Acunetix WP Security - Version 3.0.5

Version Description

Download this release

Release Info

Developer WebsiteDefender
Plugin Icon wp plugin Acunetix WP Security
Version 3.0.5
Comparing to
See all releases

Code changes from version 2.7.4 to 3.0.5

css/wsd.css ADDED
@@ -0,0 +1,329 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ /********************************************************
2
+ * BEGIN >> General styling
3
+ */
4
+ p.wsd-error-summary {
5
+ background-color: #F9EFAC;
6
+ border: 1px dotted #f00;
7
+ color: #DC143C;
8
+ padding: 5px 10px;
9
+ margin: 10px;
10
+ font-weight: bold;
11
+ cursor: default;
12
+ }
13
+
14
+ span.wsd-error-summary-detail {
15
+ color: #000;
16
+ font-weight: normal;
17
+ font-size: 11px;
18
+ cursor: default;
19
+ }
20
+
21
+
22
+ p.wsd-success-summary {
23
+ background-color: #90EE90;
24
+ border: 1px dotted #f00;
25
+ color: #000;
26
+ padding: 5px 10px;
27
+ margin: 10px;
28
+ font-weight: bold;
29
+ cursor: default;
30
+ }
31
+
32
+ span.wsd-success-summary-detail {
33
+ color: #000;
34
+ font-weight: normal;
35
+ font-size: 11px;
36
+ cursor: default;
37
+ }
38
+
39
+
40
+ p.wsd-login-notice {
41
+ font-weight: bold;
42
+ color: #000;
43
+ margin-top: -10px;
44
+ margin-bottom: 20px;
45
+ }
46
+
47
+ .wsd-inside {
48
+ padding: 10px;
49
+ font-family: Verdana, Arial, sans-serif !important;
50
+ font-size: 100% !important;
51
+ }
52
+
53
+ p.wsd-error-summary a, .wsd-inside a {
54
+ color: #CC0000;
55
+ text-decoration: none;
56
+ }
57
+
58
+ p.wsd-error-summary a:hover, .wsd-inside a:hover {
59
+ color: #CC0000;
60
+ text-decoration: underline;
61
+ }
62
+
63
+ /********************************************************
64
+ * BEGIN >> Login form styling
65
+ */
66
+ #wsd_login_form {
67
+ margin: 0px;
68
+ }
69
+
70
+ #wsd_login_form .wsd-login-section {
71
+ display: block;
72
+ float: left;
73
+ width: 100%;
74
+ margin-bottom: 5px;
75
+ }
76
+
77
+ #wsd_login_form .wsd-login-section label {
78
+ display: block;
79
+ float: left;
80
+ width: 70px;
81
+ padding-top: 6px;
82
+ }
83
+
84
+ #wsd_login_form .wsd-login-section input {
85
+ display: block;
86
+ width: 200px;
87
+ float: left;
88
+ }
89
+
90
+ #wsd_login_form #wsd-login {
91
+ clear: left;
92
+ margin-left: 70px;
93
+ }
94
+
95
+
96
+
97
+ /********************************************************
98
+ * BEGIN >> Registration form styling
99
+ */
100
+ #wsd_new_user_form {
101
+ margin: 0px;
102
+ }
103
+
104
+ #wsd_new_user_form .wsd-new-user-section {
105
+ display: block;
106
+ float: left;
107
+ width: 100%;
108
+ margin-bottom: 5px;
109
+ }
110
+
111
+ #wsd_new_user_form .wsd-new-user-section label {
112
+ display: block;
113
+ float: left;
114
+ width: 120px;
115
+ padding-top: 6px;
116
+ }
117
+
118
+ #wsd_new_user_form .wsd-new-user-section input {
119
+ display: block;
120
+ width: 200px;
121
+ float: left;
122
+ }
123
+
124
+ #wsd_new_user_form #wsd-login {
125
+ clear: left;
126
+ margin-left: 70px;
127
+ }
128
+
129
+
130
+
131
+ /********************************************************
132
+ * BEGIN >> Initial scan widget styling
133
+ */
134
+ #wsd-information-scan-list {
135
+ list-style-type: disc;
136
+ margin: 10px;
137
+ padding-left: 20px;
138
+ }
139
+
140
+
141
+
142
+ #wsd-initial-scan { }
143
+
144
+ #wsd-initial-scan .wsd-initial-scan-section {
145
+ line-height: 1.4em;
146
+ display: block;
147
+ color: #090;
148
+ }
149
+
150
+
151
+ /********************************************************
152
+ * BEGIN >> Target update form styling
153
+ */
154
+ #wsd_target_id_form {
155
+ width: 100%;
156
+ }
157
+
158
+ #wsd_target_id_form #targetid {
159
+ width: 300px;
160
+ }
161
+
162
+
163
+
164
+ /********************************************************
165
+ * BEGIN >> Status content styling
166
+ */
167
+ div#wsd-target-status-holder {
168
+ overflow: hidden;
169
+ }
170
+
171
+ p.wsd-target-status-title {
172
+ font-weight: bold;
173
+ }
174
+
175
+ div.wsd-target-status-section {
176
+ display: block;
177
+ float: left;
178
+ margin-right: 5px;
179
+ }
180
+
181
+ span.wsd-target-status-section-label {
182
+ display: block;
183
+ padding: 5px 4px;
184
+ float: left;
185
+ color: #999999
186
+ }
187
+
188
+ span.wsd-target-status-section-enabled {
189
+ display: block;
190
+ padding: 5px 0px;
191
+ background-color: #0f0;
192
+ color: #000;
193
+ float: left;
194
+ width: 50px;
195
+ height: 24px;
196
+ border-radius: 3px;
197
+ -moz-border-radius: 3px;
198
+ -webkit-border-radius: 3px;
199
+ text-align: center;
200
+ font-weight: bold;
201
+
202
+ background: url('../images/agent-green.png') no-repeat scroll left top transparent;
203
+ }
204
+
205
+ span.wsd-target-status-section-disabled {
206
+ display: block;
207
+ padding: 5px 0px;
208
+ background-color: #f00;
209
+ color: #fff;
210
+ float: left;
211
+ width: 50px;
212
+ height: 24px;
213
+ border-radius: 3px;
214
