Version Description
Current Release = Released: 27th February, 2019 - Release Notes
(v.2) IMPROVED: Firewall email notification content now better reflect the information in the audit trail.
(v.2) FIX: Firewall email notification was breaking in some instances.
Download this release
Release Info
| Developer | paultgoodchild |
| Plugin |  Shield Security for WordPress |
| Version | 7.1.2 |
| Comparing to | |
| See all releases | |
Code changes from version 7.1.1 to 7.1.2
- icwp-wpsf.php +1 -1
- plugin-spec.php +2 -2
- readme.txt +8 -5
- src/common/icwp-serviceproviders.php +7 -27
- src/features/base_wpsf.php +1 -1
- src/lib/vendor/composer/installed.json +4 -4
- src/lib/vendor/fernleafsystems/wordpress-services/src/Utilities/ServiceProviders.php +2 -2
- src/processors/firewall.php +34 -24
icwp-wpsf.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
* Plugin Name: Shield Security
|
| 4 |
* Plugin URI: https://icwp.io/2f
|
| 5 |
* Description: Powerful, Easy-To-Use #1 Rated WordPress Security System
|
| 6 |
-
* Version: 7.1.
|
| 7 |
* Text Domain: wp-simple-firewall
|
| 8 |
* Domain Path: /languages/
|
| 9 |
* Author: One Dollar Plugin
|
| 3 |
* Plugin Name: Shield Security
|
| 4 |
* Plugin URI: https://icwp.io/2f
|
| 5 |
* Description: Powerful, Easy-To-Use #1 Rated WordPress Security System
|
| 6 |
+
* Version: 7.1.2
|
| 7 |
* Text Domain: wp-simple-firewall
|
| 8 |
* Domain Path: /languages/
|
| 9 |
* Author: One Dollar Plugin
|
plugin-spec.php
CHANGED
|
@@ -1,7 +1,7 @@
|
|
| 1 |
{
|
| 2 |
"properties": {
|
| 3 |
-
"version": "7.1.
|
| 4 |
-
"release_timestamp":
|
| 5 |
"slug_parent": "icwp",
|
| 6 |
"slug_plugin": "wpsf",
|
| 7 |
"human_name": "Shield",
|
| 1 |
{
|
| 2 |
"properties": {
|
| 3 |
+
"version": "7.1.2",
|
| 4 |
+
"release_timestamp": 1551287600,
|
| 5 |
"slug_parent": "icwp",
|
| 6 |
"slug_plugin": "wpsf",
|
| 7 |
"human_name": "Shield",
|
readme.txt
CHANGED
|
@@ -8,7 +8,7 @@ Requires at least: 3.5.0
|
|
| 8 |
Requires PHP: 5.4.0
|
| 9 |
Recommended PHP: 7.0
|
| 10 |
Tested up to: 5.1
|
| 11 |
-
Stable tag: 7.1.
|
| 12 |
|
| 13 |
Complete All-In-One Protection for your WordPress sites, that makes Security Easy for Everyone - it doesn't have to be hard anymore.
|
| 14 |
|
|
@@ -352,11 +352,14 @@ You will always be able to use Shield Security and its free features in-full.
|
|
| 352 |
|
| 353 |
[Go Pro for just $1/month](https://icwp.io/aa).
|
| 354 |
|
| 355 |
-
= 7.1.
|
| 356 |
-
*Released:
|
|
|
|
|
|
|
|
|
|
| 357 |
|
| 358 |
= 7.1 - Series =
|
| 359 |
-
*Released: 21st February,
|
| 360 |
|
| 361 |
* **(v.1)** FIX: IP retrieval.
|
| 362 |
* **(v.0)** NEW: Moved Import/Export UI from Wizard to main Shield Dashboard.
|
|
@@ -368,7 +371,7 @@ You will always be able to use Shield Security and its free features in-full.
|
|
| 368 |
* **(v.0)** IMPROVED: Consolidate crons into fewer crons. e.g. all scans run under the same cron.
