Acunetix WP Security - Version 2.2.44

Version Description

Release Info

Developer	hallsofmontezuma
Plugin	Acunetix WP Security
Version	2.2.44
Comparing to
See all releases

Code changes from version 2.2.53 to 2.2.44

Files changed (17) hide show

functions.php +1 -6
readme.txt +7 -7
scanner.php +7 -9
securityscan.php +4 -52
support.php +2 -2
trunk/database.php +151 -0
trunk/functions.php +128 -0
{js → trunk/js}/scripts.js +0 -0
trunk/password_tools.php +21 -0
trunk/readme.txt +99 -0
trunk/scanner.php +31 -0
trunk/screenshot-1.jpg +0 -0
trunk/screenshot-2.jpg +0 -0
trunk/scripts.js +30 -0
trunk/securityscan.php +109 -0
style.css → trunk/style.css +0 -0
trunk/support.php +14 -0

functions.php CHANGED Viewed

	@@ -81,7 +81,7 @@ function mrt_get_serverinfo() {
81	<?php
82	function mrt_check_table_prefix(){
83	if($GLOBALS['table_prefix']=='wp_'){
84	- echo '<font color="red">Your table prefix should not be <i>wp_</i>. <a href="admin.php?page=database">~~Click~~ here</a> to change it.</font><br />';
85	}else{
86	echo '<font color="green">Your table prefix is not <i>wp_</i>.</font><br />';
87	}
	@@ -119,10 +119,5 @@ if ($wp_version < 2.5) $g2k5 = '<font color="red">You need version 2.5. Please
119	echo "<b>" . $wp_version . "</b>   &nbsp " ;echo $g2k5;
120	}
121
122	-
123	- function mrt_javascript(){
124	- $siteurl = get_option('siteurl');
125	- ?><script language="JavaScript" type="text/javascript" src="<?php echo $siteurl;?>/wp-content/plugins/wp-security-scan/js/scripts.js"></script><?php
126	- }
127	?>
128


81	<?php
82	function mrt_check_table_prefix(){
83	if($GLOBALS['table_prefix']=='wp_'){
84	+ echo '<font color="red">Your table prefix should not be <i>wp_</i>. Please <a href="' . ABSPATH . 'wp-admin/admin.php?page=database">click here</a> to change it.</font><br />';
85	}else{
86	echo '<font color="green">Your table prefix is not <i>wp_</i>.</font><br />';
87	}

119	echo "<b>" . $wp_version . "</b>   &nbsp " ;echo $g2k5;
120	}
121





122	?>
123

readme.txt CHANGED Viewed

	@@ -5,7 +5,7 @@ Tags: security, securityscan, chmod, permissions, admin, administration, authent
5	plugins, private, protection, tracking, wordpress
6	Requires at least: 2.0
7	Tested up to: 2.5
8	- Stable tag: 2.2.52
9
10	Scans your WordPress installation for security vulnerabilities.
11
	@@ -18,14 +18,14 @@ corrective actions.
18	-file permissions<br />
19	-database security<br />
20	-version hiding
21	- -WordPress admin protection/security
22
23	- Future Releases<br />

24	*one-click change file/folder permissions<br />
25	- *test for XSS vulnerabilities~~<br />~~
26	- *intrusion detection/prevention~~<br />~~
27	- *lock out/log incorrect login attempts~~<br />~~
28	- *user enumeration protection<br />
29
30	== Installation ==
31


5	plugins, private, protection, tracking, wordpress
6	Requires at least: 2.0
7	Tested up to: 2.5
8	+ Stable tag: 2.2.44
9
10	Scans your WordPress installation for security vulnerabilities.
11

18	-file permissions<br />
19	-database security<br />
20	-version hiding

21
22	+ Future Releases
23	+
24	*one-click change file/folder permissions<br />
25	+ *test for XSS vulnerabilities
26	+ *intrusion detection/prevention
27	+ *lock out/log incorrect login attempts
28	+
29
30	== Installation ==
31

scanner.php CHANGED Viewed

	@@ -12,19 +12,17 @@ function mrt_sub0(){?>
12	<!-- <th style="border:0px;"><b>Change Permissions</b></th>-->
13	</tr>
14	<?php
15	- check_perms("root directory","../","~~0755~~");
16	- check_perms("wp-includes/","../wp-includes","~~0755~~");
17	check_perms(".htaccess","../.htaccess","0644");
18	check_perms("wp-admin/index.php","index.php","0644");
19	- check_perms("wp-admin/js/","js/","~~0755~~");
20	- check_perms("wp-content/themes/","../wp-content/themes","~~0755~~");
21	- check_perms("wp-content/plugins/","../wp-content/plugins","~~0755~~");
22	- check_perms("wp-admin/","../wp-admin","~~0755~~");
23	- check_perms("wp-content/","../wp-content","~~0755~~");
24	?>
25	</table>
26	-
27	-
28	</div>
29	Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
30	</div><?}


12	<!-- <th style="border:0px;"><b>Change Permissions</b></th>-->
13	</tr>
14	<?php
15	+ check_perms("root directory","../","0745");
16	+ check_perms("wp-includes/","../wp-includes","0447");
17	check_perms(".htaccess","../.htaccess","0644");
18	check_perms("wp-admin/index.php","index.php","0644");
19	+ check_perms("wp-admin/js/","js/","0775");
20	+ check_perms("wp-content/themes/","../wp-content/themes","0745");
21	+ check_perms("wp-content/plugins/","../wp-content/plugins","0745");
22	+ check_perms("wp-admin/","../wp-admin","0745");
23	+ check_perms("wp-content/","../wp-content","0745");
24	?>
25	</table>


