Version Description
Download this release
Release Info
| Developer | hallsofmontezuma |
| Plugin |  Acunetix WP Security |
| Version | 2.6 |
| Comparing to | |
| See all releases | |
Code changes from version 2.5 to 2.6
- database.php +162 -162
- functions.php +128 -128
- readme.txt +1 -1
- scanner.php +31 -31
- securityscan.php +26 -17
database.php
CHANGED
|
@@ -1,162 +1,162 @@
|
|
| 1 |
-
<?php
|
| 2 |
-
/*
|
| 3 |
-
Thank you Philipp Heinze.
|
| 4 |
-
*/
|
| 5 |
-
|
| 6 |
-
function mrt_sub3(){
|
| 7 |
-
?>
|
| 8 |
-
<div class=wrap>
|
| 9 |
-
<h2><?php _e('WP - Database Security') ?></h2>
|
| 10 |
-
<div style="height:299px"><br />
|
| 11 |
-
<h3><i>Make a backup of your database before using this tool:</i></h3>
|
| 12 |
-
|
| 13 |
-
<?php /*global $wpdb;
|
| 14 |
-
$mrtright = $wpdb->get_results("SHOW GRANTS FOR '".DB_USER."'@'".DB_HOST."'", ARRAY_N);
|
| 15 |
-
echo "rights: ";
|
| 16 |
-
print_r($mrtright);*/
|
| 17 |
-
?>
|
| 18 |
-
|
| 19 |
-
<p>Change your database table prefix to mitigate zero-day SQL Injection attacks.</p>
|
| 20 |
-
<p><b>Before running this script:</b>
|
| 21 |
-
<ul><li>wp-config must be set to writable before running this script.</li>
|
| 22 |
-
<li>the database user you're using with WordPress must have ALTER rights</li></ul>
|
| 23 |
-
|
| 24 |
-
<form action='' method='post' name='prefixchanging'>
|
| 25 |
-
<?php
|
| 26 |
-
if (function_exists('wp_nonce_field')) {
|
| 27 |
-
wp_nonce_field('prefix-changer-change_prefix');
|
| 28 |
-
}
|
| 29 |
-
?>
|
| 30 |
-
Change the current:<input type="Text" name="prefix_n" value="<?php echo($GLOBALS['table_prefix']);?>" size="20" maxlength="50"> prefix to something different if it's the default wp_<br />
|
| 31 |
-
Allowed Chars are all latin Alphanumeric Chars as well as the Chars <strong>-</strong> and <strong>_</strong>.
|
| 32 |
-
<input type='submit' name='renameprefix' value='Start Renaming'/>
|
| 33 |
-
</form>
|
| 34 |
-
|
| 35 |
-
<?php
|
| 36 |
-
if (isset($_POST['prefix_n'])) {
|
| 37 |
-
check_admin_referer('prefix-changer-change_prefix');
|
| 38 |
-
$wpdb =& $GLOBALS['wpdb'];
|
| 39 |
-
$newpref = ereg_replace("[^0-9a-zA-Z_-]", "", $_POST['prefix_n']);
|
| 40 |
-
//checking if user has enough rights to alter the Tablestructure
|
| 41 |
-
$rights = $wpdb->get_results("SHOW GRANTS FOR '".DB_USER."'@'".DB_HOST."'", ARRAY_N);
|
| 42 |
-
foreach ($rights as $right) {
|
| 43 |
-
if (ereg("ALTER(.*)(\*|`".str_replace("_", "\\_", DB_NAME)."`)\.(\*|`".DB_HOST."`) TO '".DB_USER."'@'".DB_HOST."'", $right[0]) || ereg("ALL PRIVILEGES ON (\*|`".str_replace("_", "\\_", DB_NAME)."`)\.(\*|`".DB_HOST."`) TO '".DB_USER."'@'".DB_HOST."'", $right[0])) {
|
| 44 |
-
$rightsenough = true;
|
| 45 |
-
$rightstomuch = true;
|
| 46 |
-
break;
|
| 47 |
-
} else {
|
| 48 |
-
if (ereg("ALTER(.*)`".DB_NAME."`", $right[0])) {
|
| 49 |
-
$rightsenough = true;
|
| 50 |
-
break;
|
| 51 |
-
}
|
| 52 |
-
}
|
| 53 |
-
}
|
| 54 |
-
if (!isset($rightsenough) && $rightsenough != true) {
|
| 55 |
-
exit('<font color="#ff0000">Your User which is used to access your Wordpress Tables/Database, hasn\'t enough rights( is missing ALTER-right) to alter your Tablestructure. Please visit the plugin <a href="http://semperfiwebdesign.com/documentation/wp-security-scan/change-wordpress-database-table-name-prefix/" target=_blank">documentation</a> for more information. If you believe you have alter rights, please <a href="http://semperfiwebdesign.com/contact/">contact</a> the plugin author for assistance.<br />');
|
| 56 |
-
}
|
| 57 |
-
if (isset($rightstomuch) && $rightstomuch === true) {
|
| 58 |
-
echo ('<font color="#FF9B05">Your currently used User to Access the Wordpress Database, holds too many rights. '.
|
| 59 |
-
'We suggest that you limit his rights or to use another User with more limited rights instead, to increase your Security.</font><br />');
|
| 60 |
-
}
|
| 61 |
-
if ($newpref == $GLOBALS['table_prefix']) {
|
| 62 |
-
exit ("No change: Please select a new table_prefix value.</div>");
|
| 63 |
-
} elseif (strlen($newpref) < strlen($_POST['prefix_n'])){
|
| 64 |
-
echo ("You used some Chars which aren't allowed within Tablenames".
|
| 65 |
-
"The sanitized prefix is used instead: " . $newpref);
|
| 66 |
-
}
|
| 67 |
-
|
| 68 |
-
echo("<h2>Started Prefix Changer:</h2>");
|
| 69 |
-
|
| 70 |
-
//we rename the tables before we change the Config file, so We can aviod changed Configs, without changed prefixes.
|
| 71 |
-
echo("<h3> Start Renaming of Tables:</h3>");
|
| 72 |
-
$oldtables = $wpdb->get_results("SHOW TABLES LIKE '".$GLOBALS['table_prefix']."%'", ARRAY_N);//retrieving all tables named with the prefix on start
|
| 73 |
-
$table_c = count($oldtables);
|
| 74 |
-
$table_s = 0;//holds the count of successful changed tables.