|
| 369 |
|
| 370 |
= 7.0 - Series =
|
| 371 |
-
*Released: 28th January,
|
| 372 |
|
| 373 |
* **(v.4)** IMPROVED: Refactored IP address blocking with improved audit trail messages.
|
| 374 |
* **(v.4)** CHANGED: Expanded anonymous REST API whitelist to include 'wpstatistics' namespace.
|
| 8 |
Requires PHP: 5.4.0
|
| 9 |
Recommended PHP: 7.0
|
| 10 |
Tested up to: 5.1
|
| 11 |
+
Stable tag: 7.1.2
|
| 12 |
|
| 13 |
Complete All-In-One Protection for your WordPress sites, that makes Security Easy for Everyone - it doesn't have to be hard anymore.
|
| 14 |
|
| 352 |
|
| 353 |
[Go Pro for just $1/month](https://icwp.io/aa).
|
| 354 |
|
| 355 |
+
= 7.1.2 - Current Release =
|
| 356 |
+
*Released: 27th February, 2019* - [Release Notes](https://icwp.io/ek)
|
| 357 |
+
|
| 358 |
+
* **(v.2)** IMPROVED: Firewall email notification content now better reflect the information in the audit trail.
|
| 359 |
+
* **(v.2)** FIX: Firewall email notification was breaking in some instances.
|
| 360 |
|
| 361 |
= 7.1 - Series =
|
| 362 |
+
*Released: 21st February, 2019* - [Release Notes](https://icwp.io/ek)
|
| 363 |
|
| 364 |
* **(v.1)** FIX: IP retrieval.
|
| 365 |
* **(v.0)** NEW: Moved Import/Export UI from Wizard to main Shield Dashboard.
|
| 371 |
* **(v.0)** IMPROVED: Consolidate crons into fewer crons. e.g. all scans run under the same cron.
|
| 372 |
|
| 373 |
= 7.0 - Series =
|
| 374 |
+
*Released: 28th January, 2019* - [Release Notes](https://icwp.io/ef)
|
| 375 |
|
| 376 |
* **(v.4)** IMPROVED: Refactored IP address blocking with improved audit trail messages.
|
| 377 |
* **(v.4)** CHANGED: Expanded anonymous REST API whitelist to include 'wpstatistics' namespace.
|
src/common/icwp-serviceproviders.php
CHANGED
|
@@ -8,7 +8,7 @@ use FernleafSystems\Wordpress\Services\Services;
|
|
| 8 |
class ICWP_WPSF_ServiceProviders extends ICWP_WPSF_Foundation {
|
| 9 |
|
| 10 |
const URL_STATUS_CAKE_IPS = 'https://app.statuscake.com/Workfloor/Locations.php?format=json';
|
| 11 |
-
const URL_ICONTROLWP_IPS = 'https://
|
| 12 |
|
| 13 |
/**
|
| 14 |
* @var string
|
|
@@ -79,31 +79,11 @@ class ICWP_WPSF_ServiceProviders extends ICWP_WPSF_Foundation {
|
|
| 79 |
$oWp = $this->loadWp();
|
| 80 |
|
| 81 |
$sStoreKey = $this->prefix( 'serviceips_icontrolwp' );
|
| 82 |
-
|
| 83 |
-
|
| 84 |
-
|
| 85 |
-
|
| 86 |
-
|
| 87 |
-
|
| 88 |
-
$aIps = [
|
| 89 |
-
4 => [
|
| 90 |
-
'23.253.32.180',
|
| 91 |
-
'23.253.56.59',
|
| 92 |
-
'23.253.62.185',
|
| 93 |
-
'104.130.217.172',
|
| 94 |
-
'198.61.176.9',
|
| 95 |
-
],
|
| 96 |
-
6 => [
|
| 97 |
-
