Version Description
Download this release
Release Info
| Developer | hallsofmontezuma |
| Plugin |  Acunetix WP Security |
| Version | 2.2.55 |
| Comparing to | |
| See all releases | |
Code changes from version 2.2.43 to 2.2.55
- functions.php +8 -3
- {trunk/js → js}/scripts.js +0 -0
- readme.txt +16 -10
- scanner.php +9 -7
- securityscan.php +52 -4
- trunk/style.css → style.css +0 -0
- support.php +2 -2
- trunk/database.php +0 -151
- trunk/functions.php +0 -128
- trunk/password_tools.php +0 -21
- trunk/readme.txt +0 -99
- trunk/scanner.php +0 -31
- trunk/screenshot-1.jpg +0 -0
- trunk/screenshot-2.jpg +0 -0
- trunk/scripts.js +0 -30
- trunk/securityscan.php +0 -109
- trunk/support.php +0 -14
functions.php
CHANGED
|
@@ -81,14 +81,14 @@ function mrt_get_serverinfo() {
|
|
| 81 |
<?php
|
| 82 |
function mrt_check_table_prefix(){
|
| 83 |
if($GLOBALS['table_prefix']=='wp_'){
|
| 84 |
-
echo '<font color="red">Your table prefix should not be <i>wp_</i>.
|
| 85 |
}else{
|
| 86 |
echo '<font color="green">Your table prefix is not <i>wp_</i>.</font><br />';
|
| 87 |
}
|
| 88 |
}
|
| 89 |
|
| 90 |
function mrt_errorsoff(){
|
| 91 |
-
echo '<font color="green">WordPress DB Errors turned off
|
| 92 |
}
|
| 93 |
|
| 94 |
function mrt_wpdberrors()
|
|
@@ -99,7 +99,7 @@ function mrt_wpdberrors()
|
|
| 99 |
}
|
| 100 |
|
| 101 |
function mrt_version_removal(){
|
| 102 |
-
echo '<font color="green">Your WordPress version is successfully hidden
|
| 103 |
}
|
| 104 |
|
| 105 |
function mrt_remove_wp_version()
|
|
@@ -119,5 +119,10 @@ if ($wp_version < 2.5) $g2k5 = '<font color="red">You need version 2.5. Please
|
|
| 119 |
echo "<b>" . $wp_version . "</b>   " ;echo $g2k5;
|
| 120 |
}
|
| 121 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 122 |
?>
|
| 123 |
|
| 81 |
<?php
|
| 82 |
function mrt_check_table_prefix(){
|
| 83 |
if($GLOBALS['table_prefix']=='wp_'){
|
| 84 |
+
echo '<font color="red">Your table prefix should not be <i>wp_</i>. <a href="admin.php?page=database">Click here</a> to change it.</font><br />';
|
| 85 |
}else{
|
| 86 |
echo '<font color="green">Your table prefix is not <i>wp_</i>.</font><br />';
|
| 87 |
}
|
| 88 |
}
|
| 89 |
|
| 90 |
function mrt_errorsoff(){
|
| 91 |
+
echo '<font color="green">WordPress DB Errors turned off.</font><br />';
|
| 92 |
}
|
| 93 |
|
| 94 |
function mrt_wpdberrors()
|
| 99 |
}
|
| 100 |
|
| 101 |
function mrt_version_removal(){
|
| 102 |
+
echo '<font color="green">Your WordPress version is successfully hidden.</font><br />';
|
| 103 |
}
|
| 104 |
|
| 105 |
function mrt_remove_wp_version()
|
| 119 |
echo "<b>" . $wp_version . "</b>   " ;echo $g2k5;
|
| 120 |
}
|
| 121 |
|
| 122 |
+
|
| 123 |
+
function mrt_javascript(){
|
| 124 |
+
$siteurl = get_option('siteurl');
|
| 125 |
+
?><script language="JavaScript" type="text/javascript" src="<?php echo $siteurl;?>/wp-content/plugins/wp-security-scan/js/scripts.js"></script><?php
|
| 126 |
+
}
|
| 127 |
?>
|
| 128 |
|
{trunk/js → js}/scripts.js
RENAMED
|
File without changes
|
readme.txt
CHANGED
|
@@ -1,10 +1,11 @@
|
|
| 1 |
=== Plugin Name ===
|
| 2 |
Contributors: hallsofmontezuma
|
| 3 |
Donate link: http://semperfiwebdesign.com
|
| 4 |
-
Tags: security, securityscan, chmod, permissions
|
|
|
|
| 5 |
Requires at least: 2.0
|
| 6 |
Tested up to: 2.5
|
| 7 |
-
Stable tag: 2.2.
|
| 8 |
|
| 9 |
Scans your WordPress installation for security vulnerabilities.
|
| 10 |
|
|
@@ -16,20 +17,25 @@ corrective actions.
|
|
| 16 |
-passwords<br />
|
| 17 |
-file permissions<br />
|
| 18 |
-database security<br />
|
| 19 |
-
-version hiding
|
| 20 |
-
|
| 21 |
-
**Future Releases**
|
| 22 |
|
|
|
|
| 23 |
*one-click change file/folder permissions<br />
|
| 24 |
-
*test for XSS vulnerabilities
|
|
|
|
|
|
|
|
|
|
| 25 |
|
|
|
|
| 26 |
|
| 27 |
-
|
|
|
|
|
|
|
|
|
|
| 28 |
|
| 29 |
-
== Installation ==
|
| 30 |
|
| 31 |
-
|
| 32 |
-
2. Activate the plugin through the 'Plugins' menu in WordPress
|
| 33 |
|
| 34 |
== Frequently Asked Questions ==
|
| 35 |
|
| 1 |
=== Plugin Name ===
|
| 2 |
Contributors: hallsofmontezuma
|
| 3 |
Donate link: http://semperfiwebdesign.com
|
| 4 |
+
Tags: security, securityscan, chmod, permissions, admin, administration, authentication, database, dashboard, post, notification, password, plugin, posts
|
| 5 |
+
plugins, private, protection, tracking, wordpress
|
| 6 |
Requires at least: 2.0
|
| 7 |
Tested up to: 2.5
|
| 8 |
+
Stable tag: 2.2.55
|
| 9 |
|
| 10 |
Scans your WordPress installation for security vulnerabilities.
|
| 11 |
|
| 17 |
-passwords<br />
|
| 18 |
-file permissions<br />
|
| 19 |
-database security<br />
|
| 20 |
+
-version hiding<br />
|
| 21 |
+
-WordPress admin protection/security
|
|
|
|
| 22 |
|
| 23 |
+
**Future Releases**<br />
|
| 24 |
*one-click change file/folder permissions<br />
|
| 25 |
+
*test for XSS vulnerabilities<br />
|
| 26 |
+
*intrusion detection/prevention<br />
|
| 27 |
+
*lock out/log incorrect login attempts<br />
|
| 28 |
+
*user enumeration protection<br />
|
| 29 |
|
| 30 |
+
== Installation ==
|
| 31 |
|
| 32 |
+
1. Create backup.
|
| 33 |
+
2. Upload the zip file to the `/wp-content/plugins/` directory
|
| 34 |
+
3. Unzip.
|
| 35 |
+
4. Activate the plugin through the 'Plugins' menu in WordPress
|
| 36 |
|
|
|
|
| 37 |
|
| 38 |
+
Please let me know any bugs, improvements, comments, suggestions.