26	</div>
27	Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
28	</div><?}

securityscan.php CHANGED Viewed

	@@ -4,27 +4,9 @@ Plugin Name: WP Security Scan
4	Plugin URI: http://wordpress.org/extend/plugins/wp-security-scan/
5	Description: Perform security scan of WordPress installation.
6	Author: Michael Torbert
7	- Version: 2.2.52
8	Author URI: http://semperfiwebdesign.com/
9	*/
10	-
11	- /*
12	- Copyright (C) 2008 semperfiwebdesign.com (michael AT semperfiwebdesign DOT com)
13	-
14	- This program is free software; you can redistribute it and/or modify
15	- it under the terms of the GNU General Public License as published by
16	- the Free Software Foundation; either version 3 of the License, or
17	- (at your option) any later version.
18	-
19	- This program is distributed in the hope that it will be useful,
20	- but WITHOUT ANY WARRANTY; without even the implied warranty of
21	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22	- GNU General Public License for more details.
23	-
24	- You should have received a copy of the GNU General Public License
25	- along with this program. If not, see <http://www.gnu.org/licenses/>.
26	- */
27	-
28	require_once(ABSPATH."wp-content/plugins/wp-security-scan/support.php");
29	require_once(ABSPATH."wp-content/plugins/wp-security-scan/scanner.php");
30	require_once(ABSPATH."wp-content/plugins/wp-security-scan/password_tools.php");
	@@ -32,8 +14,6 @@ require_once(ABSPATH."wp-content/plugins/wp-security-scan/database.php");
32	require_once(ABSPATH."wp-content/plugins/wp-security-scan/functions.php");
33	require_once(ABSPATH."wp-content/plugins/wp-security-scan/scripts.js");
34
35	- add_action( 'admin_notices', mrt_update_notice, 5 );
36	- add_action('admin_head', 'mrt_hd');
37	add_action("init",mrt_wpdberrors,1);
38	add_action("parse_query",mrt_wpdberrors,1);
39	add_action('admin_menu', 'add_men_pg');
	@@ -47,16 +27,6 @@ add_submenu_page(__FILE__, 'Database', 'Database', 8, 'database', 'mrt_sub3');
47	add_submenu_page(__FILE__, 'Support', 'Support', 8, 'support', 'mrt_sub2');
48	}}
49
50	- function mrt_update_notice(){
51	- /*$mrt_version = "2.2.52";
52	- $mrt_latest = fgets(fopen("http://semperfiwebdesign.com/wp-security-scan.html", "r"));
53	- echo $mrt_latest . " and " . $mrt_version;
54	- if($mrt_latest > $mrt_version)
55	- echo "New Version Available";
56	- else
57	- echo "Latest Version";
58	- */ }
59	-
60	function mrt_opt_mng_pg() {
61	?>
62	<!--<div id='update-nag'>A new version of WP Security Scan is available!</div>-->
	@@ -69,26 +39,17 @@ function mrt_opt_mng_pg() {
69	<br /><div style="float: left;width: 600px; height: 410px;border: 1px solid #999;margin: 0 15px 15px 0;padding: 5px;">
70	<div width=600px style="text-align:center;font-weight:bold;"><h3>Initial Scan</h3></div>
71	<?php
72	- global $wpdb;
73	mrt_check_version();
74	mrt_check_table_prefix();
75	mrt_version_removal();
76	mrt_errorsoff();
77	-
78	-
79	- $name = $wpdb->get_var("SELECT user_login FROM $wpdb->users WHERE user_login='admin'");
80	- if ($name=="admin"){
81	- echo '<font color="red">"admin" user exists.</font>';
82	- }
83	- else{
84	- echo '<font color="green">No user "admin".</font>';
85	- }
86	?>

87	<br /><br />
88	<hr align=center size=2 width=500px>
89	<br /><br />
90	<div width=600px style="text-align:center;font-weight:bold;"><h3>Future Releases</h3></div>
91	- <ul><li>one-click change file/folder permissions</li><li>test for XSS vulnerabilities</li><li>intrusion detection/prevention</li><li>lock out/log incorrect login attempts</~~li><li>user enumeration protection</li><li>WordPress admin protection/security</li></~~ul>
92	</div>
93	<div style="float: left; height: 410;border: 1px solid #999;margin: 0 15px 15px 0;padding: 5px;">
94	<?php mrt_get_serverinfo(); ?>
	@@ -97,13 +58,4 @@ if ($name=="admin"){
97	</div>
98	Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
99	</div>
100	- <?php }
101	-
102	- function mrt_hd()
103	- {
104	- $siteurl = get_option('siteurl');?>
105	- <script language="JavaScript" type="text/javascript" src="<?php echo $siteurl;?>/wp-content/plugins/wp-security-scan/js/scripts.js"></script>
106	- <link rel="stylesheet" type="text/css" href="<?php echo $siteurl;?>/wp-content/plugins/wp-security-scan/style.css" />
107	- <?php }
108	- ?>
109	-


4	Plugin URI: http://wordpress.org/extend/plugins/wp-security-scan/
5	Description: Perform security scan of WordPress installation.
6	Author: Michael Torbert
7	+ Version: 2.2.44
8	Author URI: http://semperfiwebdesign.com/
9	*/


















10	require_once(ABSPATH."wp-content/plugins/wp-security-scan/support.php");
11	require_once(ABSPATH."wp-content/plugins/wp-security-scan/scanner.php");
12	require_once(ABSPATH."wp-content/plugins/wp-security-scan/password_tools.php");

14	require_once(ABSPATH."wp-content/plugins/wp-security-scan/functions.php");
15	require_once(ABSPATH."wp-content/plugins/wp-security-scan/scripts.js");
16


17	add_action("init",mrt_wpdberrors,1);
18	add_action("parse_query",mrt_wpdberrors,1);
19	add_action('admin_menu', 'add_men_pg');

27	add_submenu_page(__FILE__, 'Support', 'Support', 8, 'support', 'mrt_sub2');
28	}}
29










30	function mrt_opt_mng_pg() {
31	?>
32	<!--<div id='update-nag'>A new version of WP Security Scan is available!</div>-->

39	<br /><div style="float: left;width: 600px; height: 410px;border: 1px solid #999;margin: 0 15px 15px 0;padding: 5px;">
40	<div width=600px style="text-align:center;font-weight:bold;"><h3>Initial Scan</h3></div>
41	<?php