+ -moz-border-radius: 3px;
215
+ -webkit-border-radius: 3px;
216
+ text-align: center;
217
+ font-weight: bold;
218
+
219
+ background: url('../images/agent-red.png') no-repeat scroll left top transparent;
220
+ }
221
+
222
+
223
+
224
+
225
+ /********************************************************
226
+ * BEGIN >> Password meter styling
227
+ */
228
+ #wsd_new_user_form label.password-meter {
229
+ display: none;
230
+ -webkit-border-radius: 3px;
231
+ -moz-border-radius: 3px;
232
+ font-weight: bolder;
233
+ border-radius: 3px;
234
+ text-align: center;
235
+ font-size: 12px;
236
+ color: #000;
237
+ width: 80px;
238
+ margin-left: 20px;
239
+ padding: 4px;
240
+ cursor: default;
241
+ }
242
+
243
+
244
+ /*
245
+ * 3.0.2
246
+ */
247
+ .scanpass { color: #090; }
248
+
249
+ .mrt_wpss_note {
250
+ text-align: center;
251
+ color: grey;
252
+ margin-top: 20px;
253
+ margin-bottom: 20px;
254
+ }
255
+
256
+ .wpss_icon {
257
+ background: url(../images/wsd-logo.png) no-repeat left center;
258
+ margin-top: 10px !important;
259
+ padding: 5px 0 3px 50px !important;
260
+ }
261
+
262
+ .wsd_user_notify {
263
+ border: solid 1px #fc0; background: #ffc;
264
+ padding: 5px 5px;
265
+ font-size: 100%;
266
+ }
267
+ .wsd_user_information {
268
+ border: solid 1px #324FB2; background: #E5EAF0;
269
+ padding: 5px 5px;
270
+ font-size: 100%;
271
+ }
272
+ .wsd_user_success {
273
+ border: solid 1px #030; background: #090;
274
+ padding: 5px 5px;
275
+ font-size: 100%;
276
+ color: #fff;
277
+ }
278
+ .wsd_info_list {
279
+ list-style-type: disc;
280
+ list-style-position: outside;
281
+ margin: 0 0 10px 25px;
282
+ }
283
+ div.wsd_user_information, div.wsd_user_notify, div.wsd_user_success { margin: 1em 0 !important; }
284
+
285
+ #Words { overflow: hidden; min-height: 1px; margin: 0 0 0 0 !important; padding: 0 0 0 0 !important; }
286
+ #Words p { float: left; display: block; width: 150px; line-height: normal !important; padding: 0 0 0 0; margin: 6px 0 0 0 !important; }
287
+ #Words p.indicator { height: 4px; }
288
+ #Words p.indicator-1 { background: #f00;}
289
+ #Words p.indicator-2 { background: #990000; }
290
+ #Words p.indicator-3 { background: #990099; }
291
+ #Words p.indicator-4 { background: #000099; }
292
+ #Words p.indicator-5 { background: #0000ff; }
293
+ #Words p.indicator-6 { background: #ffffff; }
294
+ #Words p+p {margin: 0 0 0 5px !important; padding: 0 0 0 0 !important; line-height: normal !important;}
295
+ #wsd_pwdtool { margin-top: 10px; }
296
+
297
+ .wsd_commonList {
298
+ list-style-type: none;
299
+ margin: 0 0 10px 0;
300
+ padding-left: 0;
301
+ }
302
+ .wsd_commonList li {
303
+ font-style: italic !important;
304
+ background: url('../images/wsd-logo-small-list.png') no-repeat 0 50%;
305
+ padding: 2px 0 2px 20px !important;
306
+ }
307
+
308
+ .wsd-inside p, .wsd-inside ul, .wsd-inside ol, .wsd-inside blockquote, .wsd-inside input, .wsd-inside select {
309
+ font-size: 100%;
310
+ }
311
+
312
+ .wsd-inside, .wsd-inside p, .wsd-inside li, .wsd-inside dl, .wsd-inside dd, .wsd-inside dt {
313
+ line-height: normal !important;
314
+ }
315
+
316
+ #wsd_db_wrapper .inner-sidebar1 { margin: 10px 10px 0 10px; }
317
+ #wsd_db_wrapper, #wsd_db_wrapper .metabox-holder {overflow:hidden; min-height:1px; }
318
+ #wsd_permissions_table { margin: 15px 0; }
319
+ #wsd_permissions_table th,
320
+ #wsd_permissions_table td { text-align: left; }
321
+ #wsd_permissions_table td { padding: 1px 7px;}
322
+ #wsd_tables_list_block { clear: both;}
323
+
324
+ .wsd_cursor_help { cursor: help; border-bottom: dotted 1px #000; }
325
+
326
+
327
+
328
+
329
+
database.php DELETED
@@ -1,162 +0,0 @@
1
- <?php
2
- /*
3
- Thank you Philipp Heinze.
4
- */
5
-
6
- function mrt_sub3(){
7
- ?>
8
- <div class=wrap>
9
- <h2><?php _e('WP - Database Security') ?></h2>
10
- <div style="height:299px"><br />
11
- <h3><i>Make a backup of your database before using this tool:</i></h3>
12
-
13
- <?php /*global $wpdb;
14
- $mrtright = $wpdb->get_results("SHOW GRANTS FOR '".DB_USER."'@'".DB_HOST."'", ARRAY_N);
15
- echo "rights: ";
16
- print_r($mrtright);*/
17
- ?>
18
-
19
- <p>Change your database table prefix to mitigate zero-day SQL Injection attacks.</p>
20
- <p><b>Before running this script:</b>
21
- <ul><li>wp-config must be set to writable before running this script.</li>
22
- <li>the database user you're using with WordPress must have ALTER rights</li></ul>
23
-
24
- <form action='' method='post' name='prefixchanging'>
25
- <?php
26
- if (function_exists('wp_nonce_field')) {
27
- wp_nonce_field('prefix-changer-change_prefix');
28
- }
29
- ?>
30
- Change the current:<input type="Text" name="prefix_n" value="<?php echo($GLOBALS['table_prefix']);?>" size="20" maxlength="50"> prefix to something different if it's the default wp_<br />
31
- Allowed Chars are all latin Alphanumeric Chars as well as the Chars <strong>-</strong> and <strong>_</strong>.
