Version Description
Download this release
Release Info
Developer | hallsofmontezuma |
Plugin | Acunetix WP Security |
Version | 2.2.61 |
Comparing to | |
See all releases |
Code changes from version 2.2.60.2 to 2.2.61
- database.php +7 -0
- functions.php +6 -2
- readme.txt +3 -3
- securityscan.php +1 -1
- trunk/database.php +0 -158
- trunk/functions.php +0 -128
- trunk/images/bt.gif +0 -0
- trunk/js/scripts.js +0 -27
- trunk/password_tools.php +0 -20
- trunk/readme.txt +0 -120
- trunk/scanner.php +0 -31
- trunk/screenshot-1.jpg +0 -0
- trunk/screenshot-2.jpg +0 -0
- trunk/scripts.js +0 -28
- trunk/securityscan.php +0 -189
- trunk/style.css +0 -55
- trunk/support.php +0 -18
database.php
CHANGED
@@ -9,6 +9,13 @@ function mrt_sub3(){
|
|
9 |
<h2><?php _e('WP - Database Security') ?></h2>
|
10 |
<div style="height:299px"><br />
|
11 |
<h3><i>Make a backup of your database before using this tool:</i></h3>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
12 |
<p>Change your database table prefix to mitigate zero-day SQL Injection attacks.</p>
|
13 |
<form action='' method='post' name='prefixchanging'>
|
14 |
<?php
|
9 |
<h2><?php _e('WP - Database Security') ?></h2>
|
10 |
<div style="height:299px"><br />
|
11 |
<h3><i>Make a backup of your database before using this tool:</i></h3>
|
12 |
+
|
13 |
+
<?php /*global $wpdb;
|
14 |
+
$mrtright = $wpdb->get_results("SHOW GRANTS FOR '".DB_USER."'@'".DB_HOST."'", ARRAY_N);
|
15 |
+
echo "rights: ";
|
16 |
+
print_r($mrtright);*/
|
17 |
+
?>
|
18 |
+
|
19 |
<p>Change your database table prefix to mitigate zero-day SQL Injection attacks.</p>
|
20 |
<form action='' method='post' name='prefixchanging'>
|
21 |
<?php
|
functions.php
CHANGED
@@ -112,8 +112,12 @@ function mrt_remove_wp_version()
|
|
112 |
function mrt_check_version(){
|
113 |
//echo "WordPress Version: ";
|
114 |
global $wp_version;
|
115 |
-
|
116 |
-
|
|
|
|
|
|
|
|
|
117 |
/*echo "<b>" . $wp_version . "</b>   " ;*/echo $g2k5;
|
118 |
}
|
119 |
|
112 |
function mrt_check_version(){
|
113 |
//echo "WordPress Version: ";
|
114 |
global $wp_version;
|
115 |
+
$mrt_wp_ver = ereg_replace("[^0-9]", "", $wp_version);
|
116 |
+
while ($mrt_wp_ver > 10){
|
117 |
+
$mrt_wp_ver = $mrt_wp_ver/10;
|
118 |
+
}
|
119 |
+
if ($mrt_wp_ver >= "2.51") $g2k5 = '<font color="green"><strong>WordPress version: ' . $wp_version . '</strong> You have the latest stable version of WordPress.</font><br />';
|
120 |
+
if ($mrt_wp_ver < "2.51") $g2k5 = '<font color="red"><strong>WordPress version: ' . $wp_version . '</strong> You need version 2.5.1. Please <a href="http://wordpress.org/download/">upgrade</a> immediately.</font><br />';
|
121 |
/*echo "<b>" . $wp_version . "</b>   " ;*/echo $g2k5;
|
122 |
}
|
123 |
|
readme.txt
CHANGED
@@ -1,11 +1,11 @@
|
|
1 |
=== Plugin Name ===
|
2 |
Contributors: hallsofmontezuma
|
3 |
-
Donate link:
|
4 |
Tags: security, securityscan, chmod, permissions, admin, administration, authentication, database, dashboard, post, notification, password, plugin, posts
|
5 |
plugins, private, protection, tracking, wordpress
|
6 |
Requires at least: 2.0
|
7 |
-
Tested up to: 2.
|
8 |
-
Stable tag: 2.2.
|
9 |
|
10 |
Scans your WordPress installation for security vulnerabilities.
|
11 |
|
1 |
=== Plugin Name ===
|
2 |
Contributors: hallsofmontezuma
|
3 |
+
Donate link:https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=mrtorbert%40gmail%2ecom&item_name=Support%20WordPress%20Security%20Scan%20Plugin&no_shipping=0&no_note=1&tax=0¤cy_code=USD&lc=US&bn=PP%2dDonationsBF&charset=UTF%2d8
|
4 |
Tags: security, securityscan, chmod, permissions, admin, administration, authentication, database, dashboard, post, notification, password, plugin, posts
|
5 |
plugins, private, protection, tracking, wordpress
|
6 |
Requires at least: 2.0
|
7 |
+
Tested up to: 2.6bleeding
|
8 |
+
Stable tag: 2.2.61
|
9 |
|
10 |
Scans your WordPress installation for security vulnerabilities.
|
11 |
|
securityscan.php
CHANGED
@@ -4,7 +4,7 @@ Plugin Name: WP Security Scan
|
|
4 |
Plugin URI: http://semperfiwebdesign.com/plugins/wp-security-scan/
|
5 |
Description: Perform security scan of WordPress installation.
|
6 |
Author: Michael Torbert
|
7 |
-
Version: 2.2.
|
8 |
Author URI: http://semperfiwebdesign.com/
|
9 |
*/
|
10 |
|
4 |
Plugin URI: http://semperfiwebdesign.com/plugins/wp-security-scan/
|
5 |
Description: Perform security scan of WordPress installation.
|
6 |
Author: Michael Torbert
|
7 |
+
Version: 2.2.61
|
8 |
Author URI: http://semperfiwebdesign.com/
|
9 |
*/
|
10 |
|
trunk/database.php
DELETED
@@ -1,158 +0,0 @@
|
|
1 |
-
<?php
|
2 |
-
/*
|
3 |
-
Thank you Philipp Heinze.
|
4 |
-
*/
|
5 |
-
|
6 |
-
function mrt_sub3(){
|
7 |
-
?>
|
8 |
-
<div class=wrap>
|
9 |
-
<h2><?php _e('WP - Database Security') ?></h2>
|
10 |
-
<div style="height:299px"><br />
|
11 |
-
<h3><i>Make a backup of your database before using this tool:</i></h3>
|
12 |
-
|
13 |
-
<?php /*global $wpdb;
|
14 |
-
$mrtright = $wpdb->get_results("SHOW GRANTS FOR '".DB_USER."'@'".DB_HOST."'", ARRAY_N);
|
15 |
-
echo "rights: ";
|
16 |
-
print_r($mrtright);*/
|
17 |
-
?>
|
18 |
-
|
19 |
-
<p>Change your database table prefix to mitigate zero-day SQL Injection attacks.</p>
|
20 |
-
<form action='' method='post' name='prefixchanging'>
|
21 |
-
<?php
|
22 |
-
if (function_exists('wp_nonce_field')) {
|
23 |
-
wp_nonce_field('prefix-changer-change_prefix');
|
24 |
-
}
|
25 |
-
?>
|
26 |
-
Please Change the current:<input type="Text" name="prefix_n" value="<?php echo($GLOBALS['table_prefix']);?>" size="20" maxlength="50"> prefix to something different (i.e. use the random password generator).<br />
|
27 |
-
Allowed Chars are all latin Alphanumeric Chars as well as the Chars <strong>-</strong> and <strong>_</strong>.
