menu_options.php — Wordfence Security – Firewall, Malware Scan, and Login Security 6.1.15

wordfence / lib / menu_options.php

wordfence / lib Last commit date

menu_options.php

1157 lines

1	<?php
2	$w = new wfConfig();
3	?>
4	<div class="wordfenceModeElem" id="wordfenceMode_options"></div>
5	<div class="wrap">
6	<?php require( 'menuHeader.php' ); ?>
7	<?php $helpLink = "http://docs.wordfence.com/en/Wordfence_options";
8	$helpLabel = "Learn more about Wordfence Options";
9	$pageTitle = "Wordfence Options";
10	include( 'pageTitle.php' ); ?>
11	<div class="wordfenceLive">
12	<table border="0" cellpadding="0" cellspacing="0">
13	<tr>
14	<td><h2>Wordfence Live Activity:</h2></td>
15	<td id="wfLiveStatus"></td>
16	</tr>
17	</table>
18	</div>
19
20	<form id="wfConfigForm">
21	<table class="wfConfigForm">
22	<tr>
23	<td colspan="2"><h2>License</h2></td>
24	</tr>
25
26	<tr>
27	<th>Your Wordfence API Key:<a href="http://docs.wordfence.com/en/Wordfence_options#Wordfence_API_Key"
28	target="_blank" class="wfhelp"></a></th>
29	<td><input type="text" id="apiKey" name="apiKey" value="<?php $w->f( 'apiKey' ); ?>" size="80"/></td>
30	</tr>
31	<tr>
32	<th>Key type currently active:</th>
33	<td>
34	<?php if (wfConfig::get( 'isPaid' )){ ?>
35	The currently active API Key is a Premium Key. <span style="font-weight: bold; color: #0A0;">Premium scanning enabled!</span>
36	<?php } else { ?>
37	The currently active API Key is a <span style="color: #F00; font-weight: bold;">Free Key</span>. <a
38	href="https://www.wordfence.com/gnl1optAPIKey1/wordfence-signup/" target="_blank">Click Here to Upgrade to
39	Wordfence Premium now.</a>
40	<?php } ?>
41	</td>
42	</tr>
43	<tr>
44	<td colspan="2">
45	<?php if (wfConfig::get('isPaid')): ?>
46	<table border="0">
47	<tr>
48	<td><a href="https://www.wordfence.com/gnl1optMngKys/manage-wordfence-api-keys/"
49	target="_blank"><input type="button" value="Renew your premium license"/></a>
50	</td>
51	<td> </td>
52	<td><input type="button" value="Downgrade to a free license"
53	onclick="WFAD.downgradeLicense();"/></td>
54	</tr>
55	</table>
56	<?php else: ?>
57	<div class="wf-premium-callout">
58	<h3>Upgrade to Wordfence Premium today for just $8.25 per month:</h3>
59	<ul>
60	<li>Receive real-time Firewall and Scan engine rule updates for protection as threats emerge</li>
61	<li>Advanced features like IP reputation monitoring, country blocking, an advanced comment spam filter and cell phone sign-in give you the best protection available</li>
62	<li>Remote, frequent and scheduled scans</li>
63	<li>Access to Premium Support</li>
64	<li>Discounts of up to 75% for multiyear and multi-license purchases</li>
65	</ul>
66	<p class="center">
67	<a class="button button-primary"
68	href="https://www.wordfence.com/gnl1optCallout1/wordfence-signup/">
69	Get Premium</a></p>
70	</div>
71	<?php endif ?>
72	</td>
73	</tr>
74	<tr>
75	<td colspan="2"><h2>Basic Options<a href="http://docs.wordfence.com/en/Wordfence_options#Basic_Options"
76	target="_blank" class="wfhelp"></a></h2></td>
77	</tr>
78	<tr>
79	<th class="wfConfigEnable">Enable Rate Limiting and Advanced Blocking<a
80	href="https://docs.wordfence.com/en/Wordfence_options#Enable_Rate_Limiting_and_Advanced_Blocking" target="_blank"
81	class="wfhelp"></a></th>
82	<td><input type="checkbox" id="firewallEnabled" class="wfConfigElem" name="firewallEnabled"
83	value="1" <?php $w->cb( 'firewallEnabled' ); ?> /> <span
84	style="color: #F00;">NOTE:</span> This checkbox enables ALL blocking/throttling functions including IP,
85	country and advanced blocking and the "Rate Limiting Rules" below.