42	mrt_check_version();
43	mrt_check_table_prefix();
44	mrt_version_removal();
45	mrt_errorsoff();









46	?>
47	+
48	<br /><br />
49	<hr align=center size=2 width=500px>
50	<br /><br />
51	<div width=600px style="text-align:center;font-weight:bold;"><h3>Future Releases</h3></div>
52	+ <ul><li>one-click change file/folder permissions</li><li>test for XSS vulnerabilities</li><li>intrusion detection/prevention</li><li>lock out/log incorrect login attempts</ul>
53	</div>
54	<div style="float: left; height: 410;border: 1px solid #999;margin: 0 15px 15px 0;padding: 5px;">
55	<?php mrt_get_serverinfo(); ?>

58	</div>
59	Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
60	</div>
61	+ <?php } ?>

support.php CHANGED Viewed

	@@ -6,9 +6,9 @@ function mrt_sub2(){
6	<h2><?php _e('WP - Security Support') ?></h2>
7	<div style="height:299px">
8	<br /><br />support page coming soon...
9	- <br /><br /><~~strong>Backup early, backup often!</strong><~~br ~~/><br /><br /><br /><br~~ />
10	<em>For comments, suggestions, bug reporting, etc email <a href="mailto:michael@semperfiwebdesign.com">michael@semperfiwebdesign.com</a></em>
11	- </div>
12	Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
13	</div>
14	<?}?>


6	<h2><?php _e('WP - Security Support') ?></h2>
7	<div style="height:299px">
8	<br /><br />support page coming soon...
9	+ <br /><br /><br />
10	<em>For comments, suggestions, bug reporting, etc email <a href="mailto:michael@semperfiwebdesign.com">michael@semperfiwebdesign.com</a></em>
11	+ </div>
12	Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
13	</div>
14	<?}?>

