4);
|
23 |
+
$trcss = (($configmod != $perm) ? "background-color:#fd7a7a;" : "background-color:#91f587;");
|
24 |
+
echo "<tr style=".$trcss.">";
|
25 |
+
echo '<td style="border:0px;">' . $name . "</td>";
|
26 |
+
echo '<td style="border:0px;">'. $path ."</td>";
|
27 |
+
echo '<td style="border:0px;">' . $perm . '</td>';
|
28 |
+
echo '<td style="border:0px;">' . $configmod . '</td>';
|
29 |
+
// echo '<td style="border:0px;">' . '<input type="submit" name="' . $perm . '" value="Change now.">' . '</td>';
|
30 |
+
echo "</tr>";
|
31 |
+
}
|
32 |
+
|
33 |
+
function mrt_get_serverinfo() {
|
34 |
+
global $wpdb;
|
35 |
+
$sqlversion = $wpdb->get_var("SELECT VERSION() AS version");
|
36 |
+
$mysqlinfo = $wpdb->get_results("SHOW VARIABLES LIKE 'sql_mode'");
|
37 |
+
if (is_array($mysqlinfo)) $sql_mode = $mysqlinfo[0]->Value;
|
38 |
+
if (empty($sql_mode)) $sql_mode = __('Not set');
|
39 |
+
if(ini_get('safe_mode')) $safe_mode = __('On');
|
40 |
+
else $safe_mode = __('Off');
|
41 |
+
if(ini_get('allow_url_fopen')) $allow_url_fopen = __('On');
|
42 |
+
else $allow_url_fopen = __('Off');
|
43 |
+
if(ini_get('upload_max_filesize')) $upload_max = ini_get('upload_max_filesize');
|
44 |
+
else $upload_max = __('N/A');
|
45 |
+
if(ini_get('post_max_size')) $post_max = ini_get('post_max_size');
|
46 |
+
else $post_max = __('N/A');
|
47 |
+
if(ini_get('max_execution_time')) $max_execute = ini_get('max_execution_time');
|
48 |
+
else $max_execute = __('N/A');
|
49 |
+
if(ini_get('memory_limit')) $memory_limit = ini_get('memory_limit');
|
50 |
+
else $memory_limit = __('N/A');
|
51 |
+
if (function_exists('memory_get_usage')) $memory_usage = round(memory_get_usage() / 1024 / 1024, 2) . __(' MByte');
|
52 |
+
else $memory_usage = __('N/A');
|
53 |
+
if (is_callable('exif_read_data')) $exif = __('Yes'). " ( V" . substr(phpversion('exif'),0,4) . ")" ;
|
54 |
+
else $exif = __('No');
|
55 |
+
if (is_callable('iptcparse')) $iptc = __('Yes');
|
56 |
+
else $iptc = __('No');
|
57 |
+
if (is_callable('xml_parser_create')) $xml = __('Yes');
|
58 |
+
else $xml = __('No');
|
59 |
+
|
60 |
+
?>
|
61 |
+
<li><?php _e('Operating System'); ?> : <strong><?php echo PHP_OS; ?></strong></li>
|
62 |
+
<li><?php _e('Server'); ?> : <strong><?php echo $_SERVER["SERVER_SOFTWARE"]; ?></strong></li>
|
63 |
+
<li><?php _e('Memory usage'); ?> : <strong><?php echo $memory_usage; ?></strong></li>
|
64 |
+
<li><?php _e('MYSQL Version'); ?> : <strong><?php echo $sqlversion; ?></strong></li>
|
65 |
+
<li><?php _e('SQL Mode'); ?> : <strong><?php echo $sql_mode; ?></strong></li>
|
66 |
+
<li><?php _e('PHP Version'); ?> : <strong><?php echo PHP_VERSION; ?></strong></li>
|
67 |
+
<li><?php _e('PHP Safe Mode'); ?> : <strong><?php echo $safe_mode; ?></strong></li>
|
68 |
+
<li><?php _e('PHP Allow URL fopen'); ?> : <strong><?php echo $allow_url_fopen; ?></strong></li>
|
69 |
+
<li><?php _e('PHP Memory Limit'); ?> : <strong><?php echo $memory_limit; ?></strong></li>
|
70 |
+
<li><?php _e('PHP Max Upload Size'); ?> : <strong><?php echo $upload_max; ?></strong></li>
|
71 |
+
<li><?php _e('PHP Max Post Size'); ?> : <strong><?php echo $post_max; ?></strong></li>
|
72 |
+
<li><?php _e('PHP Max Script Execute Time'); ?> : <strong><?php echo $max_execute; ?>s</strong></li>
|
73 |
+
<li><?php _e('PHP Exif support'); ?> : <strong><?php echo $exif; ?></strong></li>
|
74 |
+
<li><?php _e('PHP IPTC support'); ?> : <strong><?php echo $iptc; ?></strong></li>
|
75 |
+
<li><?php _e('PHP XML support'); ?> : <strong><?php echo $xml; ?></strong></li>
|
76 |
+
<?php
|
77 |
+
}
|
78 |
+
?>
|
79 |
+
|
80 |
+
|
81 |
+
<?php