'2001:4801:7817:0072:ca75:cc9b:ff10:4699',
|
| 98 |
-
'2001:4801:7817:72:ca75:cc9b:ff10:4699',
|
| 99 |
-
'2001:4801:7822:0103:be76:4eff:fe10:89a9',
|
| 100 |
-
'2001:4801:7822:103:be76:4eff:fe10:89a9',
|
| 101 |
-
'2001:4801:7824:0101:ca75:cc9b:ff10:a7b2',
|
| 102 |
-
'2001:4801:7824:101:ca75:cc9b:ff10:a7b2',
|
| 103 |
-
'2001:4801:7828:0101:be76:4eff:fe11:9cd6',
|
| 104 |
-
'2001:4801:7828:101:be76:4eff:fe11:9cd6',
|
| 105 |
-
]
|
| 106 |
-
];
|
| 107 |
|
| 108 |
return $bFlat ? array_merge( $aIps[ 4 ], $aIps[ 6 ] ) : $aIps;
|
| 109 |
}
|
|
@@ -512,7 +492,7 @@ class ICWP_WPSF_ServiceProviders extends ICWP_WPSF_Foundation {
|
|
| 512 |
*/
|
| 513 |
private function downloadServiceIps_iControlWP() {
|
| 514 |
$aIps = @json_decode( Services::HttpRequest()->getContent( self::URL_ICONTROLWP_IPS ), true );
|
| 515 |
-
return is_array( $aIps ) ? $aIps : [];
|
| 516 |
}
|
| 517 |
|
| 518 |
/**
|
| 8 |
class ICWP_WPSF_ServiceProviders extends ICWP_WPSF_Foundation {
|
| 9 |
|
| 10 |
const URL_STATUS_CAKE_IPS = 'https://app.statuscake.com/Workfloor/Locations.php?format=json';
|
| 11 |
+
const URL_ICONTROLWP_IPS = 'https://serviceips.icontrolwp.com/';
|
| 12 |
|
| 13 |
/**
|
| 14 |
* @var string
|
| 79 |
$oWp = $this->loadWp();
|
| 80 |
|
| 81 |
$sStoreKey = $this->prefix( 'serviceips_icontrolwp' );
|
| 82 |
+
$aIps = $oWp->getTransient( $sStoreKey );
|
| 83 |
+
if ( empty( $aIps ) ) {
|
| 84 |
+
$aIps = $this->downloadServiceIps_iControlWP();
|
| 85 |
+
$oWp->setTransient( $sStoreKey, $aIps, WEEK_IN_SECONDS*2 );
|
| 86 |
+
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 87 |
|
| 88 |
return $bFlat ? array_merge( $aIps[ 4 ], $aIps[ 6 ] ) : $aIps;
|
| 89 |
}
|
| 492 |
*/
|
| 493 |
private function downloadServiceIps_iControlWP() {
|
| 494 |
$aIps = @json_decode( Services::HttpRequest()->getContent( self::URL_ICONTROLWP_IPS ), true );
|
| 495 |
+
return is_array( $aIps ) ? $aIps : [ 4 => [], 6 => [] ];
|
| 496 |
}
|
| 497 |
|
| 498 |
/**
|
src/features/base_wpsf.php
CHANGED
|
@@ -275,7 +275,7 @@ class ICWP_WPSF_FeatureHandler_BaseWpsf extends ICWP_WPSF_FeatureHandler_Base {
|
|
| 275 |
|| $oSp->isIp_YahooBot( $sIp, $sAgent )
|
| 276 |
|| $oSp->isIp_DuckDuckGoBot( $sIp, $sAgent )
|
| 277 |
|| $oSp->isIp_YandexBot( $sIp, $sAgent )
|
| 278 |
-
|| $oSp->isIp_iControlWP( $sIp )
|
| 279 |
|| $oSp->isIp_BaiduBot( $sIp, $sAgent );
|
| 280 |
}
|
| 281 |
return self::$bIsVerifiedBot;
|
| 275 |
|| $oSp->isIp_YahooBot( $sIp, $sAgent )
|
| 276 |
|| $oSp->isIp_DuckDuckGoBot( $sIp, $sAgent )
|
| 277 |
|| $oSp->isIp_YandexBot( $sIp, $sAgent )
|
| 278 |
+