|
28 |
-
<input type='submit' name='renameprefix' value='Start Renaming'/>
|
29 |
-
</form>
|
30 |
-
|
31 |
-
<?php
|
32 |
-
if (isset($_POST['prefix_n'])) {
|
33 |
-
check_admin_referer('prefix-changer-change_prefix');
|
34 |
-
$wpdb =& $GLOBALS['wpdb'];
|
35 |
-
$newpref = ereg_replace("[^0-9a-zA-Z_-]", "", $_POST['prefix_n']);
|
36 |
-
//checking if user has enough rights to alter the Tablestructure
|
37 |
-
$rights = $wpdb->get_results("SHOW GRANTS FOR '".DB_USER."'@'".DB_HOST."'", ARRAY_N);
|
38 |
-
foreach ($rights as $right) {
|
39 |
-
if (ereg("ALTER(.*)(\*|`".str_replace("_", "\\_", DB_NAME)."`)\.(\*|`".DB_HOST."`) TO '".DB_USER."'@'".DB_HOST."'", $right[0]) || ereg("ALL PRIVILEGES ON (\*|`".str_replace("_", "\\_", DB_NAME)."`)\.(\*|`".DB_HOST."`) TO '".DB_USER."'@'".DB_HOST."'", $right[0])) {
|
40 |
-
$rightsenough = true;
|
41 |
-
$rightstomuch = true;
|
42 |
-
break;
|
43 |
-
} else {
|
44 |
-
if (ereg("ALTER(.*)`".DB_NAME."`", $right[0])) {
|
45 |
-
$rightsenough = true;
|
46 |
-
break;
|
47 |
-
}
|
48 |
-
}
|
49 |
-
}
|
50 |
-
if (!isset($rightsenough) && $rightsenough != true) {
|
51 |
-
exit('<font color="#ff0000">Your User which is used to access your Wordpress Tables/Database, hasn\'t enough rights( is missing ALTER-right) to alter your Tablestructure. Please visit the plugin <a href="http://semperfiwebdesign.com/documentation/wp-security-scan/change-wordpress-database-table-name-prefix/" target=_blank">documentation</a> for more information.<br />');
|
52 |
-
}
|
53 |
-
if (isset($rightstomuch) && $rightstomuch === true) {
|
54 |
-
echo ('<font color="#FF9B05">Your currently used User to Access the Wordpress Database, holds too many rights. '.
|
55 |
-
'We suggest that you limit his rights or to use another User with more limited rights instead, to increase your Security.</font><br />');
|
56 |
-
}
|
57 |
-
if ($newpref == $GLOBALS['table_prefix']) {
|
58 |
-
exit ("No change: Please select a new table_prefix value.</div>");
|
59 |
-
} elseif (strlen($newpref) < strlen($_POST['prefix_n'])){
|
60 |
-
echo ("You used some Chars which aren't allowed within Tablenames".
|
61 |
-
"The sanitized prefix is used instead: " . $newpref);
|
62 |
-
}
|
63 |
-
|
64 |
-
echo("<h2>Started Prefix Changer:</h2>");
|
65 |
-
|
66 |
-
//we rename the tables before we change the Config file, so We can aviod changed Configs, without changed prefixes.
|
67 |
-
echo("<h3> Start Renaming of Tables:</h3>");
|
68 |
-
$oldtables = $wpdb->get_results("SHOW TABLES LIKE '".$GLOBALS['table_prefix']."%'", ARRAY_N);//retrieving all tables named with the prefix on start
|
69 |
-
$table_c = count($oldtables);
|
70 |
-
$table_s = 0;//holds the count of successful changed tables.
|
71 |
-
$table_f[] = '';//holds all table names which failed to be changed
|
72 |
-
for($i = 0; $i < $table_c; $i++) {//renaming each table to the new prefix
|
73 |
-
$wpdb->hide_errors();
|
74 |
-
$table_n = str_replace($GLOBALS['table_prefix'], $newpref, $oldtables[$i][0]);
|
75 |
-
echo " Renaming ".$oldtables[$i][0]." to $table_n:";
|
76 |
-
$table_r = $wpdb->query("RENAME TABLE ".$oldtables[$i][0]." TO $table_n");
|
77 |
-
if ($table_r === 0) {
|
78 |
-
echo ('<font color="#00ff00"> Success</font><br />');
|
79 |
-
$table_s++;
|
80 |
-
} elseif ($table_r === FALSE) {
|
81 |
-
echo ('<font color="#ff0000"> Failed</font><br />');
|
82 |
-
$table_f[] = $oldtables[$i][0];
|
83 |
-
}
|
84 |
-
}//changing some "hardcoded" wp values within the tables
|
85 |
-
echo ("<h3> Start changing Databasesettings:</h3>");
|
86 |
-
if ($wpdb->query("UPDATE ".$newpref."options SET option_name='".$newpref."user_roles' WHERE option_name='".$GLOBALS['table_prefix']."user_roles' LIMIT 1") <> 1) {
|
87 |
-
echo (' Changing values in table '.$newpref.'options: 1/1 <font color="#ff0000">Failed</font><br />');
|
88 |
-
} else {
|
89 |
-
echo (' Changing values in table '.$GLOBALS['table_prefix'].'options 1/1: <font color="#00ff00">Success</font><br />');
|
90 |
-
}
|
91 |
-
if ($wpdb->query("UPDATE ".$newpref."usermeta SET meta_key='".$newpref."capabilities' WHERE meta_key='".$GLOBALS['table_prefix']."capabilities'") <> 1) {
|
92 |
-
echo (' Changing values in table '.$GLOBALS['table_prefix'].'usermeta 1/3: <font color="#ff0000">Failed</font><br />');
|
93 |
-
} else {
|
94 |
-
echo (' Changing values in table '.$GLOBALS['table_prefix'].'usermeta 1/3: <font color="#00ff00">Success</font><br />');
|
95 |
-
}
|
96 |
-
if ($wpdb->query("UPDATE ".$newpref."usermeta SET meta_key='".$newpref."user_level' WHERE meta_key='".$GLOBALS['table_prefix']."user_level'") === FALSE)
|
97 |
-
{
|
98 |
-
echo (' Changing values in table '.$GLOBALS['table_prefix'].'usermeta 2/3: <font color="#ff0000">Failed</font><br />');
|
99 |
-
} else {
|
100 |
-
echo (' Changing values in table '.$GLOBALS['table_prefix'].'usermeta 2/3: <font color="#00ff00">Success</font><br />');
|
101 |
-
}
|
102 |
-
if ($wpdb->query("UPDATE ".$newpref."usermeta SET meta_key='".$newpref."autosave_draft_ids' WHERE meta_key='".$GLOBALS['table_prefix']."autosave_draft_ids'") === 0) {
