Acunetix WP Security - Version 2.3.3

Version Description

Download this release

Release Info

Developer hallsofmontezuma
Plugin Icon wp plugin Acunetix WP Security
Version 2.3.3
Comparing to
See all releases

Code changes from version 2.3.2 to 2.3.3

Files changed (2) hide show
  1. readme.txt +1 -1
  2. securityscan.php +216 -189
readme.txt CHANGED
@@ -5,7 +5,7 @@ Tags: security, securityscan, chmod, permissions, admin, administration, authent
5
  plugins, private, protection, tracking, wordpress
6
  Requires at least: 2.3
7
  Tested up to: 2.7.1
8
- Stable tag: 2.3.2
9
 
10
  Scans your WordPress installation for security vulnerabilities.
11
 
5
  plugins, private, protection, tracking, wordpress
6
  Requires at least: 2.3
7
  Tested up to: 2.7.1
8
+ Stable tag: 2.3.3
9
 
10
  Scans your WordPress installation for security vulnerabilities.
11
 
securityscan.php CHANGED
@@ -1,189 +1,216 @@
1
- <?php
2
- /*
3
- Plugin Name: WP Security Scan
4
- Plugin URI: http://semperfiwebdesign.com/plugins/wp-security-scan/
5
- Description: Perform security scan of WordPress installation.
6
- Author: Michael Torbert
7
- Version: 2.3.2
8
- Author URI: http://semperfiwebdesign.com/
9
- */
10
-
11
- /*
12
- Copyright (C) 2008-2009 Michael Torbert / semperfiwebdesign.com (michael AT semperfiwebdesign DOT com)
13
-
14
- This program is free software; you can redistribute it and/or modify
15
- it under the terms of the GNU General Public License as published by
16
- the Free Software Foundation; either version 3 of the License, or
17
- (at your option) any later version.
18
-
19
- This program is distributed in the hope that it will be useful,
20
- but WITHOUT ANY WARRANTY; without even the implied warranty of
21
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22
- GNU General Public License for more details.
23
-
24
- You should have received a copy of the GNU General Public License
25
- along with this program. If not, see <http://www.gnu.org/licenses/>.
26
- */
27
-
28
- require_once(ABSPATH."wp-content/plugins/wp-security-scan/support.php");
29
- require_once(ABSPATH."wp-content/plugins/wp-security-scan/scanner.php");
30
- require_once(ABSPATH."wp-content/plugins/wp-security-scan/password_tools.php");
31
- require_once(ABSPATH."wp-content/plugins/wp-security-scan/database.php");
32
- require_once(ABSPATH."wp-content/plugins/wp-security-scan/functions.php");
33
- //require_once(ABSPATH."wp-content/plugins/wp-security-scan/scripts.js");
34
-
35
-
36
- add_action( 'admin_notices', mrt_update_notice, 5 );
37
- add_action('admin_head', 'mrt_hd');
38
- add_action("init",mrt_wpdberrors,1);
39
- add_action("parse_query",mrt_wpdberrors,1);
40
- add_action('admin_menu', 'add_men_pg');
41
- add_action("init",mrt_remove_wp_version,1); //comment out this line to make ddsitemapgen work
42
-
43
-
44
- remove_action('wp_head', 'wp_generator');
45
- //add_action('admin_head', 'mrt_root_scripts');
46
- function add_men_pg() {
47
- if (function_exists('add_menu_page')){
48
- add_menu_page('Security', 'Security', 8, __FILE__, 'mrt_opt_mng_pg');
49
- add_submenu_page(__FILE__, 'Scanner', 'Scanner', 8, 'scanner', 'mrt_sub0');
50
- add_submenu_page(__FILE__, 'Password Tool', 'Password Tool', 8, 'passwordtool', 'mrt_sub1');
51
- add_submenu_page(__FILE__, 'Database', 'Database', 8, 'database', 'mrt_sub3');
52
- add_submenu_page(__FILE__, 'Support', 'Support', 8, 'support', 'mrt_sub2');
53
- }
54
- }
55
-
56
- /*function mrt_root_scripts(){
57
- $siteurl = get_option('siteurl');
58