trunk/database.php ADDED Viewed

	@@ -0,0 +1,151 @@


1	+ <?php
2	+ /*
3	+ Thank you Philipp Heinze.
4	+ */
5	+
6	+ function mrt_sub3(){
7	+ ?>
8	+ <div class=wrap>
9	+ <h2><?php _e('WP - Database Security') ?></h2>
10	+ <div style="height:299px"><br />
11	+ <i>Make a backup before using this tool:</i>
12	+ <p>Change your database table prefix to mitigate zero-day SQL Injection attacks.</p>
13	+ <form action='' method='post' name='prefixchanging'>
14	+ <?php
15	+ if (function_exists('wp_nonce_field')) {
16	+ wp_nonce_field('prefix-changer-change_prefix');
17	+ }
18	+ ?>
19	+ Please Change the current:<input type="Text" name="prefix_n" value="<?php echo($GLOBALS['table_prefix']);?>" size="10" maxlength="10"> prefix to something different (i.e. use the random password generator).<br />
20	+ Allowed Chars are all latin Alphanumeric Chars as well as the Chars <strong>-</strong> and <strong>_</strong>.
21	+ <input type='submit' name='renameprefix' value='Start Renaming'/>
22	+ </form>
23	+
24	+ <?php
25	+ if (isset($_POST['prefix_n'])) {
26	+ check_admin_referer('prefix-changer-change_prefix');
27	+ $wpdb =& $GLOBALS['wpdb'];
28	+ $newpref = ereg_replace("[^0-9a-zA-Z_-]", "", $_POST['prefix_n']);
29	+ //checking if user has enough rights to alter the Tablestructure
30	+ $rights = $wpdb->get_results("SHOW GRANTS FOR '".DB_USER."'@'".DB_HOST."'", ARRAY_N);
31	+ foreach ($rights as $right) {
32	+ if (ereg("ALTER(.)(\\|`".str_replace("_", "\\_", DB_NAME)."`)\.(\\|`".DB_HOST."`) TO '".DB_USER."'@'".DB_HOST."'", $right[0]) \|\| ereg("ALL PRIVILEGES ON (\\|`".str_replace("_", "\\_", DB_NAME)."`)\.(\*\|`".DB_HOST."`) TO '".DB_USER."'@'".DB_HOST."'", $right[0])) {
33	+ $rightsenough = true;
34	+ $rightstomuch = true;
35	+ break;
36	+ } else {
37	+ if (ereg("ALTER(.*)`".DB_NAME."`", $right[0])) {
38	+ $rightsenough = true;
39	+ break;
40	+ }
41	+ }
42	+ }
43	+ if (!isset($rightsenough) && $rightsenough != true) {
44	+ exit('<font color="#ff0000">Your User which is used to access your Wordpress Tables/Database, hasn\'t enough rights( is missing ALTER-right) to alter your Tablestructure.<br />');
45	+ }
46	+ if (isset($rightstomuch) && $rightstomuch === true) {
47	+ echo ('<font color="#FF9B05">Your currently used User to Access the Wordpress Database, holds too many rights. '.
48	+ 'We suggest that you limit his rights or to use another User with more limited rights instead, to increase your Security.</font><br />');
49	+ }
50	+ if ($newpref == $GLOBALS['table_prefix']) {
51	+ exit ("No change: Please select a new table_prefix value.</div>");
52	+ } elseif (strlen($newpref) < strlen($_POST['prefix_n'])){
53	+ echo ("You used some Chars which aren't allowed within Tablenames".
54	+ "The sanitized prefix is used instead: " . $newpref);
55	+ }
56	+
57	+ echo("<h2>Started Prefix Changer:</h2>");
58	+
59	+ //we rename the tables before we change the Config file, so We can aviod changed Configs, without changed prefixes.
60	+ echo("<h3>  Start Renaming of Tables:</h3>");
61	+ $oldtables = $wpdb->get_results("SHOW TABLES LIKE '".$GLOBALS['table_prefix']."%'", ARRAY_N);//retrieving all tables named with the prefix on start
62	+ $table_c = count($oldtables);
63	+ $table_s = 0;//holds the count of successful changed tables.
64	+ $table_f[] = '';//holds all table names which failed to be changed
65	+ for($i = 0; $i < $table_c; $i++) {//renaming each table to the new prefix
66	+ $wpdb->hide_errors();
67	+ $table_n = str_replace($GLOBALS['table_prefix'], $newpref, $oldtables[$i][0]);
68	+ echo "   Renaming ".$oldtables[$i][0]." to $table_n:";
69	+ $table_r = $wpdb->query("RENAME TABLE ".$oldtables[$i][0]." TO $table_n");
70	+ if ($table_r === 0) {
71	+ echo ('<font color="#00ff00"> Success</font><br />');
72	+ $table_s++;
73	+ } elseif ($table_r === FALSE) {
74	+ echo ('<font color="#ff0000"> Failed</font><br />');
75	+ $table_f[] = $oldtables[$i][0];
76	+ }
77	+ }//changing some "hardcoded" wp values within the tables
78	+ echo ("<h3>  Start changing Databasesettings:</h3>");
79	+ if ($wpdb->query("UPDATE ".$newpref."options SET option_name='".$newpref."user_roles' WHERE option_name='".$GLOBALS['table_prefix']."user_roles' LIMIT 1") <> 1) {
80	+ echo ('   Changing values in table '.$newpref.'options: 1/1 <font color="#ff0000">Failed</font><br />');
81	+ } else {
82	+ echo ('   Changing values in table '.$GLOBALS['table_prefix'].'options 1/1: <font color="#00ff00">Success</font><br />');
83	+ }
84	+ if ($wpdb->query("UPDATE ".$newpref."usermeta SET meta_key='".$newpref."capabilities' WHERE meta_key='".$GLOBALS['table_prefix']."capabilities'") <> 1) {
85	+ echo ('   Changing values in table '.$GLOBALS['table_prefix'].'usermeta 1/3: <font color="#ff0000">Failed</font><br />');
86	+ } else {
87	+ echo ('   Changing values in table '.$GLOBALS['table_prefix'].'usermeta 1/3: <font color="#00ff00">Success</font><br />');
88	+ }
89	+ if ($wpdb->query("UPDATE ".$newpref."usermeta SET meta_key='".$newpref."user_level' WHERE meta_key='".$GLOBALS['table_prefix']."user_level'") === FALSE)
90	+ {
91	+ echo ('   Changing values in table '.$GLOBALS['table_prefix'].'usermeta 2/3: <font color="#ff0000">Failed</font><br />');
92	+ } else {
93	+ echo ('   Changing values in table '.$GLOBALS['table_prefix'].'usermeta 2/3: <font color="#00ff00">Success</font><br />');
94	+ }
95	+ if ($wpdb->query("UPDATE ".$newpref."usermeta SET meta_key='".$newpref."autosave_draft_ids' WHERE meta_key='".$GLOBALS['table_prefix']."autosave_draft_ids'") === 0) {
96	+ echo ('   Changing values in table '.$GLOBALS['table_prefix'].'usermeta 3/3: <font color="#000000">Value doesn\'t exist</font><br />');
97	+ } else {
98	+ echo ('   Changing values in table '.$GLOBALS['table_prefix'].'usermeta 3/3: <font color="#00ff00">Success</font><br />');
99	+ }
100	+
101	+ if ($table_s == 0) {
102	+ exit('<font color="#ff0000">Some Error occured, it wasn\'t possible to change any Tableprefix. Please retry, no changes are done to your wp-config File.</font><br />');
103	+ } elseif ($table_s < $table_c) {
104	+ echo('<font color="#ff0000">It wasn\'t possible to rename some of your Tables prefix. Please change them manually. Following you\'ll see all failed tables:<br />');
105	+ for ($i = 1; $i < count($tables_f); $i++) {
106	+ echo ($tables_f[$i])."<br />";
107	+ }
108	+ exit('No changes where done to your wp-config File.</font><br />');
109	+ }
110	+
111	+ echo("<h3>Changing Config File:</h3>");
112	+ $conf_f = "../wp-config.php";
113	+
114	+ @chmod($conf_f, 0777);//making the the config readable to change the prefix
115	+ if (!is_writeable($conf_f)) {//when automatic config file changing isn't possible the user get's all needed information to do it manually
116	+ echo('  1/1 file writeable: <font color="#ff0000">Not Writeable</font><br />');
117	+ echo('<b>Please make your wp-config.php file writable for this process.</b>');
118	+ die("</div>");
119	+ } else {//changing if possible the config file automatically
120	+ echo('  1/3 file writeable: <font color="#00ff00"> Writeable</font><br />');
121	+ $handle = @fopen($conf_f, "r+");
122	+ if ($handle) {
123	+ while (!feof($handle)) {
124	+ $lines[] = fgets($handle, 4096);
125	+ }//while feof
126	+ fclose($handle);
127	+ $handle = @fopen($conf_f, "w+");
128	+ foreach ($lines as $line) {
129	+ if (strpos($line, $GLOBALS['table_prefix'])) {
130	+ $line = str_replace($GLOBALS['table_prefix'], $newpref, $line);
131	+ echo('  2/3 <font color="#00ff00">table prefix changed!</font><br />');
132	+ }//if strpos
133	+ fwrite($handle, $line);
134	+ }//foreach $lines
135	+ fclose($handle);
136	+ if (chmod ($conf_f, 0644)) {
137	+ echo('  3/3 <font color="#00ff00">Config files permission set to 644, for security purpose.</font><br />');
138	+ } else {
139	+ echo ('  3/3 wasn\'t able to set chmod to 644, please check if your files permission is set back to 644!<br />');
140	+ }//if chmod
141	+ }//if handle
142	+ }//if is_writeable
143	+
144	+ }//if prefix
145	+ ?>
146	+ </div>
147	+ Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
148	+ </div>
149	+ <?php
150	+ }//function prefix_changer
151	+ ?>