|
103 |
-
echo (' Changing values in table '.$GLOBALS['table_prefix'].'usermeta 3/3: <font color="#000000">Value doesn\'t exist</font><br />');
|
104 |
-
} else {
|
105 |
-
echo (' Changing values in table '.$GLOBALS['table_prefix'].'usermeta 3/3: <font color="#00ff00">Success</font><br />');
|
106 |
-
}
|
107 |
-
|
108 |
-
if ($table_s == 0) {
|
109 |
-
exit('<font color="#ff0000">Some Error occured, it wasn\'t possible to change any Tableprefix. Please retry, no changes are done to your wp-config File.</font><br />');
|
110 |
-
} elseif ($table_s < $table_c) {
|
111 |
-
echo('<font color="#ff0000">It wasn\'t possible to rename some of your Tables prefix. Please change them manually. Following you\'ll see all failed tables:<br />');
|
112 |
-
for ($i = 1; $i < count($tables_f); $i++) {
|
113 |
-
echo ($tables_f[$i])."<br />";
|
114 |
-
}
|
115 |
-
exit('No changes where done to your wp-config File.</font><br />');
|
116 |
-
}
|
117 |
-
|
118 |
-
echo("<h3>Changing Config File:</h3>");
|
119 |
-
$conf_f = "../wp-config.php";
|
120 |
-
|
121 |
-
@chmod($conf_f, 0777);//making the the config readable to change the prefix
|
122 |
-
if (!is_writeable($conf_f)) {//when automatic config file changing isn't possible the user get's all needed information to do it manually
|
123 |
-
echo(' 1/1 file writeable: <font color="#ff0000">Not Writeable</font><br />');
|
124 |
-
echo('<b>Please make your wp-config.php file writable for this process.</b>');
|
125 |
-
die("</div>");
|
126 |
-
} else {//changing if possible the config file automatically
|
127 |
-
echo(' 1/3 file writeable: <font color="#00ff00"> Writeable</font><br />');
|
128 |
-
$handle = @fopen($conf_f, "r+");
|
129 |
-
if ($handle) {
|
130 |
-
while (!feof($handle)) {
|
131 |
-
$lines[] = fgets($handle, 4096);
|
132 |
-
}//while feof
|
133 |
-
fclose($handle);
|
134 |
-
$handle = @fopen($conf_f, "w+");
|
135 |
-
foreach ($lines as $line) {
|
136 |
-
if (strpos($line, $GLOBALS['table_prefix'])) {
|
137 |
-
$line = str_replace($GLOBALS['table_prefix'], $newpref, $line);
|
138 |
-
echo(' 2/3 <font color="#00ff00">table prefix changed!</font><br />');
|
139 |
-
}//if strpos
|
140 |
-
fwrite($handle, $line);
|
141 |
-
}//foreach $lines
|
142 |
-
fclose($handle);
|
143 |
-
if (chmod ($conf_f, 0644)) {
|
144 |
-
echo(' 3/3 <font color="#00ff00">Config files permission set to 644, for security purpose.</font><br />');
|
145 |
-
} else {
|
146 |
-
echo (' 3/3 wasn\'t able to set chmod to 644, please check if your files permission is set back to 644!<br />');
|
147 |
-
}//if chmod
|
148 |
-
}//if handle
|
149 |
-
}//if is_writeable
|
150 |
-
|
151 |
-
}//if prefix
|
152 |
-
?>
|
153 |
-
</div>
|
154 |
-
Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
|
155 |
-
</div>
|
156 |
-
<?php
|
157 |
-
}//function prefix_changer
|
158 |
-
?>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
trunk/functions.php
DELETED
@@ -1,128 +0,0 @@
|
|
1 |
-
<?php
|
2 |
-
|
3 |
-
function make_seed() {
|
4 |
-
list($usec, $sec) = explode(' ', microtime());
|
5 |
-
return (float) $sec + ((float) $usec * 100000);
|
6 |
-
}
|
7 |
-
|
8 |
-
function make_password($password_length){
|
9 |
-
srand(make_seed());
|
10 |
-
$alfa = "!@123!@4567!@890qwer!@tyuiopa@!sdfghjkl@!zxcvbn@!mQWERTYUIO@!PASDFGH@!JKLZXCVBNM!@";
|
11 |
-
$token = "";
|
12 |
-
for($i = 0; $i < $password_length; $i ++) {
|
13 |
-
$token .= $alfa[rand(0, strlen($alfa))];
|
14 |
-
}
|
15 |
-
return $token;
|
16 |
-
}
|
17 |
-
|
18 |
-
function check_perms($name,$path,$perm)
|
19 |
-
{
|
20 |
-
clearstatcache();
|
21 |
-
// $configmod = fileperms($path);
|
22 |
-
$configmod = substr(sprintf(".%o.", fileperms($path)), -4);
|
23 |
-
$trcss = (($configmod != $perm) ? "background-color:#fd7a7a;" : "background-color:#91f587;");
|
24 |
-
echo "<tr style=".$trcss.">";
|
25 |
-
echo '<td style="border:0px;">' . $name . "</td>";
|
26 |
-
echo '<td style="border:0px;">'. $path ."</td>";
|
27 |
-
echo '<td style="border:0px;">' . $perm . '</td>';
|
28 |
-
echo '<td style="border:0px;">' . $configmod . '</td>';
|
29 |
-
// echo '<td style="border:0px;">' . '<input type="submit" name="' . $perm . '" value="Change now.">' . '</td>';
|
30 |
-
echo "</tr>";
|
31 |
-
}
|
32 |
-
|
33 |
-
function mrt_get_serverinfo() {
|
34 |
-
global $wpdb;
|
35 |
-
$sqlversion = $wpdb->get_var("SELECT VERSION() AS version");
|
36 |
-
$mysqlinfo = $wpdb->get_results("SHOW VARIABLES LIKE 'sql_mode'");
|
37 |
-
if (is_array($mysqlinfo)) $sql_mode = $mysqlinfo[0]->Value;
|
38 |
-
if (empty($sql_mode)) $sql_mode = __('Not set');
|
39 |
-
if(ini_get('safe_mode')) $safe_mode = __('On');
|
40 |
-
else $safe_mode = __('Off');
|
41 |
-
if(ini_get('allow_url_fopen')) $allow_url_fopen = __('On');
|
42 |
-
else $allow_url_fopen = __('Off');
|
43 |
-
if(ini_get('upload_max_filesize')) $upload_max = ini_get('upload_max_filesize');
|
44 |
-
else $upload_max = __('N/A');
|
45 |
-
if(ini_get('post_max_size')) $post_max = ini_get('post_max_size');
|