|
|
|
|
| 39 |
|
| 40 |
== Frequently Asked Questions ==
|
| 41 |
|
scanner.php
CHANGED
|
@@ -12,17 +12,19 @@ function mrt_sub0(){?>
|
|
| 12 |
<!-- <th style="border:0px;"><b>Change Permissions</b></th>-->
|
| 13 |
</tr>
|
| 14 |
<?php
|
| 15 |
-
check_perms("root directory","../","
|
| 16 |
-
check_perms("wp-includes/","../wp-includes","
|
| 17 |
check_perms(".htaccess","../.htaccess","0644");
|
| 18 |
check_perms("wp-admin/index.php","index.php","0644");
|
| 19 |
-
check_perms("wp-admin/js/","js/","
|
| 20 |
-
check_perms("wp-content/themes/","../wp-content/themes","
|
| 21 |
-
check_perms("wp-content/plugins/","../wp-content/plugins","
|
| 22 |
-
check_perms("wp-admin/","../wp-admin","
|
| 23 |
-
check_perms("wp-content/","../wp-content","
|
| 24 |
?>
|
| 25 |
</table>
|
|
|
|
|
|
|
| 26 |
</div>
|
| 27 |
Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
|
| 28 |
</div><?}
|
| 12 |
<!-- <th style="border:0px;"><b>Change Permissions</b></th>-->
|
| 13 |
</tr>
|
| 14 |
<?php
|
| 15 |
+
check_perms("root directory","../","0755");
|
| 16 |
+
check_perms("wp-includes/","../wp-includes","0755");
|
| 17 |
check_perms(".htaccess","../.htaccess","0644");
|
| 18 |
check_perms("wp-admin/index.php","index.php","0644");
|
| 19 |
+
check_perms("wp-admin/js/","js/","0755");
|
| 20 |
+
check_perms("wp-content/themes/","../wp-content/themes","0755");
|
| 21 |
+
check_perms("wp-content/plugins/","../wp-content/plugins","0755");
|
| 22 |
+
check_perms("wp-admin/","../wp-admin","0755");
|
| 23 |
+
check_perms("wp-content/","../wp-content","0755");
|
| 24 |
?>
|
| 25 |
</table>
|
| 26 |
+
|
| 27 |
+
|
| 28 |
</div>
|
| 29 |
Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
|
| 30 |
</div><?}
|
securityscan.php
CHANGED
|
@@ -4,9 +4,27 @@ Plugin Name: WP Security Scan
|
|
| 4 |
Plugin URI: http://wordpress.org/extend/plugins/wp-security-scan/
|
| 5 |
Description: Perform security scan of WordPress installation.
|
| 6 |
Author: Michael Torbert
|
| 7 |
-
Version: 2.2.
|
| 8 |
Author URI: http://semperfiwebdesign.com/
|
| 9 |
*/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10 |
require_once(ABSPATH."wp-content/plugins/wp-security-scan/support.php");
|
| 11 |
require_once(ABSPATH."wp-content/plugins/wp-security-scan/scanner.php");
|
| 12 |
require_once(ABSPATH."wp-content/plugins/wp-security-scan/password_tools.php");
|
|
@@ -14,6 +32,8 @@ require_once(ABSPATH."wp-content/plugins/wp-security-scan/database.php");
|
|
| 14 |
require_once(ABSPATH."wp-content/plugins/wp-security-scan/functions.php");
|
| 15 |
require_once(ABSPATH."wp-content/plugins/wp-security-scan/scripts.js");
|
| 16 |
|
|
|
|
|
|
|
| 17 |
add_action("init",mrt_wpdberrors,1);
|
| 18 |
add_action("parse_query",mrt_wpdberrors,1);
|
| 19 |
add_action('admin_menu', 'add_men_pg');
|
|
@@ -27,6 +47,16 @@ add_submenu_page(__FILE__, 'Database', 'Database', 8, 'database', 'mrt_sub3');
|
|
| 27 |
add_submenu_page(__FILE__, 'Support', 'Support', 8, 'support', 'mrt_sub2');
|
| 28 |
}}
|
| 29 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 30 |
function mrt_opt_mng_pg() {
|
| 31 |
?>
|
| 32 |
<!--<div id='update-nag'>A new version of WP Security Scan is available!</div>-->
|
|
@@ -39,17 +69,26 @@ function mrt_opt_mng_pg() {
|
|
| 39 |
<br /><div style="float: left;width: 600px; height: 410px;border: 1px solid #999;margin: 0 15px 15px 0;padding: 5px;">
|
| 40 |
<div width=600px style="text-align:center;font-weight:bold;"><h3>Initial Scan</h3></div>
|
| 41 |
<?php
|
|
|
|
| 42 |
mrt_check_version();
|
| 43 |
mrt_check_table_prefix();
|
| 44 |
mrt_version_removal();
|
| 45 |
mrt_errorsoff();
|
| 46 |
-
?>
|
| 47 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48 |
<br /><br />
|
| 49 |
<hr align=center size=2 width=500px>
|
| 50 |
<br /><br />
|
| 51 |
<div width=600px style="text-align:center;font-weight:bold;"><h3>Future Releases</h3></div>
|
| 52 |
-
<ul><li>one-click change file/folder permissions</li><li>test for XSS vulnerabilities</li></ul>
|
| 53 |
</div>
|
| 54 |
<div style="float: left; height: 410;border: 1px solid #999;margin: 0 15px 15px 0;padding: 5px;">
|
| 55 |
<?php mrt_get_serverinfo(); ?>
|
|
@@ -58,4 +97,13 @@ mrt_errorsoff();
|
|
| 58 |
</div>
|
| 59 |
Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
|
| 60 |
</div>
|
| 61 |
-
<?php }
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4 |
Plugin URI: http://wordpress.org/extend/plugins/wp-security-scan/
|
| 5 |
Description: Perform security scan of WordPress installation.
|
| 6 |
Author: Michael Torbert
|
| 7 |
+
Version: 2.2.55
|
| 8 |
Author URI: http://semperfiwebdesign.com/
|
| 9 |
*/
|
| 10 |
+
|
| 11 |
+
/*
|
| 12 |
+
Copyright (C) 2008 semperfiwebdesign.com (michael AT semperfiwebdesign DOT com)
|
| 13 |
+
|
| 14 |
+
This program is free software; you can redistribute it and/or modify
|
| 15 |
+
it under the terms of the GNU General Public License as published by
|
| 16 |
+
the Free Software Foundation; either version 3 of the License, or
|
| 17 |
+
(at your option) any later version.
|
| 18 |
+
|
| 19 |
+
This program is distributed in the hope that it will be useful,
|
| 20 |
+
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
| 21 |
+
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
| 22 |
+
GNU General Public License for more details.