trunk/functions.php ADDED Viewed

	@@ -0,0 +1,128 @@


1	+ <?php
2	+
3	+ function make_seed() {
4	+ list($usec, $sec) = explode(' ', microtime());
5	+ return (float) $sec + ((float) $usec * 100000);
6	+ }
7	+
8	+ function make_password($password_length){
9	+ srand(make_seed());
10	+ $alfa = "!@123!@4567!@890qwer!@tyuiopa@!sdfghjkl@!zxcvbn@!mQWERTYUIO@!PASDFGH@!JKLZXCVBNM!@";
11	+ $token = "";
12	+ for($i = 0; $i < $password_length; $i ++) {
13	+ $token .= $alfa[rand(0, strlen($alfa))];
14	+ }
15	+ return $token;
16	+ }
17	+
18	+ function check_perms($name,$path,$perm)
19	+ {
20	+ clearstatcache();
21	+ // $configmod = fileperms($path);
22	+ $configmod = substr(sprintf(".%o.", fileperms($path)), -4);
23	+ $trcss = (($configmod != $perm) ? "background-color:#fd7a7a;" : "background-color:#91f587;");
24	+ echo "<tr style=".$trcss.">";
25	+ echo '<td style="border:0px;">' . $name . "</td>";
26	+ echo '<td style="border:0px;">'. $path ."</td>";
27	+ echo '<td style="border:0px;">' . $perm . '</td>';
28	+ echo '<td style="border:0px;">' . $configmod . '</td>';
29	+ // echo '<td style="border:0px;">' . '<input type="submit" name="' . $perm . '" value="Change now.">' . '</td>';
30	+ echo "</tr>";
31	+ }
32	+
33	+ function mrt_get_serverinfo() {
34	+ global $wpdb;
35	+ $sqlversion = $wpdb->get_var("SELECT VERSION() AS version");
36	+ $mysqlinfo = $wpdb->get_results("SHOW VARIABLES LIKE 'sql_mode'");
37	+ if (is_array($mysqlinfo)) $sql_mode = $mysqlinfo[0]->Value;
38	+ if (empty($sql_mode)) $sql_mode = __('Not set');
39	+ if(ini_get('safe_mode')) $safe_mode = __('On');
40	+ else $safe_mode = __('Off');
41	+ if(ini_get('allow_url_fopen')) $allow_url_fopen = __('On');
42	+ else $allow_url_fopen = __('Off');
43	+ if(ini_get('upload_max_filesize')) $upload_max = ini_get('upload_max_filesize');
44	+ else $upload_max = __('N/A');
45	+ if(ini_get('post_max_size')) $post_max = ini_get('post_max_size');
46	+ else $post_max = __('N/A');
47	+ if(ini_get('max_execution_time')) $max_execute = ini_get('max_execution_time');
48	+ else $max_execute = __('N/A');
49	+ if(ini_get('memory_limit')) $memory_limit = ini_get('memory_limit');
50	+ else $memory_limit = __('N/A');
51	+ if (function_exists('memory_get_usage')) $memory_usage = round(memory_get_usage() / 1024 / 1024, 2) . __(' MByte');
52	+ else $memory_usage = __('N/A');
53	+ if (is_callable('exif_read_data')) $exif = __('Yes'). " ( V" . substr(phpversion('exif'),0,4) . ")" ;
54	+ else $exif = __('No');
55	+ if (is_callable('iptcparse')) $iptc = __('Yes');
56	+ else $iptc = __('No');
57	+ if (is_callable('xml_parser_create')) $xml = __('Yes');
58	+ else $xml = __('No');
59	+
60	+ ?>
61	+ <li><?php _e('Operating System'); ?> : <strong><?php echo PHP_OS; ?></strong></li>
62	+ <li><?php _e('Server'); ?> : <strong><?php echo $_SERVER["SERVER_SOFTWARE"]; ?></strong></li>
63	+ <li><?php _e('Memory usage'); ?> : <strong><?php echo $memory_usage; ?></strong></li>
64	+ <li><?php _e('MYSQL Version'); ?> : <strong><?php echo $sqlversion; ?></strong></li>
65	+ <li><?php _e('SQL Mode'); ?> : <strong><?php echo $sql_mode; ?></strong></li>
66	+ <li><?php _e('PHP Version'); ?> : <strong><?php echo PHP_VERSION; ?></strong></li>
67	+ <li><?php _e('PHP Safe Mode'); ?> : <strong><?php echo $safe_mode; ?></strong></li>
68	+ <li><?php _e('PHP Allow URL fopen'); ?> : <strong><?php echo $allow_url_fopen; ?></strong></li>
69	+ <li><?php _e('PHP Memory Limit'); ?> : <strong><?php echo $memory_limit; ?></strong></li>
70	+ <li><?php _e('PHP Max Upload Size'); ?> : <strong><?php echo $upload_max; ?></strong></li>
71	+ <li><?php _e('PHP Max Post Size'); ?> : <strong><?php echo $post_max; ?></strong></li>
72	+ <li><?php _e('PHP Max Script Execute Time'); ?> : <strong><?php echo $max_execute; ?>s</strong></li>
73	+ <li><?php _e('PHP Exif support'); ?> : <strong><?php echo $exif; ?></strong></li>
74	+ <li><?php _e('PHP IPTC support'); ?> : <strong><?php echo $iptc; ?></strong></li>
75	+ <li><?php _e('PHP XML support'); ?> : <strong><?php echo $xml; ?></strong></li>
76	+ <?php
77	+ }
78	+ ?>
79	+
80	+
81	+ <?php
82	+ function mrt_check_table_prefix(){
83	+ if($GLOBALS['table_prefix']=='wp_'){
84	+ echo '<font color="red">Your table prefix should not be <i>wp_</i>. <a href="admin.php?page=database">Click here</a> to change it.</font><br />';
85	+ }else{
86	+ echo '<font color="green">Your table prefix is not <i>wp_</i>.</font><br />';
87	+ }
88	+ }
89	+
90	+ function mrt_errorsoff(){
91	+ echo '<font color="green">WordPress DB Errors turned off.</font><br />';
92	+ }
93	+
94	+ function mrt_wpdberrors()
95	+ {
96	+ global $wpdb;
97	+ $wpdb->show_errors = false;
98	+
99	+ }
100	+
101	+ function mrt_version_removal(){
102	+ echo '<font color="green">Your WordPress version is successfully hidden.</font><br />';
103	+ }
104	+
105	+ function mrt_remove_wp_version()
106	+ {
107	+ if (!is_admin()) {
108	+ global $wp_version;
109	+ $wp_version = '';
110	+ }
111	+
112	+ }
113	+
114	+ function mrt_check_version(){
115	+ echo "WordPress Version: ";
116	+ global $wp_version;
117	+ if ($wp_version == 2.5) $g2k5 = '<font color="green">You have the latest stable version of WordPress.</font><br />';
118	+ if ($wp_version < 2.5) $g2k5 = '<font color="red">You need version 2.5. Please <a href="http://wordpress.org/download/">upgrade</a> immediately.</font><br />';
119	+ echo "<b>" . $wp_version . "</b>   &nbsp " ;echo $g2k5;
120	+ }
121	+
122	+
123	+ function mrt_javascript(){
124	+ $siteurl = get_option('siteurl');
125	+ ?><script language="JavaScript" type="text/javascript" src="<?php echo $siteurl;?>/wp-content/plugins/wp-security-scan/js/scripts.js"></script><?php
126	+ }
127	+ ?>
128	+