86	</td>
87	</tr>
88	<tr>
89	<td colspan="2"> </td>
90	</tr>
91	<tr>
92	<th class="wfConfigEnable">Enable login security<a
93	href="http://docs.wordfence.com/en/Wordfence_options#Enable_login_security" target="_blank"
94	class="wfhelp"></a></th>
95	<td><input type="checkbox" id="loginSecurityEnabled" class="wfConfigElem" name="loginSecurityEnabled"
96	value="1" <?php $w->cb( 'loginSecurityEnabled' ); ?> /> This option enables all "Login
97	Security" options, including two-factor authentication, strong password enforcement, and invalid login throttling. You can modify individual options further down this page.
98	</td>
99	</tr>
100	<tr>
101	<td colspan="2"> </td>
102	</tr>
103	<tr>
104	<th class="wfConfigEnable">Enable Live Traffic View<a
105	href="http://docs.wordfence.com/en/Wordfence_options#Enable_Live_Traffic_View" target="_blank"
106	class="wfhelp"></a></th>
107	<td><input type="checkbox" id="liveTrafficEnabled" class="wfConfigElem" name="liveTrafficEnabled"
108	value="1" <?php $w->cb( 'liveTrafficEnabled' ); ?>
109	onclick="WFAD.reloadConfigPage = true; return true;"/> This option enables live traffic
110	logging.
111	</td>
112	</tr>
113	<tr>
114	<td colspan="2"> </td>
115	</tr>
116	<tr>
117	<th class="wfConfigEnable">Advanced Comment Spam Filter<a
118	href="http://docs.wordfence.com/en/Wordfence_options#Advanced_Comment_Spam_Filter"
119	target="_blank" class="wfhelp"></a></th>
120	<td><input type="checkbox" id="advancedCommentScanning" class="wfConfigElem"
121	name="advancedCommentScanning" value="1" <?php $w->cbp( 'advancedCommentScanning' );
122	if ( ! wfConfig::get( 'isPaid' )){ ?>onclick="alert('This is a paid feature because it places significant additional load on our servers.'); jQuery('#advancedCommentScanning').attr('checked', false); return false;" <?php } ?> /> <span
123	style="color: #F00;">Premium Feature</span> In addition to free comment filtering (see below)
124	this option filters comments against several additional real-time lists of known spammers and
125	infected hosts.
126	</td>
127	</tr>
128	<tr>
129	<th class="wfConfigEnable">Check if this website is being "Spamvertised"<a
130	href="http://docs.wordfence.com/en/Wordfence_options#Check_if_this_website_is_being_.22Spamvertized.22"
131	target="_blank" class="wfhelp"></a></th>
132	<td><input type="checkbox" id="spamvertizeCheck" class="wfConfigElem" name="spamvertizeCheck" value="1"
133	<?php $w->cbp( 'spamvertizeCheck' );
134	if ( ! wfConfig::get( 'isPaid' )){ ?>onclick="alert('This is a paid feature because it places significant additional load on our servers.'); jQuery('#spamvertizeCheck').attr('checked', false); return false;" <?php } ?> /> <span
135	style="color: #F00;">Premium Feature</span> When doing a scan, Wordfence will check with spam
136	services if your site domain name is appearing as a link in spam emails.
137	</td>
138	</tr>
139	<tr>
140	<th class="wfConfigEnable">Check if this website IP is generating spam<a
141	href="http://docs.wordfence.com/en/Wordfence_options#Check_if_this_website_IP_is_generating_spam"
142	target="_blank" class="wfhelp"></a></th>
143	<td><input type="checkbox" id="checkSpamIP" class="wfConfigElem" name="checkSpamIP" value="1"
144	<?php $w->cbp( 'checkSpamIP' );
145	if ( ! wfConfig::get( 'isPaid' )){ ?>onclick="alert('This is a paid feature because it places significant additional load on our servers.'); jQuery('#checkSpamIP').attr('checked', false); return false;" <?php } ?> /> <span
146	style="color: #F00;">Premium Feature</span> When doing a scan, Wordfence will check with spam
147	services if your website IP address is listed as a known source of spam email.
148	</td>
149	</tr>
150	<tr>
151	<td colspan="2"> </td>
152	</tr>
153	<?php /* <tr><th class="wfConfigEnable">Enable Performance Monitoring</th><td><input type="checkbox" id="perfLoggingEnabled" class="wfConfigElem" name="perfLoggingEnabled" value="1" <?php $w->cb('perfLoggingEnabled'); ?> onclick="WFAD.reloadConfigPage = true; return true;" /> This option enables performance monitoring.</td></tr> */ ?>
154	<tr>
155	<td colspan="2"> </td>
156	</tr>
157	<tr>
158	<th class="wfConfigEnable">Enable automatic scheduled scans<a
159	href="http://docs.wordfence.com/en/Wordfence_options#Enable_automatic_scheduled_scans"
160	target="_blank" class="wfhelp"></a></th>
161	<td><input type="checkbox" id="scheduledScansEnabled" class="wfConfigElem" name="scheduledScansEnabled"
162	value="1" <?php $w->cb( 'scheduledScansEnabled' ); ?> /> Regular scans ensure your site
163	stays secure.