|
| 75 |
-
$table_f[] = '';//holds all table names which failed to be changed
|
| 76 |
-
for($i = 0; $i < $table_c; $i++) {//renaming each table to the new prefix
|
| 77 |
-
$wpdb->hide_errors();
|
| 78 |
-
$table_n = str_replace($GLOBALS['table_prefix'], $newpref, $oldtables[$i][0]);
|
| 79 |
-
echo " Renaming ".$oldtables[$i][0]." to $table_n:";
|
| 80 |
-
$table_r = $wpdb->query("RENAME TABLE ".$oldtables[$i][0]." TO $table_n");
|
| 81 |
-
if ($table_r === 0) {
|
| 82 |
-
echo ('<font color="#00ff00"> Success</font><br />');
|
| 83 |
-
$table_s++;
|
| 84 |
-
} elseif ($table_r === FALSE) {
|
| 85 |
-
echo ('<font color="#ff0000"> Failed</font><br />');
|
| 86 |
-
$table_f[] = $oldtables[$i][0];
|
| 87 |
-
}
|
| 88 |
-
}//changing some "hardcoded" wp values within the tables
|
| 89 |
-
echo ("<h3> Start changing Databasesettings:</h3>");
|
| 90 |
-
if ($wpdb->query("UPDATE ".$newpref."options SET option_name='".$newpref."user_roles' WHERE option_name='".$GLOBALS['table_prefix']."user_roles' LIMIT 1") <> 1) {
|
| 91 |
-
echo (' Changing values in table '.$newpref.'options: 1/1 <font color="#ff0000">Failed</font><br />');
|
| 92 |
-
} else {
|
| 93 |
-
echo (' Changing values in table '.$GLOBALS['table_prefix'].'options 1/1: <font color="#00ff00">Success</font><br />');
|
| 94 |
-
}
|
| 95 |
-
if ($wpdb->query("UPDATE ".$newpref."usermeta SET meta_key='".$newpref."capabilities' WHERE meta_key='".$GLOBALS['table_prefix']."capabilities'") <> 1) {
|
| 96 |
-
echo (' Changing values in table '.$GLOBALS['table_prefix'].'usermeta 1/3: <font color="#ff0000">Failed</font><br />');
|
| 97 |
-
} else {
|
| 98 |
-
echo (' Changing values in table '.$GLOBALS['table_prefix'].'usermeta 1/3: <font color="#00ff00">Success</font><br />');
|
| 99 |
-
}
|
| 100 |
-
if ($wpdb->query("UPDATE ".$newpref."usermeta SET meta_key='".$newpref."user_level' WHERE meta_key='".$GLOBALS['table_prefix']."user_level'") === FALSE)
|
| 101 |
-
{
|
| 102 |
-
echo (' Changing values in table '.$GLOBALS['table_prefix'].'usermeta 2/3: <font color="#ff0000">Failed</font><br />');
|
| 103 |
-
} else {
|
| 104 |
-
echo (' Changing values in table '.$GLOBALS['table_prefix'].'usermeta 2/3: <font color="#00ff00">Success</font><br />');
|
| 105 |
-
}
|
| 106 |
-
if ($wpdb->query("UPDATE ".$newpref."usermeta SET meta_key='".$newpref."autosave_draft_ids' WHERE meta_key='".$GLOBALS['table_prefix']."autosave_draft_ids'") === 0) {
|
| 107 |
-
echo (' Changing values in table '.$GLOBALS['table_prefix'].'usermeta 3/3: <font color="#000000">Value doesn\'t exist</font><br />');
|
| 108 |
-
} else {
|
| 109 |
-
echo (' Changing values in table '.$GLOBALS['table_prefix'].'usermeta 3/3: <font color="#00ff00">Success</font><br />');
|
| 110 |
-
}
|
| 111 |
-
|
| 112 |
-
if ($table_s == 0) {
|
| 113 |
-
exit('<font color="#ff0000">Some Error occured, it wasn\'t possible to change any Tableprefix. Please retry, no changes are done to your wp-config File.</font><br />');
|
| 114 |
-
} elseif ($table_s < $table_c) {
|
| 115 |
-
echo('<font color="#ff0000">It wasn\'t possible to rename some of your Tables prefix. Please change them manually. Following you\'ll see all failed tables:<br />');
|
| 116 |
-
for ($i = 1; $i < count($tables_f); $i++) {
|
| 117 |
-
echo ($tables_f[$i])."<br />";
|
| 118 |
-
}
|
| 119 |
-
exit('No changes where done to your wp-config File.</font><br />');
|
| 120 |
-
}
|
| 121 |
-
|
| 122 |
-
echo("<h3>Changing Config File:</h3>");
|
| 123 |
-
$conf_f = "../wp-config.php";
|
| 124 |
-
|
| 125 |
-
@chmod($conf_f, 0777);//making the the config readable to change the prefix
|
| 126 |
-
if (!is_writeable($conf_f)) {//when automatic config file changing isn't possible the user get's all needed information to do it manually
|
| 127 |
-
echo(' 1/1 file writeable: <font color="#ff0000">Not Writeable</font><br />');
|
| 128 |
-
echo('<b>Please make your wp-config.php file writable for this process.</b>');
|
| 129 |
-
die("</div>");
|
| 130 |
-
} else {//changing if possible the config file automatically
|
| 131 |
-
echo(' 1/3 file writeable: <font color="#00ff00"> Writeable</font><br />');
|
| 132 |
-
$handle = @fopen($conf_f, "r+");
|
| 133 |
-
if ($handle) {
|
| 134 |
-
while (!feof($handle)) {
|
| 135 |
-
$lines[] = fgets($handle, 4096);
|
| 136 |
-
}//while feof
|
| 137 |
-
fclose($handle);
|
| 138 |
-
$handle = @fopen($conf_f, "w+");
|
| 139 |
-
foreach ($lines as $line) {
|
| 140 |
-
if (strpos($line, $GLOBALS['table_prefix'])) {
|
| 141 |
-
$line = str_replace($GLOBALS['table_prefix'], $newpref, $line);
|
| 142 |
-
echo(' 2/3 <font color="#00ff00">table prefix changed!</font><br />');
|
| 143 |
-
}//if strpos
|
| 144 |
-
fwrite($handle, $line);
|
| 145 |
-
}//foreach $lines
|
| 146 |
-
fclose($handle);
|
| 147 |
-
if (chmod ($conf_f, 0644)) {
|
| 148 |
-
echo(' 3/3 <font color="#00ff00">Config files permission set to 644, for security purpose.</font><br />');
|
| 149 |
-
} else {
|
| 150 |
-
echo (' 3/3 wasn\'t able to set chmod to 644, please check if your files permission is set back to 644!<br />');
|
| 151 |
-
}//if chmod
|
| 152 |
-
}//if handle
|
| 153 |
-
}//if is_writeable
|
| 154 |
-
|
| 155 |
-
}//if prefix
|
| 156 |
-
?>
|
| 157 |
-
</div>
|
| 158 |
-
Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
|
| 159 |
-
</div>
|
| 160 |
-
<?php
|
| 161 |
-
}//function prefix_changer
|
| 162 |
-
?>
|
| 1 |
+
<?php
|
| 2 |
+
/*
|
| 3 |
+
Thank you Philipp Heinze.
|
| 4 |
+
*/
|
| 5 |
+
|
| 6 |
+
function mrt_sub3(){
|
| 7 |
+
?>
|
| 8 |
+
<div class=wrap>
|
| 9 |
+
<h2><?php _e('WP - Database Security') ?></h2>
|
| 10 |
+
<div style="height:299px"><br />
|
| 11 |
+
<h3><i>Make a backup of your database before using this tool:</i></h3>
|
| 12 |
+
|
| 13 |
+
<?php /*global $wpdb;
|
| 14 |
+
$mrtright = $wpdb->get_results("SHOW GRANTS FOR '".DB_USER."'@'".DB_HOST."'", ARRAY_N);
|
| 15 |
+
echo "rights: ";
|
| 16 |
+
print_r($mrtright);*/
|
| 17 |
+
?>
|
| 18 |
+
|
| 19 |
+
<p>Change your database table prefix to mitigate zero-day SQL Injection attacks.</p>
|
| 20 |
+
<p><b>Before running this script:</b>
|
| 21 |
+
<ul><li>wp-config must be set to writable before running this script.</li>
|
| 22 |
+
<li>the database user you're using with WordPress must have ALTER rights</li></ul>
|
| 23 |
+
|
| 24 |
+
<form action='' method='post' name='prefixchanging'>
|
| 25 |
+
<?php
|
| 26 |
+
if (function_exists('wp_nonce_field')) {
|
| 27 |
+
wp_nonce_field('prefix-changer-change_prefix');
|
| 28 |
+
}
|
| 29 |
+
?>
|
| 30 |
+
Change the current:<input type="Text" name="prefix_n" value="<?php echo($GLOBALS['table_prefix']);?>" size="20" maxlength="50"> prefix to something different if it's the default wp_<br />
|
| 31 |
+
Allowed Chars are all latin Alphanumeric Chars as well as the Chars <strong>-</strong> and <strong>_</strong>.