{js → trunk/js}/scripts.js RENAMED Viewed

File without changes

trunk/password_tools.php ADDED Viewed

	@@ -0,0 +1,21 @@


1	+ <?php
2	+ function mrt_sub1(){?>
3	+ <div class=wrap>
4	+ <h2><?php _e('WP - Password Tools') ?></h2>
5	+ <div style="height:299px">
6	+ <?php
7	+ echo "<br /><strong>Password Strength Tool</strong>";
8	+ ?>
9	+ <table><tr valign=top><td><form name="commandForm">
10	+ Type password: <input type=password size=30 maxlength=50 name=password onkeyup="testPassword(document.forms.commandForm.password.value);" value="">
11	+ <br/><font color="#808080">Minimum 6 Characters</td><td><font size="1"> Password Strength:</font><a id="Words"><table><tr><td><table><tr><td height=4 width=150 bgcolor=tan></td></tr></table></td><td> <b>Begin Typing</b></td></tr></table></a></td></tr></table></td></tr></table></form>
12	+ <br /><hr align=left size=2 width=612px>
13	+ <?php
14	+ echo "<br /><br /><strong>Strong Password Generator</strong><br />";
15	+ echo "Strong Password: " . '<font color="red">' . make_password(15) . "</font>";
16	+ ?>
17	+ </div>
18	+ Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
19	+ </div>
20	+ <? }
21	+

trunk/readme.txt ADDED Viewed

	@@ -0,0 +1,99 @@


1	+ === Plugin Name ===
2	+ Contributors: hallsofmontezuma
3	+ Donate link: http://semperfiwebdesign.com
4	+ Tags: security, securityscan, chmod, permissions, admin, administration, authentication, database, dashboard, post, notification, password, plugin, posts
5	+ plugins, private, protection, tracking, wordpress
6	+ Requires at least: 2.0
7	+ Tested up to: 2.5
8	+ Stable tag: 2.2.54
9	+
10	+ Scans your WordPress installation for security vulnerabilities.
11	+
12	+ == Description ==
13	+
14	+ Scans your WordPress installation for security vulnerabilities and suggests
15	+ corrective actions.
16	+
17	+ -passwords<br />
18	+ -file permissions<br />
19	+ -database security<br />
20	+ -version hiding<br />
21	+ -WordPress admin protection/security
22	+
23	+ Future Releases<br />
24	+ *one-click change file/folder permissions<br />
25	+ *test for XSS vulnerabilities<br />
26	+ *intrusion detection/prevention<br />
27	+ *lock out/log incorrect login attempts<br />
28	+ *user enumeration protection<br />
29	+
30	+ == Installation ==
31	+
32	+ 1. Create backup.
33	+ 2. Upload the zip file to the `/wp-content/plugins/` directory
34	+ 3. Unzip.
35	+ 4. Activate the plugin through the 'Plugins' menu in WordPress
36	+
37	+
38	+ Please let me know any bugs, improvements, comments, suggestions.
39	+
40	+ == Frequently Asked Questions ==
41	+
42	+ = How do I change the file permissions on my WordPress installation? =
43	+
44	+ From the linux command line (for advanced users):
45	+ chmod xxx filename.ext
46	+ (replace xxx with with the permissions settings for the file or folder)
47	+
48	+ From your FTP client:
49	+ Most FTP clients, such as filezilla, etc, allow for changing file
50	+ permissions. Please consult your clients documentation for your specific
51	+ directions.
52	+
53	+ For more information, please visit http://codex.wordpress.org/Changing_File_Permissions
54	+
55	+ = Why do I need to hide my version of WordPress? =
56	+
57	+ Alot of attackers and automated tools will try and determine software versions
58	+ before launching exploit code. Removing your WordPress blog version may
59	+ discourage some attackers and certainly will mitigate virus and worm programs
60	+ that rely on software versions.
61	+
62	+ NOTE: Hiding your version of WordPress may break any plugins you have which
63	+ are version dependant.
64	+
65	+ == Screenshots ==
66	+
67	+ 1. file/directories permissions check
68	+ 2. password tools
69	+
70	+ == WordPress Security ==
71	+
72	+ <strong>Plugin currently in BETA version.
73	+
74	+ == WordPress Security ==
75	+
76	+ Security Scanner:
77	+
78	+ 1. Scans Wordpress installation for file/directory permissions vulnerabilites
79	+ 1. Recommends corrective actions
80	+ 1. Scans for general security vulnerabilities
81	+
82	+ Join the BETA testers group if:
83	+
84	+ * you have experience as a software tester
85	+ * you have no experience as a software tester
86	+ * you have a WordPress installation dedicated for testing
87	+ * you have a general enthusiasm for WordPress use and/or development
88	+
89	+
90	+ Visit our homepage at [Semper Fi Web Design](http://semperfiwebdesign.com/ "Raleigh Web Design") or our plugin page at [Semper Fi Plugins][sf plugins].
91	+ We look forward to hearing your comments and suggestions.
92	+
93	+ [sf plugins]: http://semperfiwebdesign.com/wordpress/plugins
94	+ "Raleigh Web Design"
95	+
96	+ > WordPress Security Scanner for 2.3, 2.5. Although if you're using lower
97	+ > than 2.3 you should go ahead and install it because of security.
98	+
99	+ `<?php code(); // backticks ?>`