|
82 |
+
function mrt_check_table_prefix(){
|
83 |
+
if($GLOBALS['table_prefix']=='wp_'){
|
84 |
+
echo '<font color="red">Your table prefix should not be <i>wp_</i>. <a href="admin.php?page=database">Click here</a> to change it.</font><br />';
|
85 |
+
}else{
|
86 |
+
echo '<font color="green">Your table prefix is not <i>wp_</i>.</font><br />';
|
87 |
+
}
|
88 |
+
}
|
89 |
+
|
90 |
+
function mrt_errorsoff(){
|
91 |
+
echo '<font color="green">WordPress DB Errors turned off.</font><br />';
|
92 |
+
}
|
93 |
+
|
94 |
+
function mrt_wpdberrors()
|
95 |
+
{
|
96 |
+
global $wpdb;
|
97 |
+
$wpdb->show_errors = false;
|
98 |
+
|
99 |
+
}
|
100 |
+
|
101 |
+
function mrt_version_removal(){
|
102 |
+
echo '<font color="green">Your WordPress version is successfully hidden.</font><br />';
|
103 |
+
}
|
104 |
+
|
105 |
+
function mrt_remove_wp_version()
|
106 |
+
{
|
107 |
+
if (!is_admin()) {
|
108 |
+
global $wp_version;
|
109 |
+
$wp_version = '';
|
110 |
+
}
|
111 |
+
|
112 |
+
}
|
113 |
+
|
114 |
+
function mrt_check_version(){
|
115 |
+
echo "WordPress Version: ";
|
116 |
+
global $wp_version;
|
117 |
+
if ($wp_version == 2.5) $g2k5 = '<font color="green">You have the latest stable version of WordPress.</font><br />';
|
118 |
+
if ($wp_version < 2.5) $g2k5 = '<font color="red">You need version 2.5. Please <a href="http://wordpress.org/download/">upgrade</a> immediately.</font><br />';
|
119 |
+
echo "<b>" . $wp_version . "</b>   " ;echo $g2k5;
|
120 |
+
}
|
121 |
+
|
122 |
+
|
123 |
+
function mrt_javascript(){
|
124 |
+
$siteurl = get_option('siteurl');
|
125 |
+
?><script language="JavaScript" type="text/javascript" src="<?php echo $siteurl;?>/wp-content/plugins/wp-security-scan/js/scripts.js"></script><?php
|
126 |
+
}
|
127 |
+
?>
|
128 |
+
|
{js → trunk/js}/scripts.js
RENAMED
File without changes
|
trunk/password_tools.php
ADDED
@@ -0,0 +1,21 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
function mrt_sub1(){?>
|
3 |
+
<div class=wrap>
|
4 |
+
<h2><?php _e('WP - Password Tools') ?></h2>
|
5 |
+
<div style="height:299px">
|
6 |
+
<?php
|
7 |
+
echo "<br /><strong>Password Strength Tool</strong>";
|
8 |
+
?>
|
9 |
+
<table><tr valign=top><td><form name="commandForm">
|
10 |
+
Type password: <input type=password size=30 maxlength=50 name=password onkeyup="testPassword(document.forms.commandForm.password.value);" value="">
|
11 |
+
<br/><font color="#808080">Minimum 6 Characters</td><td><font size="1"> Password Strength:</font><a id="Words"><table><tr><td><table><tr><td height=4 width=150 bgcolor=tan></td></tr></table></td><td> <b>Begin Typing</b></td></tr></table></a></td></tr></table></td></tr></table></form>
|
12 |
+
<br /><hr align=left size=2 width=612px>
|
13 |
+
<?php
|
14 |
+
echo "<br /><br /><strong>Strong Password Generator</strong><br />";
|
15 |
+
echo "Strong Password: " . '<font color="red">' . make_password(15) . "</font>";
|
16 |
+
?>
|
17 |
+
</div>
|
18 |
+
Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
|
19 |
+
</div>
|
20 |
+
<? }
|
21 |
+
|
trunk/readme.txt
ADDED
@@ -0,0 +1,99 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
=== Plugin Name ===
|
2 |
+
Contributors: hallsofmontezuma
|
3 |
+
Donate link: http://semperfiwebdesign.com
|
4 |
+
Tags: security, securityscan, chmod, permissions, admin, administration, authentication, database, dashboard, post, notification, password, plugin, posts
|
5 |
+
plugins, private, protection, tracking, wordpress
|
6 |
+
Requires at least: 2.0
|
7 |
+
Tested up to: 2.5
|
8 |
+
Stable tag: 2.2.54
|
9 |
+
|
10 |
+
Scans your WordPress installation for security vulnerabilities.