|| ( class_exists( 'ICWP_Plugin' ) && $oSp->isIp_iControlWP( $sIp ) )
|
| 279 |
|| $oSp->isIp_BaiduBot( $sIp, $sAgent );
|
| 280 |
}
|
| 281 |
return self::$bIsVerifiedBot;
|
src/lib/vendor/composer/installed.json
CHANGED
|
@@ -876,12 +876,12 @@
|
|
| 876 |
"source": {
|
| 877 |
"type": "git",
|
| 878 |
"url": "https://bitbucket.org/FernleafSystems/wordpress-services.git",
|
| 879 |
-
"reference": "
|
| 880 |
},
|
| 881 |
"dist": {
|
| 882 |
"type": "zip",
|
| 883 |
-
"url": "https://bitbucket.org/FernleafSystems/wordpress-services/get/
|
| 884 |
-
"reference": "
|
| 885 |
"shasum": ""
|
| 886 |
},
|
| 887 |
"require": {
|
|
@@ -894,7 +894,7 @@
|
|
| 894 |
"symfony/yaml": "~2.0||~3.0",
|
| 895 |
"twig/twig": "^1.0"
|
| 896 |
},
|
| 897 |
-
"time": "2019-02-
|
| 898 |
"type": "library",
|
| 899 |
"installation-source": "source",
|
| 900 |
"autoload": {
|
| 876 |
"source": {
|
| 877 |
"type": "git",
|
| 878 |
"url": "https://bitbucket.org/FernleafSystems/wordpress-services.git",
|
| 879 |
+
"reference": "a510c091d52913b5eeefc5183702b2778ca7dfac"
|
| 880 |
},
|
| 881 |
"dist": {
|
| 882 |
"type": "zip",
|
| 883 |
+
"url": "https://bitbucket.org/FernleafSystems/wordpress-services/get/a510c091d52913b5eeefc5183702b2778ca7dfac.zip",
|
| 884 |
+
"reference": "a510c091d52913b5eeefc5183702b2778ca7dfac",
|
| 885 |
"shasum": ""
|
| 886 |
},
|
| 887 |
"require": {
|
| 894 |
"symfony/yaml": "~2.0||~3.0",
|
| 895 |
"twig/twig": "^1.0"
|
| 896 |
},
|
| 897 |
+
"time": "2019-02-22T14:24:04+00:00",
|
| 898 |
"type": "library",
|
| 899 |
"installation-source": "source",
|
| 900 |
"autoload": {
|
src/lib/vendor/fernleafsystems/wordpress-services/src/Utilities/ServiceProviders.php
CHANGED
|
@@ -12,7 +12,7 @@ class ServiceProviders {
|
|
| 12 |
|
| 13 |
const URL_IPS_STATUSCAKE = 'https://app.statuscake.com/Workfloor/Locations.php?format=json';
|
| 14 |
const URL_IPS_CLOUDFLARE = 'https://www.cloudflare.com/ips-v%s';
|
| 15 |
-
const URL_IPS_ICONTROLWP = 'https://
|
| 16 |
const URL_IPS_MANAGEWP = 'https://managewp.com/wp-content/uploads/2016/11/managewp-ips.txt';
|
| 17 |
const URL_IPS_PINGDOM = 'https://my.pingdom.com/probes/ipv%s';
|
| 18 |
const URL_IPS_UPTIMEROBOT = 'https://uptimerobot.com/inc/files/ips/IPv%s.txt';
|
|
@@ -496,7 +496,7 @@ class ServiceProviders {
|
|
| 496 |
*/
|
| 497 |
private function downloadServiceIps_iControlWP() {
|
| 498 |
$aIps = @json_decode( Services::HttpRequest()->getContent( self::URL_IPS_ICONTROLWP ), true );
|
| 499 |
-
return is_array( $aIps ) ? $aIps : [];
|
| 500 |
}
|
| 501 |
|
| 502 |
/**
|
| 12 |
|
| 13 |