164	</td>
165	</tr>
166	<tr>
167	<td colspan="2"> </td>
168	</tr>
169	<tr>
170	<th class="wfConfigEnable">Update Wordfence automatically when a new version is released?<a
171	href="http://docs.wordfence.com/en/Wordfence_options#Update_Wordfence_Automatically_when_a_new_version_is_released"
172	target="_blank" class="wfhelp"></a></th>
173	<td><input type="checkbox" id="autoUpdate" class="wfConfigElem" name="autoUpdate"
174	value="1" <?php $w->cb( 'autoUpdate' ); ?> /> Automatically updates Wordfence to the
175	newest version within 24 hours of a new release.<br/>
176	<?php if (getenv( 'noabort' ) != '1' && stristr( $_SERVER['SERVER_SOFTWARE'], 'litespeed' ) !== false){ ?>
177	<span style="color: #F00;">Warning: </span>You are running LiteSpeed web server and you don't have
178	the "noabort" variable set in your .htaccess.<br/>
179	<a href="https://docs.wordfence.com/en/LiteSpeed_aborts_Wordfence_scans_and_updates._How_do_I_prevent_that%3F"
180	target="_blank">Please read this article in our FAQ to make an important change that will ensure
181	your site stability during an update.<br/>
182	<?php } ?>
183	</td>
184	</tr>
185	<tr>
186	<td colspan="2"> </td>
187	</tr>
188
189	<tr>
190	<th>Where to email alerts:<a href="http://docs.wordfence.com/en/Wordfence_options#Where_to_email_alerts"
191	target="_blank" class="wfhelp"></a></th>
192	<td><input type="text" id="alertEmails" name="alertEmails" value="<?php $w->f( 'alertEmails' ); ?>"
193	size="50"/> <span class="wfTipText">Separate multiple emails with commas</span></td>
194	</tr>
195	<tr>
196	<th colspan="2"> </th>
197	</tr>
198	<tr>
199	<th>How does Wordfence get IPs:<a
200	href="http://docs.wordfence.com/en/Wordfence_options#How_does_Wordfence_get_IPs" target="_blank"
201	class="wfhelp"></a></th>
202	<td>
203	<select id="howGetIPs" name="howGetIPs">
204	<option value="">Let Wordfence use the most secure method to get visitor IP addresses. Prevents
205	spoofing and works with most sites.
206	</option>
207	<option value="REMOTE_ADDR"<?php $w->sel( 'howGetIPs', 'REMOTE_ADDR' ); ?>>Use PHP's built in
208	REMOTE_ADDR and don't use anything else. Very secure if this is compatible with your site.
209	</option>
210	<option value="HTTP_X_FORWARDED_FOR"<?php $w->sel( 'howGetIPs', 'HTTP_X_FORWARDED_FOR' ); ?>>Use
211	the X-Forwarded-For HTTP header. Only use if you have a front-end proxy or spoofing may
212	result.
213	</option>
214	<option value="HTTP_X_REAL_IP"<?php $w->sel( 'howGetIPs', 'HTTP_X_REAL_IP' ); ?>>Use the
215	X-Real-IP HTTP header. Only use if you have a front-end proxy or spoofing may result.
216	</option>
217	<option value="HTTP_CF_CONNECTING_IP"<?php $w->sel( 'howGetIPs', 'HTTP_CF_CONNECTING_IP' ); ?>>
218	Use the Cloudflare "CF-Connecting-IP" HTTP header to get a visitor IP. Only use if you're
219	using Cloudflare.
220	</option>
221	</select>
222	</td>
223	</tr>
224	</table>
225	<p>
226	<table border="0" cellpadding="0" cellspacing="0">
227	<tr>
228	<td><input type="button" id="button1" name="button1" class="button-primary" value="Save Changes"
229	onclick="WFAD.saveConfig();"/></td>
230	<td style="height: 24px;">
231	<div class="wfAjax24"></div>
232	<span class="wfSavedMsg"> Your changes have been saved!</span></td>
233	</tr>
234	</table>
235	</p>
236	<div class="wfMarker" id="wfMarkerBasicOptions"></div>
237	<div style="margin-top: 25px;">
238	<h2>Advanced Options:<a href="http://docs.wordfence.com/en/Wordfence_options#Advanced_Options"
239	target="_blank" class="wfhelp"></a></h2>
240
241	<p style="width: 600px;">
242	Wordfence works great out of the box for most websites. Simply install Wordfence and your site and
243	content is protected. For finer granularity of control, we have provided advanced options.