|
| 23 |
+
|
| 24 |
+
You should have received a copy of the GNU General Public License
|
| 25 |
+
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
| 26 |
+
*/
|
| 27 |
+
|
| 28 |
require_once(ABSPATH."wp-content/plugins/wp-security-scan/support.php");
|
| 29 |
require_once(ABSPATH."wp-content/plugins/wp-security-scan/scanner.php");
|
| 30 |
require_once(ABSPATH."wp-content/plugins/wp-security-scan/password_tools.php");
|
| 32 |
require_once(ABSPATH."wp-content/plugins/wp-security-scan/functions.php");
|
| 33 |
require_once(ABSPATH."wp-content/plugins/wp-security-scan/scripts.js");
|
| 34 |
|
| 35 |
+
add_action( 'admin_notices', mrt_update_notice, 5 );
|
| 36 |
+
add_action('admin_head', 'mrt_hd');
|
| 37 |
add_action("init",mrt_wpdberrors,1);
|
| 38 |
add_action("parse_query",mrt_wpdberrors,1);
|
| 39 |
add_action('admin_menu', 'add_men_pg');
|
| 47 |
add_submenu_page(__FILE__, 'Support', 'Support', 8, 'support', 'mrt_sub2');
|
| 48 |
}}
|
| 49 |
|
| 50 |
+
function mrt_update_notice(){
|
| 51 |
+
/*$mrt_version = "2.2.52";
|
| 52 |
+
$mrt_latest = fgets(fopen("http://semperfiwebdesign.com/wp-security-scan.html", "r"));
|
| 53 |
+
echo $mrt_latest . " and " . $mrt_version;
|
| 54 |
+
if($mrt_latest > $mrt_version)
|
| 55 |
+
echo "New Version Available";
|
| 56 |
+
else
|
| 57 |
+
echo "Latest Version";
|
| 58 |
+
*/ }
|
| 59 |
+
|
| 60 |
function mrt_opt_mng_pg() {
|
| 61 |
?>
|
| 62 |
<!--<div id='update-nag'>A new version of WP Security Scan is available!</div>-->
|
| 69 |
<br /><div style="float: left;width: 600px; height: 410px;border: 1px solid #999;margin: 0 15px 15px 0;padding: 5px;">
|
| 70 |
<div width=600px style="text-align:center;font-weight:bold;"><h3>Initial Scan</h3></div>
|
| 71 |
<?php
|
| 72 |
+
global $wpdb;
|
| 73 |
mrt_check_version();
|
| 74 |
mrt_check_table_prefix();
|
| 75 |
mrt_version_removal();
|
| 76 |
mrt_errorsoff();
|
|
|
|
| 77 |
|
| 78 |
+
|
| 79 |
+
$name = $wpdb->get_var("SELECT user_login FROM $wpdb->users WHERE user_login='admin'");
|
| 80 |
+
if ($name=="admin"){
|
| 81 |
+
echo '<font color="red">"admin" user exists.</font>';
|
| 82 |
+
}
|
| 83 |
+
else{
|
| 84 |
+
echo '<font color="green">No user "admin".</font>';
|
| 85 |
+
}
|
| 86 |
+
?>
|
| 87 |
<br /><br />
|
| 88 |
<hr align=center size=2 width=500px>
|
| 89 |
<br /><br />
|
| 90 |
<div width=600px style="text-align:center;font-weight:bold;"><h3>Future Releases</h3></div>
|
| 91 |
+
<ul><li>one-click change file/folder permissions</li><li>test for XSS vulnerabilities</li><li>intrusion detection/prevention</li><li>lock out/log incorrect login attempts</li><li>user enumeration protection</li><li>WordPress admin protection/security</li></ul>
|
| 92 |
</div>
|
| 93 |
<div style="float: left; height: 410;border: 1px solid #999;margin: 0 15px 15px 0;padding: 5px;">
|
| 94 |
<?php mrt_get_serverinfo(); ?>
|
| 97 |
</div>
|
| 98 |
Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
|
| 99 |
</div>
|
| 100 |
+
<?php }
|
| 101 |
+
|
| 102 |
+
function mrt_hd()
|
| 103 |
+
{
|
| 104 |
+
$siteurl = get_option('siteurl');?>
|
| 105 |
+
<script language="JavaScript" type="text/javascript" src="<?php echo $siteurl;?>/wp-content/plugins/wp-security-scan/js/scripts.js"></script>
|
| 106 |
+
<!--<link rel="stylesheet" type="text/css" href="<?php echo $siteurl;?>/wp-content/plugins/wp-security-scan/style.css" />-->
|
| 107 |
+
<?php }
|
| 108 |
+
?>
|
| 109 |
+
|
trunk/style.css → style.css
RENAMED
|
File without changes
|
support.php
CHANGED
|
@@ -6,9 +6,9 @@ function mrt_sub2(){
|
|
| 6 |
<h2><?php _e('WP - Security Support') ?></h2>
|
| 7 |
<div style="height:299px">
|
| 8 |
<br /><br />support page coming soon...
|
| 9 |
-
<br /><br /><br />
|
| 10 |
<em>For comments, suggestions, bug reporting, etc email <a href="mailto:michael@semperfiwebdesign.com">michael@semperfiwebdesign.com</a></em>
|
| 11 |
-
|
| 12 |
Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
|
| 13 |
</div>
|
| 14 |
<?}?>
|
| 6 |
<h2><?php _e('WP - Security Support') ?></h2>
|
| 7 |
<div style="height:299px">
|
| 8 |
<br /><br />support page coming soon...
|
| 9 |
+
<br /><br /><strong>Backup early, backup often!</strong><br /><br /><br /><br /><br />
|
| 10 |
<em>For comments, suggestions, bug reporting, etc email <a href="mailto:michael@semperfiwebdesign.com">michael@semperfiwebdesign.com</a></em>
|
| 11 |
+
</div>
|
| 12 |
Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
|
| 13 |
</div>
|
| 14 |
<?}?>
|
trunk/database.php
DELETED
|
@@ -1,151 +0,0 @@
|
|
| 1 |
-
<?php
|
| 2 |
-
/*
|
| 3 |
-
Thank you Philipp Heinze.
|
| 4 |
-
*/
|
| 5 |
-
|
| 6 |
-
function mrt_sub3(){
|
| 7 |
-
?>
|
| 8 |
-
<div class=wrap>
|
| 9 |
-
<h2><?php _e('WP - Database Security') ?></h2>
|
| 10 |
-
<div style="height:299px"><br />
|
| 11 |
-
<i>Make a backup before using this tool:</i>
|
| 12 |
-
<p>Change your database table prefix to mitigate zero-day SQL Injection attacks.</p>
|
| 13 |
-
<form action='' method='post' name='prefixchanging'>
|
| 14 |
-
<?php
|
| 15 |
-
if (function_exists('wp_nonce_field')) {
|
| 16 |
-
wp_nonce_field('prefix-changer-change_prefix');
|
| 17 |
-
}
|
| 18 |
-
?>
|
| 19 |
-
Please Change the current:<input type="Text" name="prefix_n" value="<?php echo($GLOBALS['table_prefix']);?>" size="10" maxlength="10"> prefix to something different (i.e. use the random password generator).<br />
|
| 20 |
-
Allowed Chars are all latin Alphanumeric Chars as well as the Chars <strong>-</strong> and <strong>_</strong>.
|
| 21 |
-
<input type='submit' name='renameprefix' value='Start Renaming'/>
|
| 22 |
-
</form>
|
| 23 |
-
|
| 24 |
-
<?php
|
| 25 |
-
if (isset($_POST['prefix_n'])) {
|
| 26 |
-
check_admin_referer('prefix-changer-change_prefix');
|
| 27 |
-
$wpdb =& $GLOBALS['wpdb'];
|
| 28 |
-
$newpref = ereg_replace("[^0-9a-zA-Z_-]", "", $_POST['prefix_n']);
|
| 29 |
-
//checking if user has enough rights to alter the Tablestructure
|
| 30 |
-
$rights = $wpdb->get_results("SHOW GRANTS FOR '".DB_USER."'@'".DB_HOST."'", ARRAY_N);
|
| 31 |
-
foreach ($rights as $right) {
|
| 32 |
-
if (ereg("ALTER(.*)(\*|`".str_replace("_", "\\_", DB_NAME)."`)\.(\*|`".DB_HOST."`) TO '".DB_USER."'@'".DB_HOST."'", $right[0]) || ereg("ALL PRIVILEGES ON (\*|`".str_replace("_", "\\_", DB_NAME)."`)\.(\*|`".DB_HOST."`) TO '".DB_USER."'@'".DB_HOST."'", $right[0])) {
|
| 33 |
-
$rightsenough = true;
|
| 34 |
-
$rightstomuch = true;
|
| 35 |
-
break;
|
| 36 |
-
} else {
|
| 37 |
-
if (ereg("ALTER(.*)`".DB_NAME."`", $right[0])) {
|
| 38 |
-
$rightsenough = true;
|
| 39 |
-
break;
|
| 40 |
-
}
|
| 41 |
-
}
|
| 42 |
-
}
|
| 43 |
-
if (!isset($rightsenough) && $rightsenough != true) {
|
| 44 |
-
exit('<font color="#ff0000">Your User which is used to access your Wordpress Tables/Database, hasn\'t enough rights( is missing ALTER-right) to alter your Tablestructure.<br />');
|
| 45 |
-
}
|
| 46 |
-
if (isset($rightstomuch) && $rightstomuch === true) {
|
| 47 |
-
echo ('<font color="#FF9B05">Your currently used User to Access the Wordpress Database, holds too many rights. '.