- echo '<script language="JavaScript" type="text/javascript" src="' . $siteurl . '/wp-content/plugins/wp-security-scan/scripts.js"></script>';
59
- }*/
60
-
61
- function mrt_update_notice(){
62
- /*$mrt_version = "2.2.52";
63
- $mrt_latest = fgets(fopen("http://semperfiwebdesign.com/wp-security-scan.html", "r"));
64
- echo $mrt_latest . " and " . $mrt_version;
65
- if($mrt_latest > $mrt_version)
66
- echo "New Version Available";
67
- else
68
- echo "Latest Version";
69
- */ }
70
-
71
- function mrt_opt_mng_pg() {
72
- ?>
73
- <!--<div id='update-nag'>A new version of WP Security Scan is available!</div>-->
74
- <?php //$rss = fetch_rss('http://alexrabe.boelinger.com/?tag=nextgen-gallery&feed=rss2');?>
75
-
76
- <div class=wrap>
77
- <h2><?php _e('WP - Security Admin Tools') ?></h2>
78
- <br /><em>For comments, suggestions, bug reporting, etc please <a href="http://semperfiwebdesign.com/contact/">click here</a>.</em>
79
-
80
- <div>
81
- <!-- <div id="message" class="updated fade"><p></p></div>-->
82
- <br /><div style="float: left;width: 33%; height: 100%;border: 1px solid #999;margin: 0 15px 15px 0;padding: 5px;">
83
- <div style="text-align:center;font-weight:bold;"><h3>Initial Scan</h3></div>
84
- <?php
85
-
86
- ///////////
87
-
88
- ///////////////////
89
-
90
- global $wpdb;
91
- mrt_check_version();
92
- mrt_check_table_prefix();
93
- mrt_version_removal();
94
- mrt_errorsoff();
95
- echo '<div style="color:green">WP ID META tag removed form WordPress core</div>';
96
-
97
- $name = $wpdb->get_var("SELECT user_login FROM $wpdb->users WHERE user_login='admin'");
98
- if ($name=="admin"){
99
- echo '<a href="http://semperfiwebdesign.com/documentation/wp-security-scan/change-wordpress-admin-username/" title="WordPress Admin" target="_blank"><font color="red">"admin" user exists.</font></a>';
100
- }
101
- else{
102
- echo '<font color="green">No user "admin".</font>';
103
- }
104
- ?><br /><?php
105
- $filename = '.htaccess';
106
- if (file_exists($filename)) {
107
- echo '<font color="green">.htaccess exists in wp-admin/</font>';
108
- } else {
109
- echo '<font color="red">The file .htaccess does not exist in wp-admin/.</font>';
110
- }
111
-
112
- ?>
113
-
114
- <br /><br /><br />
115
- <div style="text-align:center;color:grey;"><em>**click on an above link for documentation**</em></div>
116
- <br />
117
- <hr align=center size=2 width=33%>
118
- <br />
119
-
120
- <div style="text-align:center;font-weight:bold;"><h3>Future Releases</h3></div>
121
- <ul><li>one-click change file/folder permissions</li><li>test for XSS vulnerabilities</li><li>intrusion detection/prevention</li><li>lock out/log incorrect login attempts</li><li>user enumeration protection</li><li>WordPress admin protection/security</li></ul>
122
- </div>
123
-
124
-
125
- <div style="float: left; height: 30%;border: 1px solid #999;margin: 0 15px 15px 0;padding: 15px;">
126
- <div style="text-align:center;font-weight:bold;"><h3>System Information Scan</h3></div>
127
- <?php mrt_get_serverinfo(); ?>
128
- </div>
129
-
130
- <div style="float: left;width: 30%; border: 1px solid #999;">
131
- <div style="text-align:center;font-weight:bold;"><h3>Donations</h3></div>
132
- <div style="text-align:center"><em>This plugin is updated as a free service to the WordPress community. Donations of any size are appreciated.</em>
133
- <br /><br />
134
- <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=mrtorbert%40gmail%2ecom&item_name=Support%20WordPress%20Security%20Scan%20Plugin&no_shipping=0&no_note=1&tax=0&currency_code=USD&lc=US&bn=PP%2dDonationsBF&charset=UTF%2d8" target="_blank">Click here to support this plugin.</a>