244	</p>
245	</div>
246	<div id="wfConfigAdvanced">
247	<table class="wfConfigForm">
248	<tr>
249	<td colspan="2"><h3 class="wfConfigHeading">Alerts<a
250	href="http://docs.wordfence.com/en/Wordfence_options#Alerts" target="_blank"
251	class="wfhelp"></a></h3></td>
252	</tr>
253	<?php
254	$emails = wfConfig::getAlertEmails();
255	if ( sizeof( $emails ) < 1 ) {
256	echo "<tr><th colspan=\"2\" style=\"color: #F00;\">You have not configured an email to receive alerts yet. Set this up under \"Basic Options\" above.</th></tr>\n";
257	}
258	?>
259	<tr>
260	<th>Email me when Wordfence is automatically updated</th>
261	<td><input type="checkbox" id="alertOn_update" class="wfConfigElem" name="alertOn_update"
262	value="1" <?php $w->cb( 'alertOn_update' ); ?>/> If you have automatic updates
263	enabled (see above), you'll get an email when an update occurs.
264	</td>
265	</tr>
266	<tr>
267	<th>Alert on critical problems</th>
268	<td><input type="checkbox" id="alertOn_critical" class="wfConfigElem" name="alertOn_critical"
269	value="1" <?php $w->cb( 'alertOn_critical' ); ?>/></td>
270	</tr>
271	<tr>
272	<th>Alert on warnings</th>
273	<td><input type="checkbox" id="alertOn_warnings" class="wfConfigElem" name="alertOn_warnings"
274	value="1" <?php $w->cb( 'alertOn_warnings' ); ?>/></td>
275	</tr>
276	<tr>
277	<th>Alert when an IP address is blocked</th>
278	<td><input type="checkbox" id="alertOn_block" class="wfConfigElem" name="alertOn_block"
279	value="1" <?php $w->cb( 'alertOn_block' ); ?>/></td>
280	</tr>
281	<tr>
282	<th>Alert when someone is locked out from login</th>
283	<td><input type="checkbox" id="alertOn_loginLockout" class="wfConfigElem"
284	name="alertOn_loginLockout" value="1" <?php $w->cb( 'alertOn_loginLockout' ); ?>/></td>
285	</tr>
286	<tr>
287	<th>Alert when the "lost password" form is used for a valid user</th>
288	<td><input type="checkbox" id="alertOn_lostPasswdForm" class="wfConfigElem"
289	name="alertOn_lostPasswdForm" value="1" <?php $w->cb( 'alertOn_lostPasswdForm' ); ?>/>
290	</td>
291	</tr>
292	<tr>
293	<th>Alert me when someone with administrator access signs in</th>
294	<td><input type="checkbox" id="alertOn_adminLogin" class="wfConfigElem" name="alertOn_adminLogin"
295	value="1" <?php $w->cb( 'alertOn_adminLogin' ); ?>/></td>
296	</tr>
297	<tr>
298	<th>Alert me when a non-admin user signs in</th>
299	<td><input type="checkbox" id="alertOn_nonAdminLogin" class="wfConfigElem"
300	name="alertOn_nonAdminLogin" value="1" <?php $w->cb( 'alertOn_nonAdminLogin' ); ?>/></td>
301	</tr>
302	<tr>
303	<th>Maximum email alerts to send per hour</th>
304	<td> <input type="text" id="alert_maxHourly" name="alert_maxHourly"
305	value="<?php $w->f( 'alert_maxHourly' ); ?>" size="4"/>0 or empty means unlimited
306	alerts will be sent.