|
| 48 |
-
'We suggest that you limit his rights or to use another User with more limited rights instead, to increase your Security.</font><br />');
|
| 49 |
-
}
|
| 50 |
-
if ($newpref == $GLOBALS['table_prefix']) {
|
| 51 |
-
exit ("No change: Please select a new table_prefix value.</div>");
|
| 52 |
-
} elseif (strlen($newpref) < strlen($_POST['prefix_n'])){
|
| 53 |
-
echo ("You used some Chars which aren't allowed within Tablenames".
|
| 54 |
-
"The sanitized prefix is used instead: " . $newpref);
|
| 55 |
-
}
|
| 56 |
-
|
| 57 |
-
echo("<h2>Started Prefix Changer:</h2>");
|
| 58 |
-
|
| 59 |
-
//we rename the tables before we change the Config file, so We can aviod changed Configs, without changed prefixes.
|
| 60 |
-
echo("<h3> Start Renaming of Tables:</h3>");
|
| 61 |
-
$oldtables = $wpdb->get_results("SHOW TABLES LIKE '".$GLOBALS['table_prefix']."%'", ARRAY_N);//retrieving all tables named with the prefix on start
|
| 62 |
-
$table_c = count($oldtables);
|
| 63 |
-
$table_s = 0;//holds the count of successful changed tables.
|
| 64 |
-
$table_f[] = '';//holds all table names which failed to be changed
|
| 65 |
-
for($i = 0; $i < $table_c; $i++) {//renaming each table to the new prefix
|
| 66 |
-
$wpdb->hide_errors();
|
| 67 |
-
$table_n = str_replace($GLOBALS['table_prefix'], $newpref, $oldtables[$i][0]);
|
| 68 |
-
echo " Renaming ".$oldtables[$i][0]." to $table_n:";
|
| 69 |
-
$table_r = $wpdb->query("RENAME TABLE ".$oldtables[$i][0]." TO $table_n");
|
| 70 |
-
if ($table_r === 0) {
|
| 71 |
-
echo ('<font color="#00ff00"> Success</font><br />');
|
| 72 |
-
$table_s++;
|
| 73 |
-
} elseif ($table_r === FALSE) {
|
| 74 |
-
echo ('<font color="#ff0000"> Failed</font><br />');
|
| 75 |
-
$table_f[] = $oldtables[$i][0];
|
| 76 |
-
}
|
| 77 |
-
}//changing some "hardcoded" wp values within the tables
|
| 78 |
-
echo ("<h3> Start changing Databasesettings:</h3>");
|
| 79 |
-
if ($wpdb->query("UPDATE ".$newpref."options SET option_name='".$newpref."user_roles' WHERE option_name='".$GLOBALS['table_prefix']."user_roles' LIMIT 1") <> 1) {
|
| 80 |
-
echo (' Changing values in table '.$newpref.'options: 1/1 <font color="#ff0000">Failed</font><br />');
|
| 81 |
-
} else {
|
| 82 |
-
echo (' Changing values in table '.$GLOBALS['table_prefix'].'options 1/1: <font color="#00ff00">Success</font><br />');
|
| 83 |
-
}
|
| 84 |
-
if ($wpdb->query("UPDATE ".$newpref."usermeta SET meta_key='".$newpref."capabilities' WHERE meta_key='".$GLOBALS['table_prefix']."capabilities'") <> 1) {
|
| 85 |
-
echo (' Changing values in table '.$GLOBALS['table_prefix'].'usermeta 1/3: <font color="#ff0000">Failed</font><br />');
|
| 86 |
-
} else {
|
| 87 |
-
echo (' Changing values in table '.$GLOBALS['table_prefix'].'usermeta 1/3: <font color="#00ff00">Success</font><br />');
|
| 88 |
-
}
|
| 89 |
-
if ($wpdb->query("UPDATE ".$newpref."usermeta SET meta_key='".$newpref."user_level' WHERE meta_key='".$GLOBALS['table_prefix']."user_level'") === FALSE)
|
| 90 |
-
{
|
| 91 |
-
echo (' Changing values in table '.$GLOBALS['table_prefix'].'usermeta 2/3: <font color="#ff0000">Failed</font><br />');
|
| 92 |
-
} else {
|
| 93 |
-
echo (' Changing values in table '.$GLOBALS['table_prefix'].'usermeta 2/3: <font color="#00ff00">Success</font><br />');
|
| 94 |
-
}
|
| 95 |
-
if ($wpdb->query("UPDATE ".$newpref."usermeta SET meta_key='".$newpref."autosave_draft_ids' WHERE meta_key='".$GLOBALS['table_prefix']."autosave_draft_ids'") === 0) {
|
| 96 |
-
echo (' Changing values in table '.$GLOBALS['table_prefix'].'usermeta 3/3: <font color="#000000">Value doesn\'t exist</font><br />');
|
| 97 |
-
} else {
|
| 98 |
-
echo (' Changing values in table '.$GLOBALS['table_prefix'].'usermeta 3/3: <font color="#00ff00">Success</font><br />');
|
| 99 |
-
}
|
| 100 |
-
|
| 101 |
-
if ($table_s == 0) {
|
| 102 |
-
exit('<font color="#ff0000">Some Error occured, it wasn\'t possible to change any Tableprefix. Please retry, no changes are done to your wp-config File.</font><br />');
|
| 103 |
-
} elseif ($table_s < $table_c) {
|
| 104 |
-
echo('<font color="#ff0000">It wasn\'t possible to rename some of your Tables prefix. Please change them manually. Following you\'ll see all failed tables:<br />');
|
| 105 |
-
for ($i = 1; $i < count($tables_f); $i++) {
|
| 106 |
-
echo ($tables_f[$i])."<br />";
|
| 107 |
-
}
|
| 108 |
-
exit('No changes where done to your wp-config File.</font><br />');
|
| 109 |
-
}
|
| 110 |
-
|
| 111 |
-
echo("<h3>Changing Config File:</h3>");
|
| 112 |
-
$conf_f = "../wp-config.php";
|
| 113 |
-
|
| 114 |
-
@chmod($conf_f, 0777);//making the the config readable to change the prefix
|
| 115 |
-
if (!is_writeable($conf_f)) {//when automatic config file changing isn't possible the user get's all needed information to do it manually
|
| 116 |
-
echo(' 1/1 file writeable: <font color="#ff0000">Not Writeable</font><br />');
|
| 117 |
-
echo('<b>Please make your wp-config.php file writable for this process.</b>');
|
| 118 |
-
die("</div>");
|
| 119 |
-
} else {//changing if possible the config file automatically
|
| 120 |
-
echo(' 1/3 file writeable: <font color="#00ff00"> Writeable</font><br />');
|
| 121 |
-
$handle = @fopen($conf_f, "r+");
|
| 122 |
-
if ($handle) {
|
| 123 |
-
while (!feof($handle)) {
|
| 124 |
-
$lines[] = fgets($handle, 4096);
|
| 125 |
-
}//while feof
|
| 126 |
-
fclose($handle);
|
| 127 |
-
$handle = @fopen($conf_f, "w+");
|
| 128 |
-
foreach ($lines as $line) {
|
| 129 |
-
if (strpos($line, $GLOBALS['table_prefix'])) {
|
| 130 |
-
$line = str_replace($GLOBALS['table_prefix'], $newpref, $line);
|
| 131 |
-
echo(' 2/3 <font color="#00ff00">table prefix changed!</font><br />');