|
| 32 |
+
<input type='submit' name='renameprefix' value='Start Renaming'/>
|
| 33 |
+
</form>
|
| 34 |
+
|
| 35 |
+
<?php
|
| 36 |
+
if (isset($_POST['prefix_n'])) {
|
| 37 |
+
check_admin_referer('prefix-changer-change_prefix');
|
| 38 |
+
$wpdb =& $GLOBALS['wpdb'];
|
| 39 |
+
$newpref = ereg_replace("[^0-9a-zA-Z_-]", "", $_POST['prefix_n']);
|
| 40 |
+
//checking if user has enough rights to alter the Tablestructure
|
| 41 |
+
$rights = $wpdb->get_results("SHOW GRANTS FOR '".DB_USER."'@'".DB_HOST."'", ARRAY_N);
|
| 42 |
+
foreach ($rights as $right) {
|
| 43 |
+
if (ereg("ALTER(.*)(\*|`".str_replace("_", "\\_", DB_NAME)."`)\.(\*|`".DB_HOST."`) TO '".DB_USER."'@'".DB_HOST."'", $right[0]) || ereg("ALL PRIVILEGES ON (\*|`".str_replace("_", "\\_", DB_NAME)."`)\.(\*|`".DB_HOST."`) TO '".DB_USER."'@'".DB_HOST."'", $right[0])) {
|
| 44 |
+
$rightsenough = true;
|
| 45 |
+
$rightstomuch = true;
|
| 46 |
+
break;
|
| 47 |
+
} else {
|
| 48 |
+
if (ereg("ALTER(.*)`".DB_NAME."`", $right[0])) {
|
| 49 |
+
$rightsenough = true;
|
| 50 |
+
break;
|
| 51 |
+
}
|
| 52 |
+
}
|
| 53 |
+
}
|
| 54 |
+
if (!isset($rightsenough) && $rightsenough != true) {
|
| 55 |
+
exit('<font color="#ff0000">Your User which is used to access your Wordpress Tables/Database, hasn\'t enough rights( is missing ALTER-right) to alter your Tablestructure. Please visit the plugin <a href="http://semperfiwebdesign.com/documentation/wp-security-scan/change-wordpress-database-table-name-prefix/" target=_blank">documentation</a> for more information. If you believe you have alter rights, please <a href="http://semperfiwebdesign.com/contact/">contact</a> the plugin author for assistance.<br />');
|
| 56 |
+
}
|
| 57 |
+
if (isset($rightstomuch) && $rightstomuch === true) {
|
| 58 |
+
echo ('<font color="#FF9B05">Your currently used User to Access the Wordpress Database, holds too many rights. '.
|
| 59 |
+
'We suggest that you limit his rights or to use another User with more limited rights instead, to increase your Security.</font><br />');
|
| 60 |
+
}
|
| 61 |
+
if ($newpref == $GLOBALS['table_prefix']) {
|
| 62 |
+
exit ("No change: Please select a new table_prefix value.</div>");
|
| 63 |
+
} elseif (strlen($newpref) < strlen($_POST['prefix_n'])){
|
| 64 |
+
echo ("You used some Chars which aren't allowed within Tablenames".
|
| 65 |
+
"The sanitized prefix is used instead: " . $newpref);
|
| 66 |
+
}
|
| 67 |
+
|
| 68 |
+
echo("<h2>Started Prefix Changer:</h2>");
|
| 69 |
+
|
| 70 |
+
//we rename the tables before we change the Config file, so We can aviod changed Configs, without changed prefixes.
|
| 71 |
+
echo("<h3> Start Renaming of Tables:</h3>");
|
| 72 |
+
$oldtables = $wpdb->get_results("SHOW TABLES LIKE '".$GLOBALS['table_prefix']."%'", ARRAY_N);//retrieving all tables named with the prefix on start
|
| 73 |
+
$table_c = count($oldtables);
|
| 74 |
+
$table_s = 0;//holds the count of successful changed tables.
|
| 75 |
+
$table_f[] = '';//holds all table names which failed to be changed
|
| 76 |
+
for($i = 0; $i < $table_c; $i++) {//renaming each table to the new prefix
|
| 77 |
+
$wpdb->hide_errors();
|
| 78 |
+
$table_n = str_replace($GLOBALS['table_prefix'], $newpref, $oldtables[$i][0]);
|
| 79 |
+
echo " Renaming ".$oldtables[$i][0]." to $table_n:";
|
| 80 |
+
$table_r = $wpdb->query("RENAME TABLE ".$oldtables[$i][0]." TO $table_n");
|
| 81 |
+
if ($table_r === 0) {
|
| 82 |
+
echo ('<font color="#00ff00"> Success</font><br />');
|
| 83 |
+
$table_s++;
|
| 84 |
+
} elseif ($table_r === FALSE) {
|
| 85 |
+
echo ('<font color="#ff0000"> Failed</font><br />');
|
| 86 |
+
$table_f[] = $oldtables[$i][0];
|
| 87 |
+
}
|
| 88 |
+
}//changing some "hardcoded" wp values within the tables
|
| 89 |
+
echo ("<h3> Start changing Databasesettings:</h3>");
|
| 90 |
+
if ($wpdb->query($wpdb->prepare("UPDATE ".$newpref."options SET option_name='".$newpref."user_roles' WHERE option_name='".$GLOBALS['table_prefix']."user_roles' LIMIT 1")) <> 1) {
|
| 91 |
+
echo (' Changing values in table '.$newpref.'options: 1/1 <font color="#ff0000">Failed</font><br />');
|
| 92 |
+
} else {
|
| 93 |
+
echo (' Changing values in table '.$GLOBALS['table_prefix'].'options 1/1: <font color="#00ff00">Success</font><br />');
|
| 94 |
+
}
|
| 95 |
+
if ($wpdb->query($wpdb->prepare("UPDATE ".$newpref."usermeta SET meta_key='".$newpref."capabilities' WHERE meta_key='".$GLOBALS['table_prefix']."capabilities'") <> 1)) {
|
| 96 |
+
echo (' Changing values in table '.$GLOBALS['table_prefix'].'usermeta 1/3: <font color="#ff0000">Failed</font><br />');
|
| 97 |
+
} else {
|
| 98 |
+
echo (' Changing values in table '.$GLOBALS['table_prefix'].'usermeta 1/3: <font color="#00ff00">Success</font><br />');
|
| 99 |
+
}
|
| 100 |
+
if ($wpdb->query($wpdb->prepare("UPDATE ".$newpref."usermeta SET meta_key='".$newpref."user_level' WHERE meta_key='".$GLOBALS['table_prefix']."user_level'")) === FALSE)
|
| 101 |
+
{
|
| 102 |
+
echo (' Changing values in table '.$GLOBALS['table_prefix'].'usermeta 2/3: <font color="#ff0000">Failed</font><br />');
|
| 103 |
+
} else {
|
| 104 |
+
echo (' Changing values in table '.$GLOBALS['table_prefix'].'usermeta 2/3: <font color="#00ff00">Success</font><br />');
|
| 105 |
+
}
|
| 106 |
+
if ($wpdb->query($wpdb->prepare("UPDATE ".$newpref."usermeta SET meta_key='".$newpref."autosave_draft_ids' WHERE meta_key='".$GLOBALS['table_prefix']."autosave_draft_ids'")) === 0) {
|
| 107 |
+