32
- <input type='submit' name='renameprefix' value='Start Renaming'/>
33
- </form>
34
-
35
- <?php
36
- if (isset($_POST['prefix_n'])) {
37
- check_admin_referer('prefix-changer-change_prefix');
38
- $wpdb =& $GLOBALS['wpdb'];
39
- $newpref = ereg_replace("[^0-9a-zA-Z_-]", "", $_POST['prefix_n']);
40
- //checking if user has enough rights to alter the Tablestructure
41
- $rights = $wpdb->get_results("SHOW GRANTS FOR '".DB_USER."'@'".DB_HOST."'", ARRAY_N);
42
- foreach ($rights as $right) {
43
- if (ereg("ALTER(.*)(\*|`".str_replace("_", "\\_", DB_NAME)."`)\.(\*|`".DB_HOST."`) TO '".DB_USER."'@'".DB_HOST."'", $right[0]) || ereg("ALL PRIVILEGES ON (\*|`".str_replace("_", "\\_", DB_NAME)."`)\.(\*|`".DB_HOST."`) TO '".DB_USER."'@'".DB_HOST."'", $right[0])) {
44
- $rightsenough = true;
45
- $rightstomuch = true;
46
- break;
47
- } else {
48
- if (ereg("ALTER(.*)`".DB_NAME."`", $right[0])) {
49
- $rightsenough = true;
50
- break;
51
- }
52
- }
53
- }
54
- if (!isset($rightsenough) && $rightsenough != true) {
55
- exit('<font color="#ff0000">Your User which is used to access your Wordpress Tables/Database, hasn\'t enough rights( is missing ALTER-right) to alter your Tablestructure. Please visit the plugin <a href="http://semperfiwebdesign.com/documentation/wp-security-scan/change-wordpress-database-table-name-prefix/" target=_blank">documentation</a> for more information. If you believe you have alter rights, please <a href="http://semperfiwebdesign.com/contact/">contact</a> the plugin author for assistance.<br />');
56
- }
57
- if (isset($rightstomuch) && $rightstomuch === true) {
58
- echo ('<font color="#FF9B05">Your currently used User to Access the Wordpress Database, holds too many rights. '.
59
- 'We suggest that you limit his rights or to use another User with more limited rights instead, to increase your Security.</font><br />');
60
- }
61
- if ($newpref == $GLOBALS['table_prefix']) {
62
- exit ("No change: Please select a new table_prefix value.</div>");
63
- } elseif (strlen($newpref) < strlen($_POST['prefix_n'])){
64
- echo ("You used some Chars which aren't allowed within Tablenames".
65
- "The sanitized prefix is used instead: " . $newpref);
66
- }
67
-
68
- echo("<h2>Started Prefix Changer:</h2>");
69
-
70
- //we rename the tables before we change the Config file, so We can aviod changed Configs, without changed prefixes.
71
- echo("<h3>&nbsp;&nbsp;Start Renaming of Tables:</h3>");
72
- $oldtables = $wpdb->get_results("SHOW TABLES LIKE '".$GLOBALS['table_prefix']."%'", ARRAY_N);//retrieving all tables named with the prefix on start
73
- $table_c = count($oldtables);
74
- $table_s = 0;//holds the count of successful changed tables.
75
- $table_f[] = '';//holds all table names which failed to be changed
76
- for($i = 0; $i < $table_c; $i++) {//renaming each table to the new prefix
77
- $wpdb->hide_errors();
78
- $table_n = str_replace($GLOBALS['table_prefix'], $newpref, $oldtables[$i][0]);
79
- echo "&nbsp;&nbsp;&nbsp;Renaming ".$oldtables[$i][0]." to $table_n:";
80
- $table_r = $wpdb->query("RENAME TABLE ".$oldtables[$i][0]." TO $table_n");
81
- if ($table_r === 0) {
82
- echo ('<font color="#00ff00"> Success</font><br />');
83
- $table_s++;
84
- } elseif ($table_r === FALSE) {
85
- echo ('<font color="#ff0000"> Failed</font><br />');
86
- $table_f[] = $oldtables[$i][0];
87
- }
88
- }//changing some "hardcoded" wp values within the tables
89
- echo ("<h3>&nbsp;&nbsp;Start changing Databasesettings:</h3>");
90
- if ($wpdb->query($wpdb->prepare("UPDATE ".$newpref."options SET option_name='".$newpref."user_roles' WHERE option_name='".$GLOBALS['table_prefix']."user_roles' LIMIT 1")) <> 1) {
91
- echo ('&nbsp;&nbsp;&nbsp;Changing values in table '.$newpref.'options: 1/1 <font color="#ff0000">Failed</font><br />');
92
- } else {
93
- echo ('&nbsp;&nbsp;&nbsp;Changing values in table '.$GLOBALS['table_prefix'].'options 1/1: <font color="#00ff00">Success</font><br />');
94
- }
95
- if ($wpdb->query($wpdb->prepare("UPDATE ".$newpref."usermeta SET meta_key='".$newpref."capabilities' WHERE meta_key='".$GLOBALS['table_prefix']."capabilities'") <> 1)) {
96
- echo ('&nbsp;&nbsp;&nbsp;Changing values in table '.$GLOBALS['table_prefix'].'usermeta 1/3: <font color="#ff0000">Failed</font><br />');
97
- } else {
98
- echo ('&nbsp;&nbsp;&nbsp;Changing values in table '.$GLOBALS['table_prefix'].'usermeta 1/3: <font color="#00ff00">Success</font><br />');
99
- }
100
- if ($wpdb->query($wpdb->prepare("UPDATE ".$newpref."usermeta SET meta_key='".$newpref."user_level' WHERE meta_key='".$GLOBALS['table_prefix']."user_level'")) === FALSE)
101
- {
102
- echo ('&nbsp;&nbsp;&nbsp;Changing values in table '.$GLOBALS['table_prefix'].'usermeta 2/3: <font color="#ff0000">Failed</font><br />');
103
- } else {
104
- echo ('&nbsp;&nbsp;&nbsp;Changing values in table '.$GLOBALS['table_prefix'].'usermeta 2/3: <font color="#00ff00">Success</font><br />');
105
- }
106
- if ($wpdb->query($wpdb->prepare("UPDATE ".$newpref."usermeta SET meta_key='".$newpref."autosave_draft_ids' WHERE meta_key='".$GLOBALS['table_prefix']."autosave_draft_ids'")) === 0) {
107
- echo ('&nbsp;&nbsp;&nbsp;Changing values in table '.$GLOBALS['table_prefix'].'usermeta 3/3: <font color="#000000">Value doesn\'t exist</font><br />');