|
| 132 |
-
}//if strpos
|
| 133 |
-
fwrite($handle, $line);
|
| 134 |
-
}//foreach $lines
|
| 135 |
-
fclose($handle);
|
| 136 |
-
if (chmod ($conf_f, 0644)) {
|
| 137 |
-
echo(' 3/3 <font color="#00ff00">Config files permission set to 644, for security purpose.</font><br />');
|
| 138 |
-
} else {
|
| 139 |
-
echo (' 3/3 wasn\'t able to set chmod to 644, please check if your files permission is set back to 644!<br />');
|
| 140 |
-
}//if chmod
|
| 141 |
-
}//if handle
|
| 142 |
-
}//if is_writeable
|
| 143 |
-
|
| 144 |
-
}//if prefix
|
| 145 |
-
?>
|
| 146 |
-
</div>
|
| 147 |
-
Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
|
| 148 |
-
</div>
|
| 149 |
-
<?php
|
| 150 |
-
}//function prefix_changer
|
| 151 |
-
?>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
trunk/functions.php
DELETED
|
@@ -1,128 +0,0 @@
|
|
| 1 |
-
<?php
|
| 2 |
-
|
| 3 |
-
function make_seed() {
|
| 4 |
-
list($usec, $sec) = explode(' ', microtime());
|
| 5 |
-
return (float) $sec + ((float) $usec * 100000);
|
| 6 |
-
}
|
| 7 |
-
|
| 8 |
-
function make_password($password_length){
|
| 9 |
-
srand(make_seed());
|
| 10 |
-
$alfa = "!@123!@4567!@890qwer!@tyuiopa@!sdfghjkl@!zxcvbn@!mQWERTYUIO@!PASDFGH@!JKLZXCVBNM!@";
|
| 11 |
-
$token = "";
|
| 12 |
-
for($i = 0; $i < $password_length; $i ++) {
|
| 13 |
-
$token .= $alfa[rand(0, strlen($alfa))];
|
| 14 |
-
}
|
| 15 |
-
return $token;
|
| 16 |
-
}
|
| 17 |
-
|
| 18 |
-
function check_perms($name,$path,$perm)
|
| 19 |
-
{
|
| 20 |
-
clearstatcache();
|
| 21 |
-
// $configmod = fileperms($path);
|
| 22 |
-
$configmod = substr(sprintf(".%o.", fileperms($path)), -4);
|
| 23 |
-
$trcss = (($configmod != $perm) ? "background-color:#fd7a7a;" : "background-color:#91f587;");
|
| 24 |
-
echo "<tr style=".$trcss.">";
|
| 25 |
-
echo '<td style="border:0px;">' . $name . "</td>";
|
| 26 |
-
echo '<td style="border:0px;">'. $path ."</td>";
|
| 27 |
-
echo '<td style="border:0px;">' . $perm . '</td>';
|
| 28 |
-
echo '<td style="border:0px;">' . $configmod . '</td>';
|
| 29 |
-
// echo '<td style="border:0px;">' . '<input type="submit" name="' . $perm . '" value="Change now.">' . '</td>';
|
| 30 |
-
echo "</tr>";
|
| 31 |
-
}
|
| 32 |
-
|
| 33 |
-
function mrt_get_serverinfo() {
|
| 34 |
-
global $wpdb;
|
| 35 |
-
$sqlversion = $wpdb->get_var("SELECT VERSION() AS version");
|
| 36 |
-
$mysqlinfo = $wpdb->get_results("SHOW VARIABLES LIKE 'sql_mode'");
|
| 37 |
-
if (is_array($mysqlinfo)) $sql_mode = $mysqlinfo[0]->Value;
|
| 38 |
-
if (empty($sql_mode)) $sql_mode = __('Not set');
|
| 39 |
-
if(ini_get('safe_mode')) $safe_mode = __('On');
|
| 40 |
-
else $safe_mode = __('Off');
|
| 41 |
-
if(ini_get('allow_url_fopen')) $allow_url_fopen = __('On');
|
| 42 |
-
else $allow_url_fopen = __('Off');
|
| 43 |
-
if(ini_get('upload_max_filesize')) $upload_max = ini_get('upload_max_filesize');
|
| 44 |
-
else $upload_max = __('N/A');
|
| 45 |
-
if(ini_get('post_max_size')) $post_max = ini_get('post_max_size');
|
| 46 |
-
else $post_max = __('N/A');
|
| 47 |
-
if(ini_get('max_execution_time')) $max_execute = ini_get('max_execution_time');
|
| 48 |
-
else $max_execute = __('N/A');
|
| 49 |
-
if(ini_get('memory_limit')) $memory_limit = ini_get('memory_limit');
|
| 50 |
-
else $memory_limit = __('N/A');
|
| 51 |
-
if (function_exists('memory_get_usage')) $memory_usage = round(memory_get_usage() / 1024 / 1024, 2) . __(' MByte');
|
| 52 |
-
else $memory_usage = __('N/A');
|
| 53 |
-
if (is_callable('exif_read_data')) $exif = __('Yes'). " ( V" . substr(phpversion('exif'),0,4) . ")" ;
|
| 54 |
-
else $exif = __('No');
|
| 55 |
-
if (is_callable('iptcparse')) $iptc = __('Yes');
|
| 56 |
-
else $iptc = __('No');
|
| 57 |
-
if (is_callable('xml_parser_create')) $xml = __('Yes');
|
| 58 |
-
else $xml = __('No');
|
| 59 |
-
|
| 60 |
-
?>
|
| 61 |
-
<li><?php _e('Operating System'); ?> : <strong><?php echo PHP_OS; ?></strong></li>
|
| 62 |
-
<li><?php _e('Server'); ?> : <strong><?php echo $_SERVER["SERVER_SOFTWARE"]; ?></strong></li>
|
| 63 |
-
<li><?php _e('Memory usage'); ?> : <strong><?php echo $memory_usage; ?></strong></li>
|
| 64 |
-
<li><?php _e('MYSQL Version'); ?> : <strong><?php echo $sqlversion; ?></strong></li>
|
| 65 |
-
<li><?php _e('SQL Mode'); ?> : <strong><?php echo $sql_mode; ?></strong></li>
|
| 66 |
-
<li><?php _e('PHP Version'); ?> : <strong><?php echo PHP_VERSION; ?></strong></li>
|
| 67 |
-
<li><?php _e('PHP Safe Mode'); ?> : <strong><?php echo $safe_mode; ?></strong></li>
|
| 68 |
-
<li><?php _e('PHP Allow URL fopen'); ?> : <strong><?php echo $allow_url_fopen; ?></strong></li>
|
| 69 |
-
<li><?php _e('PHP Memory Limit'); ?> : <strong><?php echo $memory_limit; ?></strong></li>
|
| 70 |
-
<li><?php _e('PHP Max Upload Size'); ?> : <strong><?php echo $upload_max; ?></strong></li>
|
| 71 |
-
<li><?php _e('PHP Max Post Size'); ?> : <strong><?php echo $post_max; ?></strong></li>
|
| 72 |
-
<li><?php _e('PHP Max Script Execute Time'); ?> : <strong><?php echo $max_execute; ?>s</strong></li>
|
| 73 |
-
<li><?php _e('PHP Exif support'); ?> : <strong><?php echo $exif; ?></strong></li>
|
| 74 |
-
<li><?php _e('PHP IPTC support'); ?> : <strong><?php echo $iptc; ?></strong></li>
|
| 75 |
-
<li><?php _e('PHP XML support'); ?> : <strong><?php echo $xml; ?></strong></li>
|
| 76 |
-
<?php
|
| 77 |
-
}
|
| 78 |
-
?>
|
| 79 |
-
|
| 80 |
-
|
| 81 |
-
<?php
|
| 82 |
-
function mrt_check_table_prefix(){
|
| 83 |
-
if($GLOBALS['table_prefix']=='wp_'){
|
| 84 |
-
echo '<font color="red">Your table prefix should not be <i>wp_</i>. <a href="admin.php?page=database">Click here</a> to change it.</font><br />';
|
| 85 |
-
}else{
|
| 86 |
-