trunk/scanner.php ADDED Viewed

	@@ -0,0 +1,31 @@


1	+ <?php
2	+ function mrt_sub0(){?>
3	+ <div class=wrap>
4	+ <h2><?php _e('WP - Security Scan') ?></h2>
5	+ <div style="height:299px">
6	+ <table width="100%" border="0" cellspacing="0" cellpadding="3" style="text-align:center;">
7	+ <tr>
8	+ <th style="border:0px;"><b>Name</b></th>
9	+ <th style="border:0px;"><b>File/Dir</b></th>
10	+ <th style="border:0px;"><b>Needed Chmod</b></th>
11	+ <th style="border:0px;"><b>Current Chmod</b></th>
12	+ <!-- <th style="border:0px;"><b>Change Permissions</b></th>-->
13	+ </tr>
14	+ <?php
15	+ check_perms("root directory","../","0755");
16	+ check_perms("wp-includes/","../wp-includes","0755");
17	+ check_perms(".htaccess","../.htaccess","0644");
18	+ check_perms("wp-admin/index.php","index.php","0644");
19	+ check_perms("wp-admin/js/","js/","0755");
20	+ check_perms("wp-content/themes/","../wp-content/themes","0755");
21	+ check_perms("wp-content/plugins/","../wp-content/plugins","0755");
22	+ check_perms("wp-admin/","../wp-admin","0755");
23	+ check_perms("wp-content/","../wp-content","0755");
24	+ ?>
25	+ </table>
26	+
27	+
28	+ </div>
29	+ Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
30	+ </div><?}
31	+

trunk/screenshot-1.jpg ADDED Viewed

Binary file

trunk/screenshot-2.jpg ADDED Viewed

Binary file

trunk/scripts.js ADDED Viewed

	@@ -0,0 +1,30 @@


1	+ <script language="JavaScript1.1">
2	+ function testPassword(passwd){
3	+ var description = new Array();
4	+ description[0] = "<table><tr><td><table cellpadding=0 cellspacing=2><tr><td height=4 width=30 bgcolor=#ff0000></td><td height=4 width=120 bgcolor=tan></td></tr></table></td><td> <b>Weakest</b></td></tr></table>";
5	+ description[1] = "<table><tr><td><table cellpadding=0 cellspacing=2><tr><td height=4 width=60 bgcolor=#990000></td><td height=4 width=90 bgcolor=tan></td></tr></table></td><td> <b>Weak</b></td></tr></table>";
6	+ description[2] = "<table><tr><td><table cellpadding=0 cellspacing=2><tr><td height=4 width=90 bgcolor=#990099></td><td height=4 width=60 bgcolor=tan></td></tr></table></td><td> <b>Improving</b></td></tr></table>";
7	+ description[3] = "<table><tr><td><table cellpadding=0 cellspacing=2><tr><td height=4 width=120 bgcolor=#000099></td><td height=4 width=30 bgcolor=tan></td></tr></table></td><td> <b>Strong</b></td></tr></table>";
8	+ description[4] = "<table><tr><td><table><tr><td height=4 width=150 bgcolor=#0000ff></td></tr></table></td><td> <b>Strongest</b></td></tr></table>";
9	+ description[5] = "<table><tr><td><table><tr><td height=4 width=150 bgcolor=tan></td></tr></table></td><td> <b>Begin Typing</b></td></tr></table>";
10	+
11	+ var base = 0
12	+ var combos = 0
13	+ if (passwd.match(/[a-z]/))base = (base+26);
14	+ if (passwd.match(/[A-Z]/))base = (base+26);
15	+ if (passwd.match(/\d+/))base = (base+10);
16	+ if (passwd.match(/[>!"#$%&'()*+,-./:;<=>?@[\]^_`{\|}~]/))base = (base+33);
17	+
18	+ combos=Math.pow(base,passwd.length);
19	+
20	+ if(combos == 1)strVerdict = description[5];
21	+ else if(combos > 1 && combos < 1000000)strVerdict = description[0];
22	+ else if (combos >= 1000000 && combos < 1000000000000)strVerdict = description[1];
23	+ else if (combos >= 1000000000000 && combos < 1000000000000000000)strVerdict = description[2];
24	+ else if (combos >= 1000000000000000000 && combos < 1000000000000000000000000)strVerdict = description[3];
25	+ else strVerdict = description[4];
26	+
27	+ document.getElementById("Words").innerHTML= (strVerdict);
28	+ }
29	+ </script>
30	+