46 |
-
else $post_max = __('N/A');
|
47 |
-
if(ini_get('max_execution_time')) $max_execute = ini_get('max_execution_time');
|
48 |
-
else $max_execute = __('N/A');
|
49 |
-
if(ini_get('memory_limit')) $memory_limit = ini_get('memory_limit');
|
50 |
-
else $memory_limit = __('N/A');
|
51 |
-
if (function_exists('memory_get_usage')) $memory_usage = round(memory_get_usage() / 1024 / 1024, 2) . __(' MByte');
|
52 |
-
else $memory_usage = __('N/A');
|
53 |
-
if (is_callable('exif_read_data')) $exif = __('Yes'). " ( V" . substr(phpversion('exif'),0,4) . ")" ;
|
54 |
-
else $exif = __('No');
|
55 |
-
if (is_callable('iptcparse')) $iptc = __('Yes');
|
56 |
-
else $iptc = __('No');
|
57 |
-
if (is_callable('xml_parser_create')) $xml = __('Yes');
|
58 |
-
else $xml = __('No');
|
59 |
-
|
60 |
-
?>
|
61 |
-
<li><?php _e('Operating System'); ?> : <strong><?php echo PHP_OS; ?></strong></li>
|
62 |
-
<li><?php _e('Server'); ?> : <strong><?php echo $_SERVER["SERVER_SOFTWARE"]; ?></strong></li>
|
63 |
-
<li><?php _e('Memory usage'); ?> : <strong><?php echo $memory_usage; ?></strong></li>
|
64 |
-
<li><?php _e('MYSQL Version'); ?> : <strong><?php echo $sqlversion; ?></strong></li>
|
65 |
-
<li><?php _e('SQL Mode'); ?> : <strong><?php echo $sql_mode; ?></strong></li>
|
66 |
-
<li><?php _e('PHP Version'); ?> : <strong><?php echo PHP_VERSION; ?></strong></li>
|
67 |
-
<li><?php _e('PHP Safe Mode'); ?> : <strong><?php echo $safe_mode; ?></strong></li>
|
68 |
-
<li><?php _e('PHP Allow URL fopen'); ?> : <strong><?php echo $allow_url_fopen; ?></strong></li>
|
69 |
-
<li><?php _e('PHP Memory Limit'); ?> : <strong><?php echo $memory_limit; ?></strong></li>
|
70 |
-
<li><?php _e('PHP Max Upload Size'); ?> : <strong><?php echo $upload_max; ?></strong></li>
|
71 |
-
<li><?php _e('PHP Max Post Size'); ?> : <strong><?php echo $post_max; ?></strong></li>
|
72 |
-
<li><?php _e('PHP Max Script Execute Time'); ?> : <strong><?php echo $max_execute; ?>s</strong></li>
|
73 |
-
<li><?php _e('PHP Exif support'); ?> : <strong><?php echo $exif; ?></strong></li>
|
74 |
-
<li><?php _e('PHP IPTC support'); ?> : <strong><?php echo $iptc; ?></strong></li>
|
75 |
-
<li><?php _e('PHP XML support'); ?> : <strong><?php echo $xml; ?></strong></li>
|
76 |
-
<?php
|
77 |
-
}
|
78 |
-
|
79 |
-
function mrt_check_table_prefix(){
|
80 |
-
if($GLOBALS['table_prefix']=='wp_'){
|
81 |
-
echo '<font color="red">Your table prefix should not be <i>wp_</i>. <a href="admin.php?page=database">Click here</a> to change it.</font><br />';
|
82 |
-
}else{
|
83 |
-
echo '<font color="green">Your table prefix is not <i>wp_</i>.</font><br />';
|
84 |
-
}
|
85 |
-
}
|
86 |
-
|
87 |
-
function mrt_errorsoff(){
|
88 |
-
echo '<font color="green">WordPress DB Errors turned off.</font><br />';
|
89 |
-
}
|
90 |
-
|
91 |
-
function mrt_wpdberrors()
|
92 |
-
{
|
93 |
-
global $wpdb;
|
94 |
-
$wpdb->show_errors = false;
|
95 |
-
|
96 |
-
}
|
97 |
-
|
98 |
-
function mrt_version_removal(){
|
99 |
-
global $wp_version;
|
100 |
-
echo '<font color="green">Your WordPress version is successfully hidden.</font><br />';
|
101 |
-
}
|
102 |
-
|
103 |
-
function mrt_remove_wp_version()
|
104 |
-
{
|
105 |
-
if (!is_admin()) {
|
106 |
-
global $wp_version;
|
107 |
-
$wp_version = 'abc';
|
108 |
-
}
|
109 |
-
|
110 |
-
}
|
111 |
-
|
112 |
-
function mrt_check_version(){
|
113 |
-
//echo "WordPress Version: ";
|
114 |
-
global $wp_version;
|
115 |
-
$mrt_wp_ver = ereg_replace("[^0-9]", "", $wp_version);
|
116 |
-
while ($mrt_wp_ver > 10){
|
117 |
-
$mrt_wp_ver = $mrt_wp_ver/10;
|
118 |
-
}
|
119 |
-
if ($mrt_wp_ver >= "2.51") $g2k5 = '<font color="green"><strong>WordPress version: ' . $wp_version . '</strong> You have the latest stable version of WordPress.</font><br />';
|
120 |
-
if ($mrt_wp_ver < "2.51") $g2k5 = '<font color="red"><strong>WordPress version: ' . $wp_version . '</strong> You need version 2.5.1. Please <a href="http://wordpress.org/download/">upgrade</a> immediately.</font><br />';
|
121 |
-
/*echo "<b>" . $wp_version . "</b>   " ;*/echo $g2k5;
|
122 |
-
}
|
123 |
-
|
124 |
-
|
125 |
-
function mrt_javascript(){
|
126 |
-
$siteurl = get_option('siteurl');
|
127 |
-
?><script language="JavaScript" type="text/javascript" src="<?php echo $siteurl;?>/wp-content/plugins/wp-security-scan/js/scripts.js"></script><?php
|
128 |
-
}?>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
trunk/images/bt.gif
DELETED
Binary file
|
trunk/js/scripts.js
DELETED
@@ -1,27 +0,0 @@
|
|
1 |
-
function displaymessage()
|
2 |
-
{
|
3 |
-
alert("Hello World!");
|
4 |
-
}
|
5 |
-
|
6 |
-
$('myForm').addEvent('submit', function(e) {
|
7 |
-
/**
|
8 |
-
* Prevent the submit event
|
9 |
-
*/
|
10 |
-
new Event(e).stop();
|
11 |
-
|
12 |
-
/**
|
13 |
-
* This empties the log and shows the spinning indicator
|
14 |
-
*/
|
15 |
-
var log = $('log_res').empty().addClass('ajax-loading');
|
16 |
-
|
17 |
-
/**
|
18 |
-
* send takes care of encoding and returns the Ajax instance.
|
19 |
-
* onComplete removes the spinner from the log.