echo '<font color="green">Your table prefix is not <i>wp_</i>.</font><br />';
|
| 87 |
-
}
|
| 88 |
-
}
|
| 89 |
-
|
| 90 |
-
function mrt_errorsoff(){
|
| 91 |
-
echo '<font color="green">WordPress DB Errors turned off.</font><br />';
|
| 92 |
-
}
|
| 93 |
-
|
| 94 |
-
function mrt_wpdberrors()
|
| 95 |
-
{
|
| 96 |
-
global $wpdb;
|
| 97 |
-
$wpdb->show_errors = false;
|
| 98 |
-
|
| 99 |
-
}
|
| 100 |
-
|
| 101 |
-
function mrt_version_removal(){
|
| 102 |
-
echo '<font color="green">Your WordPress version is successfully hidden.</font><br />';
|
| 103 |
-
}
|
| 104 |
-
|
| 105 |
-
function mrt_remove_wp_version()
|
| 106 |
-
{
|
| 107 |
-
if (!is_admin()) {
|
| 108 |
-
global $wp_version;
|
| 109 |
-
$wp_version = '';
|
| 110 |
-
}
|
| 111 |
-
|
| 112 |
-
}
|
| 113 |
-
|
| 114 |
-
function mrt_check_version(){
|
| 115 |
-
echo "WordPress Version: ";
|
| 116 |
-
global $wp_version;
|
| 117 |
-
if ($wp_version == 2.5) $g2k5 = '<font color="green">You have the latest stable version of WordPress.</font><br />';
|
| 118 |
-
if ($wp_version < 2.5) $g2k5 = '<font color="red">You need version 2.5. Please <a href="http://wordpress.org/download/">upgrade</a> immediately.</font><br />';
|
| 119 |
-
echo "<b>" . $wp_version . "</b>   " ;echo $g2k5;
|
| 120 |
-
}
|
| 121 |
-
|
| 122 |
-
|
| 123 |
-
function mrt_javascript(){
|
| 124 |
-
$siteurl = get_option('siteurl');
|
| 125 |
-
?><script language="JavaScript" type="text/javascript" src="<?php echo $siteurl;?>/wp-content/plugins/wp-security-scan/js/scripts.js"></script><?php
|
| 126 |
-
}
|
| 127 |
-
?>
|
| 128 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
trunk/password_tools.php
DELETED
|
@@ -1,21 +0,0 @@
|
|
| 1 |
-
<?php
|
| 2 |
-
function mrt_sub1(){?>
|
| 3 |
-
<div class=wrap>
|
| 4 |
-
<h2><?php _e('WP - Password Tools') ?></h2>
|
| 5 |
-
<div style="height:299px">
|
| 6 |
-
<?php
|
| 7 |
-
echo "<br /><strong>Password Strength Tool</strong>";
|
| 8 |
-
?>
|
| 9 |
-
<table><tr valign=top><td><form name="commandForm">
|
| 10 |
-
Type password: <input type=password size=30 maxlength=50 name=password onkeyup="testPassword(document.forms.commandForm.password.value);" value="">
|
| 11 |
-
<br/><font color="#808080">Minimum 6 Characters</td><td><font size="1"> Password Strength:</font><a id="Words"><table><tr><td><table><tr><td height=4 width=150 bgcolor=tan></td></tr></table></td><td> <b>Begin Typing</b></td></tr></table></a></td></tr></table></td></tr></table></form>
|
| 12 |
-
<br /><hr align=left size=2 width=612px>
|
| 13 |
-
<?php
|
| 14 |
-
echo "<br /><br /><strong>Strong Password Generator</strong><br />";
|
| 15 |
-
echo "Strong Password: " . '<font color="red">' . make_password(15) . "</font>";
|
| 16 |
-
?>
|
| 17 |
-
</div>
|
| 18 |
-
Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
|
| 19 |
-
</div>
|
| 20 |
-
<? }
|
| 21 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
trunk/readme.txt
DELETED
|
@@ -1,99 +0,0 @@
|
|
| 1 |
-
=== Plugin Name ===
|
| 2 |
-
Contributors: hallsofmontezuma
|
| 3 |
-
Donate link: http://semperfiwebdesign.com
|
| 4 |
-
Tags: security, securityscan, chmod, permissions, admin, administration, authentication, database, dashboard, post, notification, password, plugin, posts
|
| 5 |
-
plugins, private, protection, tracking, wordpress
|
| 6 |
-
Requires at least: 2.0
|
| 7 |
-
Tested up to: 2.5
|
| 8 |
-
Stable tag: 2.2.54
|
| 9 |
-
|
| 10 |
-
Scans your WordPress installation for security vulnerabilities.
|
| 11 |
-
|
| 12 |
-
== Description ==
|
| 13 |
-
|
| 14 |
-
Scans your WordPress installation for security vulnerabilities and suggests
|
| 15 |
-
corrective actions.
|
| 16 |
-
|
| 17 |
-
-passwords<br />
|
| 18 |
-
-file permissions<br />
|
| 19 |
-
-database security<br />
|
| 20 |
-
-version hiding<br />
|
| 21 |
-
-WordPress admin protection/security
|
| 22 |
-
|
| 23 |
-
**Future Releases**<br />
|
| 24 |
-
*one-click change file/folder permissions<br />
|
| 25 |
-
*test for XSS vulnerabilities<br />
|
| 26 |
-
*intrusion detection/prevention<br />
|
| 27 |
-
*lock out/log incorrect login attempts<br />
|
| 28 |
-
*user enumeration protection<br />
|
| 29 |
-
|
| 30 |
-
== Installation ==
|
| 31 |
-
|
| 32 |
-
1. Create backup.
|
| 33 |
-
2. Upload the zip file to the `/wp-content/plugins/` directory
|
| 34 |
-
3. Unzip.
|
| 35 |
-
4. Activate the plugin through the 'Plugins' menu in WordPress
|
| 36 |
-
|
| 37 |
-
|
| 38 |
-
Please let me know any bugs, improvements, comments, suggestions.
|
| 39 |
-
|
| 40 |
-
== Frequently Asked Questions ==
|
| 41 |
-
|
| 42 |
-
= How do I change the file permissions on my WordPress installation? =
|
| 43 |
-
|
| 44 |
-
From the linux command line (for advanced users):
|
| 45 |
-
chmod xxx filename.ext
|
| 46 |
-
(replace xxx with with the permissions settings for the file or folder)
|
| 47 |
-
|
| 48 |
-
From your FTP client:
|
| 49 |
-
Most FTP clients, such as filezilla, etc, allow for changing file
|
| 50 |
-
permissions. Please consult your clients documentation for your specific
|
| 51 |
-
directions.
|
| 52 |
-
|
| 53 |
-
For more information, please visit http://codex.wordpress.org/Changing_File_Permissions
|
| 54 |
-
|
| 55 |
-
= Why do I need to hide my version of WordPress? =
|
| 56 |
-
|
| 57 |
-
Alot of attackers and automated tools will try and determine software versions
|
| 58 |
-
before launching exploit code. Removing your WordPress blog version may
|
| 59 |
-
discourage some attackers and certainly will mitigate virus and worm programs
|
| 60 |
-
that rely on software versions.
|
| 61 |
-
|
| 62 |
-
NOTE: Hiding your version of WordPress may break any plugins you have which
|
| 63 |
-
are version dependant.