108
- } else {
109
- echo ('&nbsp;&nbsp;&nbsp;Changing values in table '.$GLOBALS['table_prefix'].'usermeta 3/3: <font color="#00ff00">Success</font><br />');
110
- }
111
-
112
- if ($table_s == 0) {
113
- exit('<font color="#ff0000">Some Error occured, it wasn\'t possible to change any Tableprefix. Please retry, no changes are done to your wp-config File.</font><br />');
114
- } elseif ($table_s < $table_c) {
115
- echo('<font color="#ff0000">It wasn\'t possible to rename some of your Tables prefix. Please change them manually. Following you\'ll see all failed tables:<br />');
116
- for ($i = 1; $i < count($tables_f); $i++) {
117
- echo ($tables_f[$i])."<br />";
118
- }
119
- exit('No changes where done to your wp-config File.</font><br />');
120
- }
121
-
122
- echo("<h3>Changing Config File:</h3>");
123
- $conf_f = "../wp-config.php";
124
-
125
- @chmod($conf_f, 0777);//making the the config readable to change the prefix
126
- if (!is_writeable($conf_f)) {//when automatic config file changing isn't possible the user get's all needed information to do it manually
127
- echo('&nbsp;&nbsp;1/1 file writeable: <font color="#ff0000">Not Writeable</font><br />');
128
- echo('<b>Please make your wp-config.php file writable for this process.</b>');
129
- die("</div>");
130
- } else {//changing if possible the config file automatically
131
- echo('&nbsp;&nbsp;1/3 file writeable: <font color="#00ff00"> Writeable</font><br />');
132
- $handle = @fopen($conf_f, "r+");
133
- if ($handle) {
134
- while (!feof($handle)) {
135
- $lines[] = fgets($handle, 4096);
136
- }//while feof
137
- fclose($handle);
138
- $handle = @fopen($conf_f, "w+");
139
- foreach ($lines as $line) {
140
- if (strpos($line, $GLOBALS['table_prefix'])) {
141
- $line = str_replace($GLOBALS['table_prefix'], $newpref, $line);
142
- echo('&nbsp;&nbsp;2/3 <font color="#00ff00">table prefix changed!</font><br />');
143
- }//if strpos
144
- fwrite($handle, $line);
145
- }//foreach $lines
146
- fclose($handle);
147
- if (chmod ($conf_f, 0644)) {
148
- echo('&nbsp;&nbsp;3/3 <font color="#00ff00">Config files permission set to 644, for security purpose.</font><br />');
149
- } else {
150
- echo ('&nbsp;&nbsp;3/3 wasn\'t able to set chmod to 644, please check if your files permission is set back to 644!<br />');
151
- }//if chmod
152
- }//if handle
153
- }//if is_writeable
154
-
155
- }//if prefix
156
- ?>
157
- </div>
158
- Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
159
- </div>
160
- <?php
161
- }//function prefix_changer
162
- ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
functions.php DELETED
@@ -1,151 +0,0 @@
1
- <?php
2
-
3
- function make_seed() {
4
- list($usec, $sec) = explode(' ', microtime());
5
- return (float) $sec + ((float) $usec * 100000);
6
- }
7
-
8
- function make_password($password_length){
9
- srand(make_seed());
10
- $alfa = "!@123!@4567!@890qwer!@tyuiopa@!sdfghjkl@!zxcvbn@!mQWERTYUIO@!PASDFGH@!JKLZXCVBNM!@";
11
- $token = "";
12
- for($i = 0; $i < $password_length; $i ++) {
13
- $token .= $alfa[rand(0, strlen($alfa))];
14
- }
15
- return $token;
16
- }
17
-
18
- function check_perms($name,$path,$perm)
19
- {
20
- clearstatcache();
21
- // $configmod = fileperms($path);
22
- $configmod = substr(sprintf(".%o.", fileperms($path)), -4);
23
- $trcss = (($configmod != $perm) ? "background-color:#fd7a7a;" : "background-color:#91f587;");
24
- echo "<tr style=".$trcss.">";
25
- echo '<td style="border:0px;">' . $name . "</td>";
26
- echo '<td style="border:0px;">'. $path ."</td>";
27
- echo '<td style="border:0px;">' . $perm . '</td>';
28
- echo '<td style="border:0px;">' . $configmod . '</td>';
29
- // echo '<td style="border:0px;">' . '<input type="submit" name="' . $perm . '" value="Change now.">' . '</td>';
30
- echo "</tr>";
31
- }
32
-
33
- function mrt_get_serverinfo() {
34
- global $wpdb;
35
- $sqlversion = $wpdb->get_var("SELECT VERSION() AS version");
36
- $mysqlinfo = $wpdb->get_results("SHOW VARIABLES LIKE 'sql_mode'");
37
- if (is_array($mysqlinfo)) $sql_mode = $mysqlinfo[0]->Value;
38
- if (empty($sql_mode)) $sql_mode = __('Not set');
39
- if(ini_get('safe_mode')) $safe_mode = __('On');
40
- else $safe_mode = __('Off');
41
- if(ini_get('allow_url_fopen')) $allow_url_fopen = __('On');
42
- else $allow_url_fopen = __('Off');
43
- if(ini_get('upload_max_filesize')) $upload_max = ini_get('upload_max_filesize');
44
- else $upload_max = __('N/A');
45
- if(ini_get('post_max_size')) $post_max = ini_get('post_max_size');
46
- else $post_max = __('N/A');
47
- if(ini_get('max_execution_time')) $max_execute = ini_get('max_execution_time');
48
- else $max_execute = __('N/A');
49
- if(ini_get('memory_limit')) $memory_limit = ini_get('memory_limit');
50
- else $memory_limit = __('N/A');
51
- if (function_exists('memory_get_usage')) $memory_usage = round(memory_get_usage() / 1024 / 1024, 2) . __(' MByte');
52
- else $memory_usage = __('N/A');
53
- if (is_callable('exif_read_data')) $exif = __('Yes'). " ( V" . substr(phpversion('exif'),0,4) . ")" ;
54
- else $exif = __('No');
55
- if (is_callable('iptcparse')) $iptc = __('Yes');
56
- else $iptc = __('No');
57
- if (is_callable('xml_parser_create')) $xml = __('Yes');
58
- else $xml = __('No');
59
-