echo (' Changing values in table '.$GLOBALS['table_prefix'].'usermeta 3/3: <font color="#000000">Value doesn\'t exist</font><br />');
|
| 108 |
+
} else {
|
| 109 |
+
echo (' Changing values in table '.$GLOBALS['table_prefix'].'usermeta 3/3: <font color="#00ff00">Success</font><br />');
|
| 110 |
+
}
|
| 111 |
+
|
| 112 |
+
if ($table_s == 0) {
|
| 113 |
+
exit('<font color="#ff0000">Some Error occured, it wasn\'t possible to change any Tableprefix. Please retry, no changes are done to your wp-config File.</font><br />');
|
| 114 |
+
} elseif ($table_s < $table_c) {
|
| 115 |
+
echo('<font color="#ff0000">It wasn\'t possible to rename some of your Tables prefix. Please change them manually. Following you\'ll see all failed tables:<br />');
|
| 116 |
+
for ($i = 1; $i < count($tables_f); $i++) {
|
| 117 |
+
echo ($tables_f[$i])."<br />";
|
| 118 |
+
}
|
| 119 |
+
exit('No changes where done to your wp-config File.</font><br />');
|
| 120 |
+
}
|
| 121 |
+
|
| 122 |
+
echo("<h3>Changing Config File:</h3>");
|
| 123 |
+
$conf_f = "../wp-config.php";
|
| 124 |
+
|
| 125 |
+
@chmod($conf_f, 0777);//making the the config readable to change the prefix
|
| 126 |
+
if (!is_writeable($conf_f)) {//when automatic config file changing isn't possible the user get's all needed information to do it manually
|
| 127 |
+
echo(' 1/1 file writeable: <font color="#ff0000">Not Writeable</font><br />');
|
| 128 |
+
echo('<b>Please make your wp-config.php file writable for this process.</b>');
|
| 129 |
+
die("</div>");
|
| 130 |
+
} else {//changing if possible the config file automatically
|
| 131 |
+
echo(' 1/3 file writeable: <font color="#00ff00"> Writeable</font><br />');
|
| 132 |
+
$handle = @fopen($conf_f, "r+");
|
| 133 |
+
if ($handle) {
|
| 134 |
+
while (!feof($handle)) {
|
| 135 |
+
$lines[] = fgets($handle, 4096);
|
| 136 |
+
}//while feof
|
| 137 |
+
fclose($handle);
|
| 138 |
+
$handle = @fopen($conf_f, "w+");
|
| 139 |
+
foreach ($lines as $line) {
|
| 140 |
+
if (strpos($line, $GLOBALS['table_prefix'])) {
|
| 141 |
+
$line = str_replace($GLOBALS['table_prefix'], $newpref, $line);
|
| 142 |
+
echo(' 2/3 <font color="#00ff00">table prefix changed!</font><br />');
|
| 143 |
+
}//if strpos
|
| 144 |
+
fwrite($handle, $line);
|
| 145 |
+
}//foreach $lines
|
| 146 |
+
fclose($handle);
|
| 147 |
+
if (chmod ($conf_f, 0644)) {
|
| 148 |
+
echo(' 3/3 <font color="#00ff00">Config files permission set to 644, for security purpose.</font><br />');
|
| 149 |
+
} else {
|
| 150 |
+
echo (' 3/3 wasn\'t able to set chmod to 644, please check if your files permission is set back to 644!<br />');
|
| 151 |
+
}//if chmod
|
| 152 |
+
}//if handle
|
| 153 |
+
}//if is_writeable
|
| 154 |
+
|
| 155 |
+
}//if prefix
|
| 156 |
+
?>
|
| 157 |
+
</div>
|
| 158 |
+
Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
|
| 159 |
+
</div>
|
| 160 |
+
<?php
|
| 161 |
+
}//function prefix_changer
|
| 162 |
+
?>
|
functions.php
CHANGED
|
@@ -1,128 +1,128 @@
|
|
| 1 |
-
<?php
|
| 2 |
-
|
| 3 |
-
function make_seed() {
|
| 4 |
-
list($usec, $sec) = explode(' ', microtime());
|
| 5 |
-
return (float) $sec + ((float) $usec * 100000);
|
| 6 |
-
}
|
| 7 |
-
|
| 8 |
-
function make_password($password_length){
|
| 9 |
-
srand(make_seed());
|
| 10 |
-
$alfa = "!@123!@4567!@890qwer!@tyuiopa@!sdfghjkl@!zxcvbn@!mQWERTYUIO@!PASDFGH@!JKLZXCVBNM!@";
|
| 11 |
-
$token = "";
|
| 12 |
-
for($i = 0; $i < $password_length; $i ++) {
|
| 13 |
-
$token .= $alfa[rand(0, strlen($alfa))];
|
| 14 |
-
}
|
| 15 |
-
return $token;
|
| 16 |
-
}
|
| 17 |
-
|
| 18 |
-
function check_perms($name,$path,$perm)
|
| 19 |
-
{
|
| 20 |
-
clearstatcache();
|
| 21 |
-
// $configmod = fileperms($path);
|
| 22 |
-
$configmod = substr(sprintf(".%o.", fileperms($path)), -4);
|
| 23 |
-
$trcss = (($configmod != $perm) ? "background-color:#fd7a7a;" : "background-color:#91f587;");
|
| 24 |
-
echo "<tr style=".$trcss.">";
|
| 25 |
-
echo '<td style="border:0px;">' . $name . "</td>";
|
| 26 |
-
echo '<td style="border:0px;">'. $path ."</td>";
|
| 27 |
-
echo '<td style="border:0px;">' . $perm . '</td>';
|
| 28 |
-
echo '<td style="border:0px;">' . $configmod . '</td>';
|
| 29 |
-
// echo '<td style="border:0px;">' . '<input type="submit" name="' . $perm . '" value="Change now.">' . '</td>';
|
| 30 |
-
echo "</tr>";
|
| 31 |
-
}
|
| 32 |
-
|
| 33 |
-
function mrt_get_serverinfo() {
|
| 34 |
-
global $wpdb;
|
| 35 |
-
$sqlversion = $wpdb->get_var("SELECT VERSION() AS version");
|
| 36 |
-
$mysqlinfo = $wpdb->get_results("SHOW VARIABLES LIKE 'sql_mode'");
|
| 37 |
-
if (is_array($mysqlinfo)) $sql_mode = $mysqlinfo[0]->Value;
|
| 38 |
-
if (empty($sql_mode)) $sql_mode = __('Not set');
|
| 39 |
-
if(ini_get('safe_mode')) $safe_mode = __('On');
|
| 40 |
-
else $safe_mode = __('Off');
|
| 41 |
-
if(ini_get('allow_url_fopen')) $allow_url_fopen = __('On');
|
| 42 |
-
else $allow_url_fopen = __('Off');
|
| 43 |
-
if(ini_get('upload_max_filesize')) $upload_max = ini_get('upload_max_filesize');
|
| 44 |
-
else $upload_max = __('N/A');
|
| 45 |
-
if(ini_get('post_max_size')) $post_max = ini_get('post_max_size');
|
| 46 |
-
else $post_max = __('N/A');
|
| 47 |
-
if(ini_get('max_execution_time')) $max_execute = ini_get('max_execution_time');
|
| 48 |
-
else $max_execute = __('N/A');
|
| 49 |
-
if(ini_get('memory_limit')) $memory_limit = ini_get('memory_limit');
|
| 50 |
-
else $memory_limit = __('N/A');
|
| 51 |
-
if (function_exists('memory_get_usage')) $memory_usage = round(memory_get_usage() / 1024 / 1024, 2) . __(' MByte');