|
| 64 |
-
|
| 65 |
-
== Screenshots ==
|
| 66 |
-
|
| 67 |
-
1. file/directories permissions check
|
| 68 |
-
2. password tools
|
| 69 |
-
|
| 70 |
-
== WordPress Security ==
|
| 71 |
-
|
| 72 |
-
<strong>Plugin currently in BETA version.
|
| 73 |
-
|
| 74 |
-
== WordPress Security ==
|
| 75 |
-
|
| 76 |
-
Security Scanner:
|
| 77 |
-
|
| 78 |
-
1. Scans Wordpress installation for file/directory permissions vulnerabilites
|
| 79 |
-
1. Recommends corrective actions
|
| 80 |
-
1. Scans for general security vulnerabilities
|
| 81 |
-
|
| 82 |
-
Join the BETA testers group if:
|
| 83 |
-
|
| 84 |
-
* you have experience as a software tester
|
| 85 |
-
* you have no experience as a software tester
|
| 86 |
-
* you have a WordPress installation dedicated for testing
|
| 87 |
-
* you have a general enthusiasm for WordPress use and/or development
|
| 88 |
-
|
| 89 |
-
|
| 90 |
-
Visit our homepage at [Semper Fi Web Design](http://semperfiwebdesign.com/ "Raleigh Web Design") or our plugin page at [Semper Fi Plugins][sf plugins].
|
| 91 |
-
We look forward to hearing your comments and suggestions.
|
| 92 |
-
|
| 93 |
-
[sf plugins]: http://semperfiwebdesign.com/wordpress/plugins
|
| 94 |
-
"Raleigh Web Design"
|
| 95 |
-
|
| 96 |
-
> WordPress Security Scanner for *2.3, 2.5*. Although if you're using lower
|
| 97 |
-
> than 2.3 you should go ahead and install it because of **security**.
|
| 98 |
-
|
| 99 |
-
`<?php code(); // backticks ?>`
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
trunk/scanner.php
DELETED
|
@@ -1,31 +0,0 @@
|
|
| 1 |
-
<?php
|
| 2 |
-
function mrt_sub0(){?>
|
| 3 |
-
<div class=wrap>
|
| 4 |
-
<h2><?php _e('WP - Security Scan') ?></h2>
|
| 5 |
-
<div style="height:299px">
|
| 6 |
-
<table width="100%" border="0" cellspacing="0" cellpadding="3" style="text-align:center;">
|
| 7 |
-
<tr>
|
| 8 |
-
<th style="border:0px;"><b>Name</b></th>
|
| 9 |
-
<th style="border:0px;"><b>File/Dir</b></th>
|
| 10 |
-
<th style="border:0px;"><b>Needed Chmod</b></th>
|
| 11 |
-
<th style="border:0px;"><b>Current Chmod</b></th>
|
| 12 |
-
<!-- <th style="border:0px;"><b>Change Permissions</b></th>-->
|
| 13 |
-
</tr>
|
| 14 |
-
<?php
|
| 15 |
-
check_perms("root directory","../","0755");
|
| 16 |
-
check_perms("wp-includes/","../wp-includes","0755");
|
| 17 |
-
check_perms(".htaccess","../.htaccess","0644");
|
| 18 |
-
check_perms("wp-admin/index.php","index.php","0644");
|
| 19 |
-
check_perms("wp-admin/js/","js/","0755");
|
| 20 |
-
check_perms("wp-content/themes/","../wp-content/themes","0755");
|
| 21 |
-
check_perms("wp-content/plugins/","../wp-content/plugins","0755");
|
| 22 |
-
check_perms("wp-admin/","../wp-admin","0755");
|
| 23 |
-
check_perms("wp-content/","../wp-content","0755");
|
| 24 |
-
?>
|
| 25 |
-
</table>
|
| 26 |
-
|
| 27 |
-
|
| 28 |
-
</div>
|
| 29 |
-
Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
|
| 30 |
-
</div><?}
|
| 31 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
trunk/screenshot-1.jpg
DELETED
|
Binary file
|
trunk/screenshot-2.jpg
DELETED
|
Binary file
|
trunk/scripts.js
DELETED
|
@@ -1,30 +0,0 @@
|
|
| 1 |
-
<script language="JavaScript1.1">
|
| 2 |
-
function testPassword(passwd){
|
| 3 |
-
var description = new Array();
|
| 4 |
-
description[0] = "<table><tr><td><table cellpadding=0 cellspacing=2><tr><td height=4 width=30 bgcolor=#ff0000></td><td height=4 width=120 bgcolor=tan></td></tr></table></td><td> <b>Weakest</b></td></tr></table>";
|
| 5 |
-
description[1] = "<table><tr><td><table cellpadding=0 cellspacing=2><tr><td height=4 width=60 bgcolor=#990000></td><td height=4 width=90 bgcolor=tan></td></tr></table></td><td> <b>Weak</b></td></tr></table>";
|
| 6 |
-
description[2] = "<table><tr><td><table cellpadding=0 cellspacing=2><tr><td height=4 width=90 bgcolor=#990099></td><td height=4 width=60 bgcolor=tan></td></tr></table></td><td> <b>Improving</b></td></tr></table>";
|
| 7 |
-
description[3] = "<table><tr><td><table cellpadding=0 cellspacing=2><tr><td height=4 width=120 bgcolor=#000099></td><td height=4 width=30 bgcolor=tan></td></tr></table></td><td> <b>Strong</b></td></tr></table>";
|
| 8 |
-
description[4] = "<table><tr><td><table><tr><td height=4 width=150 bgcolor=#0000ff></td></tr></table></td><td> <b>Strongest</b></td></tr></table>";
|
| 9 |
-
description[5] = "<table><tr><td><table><tr><td height=4 width=150 bgcolor=tan></td></tr></table></td><td> <b>Begin Typing</b></td></tr></table>";
|
| 10 |
-
|
| 11 |
-
var base = 0
|
| 12 |
-
var combos = 0
|
| 13 |
-
if (passwd.match(/[a-z]/))base = (base+26);
|
| 14 |
-
if (passwd.match(/[A-Z]/))base = (base+26);
|
| 15 |
-
if (passwd.match(/\d+/))base = (base+10);
|
| 16 |
-
if (passwd.match(/[>!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~]/))base = (base+33);
|
| 17 |
-
|
| 18 |
-
combos=Math.pow(base,passwd.length);
|
| 19 |
-
|
| 20 |
-
if(combos == 1)strVerdict = description[5];
|
| 21 |
-
else if(combos > 1 && combos < 1000000)strVerdict = description[0];
|
| 22 |
-
else if (combos >= 1000000 && combos < 1000000000000)strVerdict = description[1];
|
| 23 |
-
else if (combos >= 1000000000000 && combos < 1000000000000000000)strVerdict = description[2];
|
| 24 |
-
else if (combos >= 1000000000000000000 && combos < 1000000000000000000000000)strVerdict = description[3];
|
| 25 |
-
else strVerdict = description[4];
|
| 26 |
-
|
| 27 |
-
document.getElementById("Words").innerHTML= (strVerdict);
|
| 28 |
-
}
|
| 29 |
-
</script>
|
| 30 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
trunk/securityscan.php
DELETED
|
@@ -1,109 +0,0 @@
|
|
| 1 |
-
<?php
|
| 2 |
-
/*
|
| 3 |
-
Plugin Name: WP Security Scan
|
| 4 |
-
Plugin URI: http://wordpress.org/extend/plugins/wp-security-scan/
|
| 5 |
-
Description: Perform security scan of WordPress installation.