|
11 |
+
|
12 |
+
== Description ==
|
13 |
+
|
14 |
+
Scans your WordPress installation for security vulnerabilities and suggests
|
15 |
+
corrective actions.
|
16 |
+
|
17 |
+
-passwords<br />
|
18 |
+
-file permissions<br />
|
19 |
+
-database security<br />
|
20 |
+
-version hiding<br />
|
21 |
+
-WordPress admin protection/security
|
22 |
+
|
23 |
+
**Future Releases**<br />
|
24 |
+
*one-click change file/folder permissions<br />
|
25 |
+
*test for XSS vulnerabilities<br />
|
26 |
+
*intrusion detection/prevention<br />
|
27 |
+
*lock out/log incorrect login attempts<br />
|
28 |
+
*user enumeration protection<br />
|
29 |
+
|
30 |
+
== Installation ==
|
31 |
+
|
32 |
+
1. Create backup.
|
33 |
+
2. Upload the zip file to the `/wp-content/plugins/` directory
|
34 |
+
3. Unzip.
|
35 |
+
4. Activate the plugin through the 'Plugins' menu in WordPress
|
36 |
+
|
37 |
+
|
38 |
+
Please let me know any bugs, improvements, comments, suggestions.
|
39 |
+
|
40 |
+
== Frequently Asked Questions ==
|
41 |
+
|
42 |
+
= How do I change the file permissions on my WordPress installation? =
|
43 |
+
|
44 |
+
From the linux command line (for advanced users):
|
45 |
+
chmod xxx filename.ext
|
46 |
+
(replace xxx with with the permissions settings for the file or folder)
|
47 |
+
|
48 |
+
From your FTP client:
|
49 |
+
Most FTP clients, such as filezilla, etc, allow for changing file
|
50 |
+
permissions. Please consult your clients documentation for your specific
|
51 |
+
directions.
|
52 |
+
|
53 |
+
For more information, please visit http://codex.wordpress.org/Changing_File_Permissions
|
54 |
+
|
55 |
+
= Why do I need to hide my version of WordPress? =
|
56 |
+
|
57 |
+
Alot of attackers and automated tools will try and determine software versions
|
58 |
+
before launching exploit code. Removing your WordPress blog version may
|
59 |
+
discourage some attackers and certainly will mitigate virus and worm programs
|
60 |
+
that rely on software versions.
|
61 |
+
|
62 |
+
NOTE: Hiding your version of WordPress may break any plugins you have which
|
63 |
+
are version dependant.
|
64 |
+
|
65 |
+
== Screenshots ==
|
66 |
+
|
67 |
+
1. file/directories permissions check
|
68 |
+
2. password tools
|
69 |
+
|
70 |
+
== WordPress Security ==
|
71 |
+
|
72 |
+
<strong>Plugin currently in BETA version.
|
73 |
+
|
74 |
+
== WordPress Security ==
|
75 |
+
|
76 |
+
Security Scanner:
|
77 |
+
|
78 |
+
1. Scans Wordpress installation for file/directory permissions vulnerabilites
|
79 |
+
1. Recommends corrective actions
|
80 |
+
1. Scans for general security vulnerabilities
|
81 |
+
|
82 |
+
Join the BETA testers group if:
|
83 |
+
|
84 |
+
* you have experience as a software tester
|
85 |
+
* you have no experience as a software tester
|
86 |
+
* you have a WordPress installation dedicated for testing
|
87 |
+
* you have a general enthusiasm for WordPress use and/or development
|
88 |
+
|
89 |
+
|
90 |
+
Visit our homepage at [Semper Fi Web Design](http://semperfiwebdesign.com/ "Raleigh Web Design") or our plugin page at [Semper Fi Plugins][sf plugins].