trunk/securityscan.php ADDED Viewed

	@@ -0,0 +1,109 @@


1	+ <?php
2	+ /*
3	+ Plugin Name: WP Security Scan
4	+ Plugin URI: http://wordpress.org/extend/plugins/wp-security-scan/
5	+ Description: Perform security scan of WordPress installation.
6	+ Author: Michael Torbert
7	+ Version: 2.2.54
8	+ Author URI: http://semperfiwebdesign.com/
9	+ */
10	+
11	+ /*
12	+ Copyright (C) 2008 semperfiwebdesign.com (michael AT semperfiwebdesign DOT com)
13	+
14	+ This program is free software; you can redistribute it and/or modify
15	+ it under the terms of the GNU General Public License as published by
16	+ the Free Software Foundation; either version 3 of the License, or
17	+ (at your option) any later version.
18	+
19	+ This program is distributed in the hope that it will be useful,
20	+ but WITHOUT ANY WARRANTY; without even the implied warranty of
21	+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22	+ GNU General Public License for more details.
23	+
24	+ You should have received a copy of the GNU General Public License
25	+ along with this program. If not, see <http://www.gnu.org/licenses/>.
26	+ */
27	+
28	+ require_once(ABSPATH."wp-content/plugins/wp-security-scan/support.php");
29	+ require_once(ABSPATH."wp-content/plugins/wp-security-scan/scanner.php");
30	+ require_once(ABSPATH."wp-content/plugins/wp-security-scan/password_tools.php");
31	+ require_once(ABSPATH."wp-content/plugins/wp-security-scan/database.php");
32	+ require_once(ABSPATH."wp-content/plugins/wp-security-scan/functions.php");
33	+ require_once(ABSPATH."wp-content/plugins/wp-security-scan/scripts.js");
34	+
35	+ add_action( 'admin_notices', mrt_update_notice, 5 );
36	+ add_action('admin_head', 'mrt_hd');
37	+ add_action("init",mrt_wpdberrors,1);
38	+ add_action("parse_query",mrt_wpdberrors,1);
39	+ add_action('admin_menu', 'add_men_pg');
40	+ add_action("init",mrt_remove_wp_version,1);
41	+ function add_men_pg() {
42	+ if (function_exists('add_menu_page')){
43	+ add_menu_page('Security', 'Security', 8, __FILE__, 'mrt_opt_mng_pg');
44	+ add_submenu_page(__FILE__, 'Scanner', 'Scanner', 8, 'scanner', 'mrt_sub0');
45	+ add_submenu_page(__FILE__, 'Password Tool', 'Password Tool', 8, 'passwordtool', 'mrt_sub1');
46	+ add_submenu_page(__FILE__, 'Database', 'Database', 8, 'database', 'mrt_sub3');
47	+ add_submenu_page(__FILE__, 'Support', 'Support', 8, 'support', 'mrt_sub2');
48	+ }}
49	+
50	+ function mrt_update_notice(){
51	+ /*$mrt_version = "2.2.52";
52	+ $mrt_latest = fgets(fopen("http://semperfiwebdesign.com/wp-security-scan.html", "r"));
53	+ echo $mrt_latest . " and " . $mrt_version;
54	+ if($mrt_latest > $mrt_version)
55	+ echo "New Version Available";
56	+ else
57	+ echo "Latest Version";
58	+ */ }
59	+
60	+ function mrt_opt_mng_pg() {
61	+ ?>
62	+ <!--<div id='update-nag'>A new version of WP Security Scan is available!</div>-->
63	+ <?php //$rss = fetch_rss('http://alexrabe.boelinger.com/?tag=nextgen-gallery&feed=rss2');?>
64	+
65	+ <div class=wrap>
66	+ <h2><?php _e('WP - Security Admin Tools') ?></h2>
67	+ <div>
68	+ <!-- <div id="message" class="updated fade"><p></p></div>-->
69	+ <br /><div style="float: left;width: 600px; height: 410px;border: 1px solid #999;margin: 0 15px 15px 0;padding: 5px;">
70	+ <div width=600px style="text-align:center;font-weight:bold;"><h3>Initial Scan</h3></div>
71	+ <?php
72	+ global $wpdb;
73	+ mrt_check_version();
74	+ mrt_check_table_prefix();
75	+ mrt_version_removal();
76	+ mrt_errorsoff();
77	+
78	+
79	+ $name = $wpdb->get_var("SELECT user_login FROM $wpdb->users WHERE user_login='admin'");
80	+ if ($name=="admin"){
81	+ echo '<font color="red">"admin" user exists.</font>';
82	+ }
83	+ else{
84	+ echo '<font color="green">No user "admin".</font>';
85	+ }
86	+ ?>
87	+ <br /><br />
88	+ <hr align=center size=2 width=500px>
89	+ <br /><br />
90	+ <div width=600px style="text-align:center;font-weight:bold;"><h3>Future Releases</h3></div>
91	+ <ul><li>one-click change file/folder permissions</li><li>test for XSS vulnerabilities</li><li>intrusion detection/prevention</li><li>lock out/log incorrect login attempts</li><li>user enumeration protection</li><li>WordPress admin protection/security</li></ul>
92	+ </div>
93	+ <div style="float: left; height: 410;border: 1px solid #999;margin: 0 15px 15px 0;padding: 5px;">
94	+ <?php mrt_get_serverinfo(); ?>
95	+ </div>
96	+ <div style="clear:both"></div>
97	+ </div>
98	+ Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
99	+ </div>
100	+ <?php }
101	+
102	+ function mrt_hd()
103	+ {
104	+ $siteurl = get_option('siteurl');?>
105	+ <script language="JavaScript" type="text/javascript" src="<?php echo $siteurl;?>/wp-content/plugins/wp-security-scan/js/scripts.js"></script>
106	+ <link rel="stylesheet" type="text/css" href="<?php echo $siteurl;?>/wp-content/plugins/wp-security-scan/style.css" />
107	+ <?php }
108	+ ?>
109	+

style.css → trunk/style.css RENAMED Viewed

File without changes

trunk/support.php ADDED Viewed

	@@ -0,0 +1,14 @@


1	+ <?php
2	+
3	+ function mrt_sub2(){
4	+ ?>
5	+ <div class=wrap>
6	+ <h2><?php _e('WP - Security Support') ?></h2>
7	+ <div style="height:299px">
8	+ <br /><br />support page coming soon...
9	+ <br /><br /><strong>Backup early, backup often!</strong><br /><br /><br /><br /><br />
10	+ <em>For comments, suggestions, bug reporting, etc email <a href="mailto:michael@semperfiwebdesign.com">michael@semperfiwebdesign.com</a></em>
11	+ </div>
12	+ Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
13	+ </div>
14	+ <?}?>