60
- ?>
61
- <li><?php _e('Operating System'); ?> : <strong><?php echo PHP_OS; ?></strong></li>
62
- <li><?php _e('Server'); ?> : <strong><?php echo $_SERVER["SERVER_SOFTWARE"]; ?></strong></li>
63
- <li><?php _e('Memory usage'); ?> : <strong><?php echo $memory_usage; ?></strong></li>
64
- <li><?php _e('MYSQL Version'); ?> : <strong><?php echo $sqlversion; ?></strong></li>
65
- <li><?php _e('SQL Mode'); ?> : <strong><?php echo $sql_mode; ?></strong></li>
66
- <li><?php _e('PHP Version'); ?> : <strong><?php echo PHP_VERSION; ?></strong></li>
67
- <li><?php _e('PHP Safe Mode'); ?> : <strong><?php echo $safe_mode; ?></strong></li>
68
- <li><?php _e('PHP Allow URL fopen'); ?> : <strong><?php echo $allow_url_fopen; ?></strong></li>
69
- <li><?php _e('PHP Memory Limit'); ?> : <strong><?php echo $memory_limit; ?></strong></li>
70
- <li><?php _e('PHP Max Upload Size'); ?> : <strong><?php echo $upload_max; ?></strong></li>
71
- <li><?php _e('PHP Max Post Size'); ?> : <strong><?php echo $post_max; ?></strong></li>
72
- <li><?php _e('PHP Max Script Execute Time'); ?> : <strong><?php echo $max_execute; ?>s</strong></li>
73
- <li><?php _e('PHP Exif support'); ?> : <strong><?php echo $exif; ?></strong></li>
74
- <li><?php _e('PHP IPTC support'); ?> : <strong><?php echo $iptc; ?></strong></li>
75
- <li><?php _e('PHP XML support'); ?> : <strong><?php echo $xml; ?></strong></li>
76
- <?php
77
- }
78
-
79
- function mrt_check_table_prefix(){
80
- if($GLOBALS['table_prefix']=='wp_'){
81
- echo '<font color="red">Your table prefix should not be <i>wp_</i>. <a href="admin.php?page=database">Click here</a> to change it.</font><br />';
82
- }else{
83
- echo '<font color="green">Your table prefix is not <i>wp_</i>.</font><br />';
84
- }
85
- }
86
-
87
- function mrt_errorsoff(){
88
- echo '<font color="green">WordPress DB Errors turned off.</font><br />';
89
- }
90
-
91
- function mrt_wpdberrors()
92
- {
93
- global $wpdb;
94
- $wpdb->show_errors = false;
95
-
96
- }
97
-
98
- function mrt_version_removal(){
99
- global $wp_version;
100
- echo '<font color="green">Your WordPress version is successfully hidden.</font><br />';
101
- }
102
-
103
- function mrt_remove_wp_version()
104
- {
105
-
106
- function filter_generator( $gen, $type ) {
107
- switch ( $type ) {
108
- case 'html':
109
- $gen = '<meta name="generator" content="WordPress">';
110
- break;
111
- case 'xhtml':
112
- $gen = '<meta name="generator" content="WordPress" />';
113
- break;
114
- case 'atom':
115
- $gen = '<generator uri="http://wordpress.org/">WordPress</generator>';
116
- break;
117
- case 'rss2':
118
- $gen = '<generator>http://wordpress.org/?v=</generator>';
119
- break;
120
- case 'rdf':
121
- $gen = '<admin:generatorAgent rdf:resource="http://wordpress.org/?v=" />';
122
- break;
123
- case 'comment':
124
- $gen = '<!-- generator="WordPress" -->';
125
- break;
126
- }
127
- return $gen;
128
- }
129
- foreach ( array( 'html', 'xhtml', 'atom', 'rss2', 'rdf', 'comment' ) as $type )
130
- add_filter( "get_the_generator_$type", 'filter_generator', 10, 2 );
131
-
132
-
133
- }
134
-
135
- function mrt_check_version(){
136
- //echo "WordPress Version: ";
137
- global $wp_version;
138
- $mrt_wp_ver = ereg_replace("[^0-9]", "", $wp_version);
139
- while ($mrt_wp_ver > 10){
140
- $mrt_wp_ver = $mrt_wp_ver/10;
141
- }
142
- if ($mrt_wp_ver >= "2.8") $g2k5 = '<font color="green"><strong>WordPress version: ' . $wp_version . '</strong> &nbsp;&nbsp;&nbsp; You have the latest stable version of WordPress.</font><br />';
143
- if ($mrt_wp_ver < "2.8") $g2k5 = '<font color="red"><strong>WordPress version: ' . $wp_version . '</strong> &nbsp;&nbsp;&nbsp; You need version 2.8.6. Please <a href="http://wordpress.org/download/">upgrade</a> immediately.</font><br />';
144
- /*echo "<b>" . $wp_version . "</b> &nbsp;&nbsp;&nbsp " ;*/echo $g2k5;
145
- }
146
-
147
-
148
- function mrt_javascript(){
149
- $siteurl = get_option('siteurl');
150
- ?><script language="JavaScript" type="text/javascript" src="<?php echo WP_PLUGIN_DIR;?>/wp-security-scan/js/scripts.js"></script><?php
151
- }?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
images/acunetix.png ADDED
Binary file
images/agent-green.png ADDED
Binary file
images/agent-red.png ADDED
Binary file
images/bt.gif DELETED
Binary file
images/facebook.gif ADDED
Binary file
images/iblogpro.jpg DELETED
Binary file
images/loading45.gif ADDED
Binary file
images/pagelines.jpg DELETED
Binary file
images/whitehouse.jpg DELETED
Binary file
images/wpss_icon_large.png ADDED
Binary file
lock.png → images/wpss_icon_small_combined.png RENAMED
Binary file
images/wsd-logo-small-list.png ADDED
Binary file
images/wsd-logo-small.png ADDED
Binary file
images/wsd-logo.png ADDED
Binary file
inc/admin/db.php ADDED
@@ -0,0 +1,60 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ function mrt_sub3()
3
+ {
4
+ // Show header
5
+ mrt_wpss_menu_head('WP - Database Security');
6
+
7
+ $wsd_wpConfigFile = ABSPATH.'wp-config.php';
8
+
9
+ // internal flag
10
+ $canLoadPage = false;
11
+ if (wsd_wpConfigCheckPermissions($wsd_wpConfigFile)) {
12
+ $canLoadPage = true;
13
+ }
14
+ ?>
15
+ <p class="wsd_user_notify">
16
+ <strong>Important</strong>: Make a backup of your database before using this tool!