|
| 52 |
-
else $memory_usage = __('N/A');
|
| 53 |
-
if (is_callable('exif_read_data')) $exif = __('Yes'). " ( V" . substr(phpversion('exif'),0,4) . ")" ;
|
| 54 |
-
else $exif = __('No');
|
| 55 |
-
if (is_callable('iptcparse')) $iptc = __('Yes');
|
| 56 |
-
else $iptc = __('No');
|
| 57 |
-
if (is_callable('xml_parser_create')) $xml = __('Yes');
|
| 58 |
-
else $xml = __('No');
|
| 59 |
-
|
| 60 |
-
?>
|
| 61 |
-
<li><?php _e('Operating System'); ?> : <strong><?php echo PHP_OS; ?></strong></li>
|
| 62 |
-
<li><?php _e('Server'); ?> : <strong><?php echo $_SERVER["SERVER_SOFTWARE"]; ?></strong></li>
|
| 63 |
-
<li><?php _e('Memory usage'); ?> : <strong><?php echo $memory_usage; ?></strong></li>
|
| 64 |
-
<li><?php _e('MYSQL Version'); ?> : <strong><?php echo $sqlversion; ?></strong></li>
|
| 65 |
-
<li><?php _e('SQL Mode'); ?> : <strong><?php echo $sql_mode; ?></strong></li>
|
| 66 |
-
<li><?php _e('PHP Version'); ?> : <strong><?php echo PHP_VERSION; ?></strong></li>
|
| 67 |
-
<li><?php _e('PHP Safe Mode'); ?> : <strong><?php echo $safe_mode; ?></strong></li>
|
| 68 |
-
<li><?php _e('PHP Allow URL fopen'); ?> : <strong><?php echo $allow_url_fopen; ?></strong></li>
|
| 69 |
-
<li><?php _e('PHP Memory Limit'); ?> : <strong><?php echo $memory_limit; ?></strong></li>
|
| 70 |
-
<li><?php _e('PHP Max Upload Size'); ?> : <strong><?php echo $upload_max; ?></strong></li>
|
| 71 |
-
<li><?php _e('PHP Max Post Size'); ?> : <strong><?php echo $post_max; ?></strong></li>
|
| 72 |
-
<li><?php _e('PHP Max Script Execute Time'); ?> : <strong><?php echo $max_execute; ?>s</strong></li>
|
| 73 |
-
<li><?php _e('PHP Exif support'); ?> : <strong><?php echo $exif; ?></strong></li>
|
| 74 |
-
<li><?php _e('PHP IPTC support'); ?> : <strong><?php echo $iptc; ?></strong></li>
|
| 75 |
-
<li><?php _e('PHP XML support'); ?> : <strong><?php echo $xml; ?></strong></li>
|
| 76 |
-
<?php
|
| 77 |
-
}
|
| 78 |
-
|
| 79 |
-
function mrt_check_table_prefix(){
|
| 80 |
-
if($GLOBALS['table_prefix']=='wp_'){
|
| 81 |
-
echo '<font color="red">Your table prefix should not be <i>wp_</i>. <a href="admin.php?page=database">Click here</a> to change it.</font><br />';
|
| 82 |
-
}else{
|
| 83 |
-
echo '<font color="green">Your table prefix is not <i>wp_</i>.</font><br />';
|
| 84 |
-
}
|
| 85 |
-
}
|
| 86 |
-
|
| 87 |
-
function mrt_errorsoff(){
|
| 88 |
-
echo '<font color="green">WordPress DB Errors turned off.</font><br />';
|
| 89 |
-
}
|
| 90 |
-
|
| 91 |
-
function mrt_wpdberrors()
|
| 92 |
-
{
|
| 93 |
-
global $wpdb;
|
| 94 |
-
$wpdb->show_errors = false;
|
| 95 |
-
|
| 96 |
-
}
|
| 97 |
-
|
| 98 |
-
function mrt_version_removal(){
|
| 99 |
-
global $wp_version;
|
| 100 |
-
echo '<font color="green">Your WordPress version is successfully hidden.</font><br />';
|
| 101 |
-
}
|
| 102 |
-
|
| 103 |
-
function mrt_remove_wp_version()
|
| 104 |
-
{
|
| 105 |
-
if (!is_admin()) {
|
| 106 |
-
global $wp_version;
|
| 107 |
-
$wp_version = 'abc';
|
| 108 |
-
}
|
| 109 |
-
|
| 110 |
-
}
|
| 111 |
-
|
| 112 |
-
function mrt_check_version(){
|
| 113 |
-
//echo "WordPress Version: ";
|
| 114 |
-
global $wp_version;
|
| 115 |
-
$mrt_wp_ver = ereg_replace("[^0-9]", "", $wp_version);
|
| 116 |
-
while ($mrt_wp_ver > 10){
|
| 117 |
-
$mrt_wp_ver = $mrt_wp_ver/10;
|
| 118 |
-
}
|
| 119 |
-
if ($mrt_wp_ver >= "2.7") $g2k5 = '<font color="green"><strong>WordPress version: ' . $wp_version . '</strong> You have the latest stable version of WordPress.</font><br />';
|
| 120 |
-
if ($mrt_wp_ver < "2.7") $g2k5 = '<font color="red"><strong>WordPress version: ' . $wp_version . '</strong> You need version 2.7.1. Please <a href="http://wordpress.org/download/">upgrade</a> immediately.</font><br />';
|
| 121 |
-
/*echo "<b>" . $wp_version . "</b>   " ;*/echo $g2k5;
|
| 122 |
-
}
|
| 123 |
-
|
| 124 |
-
|
| 125 |
-
function mrt_javascript(){
|
| 126 |
-
$siteurl = get_option('siteurl');
|
| 127 |
-
?><script language="JavaScript" type="text/javascript" src="<?php echo
|
| 128 |
-
}?>
|
| 1 |
+
<?php
|
| 2 |
+
|
| 3 |
+
function make_seed() {
|
| 4 |
+
list($usec, $sec) = explode(' ', microtime());
|
| 5 |
+
return (float) $sec + ((float) $usec * 100000);
|
| 6 |
+
}
|
| 7 |
+
|
| 8 |
+
function make_password($password_length){
|
| 9 |
+
srand(make_seed());
|
| 10 |
+
$alfa = "!@123!@4567!@890qwer!@tyuiopa@!sdfghjkl@!zxcvbn@!mQWERTYUIO@!PASDFGH@!JKLZXCVBNM!@";
|
| 11 |
+
$token = "";
|
| 12 |
+
for($i = 0; $i < $password_length; $i ++) {
|
| 13 |
+
$token .= $alfa[rand(0, strlen($alfa))];
|
| 14 |
+
}
|
| 15 |
+
return $token;
|
| 16 |
+
}
|
| 17 |
+
|
| 18 |
+
function check_perms($name,$path,$perm)
|
| 19 |
+
{
|
| 20 |
+
clearstatcache();
|
| 21 |
+
// $configmod = fileperms($path);
|
| 22 |
+
$configmod = substr(sprintf(".%o.", fileperms($path)), -4);
|
| 23 |
+
$trcss = (($configmod != $perm) ? "background-color:#fd7a7a;" : "background-color:#91f587;");
|
| 24 |
+
echo "<tr style=".$trcss.">";
|
| 25 |
+
echo '<td style="border:0px;">' . $name . "</td>";
|
| 26 |
+
echo '<td style="border:0px;">'. $path ."</td>";
|
| 27 |
+
echo '<td style="border:0px;">' . $perm . '</td>';
|
| 28 |
+
echo '<td style="border:0px;">' . $configmod . '</td>';
|
| 29 |
+
// echo '<td style="border:0px;">' . '<input type="submit" name="' . $perm . '" value="Change now.">' . '</td>';
|
| 30 |
+
echo "</tr>";
|
| 31 |
+
}
|
| 32 |
+
|
| 33 |
+
function mrt_get_serverinfo() {
|
| 34 |
+
global $wpdb;