|
20 |
-
*/
|
21 |
-
this.send({
|
22 |
-
update: log,
|
23 |
-
onComplete: function() {
|
24 |
-
log.removeClass('ajax-loading');
|
25 |
-
}
|
26 |
-
});
|
27 |
-
});
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
trunk/password_tools.php
DELETED
@@ -1,20 +0,0 @@
|
|
1 |
-
<?php
|
2 |
-
function mrt_sub1(){?>
|
3 |
-
<div class=wrap>
|
4 |
-
<h2><?php _e('WP - Password Tools') ?></h2>
|
5 |
-
<div style="height:299px">
|
6 |
-
<?php
|
7 |
-
echo "<br /><strong>Password Strength Tool</strong>";
|
8 |
-
?>
|
9 |
-
<table><tr valign=top><td><form name="commandForm">
|
10 |
-
Type password: <input type=password size=30 maxlength=50 name=password onkeyup="testPassword(document.forms.commandForm.password.value);" value="">
|
11 |
-
<br/><font color="#808080">Minimum 6 Characters</td><td><font size="1"> Password Strength:</font><a id="Words"><table><tr><td><table><tr><td height=4 width=150 bgcolor=tan></td></tr></table></td><td> <b>Begin Typing</b></td></tr></table></a></td></tr></table></td></tr></table></form>
|
12 |
-
<br /><hr align=left size=2 width=612px>
|
13 |
-
<?php
|
14 |
-
echo "<br /><br /><strong>Strong Password Generator</strong><br />";
|
15 |
-
echo "Strong Password: " . '<font color="red">' . make_password(15) . "</font>";
|
16 |
-
?>
|
17 |
-
</div>
|
18 |
-
Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
|
19 |
-
</div>
|
20 |
-
<?php } ?>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
trunk/readme.txt
DELETED
@@ -1,120 +0,0 @@
|
|
1 |
-
=== Plugin Name ===
|
2 |
-
Contributors: hallsofmontezuma
|
3 |
-
Donate link:https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=mrtorbert%40gmail%2ecom&item_name=Support%20WordPress%20Security%20Scan%20Plugin&no_shipping=0&no_note=1&tax=0¤cy_code=USD&lc=US&bn=PP%2dDonationsBF&charset=UTF%2d8
|
4 |
-
Tags: security, securityscan, chmod, permissions, admin, administration, authentication, database, dashboard, post, notification, password, plugin, posts
|
5 |
-
plugins, private, protection, tracking, wordpress
|
6 |
-
Requires at least: 2.0
|
7 |
-
Tested up to: 2.6bleeding
|
8 |
-
Stable tag: 2.2.60.2
|
9 |
-
|
10 |
-
Scans your WordPress installation for security vulnerabilities.
|
11 |
-
|
12 |
-
== Description ==
|
13 |
-
|
14 |
-
Scans your WordPress installation for security vulnerabilities and suggests
|
15 |
-
corrective actions.
|
16 |
-
|
17 |
-
-passwords<br />
|
18 |
-
-file permissions<br />
|
19 |
-
-database security<br />
|
20 |
-
-version hiding<br />
|
21 |
-
-WordPress admin protection/security<br />
|
22 |
-
-removes WP Generator META tag from core code<br />
|
23 |
-
|
24 |
-
|
25 |
-
**Future Releases**<br />
|
26 |
-
*one-click change file/folder permissions<br />
|
27 |
-
*test for XSS vulnerabilities<br />
|
28 |
-
*intrusion detection/prevention<br />
|
29 |
-
*lock out/log incorrect login attempts<br />
|
30 |
-
*user enumeration protection<br />
|
31 |
-
*.htaccess verification<br />
|
32 |
-
*doc links<br />
|
33 |
-
|
34 |
-
[Changelog](http://semperfiwebdesign.com/documentation/wp-security-scan/changelog/ "WP Security Scan Changelog")<br />
|
35 |
-
[Documentation](http://semperfiwebdesign.com/category/documentation/wp-security-scan/ "WP Security Scan
|
36 |
-
Documentation")
|
37 |
-
|
38 |
-
== Installation ==
|
39 |
-
|
40 |
-
1. Create backup.
|
41 |
-
2. Upload the zip file to the `/wp-content/plugins/` directory
|
42 |
-
3. Unzip.
|
43 |
-
4. Activate the plugin through the 'Plugins' menu in WordPress
|
44 |
-
|
45 |
-
|
46 |
-
Please let me know any bugs, improvements, comments, suggestions.
|
47 |
-
|
48 |
-
== Frequently Asked Questions ==
|
49 |
-
|
50 |
-
= Can I deactivate WP Security Scan once I've run it once? =
|
51 |
-
|
52 |
-
No. WP Security Scan needs to be left activated to work. Version hiding,
|
53 |
-
turning off DB errors, removing WP ID META tag from HTML output, and other
|
54 |
-
functionality will cease if you deactivate the plugin.
|
55 |
-
|
56 |
-
= How do I change the file permissions on my WordPress installation? =
|
57 |
-
|
58 |
-
From the linux command line (for advanced users):
|
59 |
-
chmod xxx filename.ext
|
60 |
-
(replace xxx with with the permissions settings for the file or folder)
|
61 |
-
|
62 |
-
From your FTP client:
|
63 |
-
Most FTP clients, such as filezilla, etc, allow for changing file
|
64 |
-
permissions. Please consult your clients documentation for your specific
|
65 |
-
directions.
|
66 |
-
|
67 |
-
For more information, please visit http://codex.wordpress.org/Changing_File_Permissions
|
68 |
-
|
69 |
-
= Why do I need to hide my version of WordPress? =
|
70 |
-
|
71 |
-
Alot of attackers and automated tools will try and determine software versions
|
72 |
-
before launching exploit code. Removing your WordPress blog version may
|
73 |
-
discourage some attackers and certainly will mitigate virus and worm programs
|
74 |
-
that rely on software versions.
|
75 |
-
|
76 |
-
NOTE: Hiding your version of WordPress may break any plugins you have which
|
77 |
-
are version dependant.
|
78 |
-
|
79 |
-
= How do I make Dagon Design's sitemap generator plugin compatible? =
|
80 |
-
There is currently a small compatibility issue. This can be temporarily
|
81 |
-
solved by opening securityscan.php and commenting out the line
|
82 |
-
`add_action("init",mrt_remove_wp_version,1);`
|
83 |
-
I have contacted Dagon Designs about creating a solution, which should
|
84 |
-
hopefully be in a future upgrade to their plugin.
|
85 |
-
|
86 |
-
== Screenshots ==
|
87 |
-
|
88 |
-
1. file/directories permissions check
|
89 |
-
2. password tools
|
90 |
-
|
91 |
-
== WordPress Security ==
|
92 |
-
|
93 |
-
<strong>Plugin currently in BETA version.
|
94 |
-
|
95 |
-
== WordPress Security ==
|
96 |
-
|
97 |
-
Security Scanner:
|
98 |
-
|
99 |
-
1. Scans Wordpress installation for file/directory permissions vulnerabilites
|
100 |
-
1. Recommends corrective actions
|
101 |
-
1. Scans for general security vulnerabilities
|
102 |
-
|
103 |
-
Join the BETA testers group if:
|
104 |
-
|
105 |
-
* you have experience as a software tester
|
106 |
-
* you have no experience as a software tester
|
107 |
-
* you have a WordPress installation dedicated for testing
|
108 |
-
* you have a general enthusiasm for WordPress use and/or development
|
109 |
-
|
110 |
-
|
111 |
-
Visit our homepage at [Semper Fi Web Design](http://semperfiwebdesign.com/ "Raleigh Web Design") or our plugin page at [Semper Fi Plugins][sf plugins].
