PluginProbe ʕ •ᴥ•ʔ
Wordfence Security – Firewall, Malware Scan, and Login Security / 3.0.4
Wordfence Security – Firewall, Malware Scan, and Login Security v3.0.4
8.2.2 8.2.1 8.2.0 3.7.1 3.7.2 3.8.1 3.8.2 3.8.3 3.8.4 3.8.5 3.8.6 3.8.7 3.8.8 3.8.9 3.9.1 4.0.1 4.0.2 4.0.3 5.0.1 5.0.2 5.0.3 5.0.4 5.0.5 5.0.6 5.0.7 5.0.8 5.0.9 5.1.1 5.1.2 5.1.4 5.1.5 5.1.6 5.1.7 5.1.8 5.1.9 5.2.1 5.2.2 5.2.3 5.2.4 5.2.5 5.2.6 5.2.7 5.2.8 5.2.9 5.3.1 5.3.10 5.3.11 5.3.12 5.3.2 5.3.3 5.3.4 5.3.5 5.3.6 5.3.7 5.3.8 5.3.9 6.0.1 6.0.10 6.0.11 6.0.12 6.0.14 6.0.15 6.0.16 6.0.17 6.0.18 6.0.19 6.0.2 6.0.20 6.0.21 6.0.22 6.0.23 6.0.24 6.0.25 6.0.3 6.0.4 6.0.5 6.0.6 6.0.7 6.0.8 6.0.9 6.1.1 6.1.10 6.1.11 6.1.12 6.1.14 6.1.15 6.1.16 6.1.17 6.1.2 6.1.3 6.1.4 6.1.5 6.1.6 6.1.7 6.1.8 6.1.9 6.2.0 6.2.1 6.2.10 6.2.2 6.2.3 6.2.4 6.2.5 6.2.6 6.2.7 6.2.8 6.2.9 6.3.0 6.3.1 6.3.10 6.3.11 6.3.12 6.3.14 6.3.15 6.3.16 6.3.17 6.3.18 6.3.19 6.3.2 6.3.20 6.3.21 6.3.22 6.3.3 6.3.4 6.3.5 6.3.6 6.3.7 6.3.8 6.3.9 7.0.1 7.0.2 7.0.3 7.0.4 7.0.5 7.1.0 7.1.1 7.1.10 7.1.11 7.1.12 7.1.14 7.1.15 7.1.16 7.1.17 7.1.18 7.1.19 7.1.2 7.1.20 7.1.3 7.1.4 7.1.5 7.1.6 7.1.7 7.1.8 7.1.9 7.10.0 7.10.1 7.10.2 7.10.3 7.10.4 7.10.5 7.10.6 7.10.7 7.11.0 7.11.1 7.11.2 7.11.3 7.11.4 7.11.5 7.11.6 7.11.7 7.2.1 7.2.2 7.2.3 7.2.4 7.2.5 7.3.1 7.3.2 7.3.3 7.3.4 7.3.5 7.3.6 7.4.0 7.4.1 7.4.10 7.4.11 7.4.12 7.4.14 7.4.2 7.4.3 trunk 7.4.4 1.1 7.4.5 1.2 7.4.6 1.3 7.4.7 1.3.1 7.4.8 1.3.2 7.4.9 1.3.3 7.5.0 1.4.2 7.5.1 1.4.3 7.5.10 1.4.4 7.5.11 1.4.5 7.5.2 1.4.6 7.5.3 1.4.7 7.5.4 1.4.8 7.5.5 1.5.1 7.5.6 1.5.2 7.5.7 1.5.3 7.5.8 1.5.4 7.5.9 1.5.5 7.6.0 1.5.6 7.6.1 2.0.1 7.6.2 2.0.2 7.7.0 2.0.3 7.7.1 2.0.5 7.8.0 2.0.6 7.8.1 2.0.7 7.8.2 2.1.0 7.9.0 2.1.1 7.9.1 2.1.2 7.9.2 2.1.3 7.9.3 2.1.4 8.0.0 2.1.5 8.0.1 3.0.2 8.0.2 3.0.3 8.0.3 3.0.4 8.0.4 3.0.5 8.0.5 3.0.6 8.1.0 3.0.7 8.1.1 3.0.8 8.1.2 3.0.9 8.1.3 3.1.0 8.1.4 3.1.1 v1.4.1 3.1.2 3.1.4 3.1.6 3.2.1 3.2.3 3.2.4 3.2.5 3.2.6 3.2.7 3.3.2 3.3.3 3.3.4 3.3.5 3.3.6 3.3.7 3.4.1 3.4.4 3.4.5 3.5.1 3.5.2 3.6.1 3.6.3 3.6.4 3.6.5 3.6.6 3.6.7 3.6.8 3.6.9
wordfence / wfscan.php
wordfence Last commit date
css 13 years ago images 13 years ago js 13 years ago lib 13 years ago tmp 13 years ago .htaccess 13 years ago readme.txt 13 years ago screenshot-1.png 14 years ago screenshot-2.png 14 years ago screenshot-3.png 14 years ago screenshot-4.png 14 years ago screenshot-5.png 14 years ago visitor.php 13 years ago wfscan.php 13 years ago wordfence.php 13 years ago
wfscan.php
175 lines
1 <?php
2 /* Don't remove this line. WFSOURCEVISIBLE */
3 define('WORDFENCE_VERSIONONLY_MODE', true); //So that we can include wordfence.php and get the version constant
4 ignore_user_abort(true);
5 $wordfence_wp_version = false;
6 if ( !defined('ABSPATH') ) {
7 /** Set up WordPress environment */
8 if($_SERVER['SCRIPT_FILENAME']){
9 $wfBaseDir = preg_replace('/[^\/]+\/[^\/]+\/[^\/]+\/wfscan\.php$/', '', $_SERVER['SCRIPT_FILENAME']);
10 require_once($wfBaseDir . 'wp-load.php');
11 global $wp_version;
12 global $wordfence_wp_version;
13 require($wfBaseDir . 'wp-includes/version.php');
14 $wordfence_wp_version = $wp_version;
15 } else {