|
| 35 |
+
$sqlversion = $wpdb->get_var("SELECT VERSION() AS version");
|
| 36 |
+
$mysqlinfo = $wpdb->get_results("SHOW VARIABLES LIKE 'sql_mode'");
|
| 37 |
+
if (is_array($mysqlinfo)) $sql_mode = $mysqlinfo[0]->Value;
|
| 38 |
+
if (empty($sql_mode)) $sql_mode = __('Not set');
|
| 39 |
+
if(ini_get('safe_mode')) $safe_mode = __('On');
|
| 40 |
+
else $safe_mode = __('Off');
|
| 41 |
+
if(ini_get('allow_url_fopen')) $allow_url_fopen = __('On');
|
| 42 |
+
else $allow_url_fopen = __('Off');
|
| 43 |
+
if(ini_get('upload_max_filesize')) $upload_max = ini_get('upload_max_filesize');
|
| 44 |
+
else $upload_max = __('N/A');
|
| 45 |
+
if(ini_get('post_max_size')) $post_max = ini_get('post_max_size');
|
| 46 |
+
else $post_max = __('N/A');
|
| 47 |
+
if(ini_get('max_execution_time')) $max_execute = ini_get('max_execution_time');
|
| 48 |
+
else $max_execute = __('N/A');
|
| 49 |
+
if(ini_get('memory_limit')) $memory_limit = ini_get('memory_limit');
|
| 50 |
+
else $memory_limit = __('N/A');
|
| 51 |
+
if (function_exists('memory_get_usage')) $memory_usage = round(memory_get_usage() / 1024 / 1024, 2) . __(' MByte');
|
| 52 |
+
else $memory_usage = __('N/A');
|
| 53 |
+
if (is_callable('exif_read_data')) $exif = __('Yes'). " ( V" . substr(phpversion('exif'),0,4) . ")" ;
|
| 54 |
+
else $exif = __('No');
|
| 55 |
+
if (is_callable('iptcparse')) $iptc = __('Yes');
|
| 56 |
+
else $iptc = __('No');
|
| 57 |
+
if (is_callable('xml_parser_create')) $xml = __('Yes');
|
| 58 |
+
else $xml = __('No');
|
| 59 |
+
|
| 60 |
+
?>
|
| 61 |
+
<li><?php _e('Operating System'); ?> : <strong><?php echo PHP_OS; ?></strong></li>
|
| 62 |
+
<li><?php _e('Server'); ?> : <strong><?php echo $_SERVER["SERVER_SOFTWARE"]; ?></strong></li>
|
| 63 |
+
<li><?php _e('Memory usage'); ?> : <strong><?php echo $memory_usage; ?></strong></li>
|
| 64 |
+
<li><?php _e('MYSQL Version'); ?> : <strong><?php echo $sqlversion; ?></strong></li>
|
| 65 |
+
<li><?php _e('SQL Mode'); ?> : <strong><?php echo $sql_mode; ?></strong></li>
|
| 66 |
+
<li><?php _e('PHP Version'); ?> : <strong><?php echo PHP_VERSION; ?></strong></li>
|
| 67 |
+
<li><?php _e('PHP Safe Mode'); ?> : <strong><?php echo $safe_mode; ?></strong></li>
|
| 68 |
+
<li><?php _e('PHP Allow URL fopen'); ?> : <strong><?php echo $allow_url_fopen; ?></strong></li>
|
| 69 |
+
<li><?php _e('PHP Memory Limit'); ?> : <strong><?php echo $memory_limit; ?></strong></li>
|
| 70 |
+
<li><?php _e('PHP Max Upload Size'); ?> : <strong><?php echo $upload_max; ?></strong></li>
|
| 71 |
+
<li><?php _e('PHP Max Post Size'); ?> : <strong><?php echo $post_max; ?></strong></li>
|
| 72 |
+
<li><?php _e('PHP Max Script Execute Time'); ?> : <strong><?php echo $max_execute; ?>s</strong></li>
|
| 73 |
+
<li><?php _e('PHP Exif support'); ?> : <strong><?php echo $exif; ?></strong></li>
|
| 74 |
+
<li><?php _e('PHP IPTC support'); ?> : <strong><?php echo $iptc; ?></strong></li>
|
| 75 |
+
<li><?php _e('PHP XML support'); ?> : <strong><?php echo $xml; ?></strong></li>
|
| 76 |
+
<?php
|
| 77 |
+
}
|
| 78 |
+
|
| 79 |
+
function mrt_check_table_prefix(){
|
| 80 |
+
if($GLOBALS['table_prefix']=='wp_'){
|
| 81 |
+
echo '<font color="red">Your table prefix should not be <i>wp_</i>. <a href="admin.php?page=database">Click here</a> to change it.</font><br />';
|
| 82 |
+
}else{
|
| 83 |
+
echo '<font color="green">Your table prefix is not <i>wp_</i>.</font><br />';
|
| 84 |
+
}
|
| 85 |
+
}
|
| 86 |
+
|
| 87 |
+
function mrt_errorsoff(){
|
| 88 |
+
echo '<font color="green">WordPress DB Errors turned off.</font><br />';
|
| 89 |
+
}
|
| 90 |
+
|
| 91 |
+
function mrt_wpdberrors()
|
| 92 |
+
{
|
| 93 |
+
global $wpdb;
|
| 94 |
+
$wpdb->show_errors = false;
|
| 95 |
+
|
| 96 |
+
}
|
| 97 |
+
|
| 98 |
+
function mrt_version_removal(){
|
| 99 |
+
global $wp_version;
|
| 100 |
+
echo '<font color="green">Your WordPress version is successfully hidden.</font><br />';
|
| 101 |
+
}
|
| 102 |
+
|
| 103 |
+
function mrt_remove_wp_version()
|
| 104 |
+
{
|
| 105 |
+
if (!is_admin()) {
|
| 106 |
+
global $wp_version;
|
| 107 |
+
$wp_version = 'abc';
|
| 108 |
+
}
|
| 109 |
+
|
| 110 |
+
}
|
| 111 |
+
|
| 112 |
+
function mrt_check_version(){
|
| 113 |
+
//echo "WordPress Version: ";
|
| 114 |
+
global $wp_version;
|
| 115 |
+
$mrt_wp_ver = ereg_replace("[^0-9]", "", $wp_version);
|
| 116 |
+
while ($mrt_wp_ver > 10){
|
| 117 |
+
$mrt_wp_ver = $mrt_wp_ver/10;
|
| 118 |
+
}
|
| 119 |
+
if ($mrt_wp_ver >= "2.7") $g2k5 = '<font color="green"><strong>WordPress version: ' . $wp_version . '</strong> You have the latest stable version of WordPress.</font><br />';
|
| 120 |
+
if ($mrt_wp_ver < "2.7") $g2k5 = '<font color="red"><strong>WordPress version: ' . $wp_version . '</strong> You need version 2.7.1. Please <a href="http://wordpress.org/download/">upgrade</a> immediately.</font><br />';
|
| 121 |
+
/*echo "<b>" . $wp_version . "</b>   " ;*/echo $g2k5;
|
| 122 |
+
}
|
| 123 |
+
|
| 124 |
+
|
| 125 |
+
function mrt_javascript(){
|
| 126 |
+
$siteurl = get_option('siteurl');
|
| 127 |
+
?><script language="JavaScript" type="text/javascript" src="<?php echo WP_PLUGIN_DIR;?>/wp-security-scan/js/scripts.js"></script><?php
|
| 128 |
+
}?>
|
readme.txt
CHANGED
|
@@ -5,7 +5,7 @@ Tags: security, securityscan, chmod, permissions, admin, administration, authent
|
|
| 5 |
plugins, private, protection, tracking, wordpress
|
| 6 |
Requires at least: 2.3
|
| 7 |
Tested up to: 2.7.1
|
| 8 |
-
Stable tag: 2.