const URL_IPS_STATUSCAKE = 'https://app.statuscake.com/Workfloor/Locations.php?format=json';
|
| 14 |
const URL_IPS_CLOUDFLARE = 'https://www.cloudflare.com/ips-v%s';
|
| 15 |
+
const URL_IPS_ICONTROLWP = 'https://serviceips.icontrolwp.com/';
|
| 16 |
const URL_IPS_MANAGEWP = 'https://managewp.com/wp-content/uploads/2016/11/managewp-ips.txt';
|
| 17 |
const URL_IPS_PINGDOM = 'https://my.pingdom.com/probes/ipv%s';
|
| 18 |
const URL_IPS_UPTIMEROBOT = 'https://uptimerobot.com/inc/files/ips/IPv%s.txt';
|
| 496 |
*/
|
| 497 |
private function downloadServiceIps_iControlWP() {
|
| 498 |
$aIps = @json_decode( Services::HttpRequest()->getContent( self::URL_IPS_ICONTROLWP ), true );
|
| 499 |
+
return is_array( $aIps ) ? $aIps : [ 4 => [], 6 => [] ];
|
| 500 |
}
|
| 501 |
|
| 502 |
/**
|
src/processors/firewall.php
CHANGED
|
@@ -21,6 +21,11 @@ class ICWP_WPSF_Processor_Firewall extends ICWP_WPSF_Processor_BaseWpsf {
|
|
| 21 |
*/
|
| 22 |
protected $aPatterns;
|
| 23 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 24 |
/**
|
| 25 |
* After any parameter whitelisting has been accounted for
|
| 26 |
*
|
|
@@ -186,6 +191,8 @@ class ICWP_WPSF_Processor_Firewall extends ICWP_WPSF_Processor_BaseWpsf {
|
|
| 186 |
foreach ( $aMatchTerms[ 'regex' ] as $sTerm ) {
|
| 187 |
foreach ( $aParamValues as $sParam => $mValue ) {
|
| 188 |
if ( is_scalar( $mValue ) && preg_match( $sTerm, (string)$mValue ) ) {
|
|
|
|
|
|
|
| 189 |
$bFAIL = true;
|
| 190 |
break( 2 );
|
| 191 |
}
|
|
@@ -196,16 +203,14 @@ class ICWP_WPSF_Processor_Firewall extends ICWP_WPSF_Processor_BaseWpsf {
|
|
| 196 |
if ( $bFAIL ) {
|
| 197 |
$this->addToFirewallDieMessage( _wpsf__( "Something in the URL, Form or Cookie data wasn't appropriate." ) );
|
| 198 |
|
| 199 |
-
$
|
| 200 |
-
|
| 201 |
-
|
| 202 |
-
|
| 203 |
-
|
| 204 |
-
)
|
| 205 |
-
);
|
| 206 |
|
| 207 |
$this->addToAuditEntry(
|
| 208 |
-
$
|
| 209 |
array(
|
| 210 |
'param' => $sParam,
|
| 211 |
'val' => $mValue,
|
|
@@ -428,25 +433,30 @@ class ICWP_WPSF_Processor_Firewall extends ICWP_WPSF_Processor_BaseWpsf {
|
|
| 428 |
* @param string $sRecipient
|
| 429 |
* @return bool
|
| 430 |
*/
|
| 431 |
-
|
| 432 |
-
|
| 433 |
-
|
| 434 |
-
|
| 435 |
-
|
| 436 |
-
|
| 437 |
-
|
| 438 |
-
|
| 439 |
-
|
| 440 |
-
|
| 441 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 442 |
);
|
| 443 |
|
| 444 |
-
// TODO: Get audit trail messages
|
| 445 |
-
$aMessage[] = sprintf( _wpsf__( 'You can look up the offending IP Address here: %s' ), 'http://ip-lookup.net/?ip='.$this->ip() );
|
| 446 |
-
$sEmailSubject = _wpsf__( 'Firewall Block Alert' );
|