307	</td>
308	</tr>
309	<tr>
310	<td colspan="2">
311	<div class="wfMarker" id="wfMarkerEmailSummary"></div>
312	<h3 class="wfConfigHeading">Email Summary<a
313	href="http://docs.wordfence.com/en/Wordfence_options#Email_Summary" target="_blank"
314	class="wfhelp"></a></h3>
315	</td>
316	</tr>
317	<tr>
318	<th>Enable email summary:</th>
319	<td> <input type="checkbox" id="email_summary_enabled" name="email_summary_enabled"
320	value="1" <?php $w->cb('email_summary_enabled'); ?> />
321	</td>
322	</tr>
323	<tr>
324	<th>Email summary frequency:</th>
325	<td>
326	<select id="email_summary_interval" class="wfConfigElem" name="email_summary_interval">
327	<option value="weekly"<?php $w->sel( 'email_summary_interval', 'weekly' ); ?>>Once a week</option>
328	<option value="biweekly"<?php $w->sel( 'email_summary_interval', 'biweekly' ); ?>>Once every 2 weeks</option>
329	<option value="monthly"<?php $w->sel( 'email_summary_interval', 'monthly' ); ?>>Once a month</option>
330	</select>
331	</td>
332	</tr>
333	<tr>
334	<th>Comma-separated list of directories to exclude from recently modified file list:</th>
335	<td>
336	<input name="email_summary_excluded_directories" type="text" value="<?php $w->f('email_summary_excluded_directories') ?>"/>
337	</td>
338	</tr>
339	<?php if ((defined('WP_DEBUG') && WP_DEBUG) \|\| wfConfig::get('debugOn', 0)): ?>
340	<tr>
341	<th>Send test email:</th>
342	<td>
343	<input type="email" id="email_summary_email_address_debug" />
344	<a class="button" href="javascript:void(0);" onclick="WFAD.ajax('wordfence_email_summary_email_address_debug', {email: jQuery('#email_summary_email_address_debug').val()});">Send Email</a>
345	</td>
346	</tr>
347	<?php endif ?>
348	<tr>
349	<th>Enable activity report widget on dashboard:</th>
350	<td> <input type="checkbox" id="email_summary_dashboard_widget_enabled" name="email_summary_dashboard_widget_enabled"
351	value="1" <?php $w->cb('email_summary_dashboard_widget_enabled'); ?> />
352	</td>
353	</tr>
354	<tr>
355	<td colspan="2">
356	<div class="wfMarker" id="wfMarkerLiveTrafficOptions"></div>
357	<h3 class="wfConfigHeading">Live Traffic View<a
358	href="http://docs.wordfence.com/en/Wordfence_options#Live_Traffic_View" target="_blank"
359	class="wfhelp"></a></h3>
360	</td>
361	</tr>
362	<tr>
363	<th>Don't log signed-in users with publishing access:</th>
364	<td><input type="checkbox" id="liveTraf_ignorePublishers" name="liveTraf_ignorePublishers"
365	value="1" <?php $w->cb( 'liveTraf_ignorePublishers' ); ?> /></td>
366	</tr>
367	<tr>
368	<th>List of comma separated usernames to ignore:</th>
369	<td><input type="text" name="liveTraf_ignoreUsers" id="liveTraf_ignoreUsers"
370	value="<?php $w->f( 'liveTraf_ignoreUsers' ); ?>"/></td>
371	</tr>
372	<tr>
373	<th>List of comma separated IP addresses to ignore:</th>
374	<td><input type="text" name="liveTraf_ignoreIPs" id="liveTraf_ignoreIPs"
375	value="<?php $w->f( 'liveTraf_ignoreIPs' ); ?>"/></td>
376	</tr>
377	<tr>
378	<th>Browser user-agent to ignore:</th>
379	<td><input type="text" name="liveTraf_ignoreUA" id="liveTraf_ignoreUA"
380	value="<?php $w->f( 'liveTraf_ignoreUA' ); ?>"/></td>
381	</tr>
382	<tr>
383	<th>Amount of Live Traffic data to store (number of rows):</th>
384	<td><input type="text" name="liveTraf_maxRows" id="liveTraf_maxRows"
385	value="<?php $w->f( 'liveTraf_maxRows' ); ?>"/></td>
386	</tr>
387	<tr>
388	<td colspan="2">
389	<div class="wfMarker" id="wfMarkerScansToInclude"></div>
390	<h3 class="wfConfigHeading">Scans to include<a
391	href="http://docs.wordfence.com/en/Wordfence_options#Scans_to_Include" target="_blank"
392	class="wfhelp"></a></h3></td>
393	</tr>
394	<?php if ( wfConfig::get( 'isPaid' ) ) { ?>
395	<tr>
396	<th>Scan public facing site for vulnerabilities?<a
397	href="http://docs.wordfence.com/en/Wordfence_options#Scan_public_facing_site"
398	target="_blank" class="wfhelp"></a></th>
399	<td><input type="checkbox" id="scansEnabled_public" class="wfConfigElem"
400	name="scansEnabled_public" value="1" <?php $w->cb( 'scansEnabled_public' ); ?> /></td>
401	</tr>
402	<?php } else { ?>
403	<tr>
404	<th style="color: #F00;">Scan public facing site for vulnerabilities?<a
405	href="http://docs.wordfence.com/en/Wordfence_options#Scan_public_facing_site"
406	target="_blank" class="wfhelp"></a>(<a
407	href="https://www.wordfence.com/gnl1optPdOnly1/wordfence-signup/" target="_blank">Paid members only</a>)
408	</th>
409	<td><input type="checkbox" id="scansEnabled_public" class="wfConfigElem"