|
| 6 |
-
Author: Michael Torbert
|
| 7 |
-
Version: 2.2.54
|
| 8 |
-
Author URI: http://semperfiwebdesign.com/
|
| 9 |
-
*/
|
| 10 |
-
|
| 11 |
-
/*
|
| 12 |
-
Copyright (C) 2008 semperfiwebdesign.com (michael AT semperfiwebdesign DOT com)
|
| 13 |
-
|
| 14 |
-
This program is free software; you can redistribute it and/or modify
|
| 15 |
-
it under the terms of the GNU General Public License as published by
|
| 16 |
-
the Free Software Foundation; either version 3 of the License, or
|
| 17 |
-
(at your option) any later version.
|
| 18 |
-
|
| 19 |
-
This program is distributed in the hope that it will be useful,
|
| 20 |
-
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
| 21 |
-
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
| 22 |
-
GNU General Public License for more details.
|
| 23 |
-
|
| 24 |
-
You should have received a copy of the GNU General Public License
|
| 25 |
-
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
| 26 |
-
*/
|
| 27 |
-
|
| 28 |
-
require_once(ABSPATH."wp-content/plugins/wp-security-scan/support.php");
|
| 29 |
-
require_once(ABSPATH."wp-content/plugins/wp-security-scan/scanner.php");
|
| 30 |
-
require_once(ABSPATH."wp-content/plugins/wp-security-scan/password_tools.php");
|
| 31 |
-
require_once(ABSPATH."wp-content/plugins/wp-security-scan/database.php");
|
| 32 |
-
require_once(ABSPATH."wp-content/plugins/wp-security-scan/functions.php");
|
| 33 |
-
require_once(ABSPATH."wp-content/plugins/wp-security-scan/scripts.js");
|
| 34 |
-
|
| 35 |
-
add_action( 'admin_notices', mrt_update_notice, 5 );
|
| 36 |
-
add_action('admin_head', 'mrt_hd');
|
| 37 |
-
add_action("init",mrt_wpdberrors,1);
|
| 38 |
-
add_action("parse_query",mrt_wpdberrors,1);
|
| 39 |
-
add_action('admin_menu', 'add_men_pg');
|
| 40 |
-
add_action("init",mrt_remove_wp_version,1);
|
| 41 |
-
function add_men_pg() {
|
| 42 |
-
if (function_exists('add_menu_page')){
|
| 43 |
-
add_menu_page('Security', 'Security', 8, __FILE__, 'mrt_opt_mng_pg');
|
| 44 |
-
add_submenu_page(__FILE__, 'Scanner', 'Scanner', 8, 'scanner', 'mrt_sub0');
|
| 45 |
-
add_submenu_page(__FILE__, 'Password Tool', 'Password Tool', 8, 'passwordtool', 'mrt_sub1');
|
| 46 |
-
add_submenu_page(__FILE__, 'Database', 'Database', 8, 'database', 'mrt_sub3');
|
| 47 |
-
add_submenu_page(__FILE__, 'Support', 'Support', 8, 'support', 'mrt_sub2');
|
| 48 |
-
}}
|
| 49 |
-
|
| 50 |
-
function mrt_update_notice(){
|
| 51 |
-
/*$mrt_version = "2.2.52";
|
| 52 |
-
$mrt_latest = fgets(fopen("http://semperfiwebdesign.com/wp-security-scan.html", "r"));
|
| 53 |
-
echo $mrt_latest . " and " . $mrt_version;
|
| 54 |
-
if($mrt_latest > $mrt_version)
|
| 55 |
-
echo "New Version Available";
|
| 56 |
-
else
|
| 57 |
-
echo "Latest Version";
|
| 58 |
-
*/ }
|
| 59 |
-
|
| 60 |
-
function mrt_opt_mng_pg() {
|
| 61 |
-
?>
|
| 62 |
-
<!--<div id='update-nag'>A new version of WP Security Scan is available!</div>-->
|
| 63 |
-
<?php //$rss = fetch_rss('http://alexrabe.boelinger.com/?tag=nextgen-gallery&feed=rss2');?>
|
| 64 |
-
|
| 65 |
-
<div class=wrap>
|
| 66 |
-
<h2><?php _e('WP - Security Admin Tools') ?></h2>
|
| 67 |
-
<div>
|
| 68 |
-
<!-- <div id="message" class="updated fade"><p></p></div>-->
|
| 69 |
-
<br /><div style="float: left;width: 600px; height: 410px;border: 1px solid #999;margin: 0 15px 15px 0;padding: 5px;">
|
| 70 |
-
<div width=600px style="text-align:center;font-weight:bold;"><h3>Initial Scan</h3></div>
|
| 71 |
-
<?php
|
| 72 |
-
global $wpdb;
|
| 73 |
-
mrt_check_version();
|
| 74 |
-
mrt_check_table_prefix();
|
| 75 |
-
mrt_version_removal();
|
| 76 |
-
mrt_errorsoff();
|
| 77 |
-
|
| 78 |
-
|
| 79 |
-
$name = $wpdb->get_var("SELECT user_login FROM $wpdb->users WHERE user_login='admin'");
|
| 80 |
-
if ($name=="admin"){
|
| 81 |
-
echo '<font color="red">"admin" user exists.</font>';
|
| 82 |
-
}
|
| 83 |
-
else{
|
| 84 |
-
echo '<font color="green">No user "admin".</font>';
|
| 85 |
-
}
|
| 86 |
-
?>
|
| 87 |
-
<br /><br />
|
| 88 |
-
<hr align=center size=2 width=500px>
|
| 89 |
-
<br /><br />
|
| 90 |
-
<div width=600px style="text-align:center;font-weight:bold;"><h3>Future Releases</h3></div>
|
| 91 |
-
<ul><li>one-click change file/folder permissions</li><li>test for XSS vulnerabilities</li><li>intrusion detection/prevention</li><li>lock out/log incorrect login attempts</li><li>user enumeration protection</li><li>WordPress admin protection/security</li></ul>
|
| 92 |
-
</div>
|
| 93 |
-
<div style="float: left; height: 410;border: 1px solid #999;margin: 0 15px 15px 0;padding: 5px;">
|
| 94 |
-
<?php mrt_get_serverinfo(); ?>
|
| 95 |
-
</div>
|
| 96 |
-
<div style="clear:both"></div>
|
| 97 |
-
</div>
|
| 98 |
-
Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
|
| 99 |
-
</div>
|
| 100 |
-
<?php }
|
| 101 |
-
|
| 102 |
-
function mrt_hd()
|
| 103 |
-
{
|
| 104 |
-
$siteurl = get_option('siteurl');?>
|
| 105 |
-
<script language="JavaScript" type="text/javascript" src="<?php echo $siteurl;?>/wp-content/plugins/wp-security-scan/js/scripts.js"></script>
|
| 106 |
-
<link rel="stylesheet" type="text/css" href="<?php echo $siteurl;?>/wp-content/plugins/wp-security-scan/style.css" />
|
| 107 |
-
<?php }
|
| 108 |
-
?>
|
| 109 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
trunk/support.php
DELETED
|
@@ -1,14 +0,0 @@
|
|
| 1 |
-
<?php
|
| 2 |
-
|
| 3 |
-
function mrt_sub2(){
|
| 4 |
-
?>
|
| 5 |
-
<div class=wrap>
|
| 6 |
-
<h2><?php _e('WP - Security Support') ?></h2>
|
| 7 |
-
<div style="height:299px">
|
| 8 |
-
<br /><br />support page coming soon...
|
| 9 |
-
<br /><br /><strong>Backup early, backup often!</strong><br /><br /><br /><br /><br />
|
| 10 |
-
<em>For comments, suggestions, bug reporting, etc email <a href="mailto:michael@semperfiwebdesign.com">michael@semperfiwebdesign.com</a></em>
|
| 11 |
-
</div>
|
| 12 |
-
Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
|
| 13 |
-
</div>
|
| 14 |
-
<?}?>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