| 447 |
-
|
| 448 |
return $this->getEmailProcessor()
|
| 449 |
-
->sendEmailWithWrap( $sRecipient,
|
| 450 |
}
|
| 451 |
}
|
| 452 |
|
| 21 |
*/
|
| 22 |
protected $aPatterns;
|
| 23 |
|
| 24 |
+
/**
|
| 25 |
+
* @var array
|
| 26 |
+
*/
|
| 27 |
+
private $aAuditBlockMessage;
|
| 28 |
+
|
| 29 |
/**
|
| 30 |
* After any parameter whitelisting has been accounted for
|
| 31 |
*
|
| 191 |
foreach ( $aMatchTerms[ 'regex' ] as $sTerm ) {
|
| 192 |
foreach ( $aParamValues as $sParam => $mValue ) {
|
| 193 |
if ( is_scalar( $mValue ) && preg_match( $sTerm, (string)$mValue ) ) {
|
| 194 |
+
$sParam = sanitize_text_field( $sParam );
|
| 195 |
+
$mValue = sanitize_text_field( $mValue );
|
| 196 |
$bFAIL = true;
|
| 197 |
break( 2 );
|
| 198 |
}
|
| 203 |
if ( $bFAIL ) {
|
| 204 |
$this->addToFirewallDieMessage( _wpsf__( "Something in the URL, Form or Cookie data wasn't appropriate." ) );
|
| 205 |
|
| 206 |
+
$this->aAuditBlockMessage = [
|
| 207 |
+
sprintf( _wpsf__( 'Firewall Trigger: %s.' ), $this->getFirewallBlockKeyName( $sBlockKey ) ),
|
| 208 |
+
_wpsf__( 'Page parameter failed firewall check.' ),
|
| 209 |
+
sprintf( _wpsf__( 'The offending parameter was "%s" with a value of "%s".' ), $sParam, $mValue )
|
| 210 |
+
];
|
|
|
|
|
|
|
| 211 |
|
| 212 |
$this->addToAuditEntry(
|
| 213 |
+
implode( "\n", $this->aAuditBlockMessage ), 3, 'firewall_block',
|
| 214 |
array(
|
| 215 |
'param' => $sParam,
|
| 216 |
'val' => $mValue,
|
| 433 |
* @param string $sRecipient
|
| 434 |
* @return bool
|
| 435 |
*/
|
| 436 |
+
private function sendBlockEmail( $sRecipient ) {
|
| 437 |
+
|
| 438 |
+
if ( !empty( $this->aAuditBlockMessage ) ) {
|
| 439 |
+
$sIp = Services::IP()->getRequestIp();
|
| 440 |
+
$aMessage = array_merge(
|
| 441 |
+
[
|
| 442 |
+
sprintf( _wpsf__( '%s has blocked a page visit to your site.' ), $this->getCon()->getHumanName() ),
|
| 443 |
+
_wpsf__( 'Log details for this visitor are below:' ),
|
| 444 |
+
'- '.sprintf( '%s: %s', _wpsf__( 'IP Address' ), $sIp ),
|
| 445 |
+
],
|
| 446 |
+
array_map(
|
| 447 |
+
function ( $sLine ) {
|
| 448 |
+
return '- '.$sLine;
|
| 449 |
+
},
|
| 450 |
+
$this->aAuditBlockMessage
|
| 451 |
+
),
|
| 452 |
+
[
|
| 453 |
+
'',
|
| 454 |
+
sprintf( _wpsf__( 'You can look up the offending IP Address here: %s' ), 'http://ip-lookup.net/?ip='.$sIp )
|
| 455 |
+
]
|
| 456 |
);
|
| 457 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 458 |
return $this->getEmailProcessor()
|
| 459 |
+
->sendEmailWithWrap( $sRecipient, _wpsf__( 'Firewall Block Alert' ), $aMessage );
|
| 460 |
}
|
| 461 |
}
|
| 462 |
|