16 require_once('../../../wp-load.php');
17 require_once('../../../wp-includes/version.php');
18 }
19 }
20 require_once('wordfence.php');
21 require_once('lib/wordfenceConstants.php');
22 require_once('lib/wfScanEngine.php');
23
24 class wfScan {
25 public static $debugMode = false;
26 public static $errorHandlingOn = true;
27 private static $peakMemAtStart = 0;
28 public static function wfScanMain(){
29 self::$peakMemAtStart = memory_get_peak_usage();
30 $db = new wfDB();
31 if($db->errorMsg){
32 self::errorExit("Could not connect to database to start scan: " . $db->errorMsg);
33 }
34 if(! wordfence::wfSchemaExists()){
35 self::errorExit("Looks like the Wordfence database tables have been deleted. You can fix this by de-activating and re-activating the Wordfence plugin from your Plugins menu.");
36 }
37 if(wfUtils::isAdmin() && $_GET['debugMode'] == '1'){
38 header('Content-type: text/plain');
39 wordfence::status(1, 'info', "Running in debug mode and writing directly to browser.");
40 if(! wp_verify_nonce($_GET['nonce'], 'wp-ajax')){
41 echo("The security key (nonce) provided for this debug scan is invalid. Please close this window, refresh your options page and try again.");
42 exit();
43 }
44 self::$debugMode = true;
45 wordfence::$printStatus = true;
46 } else {
47 wordfence::status(4, 'info', "Scan engine received request.");
48 wordfence::status(4, 'info', "Checking cronkey header");
49 if(! $_SERVER['HTTP_X_WORDFENCE_CRONKEY']){
50 self::errorExit("The Wordfence scanner did not receive the x_wordfence_cronkey secure header.");
51 }
52 wordfence::status(4, 'info', "Fetching stored cronkey for comparison.");
53 $currentCronKey = wfConfig::get('currentCronKey', false);
54 if(! $currentCronKey){
55 self::errorExit("Wordfence could not find a saved cron key to start the scan.");
56 }
57
58 wordfence::status(4, 'info', "Exploding stored cronkey");
59 $savedKey = explode(',',$currentCronKey);
60 if(time() - $savedKey[0] > 60){
61 self::errorExit("The key used to start a scan has expired.");
62 } //keys only last 60 seconds and are used within milliseconds of creation
63 wordfence::status(4, 'info', "Checking saved cronkey against cronkey header");
64 if($savedKey[1] != $_SERVER['HTTP_X_WORDFENCE_CRONKEY']){
65 self::errorExit("Wordfence could not start a scan because the cron key does not match the saved key.");
66 }
67 wordfence::status(4, 'info', "Deleting stored cronkey");
68 wfConfig::set('currentCronKey', '');
69 }
70
71 ini_set('max_execution_time', 1800); //30 mins
72 wordfence::status(4, 'info', "Becoming admin for scan");
73 self::becomeAdmin();
74
75 $isFork = ($_GET['isFork'] == '1' ? true : false);
76
77 if(! $isFork){
78 wordfence::status(4, 'info', "Checking if scan is already running");
79 if(! wfUtils::getScanLock()){
80 self::errorExit("There is already a scan running.");
81 }
82 }
83 wordfence::status(4, 'info', "Requesting max memory");
84 wfUtils::requestMaxMemory();
85 wordfence::status(4, 'info', "Setting up error handling environment");
86 set_error_handler('wfScan::error_handler', E_ALL);
87 register_shutdown_function('wfScan::shutdown');