135
- <br /><br /><h4>Highest Donations</h4></div><?php
136
-
137
- /*$ch = curl_init("http://semperfiwebdesign.com/top_donations.php");
138
- $fp = fopen("top_donations.php", "w");
139
- curl_setopt($ch, CURLOPT_FILE, $fp);
140
- curl_setopt($ch, CURLOPT_HEADER, 0);
141
- curl_exec($ch);
142
- curl_close($ch);
143
- fclose($fp);
144
- */
145
-
146
- $ch = curl_init();
147
- curl_setopt($ch, CURLOPT_URL, "http://semperfiwebdesign.com/top_donations.php");
148
- curl_setopt($ch, CURLOPT_HEADER, 0);
149
- curl_exec($ch);
150
- curl_close($ch);
151
-
152
- ?>
153
- <br /><br /><div style="text-align:center"><h4>Recent Donations</h4></div><?php
154
-
155
-
156
- $ch = curl_init();
157
- curl_setopt($ch, CURLOPT_URL, "http://semperfiwebdesign.com/recent_donations.php");
158
- curl_setopt($ch, CURLOPT_HEADER, 0);
159
- curl_exec($ch);
160
- curl_close($ch);
161
-
162
- /*
163
- $ch = curl_init("http://semperfiwebdesign.com/recent_donations.php");
164
- $fp = fopen("recent_donations.php", "w");
165
- curl_setopt($ch, CURLOPT_FILE, $fp);
166
- curl_setopt($ch, CURLOPT_HEADER, 0);
167
- curl_exec($ch);
168
- curl_close($ch);
169
- fclose($fp);
170
- */
171
- ?>
172
- </div>
173
- <div style="clear:both"></div>
174
- </div>
175
- Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
176
- </div>
177
- <?php }
178
-
179
- function mrt_hd()
180
- {
181
- $siteurl = get_option('siteurl');?>
182
- <script language="JavaScript" type="text/javascript" src="<?php echo $siteurl;?>/wp-content/plugins/wp-security-scan/js/scripts.js"></script>
183
- <script language="JavaScript" type="text/javascript" src="<?php echo $siteurl;?>/wp-content/plugins/wp-security-scan/scripts.js"></script>
184
- <script type="text/javascript">
185
- //window.onload=function(){enableTooltips()};
186
- </script>
187
- <!--<link rel="stylesheet" type="text/css" href="<?php echo $siteurl;?>/wp-content/plugins/wp-security-scan/style.css" />-->
188
- <?php }
189
- ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /*
3
+ Plugin Name: WP Security Scan
4
+ Plugin URI: http://semperfiwebdesign.com/plugins/wp-security-scan/
5
+ Description: Perform security scan of WordPress installation.
6
+ Author: Michael Torbert
7
+ Version: 2.3.3
8
+ Author URI: http://semperfiwebdesign.com/
9
+ */
10
+
11
+ /*
12
+ Copyright (C) 2008-2009 Michael Torbert / semperfiwebdesign.com (michael AT semperfiwebdesign DOT com)
13
+
14
+ This program is free software; you can redistribute it and/or modify
15
+ it under the terms of the GNU General Public License as published by
16
+ the Free Software Foundation; either version 3 of the License, or
17
+ (at your option) any later version.
18
+
19
+ This program is distributed in the hope that it will be useful,
20
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
21
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22
+ GNU General Public License for more details.
23
+
24
+ You should have received a copy of the GNU General Public License
25
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
26
+ */
27
+
28
+ require_once(ABSPATH."wp-content/plugins/wp-security-scan/support.php");
29
+ require_once(ABSPATH."wp-content/plugins/wp-security-scan/scanner.php");
30
+ require_once(ABSPATH."wp-content/plugins/wp-security-scan/password_tools.php");
31
+ require_once(ABSPATH."wp-content/plugins/wp-security-scan/database.php");
32
+ require_once(ABSPATH."wp-content/plugins/wp-security-scan/functions.php");
33
+ //require_once(ABSPATH."wp-content/plugins/wp-security-scan/scripts.js");