410	name="scansEnabled_public" value="1" DISABLED /></td>
411	</tr>
412	<?php } ?>
413	<tr>
414	<th>Scan for the HeartBleed vulnerability?<a
415	href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_the_HeartBleed_vulnerability"
416	target="_blank" class="wfhelp"></a></th>
417	<td><input type="checkbox" id="scansEnabled_heartbleed" class="wfConfigElem"
418	name="scansEnabled_heartbleed" value="1" <?php $w->cb( 'scansEnabled_heartbleed' ); ?> />
419	</td>
420	</tr>
421	<tr>
422	<th>Scan for publically accessible configuration, backup, or log files<a
423	href="http://docs.wordfence.com/en/Wordfence_options#Configuration_Readable"
424	target="_blank" class="wfhelp"></a></th>
425	<td><input type="checkbox" id="scansEnabled_checkReadableConfig" class="wfConfigElem"
426	name="scansEnabled_checkReadableConfig" value="1" <?php $w->cb( 'scansEnabled_checkReadableConfig' ); ?> />
427	</td>
428	</tr>
429	<!-- <tr>-->
430	<!-- <th>Scan for Full Path Disclosure?<a-->
431	<!-- href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_Full_Path_Disclosure"-->
432	<!-- target="_blank" class="wfhelp"></a></th>-->
433	<!-- <td><input type="checkbox" id="scansEnabled_wpscan_fullPathDisclosure" class="wfConfigElem"-->
434	<!-- name="scansEnabled_wpscan_fullPathDisclosure" value="1" --><?php //$w->cb( 'scansEnabled_wpscan_fullPathDisclosure' ); ?><!-- />-->
435	<!-- </td>-->
436	<!-- </tr>-->
437	<!-- <tr>-->
438	<!-- <th>Scan for Directory Listing?<a-->
439	<!-- href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_Directory_Listing"-->
440	<!-- target="_blank" class="wfhelp"></a></th>-->
441	<!-- <td><input type="checkbox" id="scansEnabled_wpscan_directoryListingEnabled" class="wfConfigElem"-->
442	<!-- name="scansEnabled_wpscan_directoryListingEnabled" value="1" --><?php //$w->cb( 'scansEnabled_wpscan_directoryListingEnabled' ); ?><!-- />-->
443	<!-- </td>-->
444	<!-- </tr>-->
445	<tr>
446	<th>Scan core files against repository versions for changes<a
447	href="http://docs.wordfence.com/en/Wordfence_options#Scan_core_files_against_repository_version_for_changes"
448	target="_blank" class="wfhelp"></a></th>
449	<td><input type="checkbox" id="scansEnabled_core" class="wfConfigElem" name="scansEnabled_core"
450	value="1" <?php $w->cb( 'scansEnabled_core' ); ?>/></td>
451	</tr>
452
453	<tr>
454	<th>Scan theme files against repository versions for changes<a
455	href="http://docs.wordfence.com/en/Wordfence_options#Scan_theme_files_against_repository_versions_for_changes"
456	target="_blank" class="wfhelp"></a></th>
457	<td><input type="checkbox" id="scansEnabled_themes" class="wfConfigElem" name="scansEnabled_themes"
458	value="1" <?php $w->cb( 'scansEnabled_themes' ); ?>/></td>
459	</tr>
460	<tr>
461	<th>Scan plugin files against repository versions for changes<a
462	href="http://docs.wordfence.com/en/Wordfence_options#Scan_plugin_files_against_repository_versions_for_changes"
463	target="_blank" class="wfhelp"></a></th>
464	<td><input type="checkbox" id="scansEnabled_plugins" class="wfConfigElem"
465	name="scansEnabled_plugins" value="1" <?php $w->cb( 'scansEnabled_plugins' ); ?>/></td>
466	</tr>
467	<tr>
468	<th>Scan wp-admin and wp-includes for files not bundled with WordPress<a
469	href="http://docs.wordfence.com/en/Wordfence_options#Scan_wordpress_core_for_unknown_files"
470	target="_blank" class="wfhelp"></a></th>
471	<td><input type="checkbox" id="scansEnabled_coreUnknown" class="wfConfigElem"
472	name="scansEnabled_coreUnknown" value="1" <?php $w->cb( 'scansEnabled_coreUnknown' ); ?>/></td>
473	</tr>
474	<tr>
475	<th>Scan for signatures of known malicious files<a
476	href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_signatures_of_known_malicious_files"
477	target="_blank" class="wfhelp"></a></th>
478	<td><input type="checkbox" id="scansEnabled_malware" class="wfConfigElem"
479	name="scansEnabled_malware" value="1" <?php $w->cb( 'scansEnabled_malware' ); ?>/></td>
480	</tr>
481	<tr>
482	<th>Scan file contents for backdoors, trojans and suspicious code<a
483	href="http://docs.wordfence.com/en/Wordfence_options#Scan_file_contents_for_backdoors.2C_trojans_and_suspicious_code"
484	target="_blank" class="wfhelp"></a></th>
485	<td><input type="checkbox" id="scansEnabled_fileContents" class="wfConfigElem"
486	name="scansEnabled_fileContents"
487	value="1" <?php $w->cb( 'scansEnabled_fileContents' ); ?>/>
488
489	<a href="#add-more-rules" class="do-show" data-selector="#scan_include_extra">+ Add additional signatures</a>
490	</td>
491	</tr>