88 if(! self::$debugMode){
89 ob_start('wfScan::obHandler');
90 }
91 @error_reporting(E_ALL);
92 @ini_set('display_errors','On');
93 wordfence::status(4, 'info', "Setting up scanRunning and starting scan");
94 $scan = false;
95 if($isFork){
96 $scan = wfConfig::get_ser('wfsd_engine', false, true);
97 if($scan){
98 wordfence::status(4, 'info', "Got a true deserialized value back from 'wfsd_engine' with type: " . gettype($scan));
99 wfConfig::set('wfsd_engine', '', true);
100 } else {
101 wordfence::status(2, 'error', "Scan can't continue - stored data not found after a fork. Got type: " . gettype($scan));
102 wfConfig::set('wfsd_engine', '', true);
103 exit();
104 }
105 } else {
106 wordfence::statusPrep(); //Re-initializes all status counters
107 $scan = new wfScanEngine();
108 }
109 try {
110 $scan->go();
111 } catch (Exception $e){
112 wfUtils::clearScanLock();
113 wordfence::status(2, 'error', "Scan terminated with error: " . $e->getMessage());
114 wordfence::status(10, 'info', "SUM_KILLED:Previous scan terminated with an error. See below.");
115 exit();
116 }
117 wfUtils::clearScanLock();
118 self::logPeakMemory();
119 wordfence::status(2, 'info', "Wordfence used " . sprintf('%.2f', (wfConfig::get('wfPeakMemory') - self::$peakMemAtStart) / 1024 / 1024) . "MB of memory for scan. Server peak memory usage was: " . sprintf('%.2f', wfConfig::get('wfPeakMemory') / 1024 / 1024) . "MB");
120 }
121 private static function logPeakMemory(){
122 $oldPeak = wfConfig::get('wfPeakMemory', 0);
123 $peak = memory_get_peak_usage();
124 if($peak > $oldPeak){
125 wfConfig::set('wfPeakMemory', $peak);
126 }
127 }
128 public static function obHandler($buf){
129 if(strlen($buf) > 1000){
130 $buf = substr($buf, 0, 255);
131 }
132 if(empty($buf) === false && preg_match('/[a-zA-Z0-9]+/', $buf)){
133 wordfence::status(1, 'error', $buf);
134 }
135 }
136 public static function error_handler($errno, $errstr, $errfile, $errline){
137 if(self::$errorHandlingOn){
138 if(preg_match('/wordfence\//', $errfile)){
139 $level = 1; //It's one of our files, so level 1
140 } else {
141 $level = 4; //It's someone elses plugin so only show if debug is enabled
142 }
143 wordfence::status($level, 'error', "$errstr ($errno) File: $errfile Line: $errline");
144 }
145 }
146 public static function shutdown(){
147 self::logPeakMemory();
148 }
149 private static function errorExit($msg){
150 echo json_encode(array('errorMsg' => $msg));
151 exit();
152 }
153 public static function becomeAdmin(){
154 global $wpdb;
155 $ws = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users");
156 $users = array();
157 foreach($ws as $user){
158 $userDat = get_userdata($user->ID);
159 array_push($users, array(
160 'id' => $user->ID,
161 'user_login' => $user->user_login,
162 'level' => $userDat->user_level
163 ));
164 }
165 usort($users, 'wfScan::usort');
166 wp_set_current_user($users[0]['id'], $users[0]['user_login']);
167 }
168 public static function usort($b, $a){
169 if($a['level'] == $b['level']){ return 0; }
170 return ($a['level'] < $b['level']) ? -1 : 1;
171 }
172 }
173 wfScan::wfScanMain();
174 ?>
175