34
+
35
+
36
+ add_action( 'admin_notices', mrt_update_notice, 5 );
37
+ add_action('admin_head', 'mrt_hd');
38
+ add_action("init",mrt_wpdberrors,1);
39
+ add_action("parse_query",mrt_wpdberrors,1);
40
+ add_action('admin_menu', 'add_men_pg');
41
+ add_action("init",mrt_remove_wp_version,1); //comment out this line to make ddsitemapgen work
42
+
43
+
44
+ remove_action('wp_head', 'wp_generator');
45
+ //add_action('admin_head', 'mrt_root_scripts');
46
+ function add_men_pg() {
47
+ if (function_exists('add_menu_page')){
48
+ add_menu_page('Security', 'Security', 8, __FILE__, 'mrt_opt_mng_pg');
49
+ add_submenu_page(__FILE__, 'Scanner', 'Scanner', 8, 'scanner', 'mrt_sub0');
50
+ add_submenu_page(__FILE__, 'Password Tool', 'Password Tool', 8, 'passwordtool', 'mrt_sub1');
51
+ add_submenu_page(__FILE__, 'Database', 'Database', 8, 'database', 'mrt_sub3');
52
+ add_submenu_page(__FILE__, 'Support', 'Support', 8, 'support', 'mrt_sub2');
53
+ }
54
+ }
55
+
56
+ /*function mrt_root_scripts(){
57
+ $siteurl = get_option('siteurl');
58
+ echo '<script language="JavaScript" type="text/javascript" src="' . $siteurl . '/wp-content/plugins/wp-security-scan/scripts.js"></script>';
59
+ }*/
60
+
61
+ function mrt_update_notice(){
62
+ /*$mrt_version = "2.2.52";
63
+ $mrt_latest = fgets(fopen("http://semperfiwebdesign.com/wp-security-scan.html", "r"));
64
+ echo $mrt_latest . " and " . $mrt_version;
65
+ if($mrt_latest > $mrt_version)
66
+ echo "New Version Available";
67
+ else
68
+ echo "Latest Version";
69
+ */ }
70
+
71
+
72
+ function yourplugin_helloworld_meta_box(){
73
+
74
+ global $wpdb;
75
+ mrt_check_version();
76
+ mrt_check_table_prefix();
77
+ mrt_version_removal();
78
+ mrt_errorsoff();
79
+ echo '<div style="color:green">WP ID META tag removed form WordPress core</div>';
80
+
81
+ $name = $wpdb->get_var("SELECT user_login FROM $wpdb->users WHERE user_login='admin'");
82
+ if ($name=="admin"){
83
+ echo '<a href="http://semperfiwebdesign.com/documentation/wp-security-scan/change-wordpress-admin-username/" title="WordPress Admin" target="_blank"><font color="red">"admin" user exists.</font></a>';
84
+ }
85
+ else{
86
+ echo '<font color="green">No user "admin".</font>';
87
+ }
88
+ ?><br /><?php
89
+ $filename = '.htaccess';
90
+ if (file_exists($filename)) {
91
+ echo '<font color="green">.htaccess exists in wp-admin/</font>';
92
+ } else {
93
+ echo '<font color="red">The file .htaccess does not exist in wp-admin/.</font>';
94
+ }
95
+
96
+ ?>
97
+
98
+ <div style="text-align:center;color:grey;margin-top:20px;"><em>**WP Security Scan plugin must remain active for security features to remain**</em></div>
99
+
100
+ <div style="text-align:center;font-weight:bold;">Future Releases</div>
101
+ <ul><li>one-click change file/folder permissions</li><li>test for XSS vulnerabilities</li><li>intrusion detection/prevention</li><li>lock out/log incorrect login attempts</li><li>user enumeration protection</li><li>WordPress admin protection/security</li></ul>
102
+ <?php }
103
+
104
+
105
+ function yourplugin_helloworld_meta_box2(){ ?>
106
+ <div style="padding-left:10px;">
107
+ <?php mrt_get_serverinfo(); ?>
108
+ </div>
109
+
110
+ <?php }
111
+
112
+
113
+ function yourplugin_helloworld_meta_box3(){
114
+
115
+ ?>
116
+
117
+ <div style="text-align:center"><em>This plugin is updated as a free service to the WordPress community. Donations of any size are appreciated.</em>
118
+ <br /><br />
119