|
112 |
-
We look forward to hearing your comments and suggestions.
|
113 |
-
|
114 |
-
[sf plugins]: http://semperfiwebdesign.com/plugins/
|
115 |
-
"Raleigh Web Design"
|
116 |
-
|
117 |
-
> WordPress Security Scanner for *2.3, 2.5*. Although if you're using lower
|
118 |
-
> than 2.3 you should go ahead and install it because of **security**.
|
119 |
-
|
120 |
-
`<?php code(); // backticks ?>`
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
trunk/scanner.php
DELETED
@@ -1,31 +0,0 @@
|
|
1 |
-
<?php
|
2 |
-
function mrt_sub0(){?>
|
3 |
-
<div class=wrap>
|
4 |
-
<h2><?php _e('WP - Security Scan') ?></h2>
|
5 |
-
<div style="height:299px">
|
6 |
-
<table width="100%" border="0" cellspacing="0" cellpadding="3" style="text-align:center;">
|
7 |
-
<tr>
|
8 |
-
<th style="border:0px;"><b>Name</b></th>
|
9 |
-
<th style="border:0px;"><b>File/Dir</b></th>
|
10 |
-
<th style="border:0px;"><b>Needed Chmod</b></th>
|
11 |
-
<th style="border:0px;"><b>Current Chmod</b></th>
|
12 |
-
<!-- <th style="border:0px;"><b>Change Permissions</b></th>-->
|
13 |
-
</tr>
|
14 |
-
<?php
|
15 |
-
check_perms("root directory","../","0755");
|
16 |
-
check_perms("wp-includes/","../wp-includes","0755");
|
17 |
-
check_perms(".htaccess","../.htaccess","0644");
|
18 |
-
check_perms("wp-admin/index.php","index.php","0644");
|
19 |
-
check_perms("wp-admin/js/","js/","0755");
|
20 |
-
check_perms("wp-content/themes/","../wp-content/themes","0755");
|
21 |
-
check_perms("wp-content/plugins/","../wp-content/plugins","0755");
|
22 |
-
check_perms("wp-admin/","../wp-admin","0755");
|
23 |
-
check_perms("wp-content/","../wp-content","0755");
|
24 |
-
?>
|
25 |
-
</table>
|
26 |
-
|
27 |
-
|
28 |
-
</div>
|
29 |
-
Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
|
30 |
-
</div>
|
31 |
-
<?php } ?>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
trunk/screenshot-1.jpg
DELETED
Binary file
|
trunk/screenshot-2.jpg
DELETED
Binary file
|
trunk/scripts.js
DELETED
@@ -1,28 +0,0 @@
|
|
1 |
-
function testPassword(passwd){
|
2 |
-
var description = new Array();
|
3 |
-
description[0] = "<table><tr><td><table cellpadding=0 cellspacing=2><tr><td height=4 width=30 bgcolor=#ff0000></td><td height=4 width=120 bgcolor=tan></td></tr></table></td><td> <b>Weakest</b></td></tr></table>";
|
4 |
-
description[1] = "<table><tr><td><table cellpadding=0 cellspacing=2><tr><td height=4 width=60 bgcolor=#990000></td><td height=4 width=90 bgcolor=tan></td></tr></table></td><td> <b>Weak</b></td></tr></table>";
|
5 |
-
description[2] = "<table><tr><td><table cellpadding=0 cellspacing=2><tr><td height=4 width=90 bgcolor=#990099></td><td height=4 width=60 bgcolor=tan></td></tr></table></td><td> <b>Improving</b></td></tr></table>";
|
6 |
-
description[3] = "<table><tr><td><table cellpadding=0 cellspacing=2><tr><td height=4 width=120 bgcolor=#000099></td><td height=4 width=30 bgcolor=tan></td></tr></table></td><td> <b>Strong</b></td></tr></table>";
|
7 |
-
description[4] = "<table><tr><td><table><tr><td height=4 width=150 bgcolor=#0000ff></td></tr></table></td><td> <b>Strongest</b></td></tr></table>";
|
8 |
-
description[5] = "<table><tr><td><table><tr><td height=4 width=150 bgcolor=tan></td></tr></table></td><td> <b>Begin Typing</b></td></tr></table>";
|
9 |
-
|
10 |
-
var base = 0
|
11 |
-
var combos = 0
|
12 |
-
if (passwd.match(/[a-z]/))base = (base+26);
|
13 |
-
if (passwd.match(/[A-Z]/))base = (base+26);
|
14 |
-
if (passwd.match(/\d+/))base = (base+10);
|
15 |
-
if (passwd.match(/[>!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~]/))base = (base+33);
|
16 |
-
|
17 |
-
combos=Math.pow(base,passwd.length);
|
18 |
-
|
19 |
-
if(combos == 1)strVerdict = description[5];
|
20 |
-
else if(combos > 1 && combos < 1000000)strVerdict = description[0];
|
21 |
-
else if (combos >= 1000000 && combos < 1000000000000)strVerdict = description[1];
|
22 |
-
else if (combos >= 1000000000000 && combos < 1000000000000000000)strVerdict = description[2];
|
23 |
-
else if (combos >= 1000000000000000000 && combos < 1000000000000000000000000)strVerdict = description[3];
|
24 |
-
else strVerdict = description[4];
|
25 |
-
|
26 |
-
document.getElementById("Words").innerHTML= (strVerdict);
|
27 |
-
}
|
28 |
-
////
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
trunk/securityscan.php
DELETED
@@ -1,189 +0,0 @@
|
|
1 |
-
<?php
|
2 |
-
/*
|
3 |
-
Plugin Name: WP Security Scan
|
4 |
-
Plugin URI: http://semperfiwebdesign.com/plugins/wp-security-scan/
|
5 |
-
Description: Perform security scan of WordPress installation.
|
6 |
-
Author: Michael Torbert
|
7 |
-
Version: 2.2.60.2
|
8 |
-
Author URI: http://semperfiwebdesign.com/
|
9 |
-
*/
|
10 |
-
|
11 |
-
/*
|
12 |
-
Copyright (C) 2008 semperfiwebdesign.com (michael AT semperfiwebdesign DOT com)
|
13 |
-
|
14 |
-
This program is free software; you can redistribute it and/or modify
|
15 |
-
it under the terms of the GNU General Public License as published by
|
16 |
-
the Free Software Foundation; either version 3 of the License, or
|
17 |
-
(at your option) any later version.
|
18 |
-
|
19 |
-
This program is distributed in the hope that it will be useful,
|
20 |
-
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
21 |
-
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
22 |
-
GNU General Public License for more details.