|
91 |
+
We look forward to hearing your comments and suggestions.
|
92 |
+
|
93 |
+
[sf plugins]: http://semperfiwebdesign.com/wordpress/plugins
|
94 |
+
"Raleigh Web Design"
|
95 |
+
|
96 |
+
> WordPress Security Scanner for *2.3, 2.5*. Although if you're using lower
|
97 |
+
> than 2.3 you should go ahead and install it because of **security**.
|
98 |
+
|
99 |
+
`<?php code(); // backticks ?>`
|
trunk/scanner.php
ADDED
@@ -0,0 +1,31 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
function mrt_sub0(){?>
|
3 |
+
<div class=wrap>
|
4 |
+
<h2><?php _e('WP - Security Scan') ?></h2>
|
5 |
+
<div style="height:299px">
|
6 |
+
<table width="100%" border="0" cellspacing="0" cellpadding="3" style="text-align:center;">
|
7 |
+
<tr>
|
8 |
+
<th style="border:0px;"><b>Name</b></th>
|
9 |
+
<th style="border:0px;"><b>File/Dir</b></th>
|
10 |
+
<th style="border:0px;"><b>Needed Chmod</b></th>
|
11 |
+
<th style="border:0px;"><b>Current Chmod</b></th>
|
12 |
+
<!-- <th style="border:0px;"><b>Change Permissions</b></th>-->
|
13 |
+
</tr>
|
14 |
+
<?php
|
15 |
+
check_perms("root directory","../","0755");
|
16 |
+
check_perms("wp-includes/","../wp-includes","0755");
|
17 |
+
check_perms(".htaccess","../.htaccess","0644");
|
18 |
+
check_perms("wp-admin/index.php","index.php","0644");
|
19 |
+
check_perms("wp-admin/js/","js/","0755");
|
20 |
+
check_perms("wp-content/themes/","../wp-content/themes","0755");
|
21 |
+
check_perms("wp-content/plugins/","../wp-content/plugins","0755");
|
22 |
+
check_perms("wp-admin/","../wp-admin","0755");
|
23 |
+
check_perms("wp-content/","../wp-content","0755");
|
24 |
+
?>
|
25 |
+
</table>
|
26 |
+
|
27 |
+
|
28 |
+
</div>
|
29 |
+
Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
|
30 |
+
</div><?}
|
31 |
+
|
trunk/screenshot-1.jpg
ADDED
Binary file
|
trunk/screenshot-2.jpg
ADDED
Binary file
|
trunk/scripts.js
ADDED
@@ -0,0 +1,30 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<script language="JavaScript1.1">
|
2 |
+
function testPassword(passwd){
|
3 |
+
var description = new Array();
|
4 |
+
description[0] = "<table><tr><td><table cellpadding=0 cellspacing=2><tr><td height=4 width=30 bgcolor=#ff0000></td><td height=4 width=120 bgcolor=tan></td></tr></table></td><td> <b>Weakest</b></td></tr></table>";
|
5 |
+
description[1] = "<table><tr><td><table cellpadding=0 cellspacing=2><tr><td height=4 width=60 bgcolor=#990000></td><td height=4 width=90 bgcolor=tan></td></tr></table></td><td> <b>Weak</b></td></tr></table>";
|
6 |
+
description[2] = "<table><tr><td><table cellpadding=0 cellspacing=2><tr><td height=4 width=90 bgcolor=#990099></td><td height=4 width=60 bgcolor=tan></td></tr></table></td><td> <b>Improving</b></td></tr></table>";
|
7 |
+
description[3] = "<table><tr><td><table cellpadding=0 cellspacing=2><tr><td height=4 width=120 bgcolor=#000099></td><td height=4 width=30 bgcolor=tan></td></tr></table></td><td> <b>Strong</b></td></tr></table>";
|
8 |
+
description[4] = "<table><tr><td><table><tr><td height=4 width=150 bgcolor=#0000ff></td></tr></table></td><td> <b>Strongest</b></td></tr></table>";
|
9 |
+
description[5] = "<table><tr><td><table><tr><td height=4 width=150 bgcolor=tan></td></tr></table></td><td> <b>Begin Typing</b></td></tr></table>";
|
10 |
+
|
11 |
+
var base = 0
|
12 |
+
var combos = 0
|
13 |
+
if (passwd.match(/[a-z]/))base = (base+26);
|
14 |
+
if (passwd.match(/[A-Z]/))base = (base+26);