17
+ </p>
18
+ <?php
19
+ if (!$canLoadPage) {
20
+ // Display the error message
21
+ echo wsd_eInfo('
22
+ The <strong>wp-config.php</strong> file MUST be writable in order to perform this action.
23
+ You have to manually change permissions for this file.');
24
+ }
25
+ ?>
26
+
27
+
28
+ <?php /*[ BEGIN PAGE DATABASE ]*/ ?>
29
+ <div id="wsd_db_wrapper">
30
+ <?php
31
+ /* Display the Database backup page */
32
+ echo wsd_getTemplate('db-backup');
33
+ ?>
34
+
35
+ <br/>
36
+ <div style="clear:both;"></div>
37
+
38
+ <?php
39
+ /* Stop here if the wp-config file is not writable or if we cannot change its permissions */
40
+ if ($canLoadPage)
41
+ {
42
+ // Display the Change Database Table prefix page
43
+ echo wsd_getTemplate('db-change-prefix',array(
44
+ 'wsd_wpConfigFile' => $wsd_wpConfigFile,
45
+ 'old_prefix' => $GLOBALS['table_prefix'],
46
+ 'new_prefix' => (empty($_POST['newPrefixInput']) ? '' : $_POST['newPrefixInput']),
47
+ 'isPostBack' => (($_SERVER['REQUEST_METHOD'] == 'POST') ? true : false)
48
+ ));
49
+ }
50
+ ?>
51
+ </div>
52
+ <?php /*[ END PAGE DATABASE ]*/ ?>
53
+
54
+ <p style="height:200px;"></p>
55
+
56
+ <?php
57
+ // Show footer
58
+ mrt_wpss_menu_footer();
59
+ }//function mrt_sub3
60
+ ?>
inc/admin/pwtool.php ADDED
@@ -0,0 +1,41 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ function mrt_sub1(){
3
+
4
+ mrt_wpss_menu_head('WP - Password Tools');
5
+
6
+ ?>
7
+
8
+ <div style="height:299px">
9
+ <?php
10
+ echo "<br /><strong>Password Strength Tool</strong>";
11
+ ?>
12
+ <table id="wsd_pwdtool">
13
+ <tr valign="top">
14
+ <td>
15
+ <form name="commandForm">
16
+ Type password: <input type="password" size="30" maxlength="50" name="password" onkeyup="testPassword(this.value);" value="" />
17
+ <br/>
18
+ <span style="color:#808080">Minimum 6 Characters</span>
19
+ </form>
20
+ </td>
21
+ <td style="padding-left: 6px;">
22
+ <span>Password Strength:</span>
23
+ <div id="Words">
24
+ <p class="indicator"></p>
25
+ <p><strong>Begin Typing</strong></p>
26
+ </div>
27
+ </td>
28
+ </tr>
29
+ </table>
30
+
31
+ <br /><hr align="left" size="2" width="612px" />
32
+ <?php
33
+ echo "<br /><br /><strong>Strong Password Generator</strong><br />";
34
+ echo "Strong Password: " . '<span style="color:#f00;">' . make_password(15) . "</span>";
35
+ ?>
36
+ </div>
37
+
38
+ <?php
39
+ mrt_wpss_menu_footer();
40
+
41
+ } ?>
inc/admin/scanner.php ADDED
@@ -0,0 +1,33 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ function mrt_sub0(){
3
+
4
+ mrt_wpss_menu_head('WP - Security Scan');?>
5
+
6
+ <div>
7
+ <table id="wsd_permissions_table" width="100%" border="0" cellspacing="0" cellpadding="3" style="text-align:center;">
8
+ <thead>
9
+ <th style="border:0px;"><b>Name</b></th>
10
+ <th style="border:0px;"><b>File/Dir</b></th>
11
+ <th style="border:0px;"><b>Needed Chmod</b></th>
12
+ <th style="border:0px;"><b>Current Chmod</b></th>
13
+ </thead>
14
+ <tbody>
15
+ <?php
16
+ // DIR_NAME | DIR_PATH | EXPECTED_PERMISSION
17
+ check_perms("root directory","../","0755");
18
+ check_perms("wp-includes/","../wp-includes","0755");
19
+ check_perms(".htaccess","../.htaccess","0644");
20
+ check_perms("wp-admin/index.php","index.php","0644");
21
+ check_perms("wp-admin/js/","js/","0755");
22
+ check_perms("wp-content/themes/","../wp-content/themes","0755");
23
+ check_perms("wp-content/plugins/","../wp-content/plugins","0755");
24
+ check_perms("wp-admin/","../wp-admin","0755");
25
+ check_perms("wp-content/","../wp-content","0755");
26
+ ?>
27
+ </tbody>
28
+ </table>
29
+
30
+ </div>
31
+ <?php
32
+ mrt_wpss_menu_footer();
33
+ } ?>
inc/admin/security.php ADDED
@@ -0,0 +1,30 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ function mrt_opt_mng_pg() {
4
+ mrt_wpss_menu_head('WP-Security Admin tools by WebsiteDefender');
5
+
6
+ add_meta_box("wpss_mrt_1", 'Initial Scan', "wpss_mrt_meta_box", "wpss");
7
+ add_meta_box("wpss_mrt_2", 'System Information Scan', "wpss_mrt_meta_box2", "wpss2");
8
+ add_meta_box("wpss_mrt_3", 'About Website Defender', "wsd_render_main", "wpss_wsd");
9
+
10
+ echo '
11
+ <div class="metabox-holder">
12
+ <div style="float:left; width:48%;" class="inner-sidebar1">';
13
+
14
+ do_meta_boxes('wpss','advanced','');
15
+ do_meta_boxes('wpss2','advanced','');
16
+
17
+ echo '
18
+ </div>
19
+ <div style="float:right;width:48%;" class="inner-sidebar1">';
20
+ do_meta_boxes('wpss_wsd','advanced','');
21
+ echo '
22
+ </div>
23
+
24
+ <div style="clear:both"></div>
25
+ </div>';
26
+
27
+ mrt_wpss_menu_footer();
28
+
29
+ }
30
+ ?>
inc/admin/support.php ADDED
@@ -0,0 +1,21 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ function mrt_sub2()
3
+ {
4
+ mrt_wpss_menu_head('WP - Security Support');
5
+ ?>
6
+ <div>
7
+ <br/>
8
+ <p>Under Construction...</p>
9
+ <br /><br />
10
+ <ul>
11
+ <li><a href='http://www.websitedefender.com/category/faq/' target="_blank">Documentation</a></li>
12
+ </ul>
13
+ <br /><br />