|
23 |
-
|
24 |
-
You should have received a copy of the GNU General Public License
|
25 |
-
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
26 |
-
*/
|
27 |
-
|
28 |
-
require_once(ABSPATH."wp-content/plugins/wp-security-scan/support.php");
|
29 |
-
require_once(ABSPATH."wp-content/plugins/wp-security-scan/scanner.php");
|
30 |
-
require_once(ABSPATH."wp-content/plugins/wp-security-scan/password_tools.php");
|
31 |
-
require_once(ABSPATH."wp-content/plugins/wp-security-scan/database.php");
|
32 |
-
require_once(ABSPATH."wp-content/plugins/wp-security-scan/functions.php");
|
33 |
-
//require_once(ABSPATH."wp-content/plugins/wp-security-scan/scripts.js");
|
34 |
-
|
35 |
-
|
36 |
-
add_action( 'admin_notices', mrt_update_notice, 5 );
|
37 |
-
add_action('admin_head', 'mrt_hd');
|
38 |
-
add_action("init",mrt_wpdberrors,1);
|
39 |
-
add_action("parse_query",mrt_wpdberrors,1);
|
40 |
-
add_action('admin_menu', 'add_men_pg');
|
41 |
-
add_action("init",mrt_remove_wp_version,1); //comment out this line to make ddsitemapgen work
|
42 |
-
|
43 |
-
|
44 |
-
remove_action('wp_head', 'wp_generator');
|
45 |
-
//add_action('admin_head', 'mrt_root_scripts');
|
46 |
-
function add_men_pg() {
|
47 |
-
if (function_exists('add_menu_page')){
|
48 |
-
add_menu_page('Security', 'Security', 8, __FILE__, 'mrt_opt_mng_pg');
|
49 |
-
add_submenu_page(__FILE__, 'Scanner', 'Scanner', 8, 'scanner', 'mrt_sub0');
|
50 |
-
add_submenu_page(__FILE__, 'Password Tool', 'Password Tool', 8, 'passwordtool', 'mrt_sub1');
|
51 |
-
add_submenu_page(__FILE__, 'Database', 'Database', 8, 'database', 'mrt_sub3');
|
52 |
-
add_submenu_page(__FILE__, 'Support', 'Support', 8, 'support', 'mrt_sub2');
|
53 |
-
}
|
54 |
-
}
|
55 |
-
|
56 |
-
/*function mrt_root_scripts(){
|
57 |
-
$siteurl = get_option('siteurl');
|
58 |
-
echo '<script language="JavaScript" type="text/javascript" src="' . $siteurl . '/wp-content/plugins/wp-security-scan/scripts.js"></script>';
|
59 |
-
}*/
|
60 |
-
|
61 |
-
function mrt_update_notice(){
|
62 |
-
/*$mrt_version = "2.2.52";
|
63 |
-
$mrt_latest = fgets(fopen("http://semperfiwebdesign.com/wp-security-scan.html", "r"));
|
64 |
-
echo $mrt_latest . " and " . $mrt_version;
|
65 |
-
if($mrt_latest > $mrt_version)
|
66 |
-
echo "New Version Available";
|
67 |
-
else
|
68 |
-
echo "Latest Version";
|
69 |
-
*/ }
|
70 |
-
|
71 |
-
function mrt_opt_mng_pg() {
|
72 |
-
?>
|
73 |
-
<!--<div id='update-nag'>A new version of WP Security Scan is available!</div>-->
|
74 |
-
<?php //$rss = fetch_rss('http://alexrabe.boelinger.com/?tag=nextgen-gallery&feed=rss2');?>
|
75 |
-
|
76 |
-
<div class=wrap>
|
77 |
-
<h2><?php _e('WP - Security Admin Tools') ?></h2>
|
78 |
-
<br /><em>For comments, suggestions, bug reporting, etc please <a href="http://semperfiwebdesign.com/contact/">click here</a>.</em>
|
79 |
-
|
80 |
-
<div>
|
81 |
-
<!-- <div id="message" class="updated fade"><p></p></div>-->
|
82 |
-
<br /><div style="float: left;width: 600px; height: 450px;border: 1px solid #999;margin: 0 15px 15px 0;padding: 5px;">
|
83 |
-
<div width=600px style="text-align:center;font-weight:bold;"><h3>Initial Scan</h3></div>
|
84 |
-
<?php
|
85 |
-
|
86 |
-
///////////
|
87 |
-
|
88 |
-
///////////////////
|
89 |
-
|
90 |
-
global $wpdb;
|
91 |
-
mrt_check_version();
|
92 |
-
mrt_check_table_prefix();
|
93 |
-
mrt_version_removal();
|
94 |
-
mrt_errorsoff();
|
95 |
-
echo '<div style="color:green">WP ID META tag removed form WordPress core</div>';
|
96 |
-
|
97 |
-
$name = $wpdb->get_var("SELECT user_login FROM $wpdb->users WHERE user_login='admin'");
|
98 |
-
if ($name=="admin"){
|
99 |
-
echo '<a href="http://semperfiwebdesign.com/documentation/wp-security-scan/change-wordpress-admin-username/" title="WordPress Admin" target="_blank"><font color="red">"admin" user exists.</font></a>';
|
100 |
-
}
|
101 |
-
else{
|
102 |
-
echo '<font color="green">No user "admin".</font>';
|
103 |
-
}
|
104 |
-
?><br /><?php
|
105 |
-
$filename = '.htaccess';
|
106 |
-
if (file_exists($filename)) {
|
107 |
-
echo '<font color="green">.htaccess exists in wp-admin/</font>';
|
108 |
-
} else {
|
109 |
-
echo '<font color="red">The file .htaccess does not exist in wp-admin/.</font>';
|
110 |
-
}
|
111 |
-
|
112 |
-
?>
|
113 |
-
|
114 |
-
<br /><br /><br />
|
115 |
-
<div style="text-align:center;color:grey;"><em>**click on an above link for documentation**</em></div>
|
116 |
-
<br />
|
117 |
-
<hr align=center size=2 width=500px>
|
118 |
-
<br />
|
119 |
-
|
120 |
-
<div width=600px style="text-align:center;font-weight:bold;"><h3>Future Releases</h3></div>
|
121 |
-
<ul><li>one-click change file/folder permissions</li><li>test for XSS vulnerabilities</li><li>intrusion detection/prevention</li><li>lock out/log incorrect login attempts</li><li>user enumeration protection</li><li>WordPress admin protection/security</li></ul>
|
122 |
-
</div>
|
123 |
-
|
124 |
-
|
125 |
-
<div style="float: left; height: 430px;border: 1px solid #999;margin: 0 15px 15px 0;padding: 15px;">
|
126 |
-
<div width=600px style="text-align:center;font-weight:bold;"><h3>System Information Scan</h3></div>
|
127 |
-
<?php mrt_get_serverinfo(); ?>
|
128 |
-
</div>
|
129 |
-
|
130 |
-