|
15 |
+
if (passwd.match(/\d+/))base = (base+10);
|
16 |
+
if (passwd.match(/[>!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~]/))base = (base+33);
|
17 |
+
|
18 |
+
combos=Math.pow(base,passwd.length);
|
19 |
+
|
20 |
+
if(combos == 1)strVerdict = description[5];
|
21 |
+
else if(combos > 1 && combos < 1000000)strVerdict = description[0];
|
22 |
+
else if (combos >= 1000000 && combos < 1000000000000)strVerdict = description[1];
|
23 |
+
else if (combos >= 1000000000000 && combos < 1000000000000000000)strVerdict = description[2];
|
24 |
+
else if (combos >= 1000000000000000000 && combos < 1000000000000000000000000)strVerdict = description[3];
|
25 |
+
else strVerdict = description[4];
|
26 |
+
|
27 |
+
document.getElementById("Words").innerHTML= (strVerdict);
|
28 |
+
}
|
29 |
+
</script>
|
30 |
+
|
trunk/securityscan.php
ADDED
@@ -0,0 +1,109 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
/*
|
3 |
+
Plugin Name: WP Security Scan
|
4 |
+
Plugin URI: http://wordpress.org/extend/plugins/wp-security-scan/
|
5 |
+
Description: Perform security scan of WordPress installation.
|
6 |
+
Author: Michael Torbert
|
7 |
+
Version: 2.2.54
|
8 |
+
Author URI: http://semperfiwebdesign.com/
|
9 |
+
*/
|
10 |
+
|
11 |
+
/*
|
12 |
+
Copyright (C) 2008 semperfiwebdesign.com (michael AT semperfiwebdesign DOT com)
|
13 |
+
|
14 |
+
This program is free software; you can redistribute it and/or modify
|
15 |
+
it under the terms of the GNU General Public License as published by
|
16 |
+
the Free Software Foundation; either version 3 of the License, or
|
17 |
+
(at your option) any later version.
|
18 |
+
|
19 |
+
This program is distributed in the hope that it will be useful,
|
20 |
+
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
21 |
+
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
22 |
+
GNU General Public License for more details.
|
23 |
+
|
24 |
+
You should have received a copy of the GNU General Public License
|
25 |
+
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
26 |
+
*/
|
27 |
+
|
28 |
+
require_once(ABSPATH."wp-content/plugins/wp-security-scan/support.php");
|
29 |
+
require_once(ABSPATH."wp-content/plugins/wp-security-scan/scanner.php");
|
30 |
+
require_once(ABSPATH."wp-content/plugins/wp-security-scan/password_tools.php");
|
31 |
+
require_once(ABSPATH."wp-content/plugins/wp-security-scan/database.php");
|
32 |
+
require_once(ABSPATH."wp-content/plugins/wp-security-scan/functions.php");
|
33 |
+
require_once(ABSPATH."wp-content/plugins/wp-security-scan/scripts.js");
|
34 |
+
|
35 |
+
add_action( 'admin_notices', mrt_update_notice, 5 );
|
36 |
+
add_action('admin_head', 'mrt_hd');
|
37 |
+
add_action("init",mrt_wpdberrors,1);
|
38 |
+
add_action("parse_query",mrt_wpdberrors,1);
|
39 |
+
add_action('admin_menu', 'add_men_pg');
|
40 |
+
add_action("init",mrt_remove_wp_version,1);
|
41 |
+
function add_men_pg() {
|
42 |
+
if (function_exists('add_menu_page')){
|
43 |
+
add_menu_page('Security', 'Security', 8, __FILE__, 'mrt_opt_mng_pg');
|
44 |
+
add_submenu_page(__FILE__, 'Scanner', 'Scanner', 8, 'scanner', 'mrt_sub0');
|
45 |
+
add_submenu_page(__FILE__, 'Password Tool', 'Password Tool', 8, 'passwordtool', 'mrt_sub1');
|
46 |
+
add_submenu_page(__FILE__, 'Database', 'Database', 8, 'database', 'mrt_sub3');
|
47 |
+
add_submenu_page(__FILE__, 'Support', 'Support', 8, 'support', 'mrt_sub2');
|
48 |
+
}}
|
49 |
+
|