|
| 9 |
|
| 10 |
Scans your WordPress installation for security vulnerabilities.
|
| 11 |
|
| 5 |
plugins, private, protection, tracking, wordpress
|
| 6 |
Requires at least: 2.3
|
| 7 |
Tested up to: 2.7.1
|
| 8 |
+
Stable tag: 2.6
|
| 9 |
|
| 10 |
Scans your WordPress installation for security vulnerabilities.
|
| 11 |
|
scanner.php
CHANGED
|
@@ -1,31 +1,31 @@
|
|
| 1 |
-
<?php
|
| 2 |
-
function mrt_sub0(){?>
|
| 3 |
-
<div class=wrap>
|
| 4 |
-
<h2><?php _e('WP - Security Scan') ?></h2>
|
| 5 |
-
<div style="height:299px">
|
| 6 |
-
<table width="100%" border="0" cellspacing="0" cellpadding="3" style="text-align:center;">
|
| 7 |
-
<tr>
|
| 8 |
-
<th style="border:0px;"><b>Name</b></th>
|
| 9 |
-
<th style="border:0px;"><b>File/Dir</b></th>
|
| 10 |
-
<th style="border:0px;"><b>Needed Chmod</b></th>
|
| 11 |
-
<th style="border:0px;"><b>Current Chmod</b></th>
|
| 12 |
-
<!-- <th style="border:0px;"><b>Change Permissions</b></th>-->
|
| 13 |
-
</tr>
|
| 14 |
-
<?php
|
| 15 |
-
check_perms("root directory","../","0755");
|
| 16 |
-
check_perms("wp-includes/","../wp-includes","0755");
|
| 17 |
-
check_perms(".htaccess","../.htaccess","0644");
|
| 18 |
-
check_perms("wp-admin/index.php","index.php","0644");
|
| 19 |
-
check_perms("wp-admin/js/","js/","0755");
|
| 20 |
-
check_perms("wp-content/themes/","../wp-content/themes","0755");
|
| 21 |
-
check_perms("wp-content/plugins/","../wp-content/plugins","0755");
|
| 22 |
-
check_perms("wp-admin/","../wp-admin","0755");
|
| 23 |
-
check_perms("wp-content/","../wp-content","0755");
|
| 24 |
-
?>
|
| 25 |
-
</table>
|
| 26 |
-
|
| 27 |
-
|
| 28 |
-
</div>
|
| 29 |
-
Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
|
| 30 |
-
</div>
|
| 31 |
-
<?php } ?>
|
| 1 |
+
<?php
|
| 2 |
+
function mrt_sub0(){?>
|
| 3 |
+
<div class=wrap>
|
| 4 |
+
<h2><?php _e('WP - Security Scan') ?></h2>
|
| 5 |
+
<div style="height:299px">
|
| 6 |
+
<table width="100%" border="0" cellspacing="0" cellpadding="3" style="text-align:center;">
|
| 7 |
+
<tr>
|
| 8 |
+
<th style="border:0px;"><b>Name</b></th>
|
| 9 |
+
<th style="border:0px;"><b>File/Dir</b></th>
|
| 10 |
+
<th style="border:0px;"><b>Needed Chmod</b></th>
|
| 11 |
+
<th style="border:0px;"><b>Current Chmod</b></th>
|
| 12 |
+
<!-- <th style="border:0px;"><b>Change Permissions</b></th>-->
|
| 13 |
+
</tr>
|
| 14 |
+
<?php
|
| 15 |
+
check_perms("root directory","../","0755");
|
| 16 |
+
check_perms("wp-includes/","../wp-includes","0755");
|
| 17 |
+
check_perms(".htaccess","../.htaccess","0644");
|
| 18 |
+
check_perms("wp-admin/index.php","index.php","0644");
|
| 19 |
+
check_perms("wp-admin/js/","js/","0755");
|
| 20 |
+
check_perms("wp-content/themes/","../wp-content/themes","0755");
|
| 21 |
+
check_perms("wp-content/plugins/","../wp-content/plugins","0755");
|
| 22 |
+
check_perms("wp-admin/","../wp-admin","0755");
|
| 23 |
+
check_perms("wp-content/","../wp-content","0755");
|
| 24 |
+
?>
|
| 25 |
+
</table>
|
| 26 |
+
|
| 27 |
+
|
| 28 |
+
</div>
|
| 29 |
+
Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
|
| 30 |
+
</div>
|
| 31 |
+
<?php } ?>
|
securityscan.php
CHANGED
|
@@ -4,7 +4,7 @@ Plugin Name: WP Security Scan
|
|
| 4 |
Plugin URI: http://semperfiwebdesign.com/plugins/wp-security-scan/
|
| 5 |
Description: Perform security scan of WordPress installation.
|
| 6 |
Author: Michael Torbert
|
| 7 |
-
Version: 2.
|
| 8 |
Author URI: http://semperfiwebdesign.com/
|
| 9 |
*/
|
| 10 |
|
|
@@ -25,15 +25,24 @@ You should have received a copy of the GNU General Public License
|
|
| 25 |
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
| 26 |
*/
|
| 27 |
|
| 28 |
-
|
| 29 |
-
|
| 30 |
-
|
| 31 |
-
|
| 32 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 33 |
if(!class_exists("SimplePie")){
|
| 34 |
-
require_once(
|
| 35 |
}
|
| 36 |
-
//require_once(
|
| 37 |
|
| 38 |
|
| 39 |
add_action( 'admin_notices', mrt_update_notice, 5 );
|
|
@@ -48,7 +57,7 @@ remove_action('wp_head', 'wp_generator');
|
|
| 48 |
//add_action('admin_head', 'mrt_root_scripts');
|
| 49 |
function add_men_pg() {
|
| 50 |
if (function_exists('add_menu_page')){
|
| 51 |
-
add_menu_page('Security', 'Security', 8, __FILE__, 'mrt_opt_mng_pg',
|
| 52 |
add_submenu_page(__FILE__, 'Scanner', 'Scanner', 8, 'scanner', 'mrt_sub0');
|
| 53 |
add_submenu_page(__FILE__, 'Password Tool', 'Password Tool', 8, 'passwordtool', 'mrt_sub1');
|
| 54 |
add_submenu_page(__FILE__, 'Database', 'Database', 8, 'database', 'mrt_sub3');
|
|
@@ -58,7 +67,7 @@ function add_men_pg() {
|
|
| 58 |
|
| 59 |
/*function mrt_root_scripts(){
|
| 60 |
$siteurl = get_option('siteurl');
|
| 61 |
-
echo '<script language="JavaScript" type="text/javascript" src="' .