<div style="float: left;width: 350px; height: 255;border: 1px solid #999;margin: 0 15px 15px 0;padding: 25px;">
|
131 |
-
<div width=600px style="text-align:center;font-weight:bold;"><h3>Donations</h3></div>
|
132 |
-
<div style="text-align:center"><em>This plugin is updated as a free service to the WordPress community. Donations of any size are appreciated.</em>
|
133 |
-
<br /><br />
|
134 |
-
<a href="https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=mrtorbert%40gmail%2ecom&item_name=Support%20WordPress%20Security%20Scan%20Plugin&no_shipping=0&no_note=1&tax=0¤cy_code=USD&lc=US&bn=PP%2dDonationsBF&charset=UTF%2d8" target="_blank">Click here to support this plugin.</a>
|
135 |
-
<br /><br /><h4>Highest Donations</h4></div><?php
|
136 |
-
|
137 |
-
/*$ch = curl_init("http://semperfiwebdesign.com/top_donations.php");
|
138 |
-
$fp = fopen("top_donations.php", "w");
|
139 |
-
curl_setopt($ch, CURLOPT_FILE, $fp);
|
140 |
-
curl_setopt($ch, CURLOPT_HEADER, 0);
|
141 |
-
curl_exec($ch);
|
142 |
-
curl_close($ch);
|
143 |
-
fclose($fp);
|
144 |
-
*/
|
145 |
-
|
146 |
-
$ch = curl_init();
|
147 |
-
curl_setopt($ch, CURLOPT_URL, "http://semperfiwebdesign.com/top_donations.php");
|
148 |
-
curl_setopt($ch, CURLOPT_HEADER, 0);
|
149 |
-
curl_exec($ch);
|
150 |
-
curl_close($ch);
|
151 |
-
|
152 |
-
?>
|
153 |
-
<br /><br /><div style="text-align:center"><h4>Recent Donations</h4></div><?php
|
154 |
-
|
155 |
-
|
156 |
-
$ch = curl_init();
|
157 |
-
curl_setopt($ch, CURLOPT_URL, "http://semperfiwebdesign.com/recent_donations.php");
|
158 |
-
curl_setopt($ch, CURLOPT_HEADER, 0);
|
159 |
-
curl_exec($ch);
|
160 |
-
curl_close($ch);
|
161 |
-
|
162 |
-
/*
|
163 |
-
$ch = curl_init("http://semperfiwebdesign.com/recent_donations.php");
|
164 |
-
$fp = fopen("recent_donations.php", "w");
|
165 |
-
curl_setopt($ch, CURLOPT_FILE, $fp);
|
166 |
-
curl_setopt($ch, CURLOPT_HEADER, 0);
|
167 |
-
curl_exec($ch);
|
168 |
-
curl_close($ch);
|
169 |
-
fclose($fp);
|
170 |
-
*/
|
171 |
-
?>
|
172 |
-
</div>
|
173 |
-
<div style="clear:both"></div>
|
174 |
-
</div>
|
175 |
-
Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
|
176 |
-
</div>
|
177 |
-
<?php }
|
178 |
-
|
179 |
-
function mrt_hd()
|
180 |
-
{
|
181 |
-
$siteurl = get_option('siteurl');?>
|
182 |
-
<script language="JavaScript" type="text/javascript" src="<?php echo $siteurl;?>/wp-content/plugins/wp-security-scan/js/scripts.js"></script>
|
183 |
-
<script language="JavaScript" type="text/javascript" src="<?php echo $siteurl;?>/wp-content/plugins/wp-security-scan/scripts.js"></script>
|
184 |
-
<script type="text/javascript">
|
185 |
-
//window.onload=function(){enableTooltips()};
|
186 |
-
</script>
|
187 |
-
<!--<link rel="stylesheet" type="text/css" href="<?php echo $siteurl;?>/wp-content/plugins/wp-security-scan/style.css" />-->
|
188 |
-
<?php }
|
189 |
-
?>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
trunk/style.css
DELETED
@@ -1,55 +0,0 @@
|
|
1 |
-
|
2 |
-
|
3 |
-
#form_box {
|
4 |
-
float: left;
|
5 |
-
width: 290px;
|
6 |
-
background: #f8f8f8;
|
7 |
-
border: 1px solid #d6d6d6;
|
8 |
-
border-left-color: #e4e4e4;
|
9 |
-
border-top-color: #e4e4e4;
|
10 |
-
font-size: 11px;
|
11 |
-
font-weight: bold;
|
12 |
-
padding: 0.5em;
|
13 |
-
margin-top: 10px;
|
14 |
-
margin-bottom: 2px;
|
15 |
-
}
|
16 |
-
|
17 |
-
#form_box div {
|
18 |
-
height: 25px;
|
19 |
-
padding: 0.2em 0.5em;
|
20 |
-
}
|
21 |
-
|
22 |
-
#form_box div.hr {
|
23 |
-
border-bottom: 2px solid #e2e2e1;
|
24 |
-
height: 0px;
|
25 |
-
margin-top: 0pt;
|
26 |
-
margin-bottom: 7px;
|
27 |
-
}
|
28 |
-
|
29 |
-
#form_box p {
|
30 |
-
float: left;
|
31 |
-
margin: 4px 0pt;
|
32 |
-
width: 120px;
|
33 |
-
}
|
34 |
-
|
35 |
-
|
36 |
-
#log {
|
37 |
-
float: left;
|
38 |
-
padding: 0.5em;
|
39 |
-
margin-left: 10px;
|
40 |
-
width: 290px;
|
41 |
-
border: 1px solid #d6d6d6;
|
42 |
-
border-left-color: #e4e4e4;
|
43 |
-
border-top-color: #e4e4e4;
|
44 |
-
margin-top: 10px;
|
45 |
-
}
|
46 |
-
|
47 |
-
#log_res {
|
48 |
-
overflow: auto;
|
49 |
-
}
|
50 |
-
|
51 |
-
#log_res.ajax-loading {
|
52 |
-
padding: 20px 0;
|
53 |
-
background: url(http://demos.mootools.net/demos/Group/spinner.gif) no-repeat center;
|
54 |
-
}
|
55 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
trunk/support.php
DELETED
@@ -1,18 +0,0 @@
|
|
1 |
-
<?php
|
2 |
-
|
3 |
-
function mrt_sub2(){
|
4 |
-
?>
|
5 |
-
<div class=wrap>
|
6 |
-
<h2><?php _e('WP - Security Support') ?></h2>
|
7 |
-
<div style="height:299px">
|
8 |
-
Under Construction...<br /><br />
|
9 |
-
<ul>
|
10 |
-
<li><a href='http://semperfiwebdesign.com/documentation/wp-security-scan/changelog/' target="_blank">Changelog</a></li>
|
11 |
-
<li><a href='http://semperfiwebdesign.com/documentation/wp-security-scan/' target="_blank">Documentation</a></li>
|
12 |
-
</ul>
|
13 |
-
<br /><br /><strong>Backup early, backup often!</strong><br /><br /><br /><br /><br />
|
14 |
-
<em>For comments, suggestions, bug reporting, etc please <a href="http://semperfiwebdesign.com/contact/">click here</a>.</em>
|
15 |
-
</div>
|
16 |
-
Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
|
17 |
-
</div>
|
18 |
-
<?php } ?>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|