492	<tr class="hidden" id="scan_include_extra">
493	<th style="vertical-align: top;">Additional scan signatures</th>
494	<td><textarea class="wfConfigElement" cols="40" rows="4"
495	name="scan_include_extra"><?php echo $w->getHTML('scan_include_extra'); ?></textarea>
496	</td>
497	</tr>
498	<tr>
499	<th>Scan posts for known dangerous URLs and suspicious content<a
500	href="http://docs.wordfence.com/en/Wordfence_options#Scan_posts_for_known_dangerous_URLs_and_suspicious_content"
501	target="_blank" class="wfhelp"></a></th>
502	<td><input type="checkbox" id="scansEnabled_posts" class="wfConfigElem" name="scansEnabled_posts"
503	value="1" <?php $w->cb( 'scansEnabled_posts' ); ?>/></td>
504	</tr>
505	<tr>
506	<th>Scan comments for known dangerous URLs and suspicious content<a
507	href="http://docs.wordfence.com/en/Wordfence_options#Scan_comments_for_known_dangerous_URLs_and_suspicious_content"
508	target="_blank" class="wfhelp"></a></th>
509	<td><input type="checkbox" id="scansEnabled_comments" class="wfConfigElem"
510	name="scansEnabled_comments" value="1" <?php $w->cb( 'scansEnabled_comments' ); ?>/></td>
511	</tr>
512	<tr>
513	<th>Scan for out of date plugins, themes and WordPress versions<a
514	href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_out_of_date_plugins.2C_themes_and_WordPress_versions"
515	target="_blank" class="wfhelp"></a></th>
516	<td><input type="checkbox" id="scansEnabled_oldVersions" class="wfConfigElem"
517	name="scansEnabled_oldVersions"
518	value="1" <?php $w->cb( 'scansEnabled_oldVersions' ); ?>/></td>
519	</tr>
520	<tr>
521	<th>Scan for admin users created outside of WordPress<a
522	href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_admin_users_created_outside_of_WordPress"
523	target="_blank" class="wfhelp"></a></th>
524	<td><input type="checkbox" id="scansEnabled_suspiciousAdminUsers" class="wfConfigElem"
525	name="scansEnabled_suspiciousAdminUsers"
526	value="1" <?php $w->cb( 'scansEnabled_suspiciousAdminUsers' ); ?>/></td>
527	</tr>
528	<tr>
529	<th>Check the strength of passwords<a
530	href="http://docs.wordfence.com/en/Wordfence_options#Check_the_strength_of_passwords"
531	target="_blank" class="wfhelp"></a></th>
532	<td><input type="checkbox" id="scansEnabled_passwds" class="wfConfigElem"
533	name="scansEnabled_passwds" value="1" <?php $w->cb( 'scansEnabled_passwds' ); ?>/></td>
534	</tr>
535	<tr>
536	<th>Monitor disk space<a href="http://docs.wordfence.com/en/Wordfence_options#Monitor_disk_space"
537	target="_blank" class="wfhelp"></a></th>
538	<td><input type="checkbox" id="scansEnabled_diskSpace" class="wfConfigElem"
539	name="scansEnabled_diskSpace" value="1" <?php $w->cb( 'scansEnabled_diskSpace' ); ?>/>
540	</td>
541	</tr>
542	<tr>
543	<th>Scan for unauthorized DNS changes<a
544	href="http://docs.wordfence.com/en/Wordfence_options#Scan_for_unauthorized_DNS_changes"
545	target="_blank" class="wfhelp"></a></th>
546	<td><input type="checkbox" id="scansEnabled_dns" class="wfConfigElem" name="scansEnabled_dns"
547	value="1" <?php $w->cb( 'scansEnabled_dns' ); ?>/></td>
548	</tr>
549	<tr>
550	<th>Scan files outside your WordPress installation<a
551	href="http://docs.wordfence.com/en/Wordfence_options#Scan_files_outside_your_WordPress_installation"
552	target="_blank" class="wfhelp"></a></th>
553	<td><input type="checkbox" id="other_scanOutside" class="wfConfigElem" name="other_scanOutside"
554	value="1" <?php $w->cb( 'other_scanOutside' ); ?> /></td>
555	</tr>
556	<tr>
557	<th>Scan images, binary, and other files as if they were executable<a
558	href="http://docs.wordfence.com/en/Wordfence_options#Scan_image_files_as_if_they_were_executable"
559	target="_blank" class="wfhelp"></a></th>
560	<td><input type="checkbox" id="scansEnabled_scanImages" class="wfConfigElem"
561	name="scansEnabled_scanImages" value="1" <?php $w->cb( 'scansEnabled_scanImages' ); ?> />
562	</td>
563	</tr>
564	<tr>
565	<th>Enable HIGH SENSITIVITY scanning. May give false positives.<a
566	href="http://docs.wordfence.com/en/Wordfence_options#Enable_HIGH_SENSITIVITY_scanning"
567	target="_blank" class="wfhelp"></a></th>
568	<td><input type="checkbox" id="scansEnabled_highSense" class="wfConfigElem"
569	name="scansEnabled_highSense" value="1" <?php $w->cb( 'scansEnabled_highSense' ); ?> />
570	</td>
571	</tr>
572	<tr>
573	<th>Exclude files from scan that match these wildcard patterns. (One per line).<a
574	href="http://docs.wordfence.com/en/Wordfence_options#Exclude_files_from_scan_that_match_these_wildcard_patterns."