|
| 62 |
}*/
|
| 63 |
|
| 64 |
function mrt_update_notice(){
|
|
@@ -118,14 +127,14 @@ if($mrt_latest > $mrt_version)
|
|
| 118 |
?>
|
| 119 |
<div style="padding:10px;">
|
| 120 |
<div style="font-size:13pt;text-align:center;">Highest</div> <?php
|
| 121 |
-
// include('/
|
| 122 |
|
| 123 |
$feed = new SimplePie();
|
| 124 |
|
| 125 |
|
| 126 |
$feed->set_feed_url('feed://donations.semperfiwebdesign.com/category/highest-donations/feed/');
|
| 127 |
$feed->strip_htmltags(array('p'));
|
| 128 |
-
$feed->set_cache_location(
|
| 129 |
$feed->init();
|
| 130 |
$feed->handle_content_type();
|
| 131 |
?>
|
|
@@ -144,14 +153,14 @@ if($mrt_latest > $mrt_version)
|
|
| 144 |
|
| 145 |
|
| 146 |
<div style="font-size:13pt;text-align:center;">Recent</div> <?php
|
| 147 |
-
// include('/
|
| 148 |
|
| 149 |
$feed = new SimplePie();
|
| 150 |
|
| 151 |
|
| 152 |
$feed->set_feed_url('feed://donations.semperfiwebdesign.com/category/wp-security-scan/feed/');
|
| 153 |
$feed->strip_htmltags(array('p'));
|
| 154 |
-
$feed->set_cache_location(
|
| 155 |
$feed->init();
|
| 156 |
|
| 157 |
$feed->handle_content_type();
|
|
@@ -271,11 +280,11 @@ add_meta_box("wpss_mrt", 'Donations', "wpss_mrt_meta_box3", "wpss3");
|
|
| 271 |
function mrt_hd()
|
| 272 |
{
|
| 273 |
$siteurl = get_option('siteurl');?>
|
| 274 |
-
<script language="JavaScript" type="text/javascript" src="<?php echo
|
| 275 |
-
<script language="JavaScript" type="text/javascript" src="<?php echo
|
| 276 |
<script type="text/javascript">
|
| 277 |
//window.onload=function(){enableTooltips()};
|
| 278 |
</script>
|
| 279 |
-
<!--<link rel="stylesheet" type="text/css" href="<?php echo
|
| 280 |
<?php }
|
| 281 |
?>
|
| 4 |
Plugin URI: http://semperfiwebdesign.com/plugins/wp-security-scan/
|
| 5 |
Description: Perform security scan of WordPress installation.
|
| 6 |
Author: Michael Torbert
|
| 7 |
+
Version: 2.6
|
| 8 |
Author URI: http://semperfiwebdesign.com/
|
| 9 |
*/
|
| 10 |
|
| 25 |
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
| 26 |
*/
|
| 27 |
|
| 28 |
+
if ( ! defined( 'WP_CONTENT_URL' ) )
|
| 29 |
+
define( 'WP_CONTENT_URL', get_option( 'siteurl' ) . '/wp-content' );
|
| 30 |
+
if ( ! defined( 'WP_CONTENT_DIR' ) )
|
| 31 |
+
define( 'WP_CONTENT_DIR', ABSPATH . 'wp-content' );
|
| 32 |
+
if ( ! defined( 'WP_PLUGIN_URL' ) )
|
| 33 |
+
define( 'WP_PLUGIN_URL', WP_CONTENT_URL. '/plugins' );
|
| 34 |
+
if ( ! defined( 'WP_PLUGIN_DIR' ) )
|
| 35 |
+
define( 'WP_PLUGIN_DIR', WP_CONTENT_DIR . '/plugins' );
|
| 36 |
+
|
| 37 |
+
require_once(WP_PLUGIN_DIR . "/wp-security-scan/support.php");
|
| 38 |
+
require_once(WP_PLUGIN_DIR . "/wp-security-scan/scanner.php");
|
| 39 |
+
require_once(WP_PLUGIN_DIR . "/wp-security-scan/password_tools.php");
|
| 40 |
+
require_once(WP_PLUGIN_DIR . "/wp-security-scan/database.php");
|
| 41 |
+
require_once(WP_PLUGIN_DIR . "/wp-security-scan/functions.php");
|
| 42 |
if(!class_exists("SimplePie")){
|
| 43 |
+
require_once(WP_PLUGIN_DIR . "/wp-security-scan/simplepie.inc");
|
| 44 |
}
|
| 45 |
+
//require_once(WP_PLUGIN_DIR . "/plugins/wp-security-scan/scripts.js");
|
| 46 |
|
| 47 |
|
| 48 |
add_action( 'admin_notices', mrt_update_notice, 5 );
|
| 57 |
//add_action('admin_head', 'mrt_root_scripts');
|
| 58 |
function add_men_pg() {
|
| 59 |
if (function_exists('add_menu_page')){
|
| 60 |
+
add_menu_page('Security', 'Security', 8, __FILE__, 'mrt_opt_mng_pg',WP_PLUGIN_URL . '/wp-security-scan/lock.png');
|
| 61 |
add_submenu_page(__FILE__, 'Scanner', 'Scanner', 8, 'scanner', 'mrt_sub0');
|
| 62 |
add_submenu_page(__FILE__, 'Password Tool', 'Password Tool', 8, 'passwordtool', 'mrt_sub1');
|
| 63 |
add_submenu_page(__FILE__, 'Database', 'Database', 8, 'database', 'mrt_sub3');
|
| 67 |
|
| 68 |
/*function mrt_root_scripts(){
|
| 69 |
$siteurl = get_option('siteurl');
|
| 70 |
+
echo '<script language="JavaScript" type="text/javascript" src="' . WP_PLUGIN_URL . '/wp-security-scan/scripts.js"></script>';
|
| 71 |
}*/
|
| 72 |
|
| 73 |
function mrt_update_notice(){
|
| 127 |
?>
|
| 128 |
<div style="padding:10px;">
|
| 129 |
<div style="font-size:13pt;text-align:center;">Highest</div> <?php
|
| 130 |
+
// include('WP_PLUGIN_DIR . '/all-in-one-seo-pack/simplepie.inc');
|
| 131 |
|
| 132 |
$feed = new SimplePie();
|
| 133 |
|
| 134 |
|
| 135 |
$feed->set_feed_url('feed://donations.semperfiwebdesign.com/category/highest-donations/feed/');
|
| 136 |
$feed->strip_htmltags(array('p'));
|
| 137 |
+
$feed->set_cache_location(WP_PLUGIN_DIR . '/wp-security-scan/');
|
| 138 |
$feed->init();
|
| 139 |
$feed->handle_content_type();
|
| 140 |
?>
|
| 153 |
|
| 154 |
|
| 155 |
<div style="font-size:13pt;text-align:center;">Recent</div> <?php
|
| 156 |
+
// include(WP_PLUGIN_DIR . '/all-in-one-seo-pack/simplepie.inc');
|
| 157 |
|
| 158 |
$feed = new SimplePie();
|
| 159 |
|
| 160 |
|
| 161 |
$feed->set_feed_url('feed://donations.semperfiwebdesign.com/category/wp-security-scan/feed/');
|
| 162 |
$feed->strip_htmltags(array('p'));
|
| 163 |
+
$feed->set_cache_location(WP_PLUGIN_DIR . '/wp-security-scan/');
|
| 164 |
$feed->init();
|
| 165 |
|
| 166 |
$feed->handle_content_type();
|
| 280 |
function mrt_hd()
|
| 281 |
{
|
| 282 |
$siteurl = get_option('siteurl');?>
|
| 283 |
+
<script language="JavaScript" type="text/javascript" src="<?php echo WP_PLUGIN_URL;?>/plugins/wp-security-scan/js/scripts.js"></script>
|
| 284 |
+
<script language="JavaScript" type="text/javascript" src="<?php echo WP_PLUGIN_URL;?>/plugins/wp-security-scan/scripts.js"></script>
|
| 285 |
<script type="text/javascript">
|
| 286 |
//window.onload=function(){enableTooltips()};
|
| 287 |
</script>
|
| 288 |
+
<!--<link rel="stylesheet" type="text/css" href="<?php //echo WP_PLUGIN_URL;?>/plugins/wp-security-scan/style.css" />-->
|
| 289 |
<?php }
|
| 290 |
?>
|