+ <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=mrtorbert%40gmail%2ecom&item_name=Support%20WordPress%20Security%20Scan%20Plugin&no_shipping=0&no_note=1&tax=0&currency_code=USD&lc=US&bn=PP%2dDonationsBF&charset=UTF%2d8" target="_blank">Click here to support this plugin.</a>
120
+ <br /><br /><h4>Highest Donations</h4></div><?php
121
+
122
+ /*$ch = curl_init("http://semperfiwebdesign.com/top_donations.php");
123
+ $fp = fopen("top_donations.php", "w");
124
+ curl_setopt($ch, CURLOPT_FILE, $fp);
125
+ curl_setopt($ch, CURLOPT_HEADER, 0);
126
+ curl_exec($ch);
127
+ curl_close($ch);
128
+ fclose($fp);
129
+ */
130
+
131
+ $ch = curl_init();
132
+ curl_setopt($ch, CURLOPT_URL, "http://semperfiwebdesign.com/top_donations.php");
133
+ curl_setopt($ch, CURLOPT_HEADER, 0);
134
+ curl_exec($ch);
135
+ curl_close($ch);
136
+
137
+ ?>
138
+ <br /><br /><div style="text-align:center"><h4>Recent Donations</h4></div><?php
139
+
140
+
141
+ $ch = curl_init();
142
+ curl_setopt($ch, CURLOPT_URL, "http://semperfiwebdesign.com/recent_donations.php");
143
+ curl_setopt($ch, CURLOPT_HEADER, 0);
144
+ curl_exec($ch);
145
+ curl_close($ch);
146
+
147
+ /*
148
+ $ch = curl_init("http://semperfiwebdesign.com/recent_donations.php");
149
+ $fp = fopen("recent_donations.php", "w");
150
+ curl_setopt($ch, CURLOPT_FILE, $fp);
151
+ curl_setopt($ch, CURLOPT_HEADER, 0);
152
+ curl_exec($ch);
153
+ curl_close($ch);
154
+ fclose($fp);
155
+ */
156
+
157
+ }
158
+
159
+
160
+ function mrt_opt_mng_pg() {
161
+ ?>
162
+
163
+
164
+ <div class="wrap">
165
+ <h2>WP - Security Admin Tools</h2>
166
+
167
+ <!--<div id='update-nag'>A new version of WP Security Scan is available!</div>-->
168
+ <?php //$rss = fetch_rss('http://alexrabe.boelinger.com/?tag=nextgen-gallery&feed=rss2');?>
169
+
170
+
171
+ <?php
172
+
173
+ add_meta_box("yourplugin_helloworld", 'Initial Scan', "yourplugin_helloworld_meta_box", "wpss");
174
+ add_meta_box("yourplugin_helloworld", 'System Information Scan', "yourplugin_helloworld_meta_box2", "wpss2");
175
+ add_meta_box("yourplugin_helloworld", 'Donations', "yourplugin_helloworld_meta_box3", "wpss3");
176
+
177
+ ?>
178
+
179
+ <div id="dashboard-widgets-wrap">
180
+ <div class="metabox-holder">
181
+ <div style="float:left; width:48%;" class="inner-sidebar">
182
+ <?php do_meta_boxes('wpss','advanced',''); ?>
183
+ </div>
184
+
185
+ <div style="float:right; width:48%; " class="inner-sidebar">
186
+ <?php do_meta_boxes('wpss2','advanced',''); ?>
187
+ </div>
188
+
189
+ <div style="clear:both"></div>
190
+
191
+ <div style="float:left;width:500px;" class="inner-sidebar">
192
+ <?php do_meta_boxes('wpss3','advanced',''); ?>
193
+ </div>
194
+ </div>
195
+
196
+ <div style="clear:both;"></div>
197
+ </div>
198
+
199
+ <br /><em>For comments, suggestions, bug reporting, etc please <a href="http://semperfiwebdesign.com/contact/">click here</a>.</em>
200
+
201
+
202
+ Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
203
+ </div>
204
+ <?php }
205
+
206
+ function mrt_hd()
207
+ {
208
+ $siteurl = get_option('siteurl');?>
209
+ <script language="JavaScript" type="text/javascript" src="<?php echo $siteurl;?>/wp-content/plugins/wp-security-scan/js/scripts.js"></script>
210
+ <script language="JavaScript" type="text/javascript" src="<?php echo $siteurl;?>/wp-content/plugins/wp-security-scan/scripts.js"></script>
211
+ <script type="text/javascript">
212
+ //window.onload=function(){enableTooltips()};
213
+ </script>
214
+ <!--<link rel="stylesheet" type="text/css" href="<?php echo $siteurl;?>/wp-content/plugins/wp-security-scan/style.css" />-->
215
+ <?php }
216
+ ?>