14
+ <strong>Backup early, backup often!</strong>
15
+ <br /><br /><br /><br /><br />
16
+ </div>
17
+
18
+ <?php
19
+ mrt_wpss_menu_footer();
20
+ }
21
+ ?>
inc/admin/templates/db-backup.php ADDED
@@ -0,0 +1,91 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /*
3
+ * Backup Database
4
+ */
5
+ ?>
6
+ <?php
7
+ /*
8
+ * BACKUP DATABASE SECTION
9
+ */
10
+ ?>
11
+ <br/><br/>
12
+ <h2 class="wpss_icon">Backup your database</h2>
13
+
14
+ <?php
15
+ /*
16
+ * Check if the backups directory is writable
17
+ */
18
+ $wsd_bckDirPath = ABSPATH.PLUGINDIR.'/wp-security-scan/backups/';
19
+ if (is_dir($wsd_bckDirPath) && is_writable($wsd_bckDirPath)) :
20
+ ?>
21
+
22
+ <div style="padding: 7px 7px; margin: 10px 10px;">
23
+ <form action="#bck" method="post">
24
+ <input type="hidden" name="wsd_db_backup"/>
25
+ <input type="submit" name="backupDatabaseButton" value="Backup now!"/>
26
+ </form>
27
+ </div>
28
+
29
+ <?php
30
+ if ($_SERVER['REQUEST_METHOD'] == 'POST')
31
+ {
32
+ if (isset($_POST['wsd_db_backup']))
33
+ {
34
+ $tables = '*';
35
+ if (isset($_POST['tables'])) {
36
+ $tables = implode(',',$_POST['tables']);
37
+ }
38
+
39
+ if (($fname = wsd_backupDatabase($tables)) <> '') {
40
+ echo '<p id="bck" class="wsd_user_success">';
41
+ echo '<span style="color:#fff;">Database successfully backed up!</span>';
42
+ echo '<br/><span style="color:#fff;">Download backup file: </span>';
43
+ echo '<a href="',get_option('siteurl'),'/wp-content/plugins/wp-security-scan/backups/',$fname,'" style="color:#0f0">',$fname,'</a>';
44
+ echo '</p>';
45
+ }
46
+ else {
47
+ echo '<p id="bck" class="wsd_user_notify">';
48
+ echo 'The database could not be backed up!';
49
+ echo '<br/>A posible error might be that you didn\'t set up writing permissions for the backups directory!';
50
+ echo '</p>';
51
+ }
52
+ }
53
+ }
54
+ ?>
55
+ <?php else :
56
+ // The directory is not writable. Display info message
57
+ echo wsd_eInfo('<strong>Important</strong>: The <strong title="'.$wsd_bckDirPath.'" class="wsd_cursor_help">backups</strong> directory must be writable in order to use this functionality!');
58
+ endif; ?>
59
+
60
+
61
+
62
+ <?php
63
+ /*
64
+ * DISPLAY AVAILABLE DOWNLOADS
65
+ */
66
+ ?>
67
+ <?php
68
+ function wsd_db_download_list()
69
+ {
70
+ echo '<div>';
71
+ $files = wsd_getAvailableBackupFiles();
72
+ if (empty($files)) {
73
+ echo '<p style="margin:5px 5px;">There are no backup files available for download yet!</p>';
74
+ }
75
+ else {
76
+ echo '<ul id="wsd-information-scan-list">';
77
+ foreach($files as $fileName) {
78
+ echo '<li>';
79
+ echo '<a href="',get_option('siteurl'),'/wp-content/plugins/wp-security-scan/backups/',$fileName,'">',$fileName,'</a>';
80
+ echo '</li>';
81
+ }
82
+ echo '</ul>';
83
+ }
84
+ echo '</div>';
85
+ }
86
+ add_meta_box("wpss_mrt_1", 'Available database backups', "wsd_db_download_list", "wsd_db_bck_dwl");
87
+ echo '<div style="float:left; width:50%;" class="inner-sidebar1">';
88
+ echo '<div class="metabox-holder">';
89
+ do_meta_boxes('wsd_db_bck_dwl','advanced','');
90
+ echo '</div></div>';
91
+ ?>
inc/admin/templates/db-change-prefix.php ADDED
@@ -0,0 +1,143 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /*
3
+ * Change Database table Prefix
4
+ */
5
+ ?>
6
+ <br/><br/>
7
+ <h2 class="wpss_icon">Change database table prefix</h2>
8
+
9
+ <?php
10
+ // Holds the error/info messages generated on form postback
11
+ $infoMessage = '';
12
+
13
+ // Check if user has enough rights to alter the Table structure
14
+ $wsd_userDbRights = wsd_getDbUserRights();
15
+ $showPage = false; // assume we don't have ALTER rights
16
+ if ($wsd_userDbRights['rightsEnough']) {
17
+ $showPage = true;
18
+ $canAlter = '<span style="color: #060; font-weight: 900;">(Yes)</span>';
19
+ }
20
+ else { $canAlter = '<span style="color: #f00; font-weight: 900;">(No)</span>'; }
21
+ ?>
22
+ <p>Change your database table prefix to mitigate zero-day SQL Injection attacks.</p>
23
+ <p><strong>Before running this script:</strong>
24
+ <ul class="wsd_info_list">
25
+ <li>The <strong title="<?php echo ABSPATH.'wp-config.php'; ?>" class="wsd_cursor_help">wp-config.php</strong> file must be set to writable before running this script. <span style="color: #060; font-weight: 900;">(Yes)</span></li>
26
+ <li>The database user you're using with WordPress must have <strong>ALTER</strong> rights. <?php echo $canAlter;?></li>
27
+ </ul>
28
+ <?php
29
+ /*
30
+ * If the user doesn't have ALTER rights
31
+ */
32
+ if ( ! $showPage )
33
+ {
34
+ echo wsd_eInfo('The User: <strong>'.DB_USER.'</strong> used to access the database server must have <strong>ALTER</strong> rights in order to perform this action!');
35
+
36
+ // Stop here, no need to load the rest of the page
37
+ return;
38
+ }
39
+ ?>
40
+
41
+ <?php
42
+ /*
43
+ * Issue the file permissions warning
44
+ */
45
+ $infoMessage = 'It\'s a security risk to have your files writable (0777)!