50 |
+
function mrt_update_notice(){
|
51 |
+
/*$mrt_version = "2.2.52";
|
52 |
+
$mrt_latest = fgets(fopen("http://semperfiwebdesign.com/wp-security-scan.html", "r"));
|
53 |
+
echo $mrt_latest . " and " . $mrt_version;
|
54 |
+
if($mrt_latest > $mrt_version)
|
55 |
+
echo "New Version Available";
|
56 |
+
else
|
57 |
+
echo "Latest Version";
|
58 |
+
*/ }
|
59 |
+
|
60 |
+
function mrt_opt_mng_pg() {
|
61 |
+
?>
|
62 |
+
<!--<div id='update-nag'>A new version of WP Security Scan is available!</div>-->
|
63 |
+
<?php //$rss = fetch_rss('http://alexrabe.boelinger.com/?tag=nextgen-gallery&feed=rss2');?>
|
64 |
+
|
65 |
+
<div class=wrap>
|
66 |
+
<h2><?php _e('WP - Security Admin Tools') ?></h2>
|
67 |
+
<div>
|
68 |
+
<!-- <div id="message" class="updated fade"><p></p></div>-->
|
69 |
+
<br /><div style="float: left;width: 600px; height: 410px;border: 1px solid #999;margin: 0 15px 15px 0;padding: 5px;">
|
70 |
+
<div width=600px style="text-align:center;font-weight:bold;"><h3>Initial Scan</h3></div>
|
71 |
+
<?php
|
72 |
+
global $wpdb;
|
73 |
+
mrt_check_version();
|
74 |
+
mrt_check_table_prefix();
|
75 |
+
mrt_version_removal();
|
76 |
+
mrt_errorsoff();
|
77 |
+
|
78 |
+
|
79 |
+
$name = $wpdb->get_var("SELECT user_login FROM $wpdb->users WHERE user_login='admin'");
|
80 |
+
if ($name=="admin"){
|
81 |
+
echo '<font color="red">"admin" user exists.</font>';
|
82 |
+
}
|
83 |
+
else{
|
84 |
+
echo '<font color="green">No user "admin".</font>';
|
85 |
+
}
|
86 |
+
?>
|
87 |
+
<br /><br />
|
88 |
+
<hr align=center size=2 width=500px>
|
89 |
+
<br /><br />
|
90 |
+
<div width=600px style="text-align:center;font-weight:bold;"><h3>Future Releases</h3></div>
|
91 |
+
<ul><li>one-click change file/folder permissions</li><li>test for XSS vulnerabilities</li><li>intrusion detection/prevention</li><li>lock out/log incorrect login attempts</li><li>user enumeration protection</li><li>WordPress admin protection/security</li></ul>
|
92 |
+
</div>
|
93 |
+
<div style="float: left; height: 410;border: 1px solid #999;margin: 0 15px 15px 0;padding: 5px;">
|
94 |
+
<?php mrt_get_serverinfo(); ?>
|
95 |
+
</div>
|
96 |
+
<div style="clear:both"></div>
|
97 |
+
</div>
|
98 |
+
Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
|
99 |
+
</div>
|
100 |
+
<?php }
|
101 |
+
|
102 |
+
function mrt_hd()
|
103 |
+
{
|
104 |
+
$siteurl = get_option('siteurl');?>
|
105 |
+
<script language="JavaScript" type="text/javascript" src="<?php echo $siteurl;?>/wp-content/plugins/wp-security-scan/js/scripts.js"></script>
|
106 |
+
<link rel="stylesheet" type="text/css" href="<?php echo $siteurl;?>/wp-content/plugins/wp-security-scan/style.css" />
|
107 |
+
<?php }
|
108 |
+
?>
|
109 |
+
|
style.css → trunk/style.css
RENAMED
File without changes
|
trunk/support.php
ADDED
@@ -0,0 +1,14 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
function mrt_sub2(){
|
4 |
+
?>
|
5 |
+
<div class=wrap>
|
6 |
+
<h2><?php _e('WP - Security Support') ?></h2>
|
7 |
+
<div style="height:299px">
|
8 |
+
<br /><br />support page coming soon...
|
9 |
+
<br /><br /><strong>Backup early, backup often!</strong><br /><br /><br /><br /><br />
|
10 |
+
<em>For comments, suggestions, bug reporting, etc email <a href="mailto:michael@semperfiwebdesign.com">michael@semperfiwebdesign.com</a></em>
|
11 |
+
</div>
|
12 |
+
Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
|
13 |
+
</div>
|
14 |
+
<?}?>
|