46
+ Please make sure that after running this script, the <strong title="'.ABSPATH.'wp-config.php" class="wsd_cursor_help">wp-config.php</strong> file\'s permissions are set to 0644!
47
+ <br/> See: <a href="http://codex.wordpress.org/Changing_File_Permissions" target="_blank">http://codex.wordpress.org/Changing_File_Permissions</a> for more information.';
48
+ echo wsd_eInfo($infoMessage,'information');
49
+ ?>
50
+
51
+
52
+ <?php
53
+ /*
54
+ * VALIDATE FORM
55
+ */
56
+ if (!empty($_POST['newPrefixInput']) && isset($_POST['changePrefixButton']))
57
+ {
58
+ $wsd_isPostBack = true;
59
+
60
+ check_admin_referer('prefix-changer-change_prefix');
61
+
62
+ $wpdb =& $GLOBALS['wpdb'];
63
+ $new_prefix = preg_replace("[^0-9a-zA-Z_]", "", $_POST['newPrefixInput']);
64
+ if (empty($wsd_userDbRights['rightsEnough'])) {
65
+ $wsd_Message .= wsd_eInfo('The User which is used to access your Wordpress Database, hasn\'t enough rights (is missing the ALTER right) to alter the Table structure.
66
+ <br/>Please visit the <a href="http://www.websitedefender.com/category/faq/" target=_blank">WebsiteDefender WP Security Scan WordPress plugin documentation</a> website for more information.
67
+ <br/>If the user has ALTER rights and the tool is still not working, please <a href="http://semperfiwebdesign.com/contact/" target="_blank">contact</a> the plugin author for assistance.');
68
+ }
69
+ if (!empty($wsd_userDbRights['rightsTooMuch'])) {
70
+ $wsd_Message .= wsd_eInfo('Your currently used User to access the Wordpress Database, holds too many rights.'.
71
+ '<br/>We suggest that you limit his rights or to use another User with more limited rights instead, to increase your Security.','information');
72
+ }
73
+ if (strlen($new_prefix) < strlen($_POST['newPrefixInput'])){
74
+ $wsd_Message .= wsd_eInfo('You used some characters disallowed in Table names. The sanitized prefix will be used instead: '. $new_prefix,'information');
75
+ }
76
+ if ($new_prefix == $old_prefix) {
77
+ $wsd_Message .= wsd_eInfo('No change! Please select a new table prefix value.');
78
+ }
79
+ else
80
+ {
81
+ // Get the list of tables to modify
82
+ $tables = wsd_getTablesToAlter();
83
+ if (empty($tables))
84
+ {
85
+ $wsd_Message .= wsd_eInfo('There are no tables to rename!');
86
+ }
87
+ else
88
+ {
89
+ $result = wsd_renameTables($tables, $old_prefix, $new_prefix);
90
+
91
+ // check for errors
92
+ if (!empty($result))
93
+ {
94
+ $wsd_Message .= wsd_eInfo('All tables have been successfully updated!','success');
95
+
96
+ // try to rename the fields
97
+ $wsd_Message .= wsd_renameDbFields($old_prefix, $new_prefix);
98
+
99
+ if (wsd_updateWpConfigTablePrefix($wsd_wpConfigFile, $old_prefix, $new_prefix))
100
+ {
101
+ $wsd_Message .= wsd_eInfo('The wp-config file has been successfully updated!','success');
102
+ }
103
+ else {
104
+ $wsd_Message .= wsd_eInfo('The wp-config file could not be updated! You have to manually update the table_prefix variable
105
+ to the one you have specified: '.$new_prefix);
106
+ }
107
+ }// End if tables successfully renamed
108
+ else {
109
+ $wsd_Message .= wsd_eInfo('An error has occurred and the tables could not be updated!');
110
+ }
111
+ }// End if there are tables to rename
112
+ }
113
+ }// End if (!empty($_POST['newPrefixInput']))
114
+ else {
115
+ $new_prefix = $old_prefix;
116
+ }
117
+ ?>
118
+
119
+
120
+
121
+ <br/>
122
+ <form action="#cdtp" method="post" name="prefixchanging">
123
+ <?php
124
+ if (function_exists('wp_nonce_field')) {
125
+ wp_nonce_field('prefix-changer-change_prefix');
126
+ }
127
+ ?>
128
+ <p>Change the current:
129
+ <input type="text" name="newPrefixInput" value="<?php echo $new_prefix;?>" size="20" maxlength="15"/>
130
+ table prefix to something different.</p>
131
+ <p>Allowed characters: all latin alphanumeric as well as the <strong>_</strong> (underscore).</p>
132
+ <input type="submit" name="changePrefixButton" value="Start Renaming" />
133
+ </form>
134
+
135
+ <div id="cdtp">
136
+ <?php
137
+ // Display status information
138
+ if ($isPostBack)
139
+ {
140
+ echo $wsd_Message;
141
+ }
142
+ ?>
143
+ </div>
inc/admin/templates/footer.php ADDED
@@ -0,0 +1,17 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ function mrt_wpss_menu_footer(){
4
+ echo '
5
+ <div style="clear:both;"></div>
6
+ <br />
7
+ <em>For comments, suggestions, queries and bug reports please visit
8
+ the <a href="http://www.websitedefender.com/forums/" target="_blank"
9
+ title="WebsiteDefender Forums">WebsiteDefender Forums</a></em>.
10
+
11
+ Plugin by <a href="http://websitedefender.com/" target="_blank"
12
+ title="WebsiteDefender">WebsiteDefender</a>
13
+ </div>
14
+ ';
15
+ }
16
+
17
+ ?>
inc/admin/templates/header.php ADDED
@@ -0,0 +1,11 @@
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ function mrt_wpss_menu_head($title){
4
+
5
+ echo '
6
+ <div class="wrap">
7
+ <h2 class="wpss_icon">' . $title . '</h2>';
8
+
9
+ }
10
+
11
+ ?>
js/json.js ADDED
@@ -0,0 +1,482 @@