575	target="_blank" class="wfhelp"></a></th>
576	<td>
577	<textarea id="scan_exclude" class="wfConfigElem" cols="40" rows="4"
578	name="scan_exclude"><?php echo wfUtils::cleanupOneEntryPerLine($w->getHTML( 'scan_exclude' )); ?></textarea>
579	</td>
580	</tr>
581	<tr>
582	<td colspan="2">
583	<div class="wfMarker" id="wfMarkerFirewallRules"></div>
584	<h3 class="wfConfigHeading">Rate Limiting Rules<a
585	href="http://docs.wordfence.com/en/Wordfence_options#Rate_Limiting_Rules" target="_blank"
586	class="wfhelp"></a></h3>
587	</td>
588	</tr>
589	<tr>
590	<th>Immediately block fake Google crawlers:<a
591	href="http://docs.wordfence.com/en/Wordfence_options#Immediately_block_fake_Google_crawlers:"
592	target="_blank" class="wfhelp"></a></th>
593	<td><input type="checkbox" id="blockFakeBots" class="wfConfigElem" name="blockFakeBots"
594	value="1" <?php $w->cb( 'blockFakeBots' ); ?>/></td>
595	</tr>
596	<tr>
597	<th>How should we treat Google's crawlers<a
598	href="http://docs.wordfence.com/en/Wordfence_options#How_should_we_treat_Google.27s_crawlers"
599	target="_blank" class="wfhelp"></a></th>
600	<td>
601	<select id="neverBlockBG" class="wfConfigElem" name="neverBlockBG">
602	<option value="neverBlockVerified"<?php $w->sel( 'neverBlockBG', 'neverBlockVerified' ); ?>>
603	Verified Google crawlers have unlimited access to this site
604	</option>
605	<option value="neverBlockUA"<?php $w->sel( 'neverBlockBG', 'neverBlockUA' ); ?>>Anyone
606	claiming to be Google has unlimited access
607	</option>
608	<option
609	value="treatAsOtherCrawlers"<?php $w->sel( 'neverBlockBG', 'treatAsOtherCrawlers' ); ?>>
610	Treat Google like any other Crawler
611	</option>
612	</select></td>
613	</tr>
614	<tr>
615	<th>If anyone's requests exceed:<a
616	href="http://docs.wordfence.com/en/Wordfence_options#If_anyone.27s_requests_exceed:"
617	target="_blank" class="wfhelp"></a></th>
618	<td><?php $rateName = 'maxGlobalRequests';
619	require( 'wfRate.php' ); ?> then <?php $throtName = 'maxGlobalRequests_action';
620	require( 'wfAction.php' ); ?></td>
621	</tr>
622	<tr>
623	<th>If a crawler's page views exceed:<a
624	href="http://docs.wordfence.com/en/Wordfence_options#If_a_crawler.27s_page_views_exceed"
625	target="_blank" class="wfhelp"></a></th>
626	<td><?php $rateName = 'maxRequestsCrawlers';
627	require( 'wfRate.php' ); ?> then <?php $throtName = 'maxRequestsCrawlers_action';
628	require( 'wfAction.php' ); ?></td>
629	</tr>
630	<tr>
631	<th>If a crawler's pages not found (404s) exceed:<a
632	href="http://docs.wordfence.com/en/Wordfence_options#If_a_crawler.27s_pages_not_found_.28404s.29_exceed"
633	target="_blank" class="wfhelp"></a></th>
634	<td><?php $rateName = 'max404Crawlers';
635	require( 'wfRate.php' ); ?> then <?php $throtName = 'max404Crawlers_action';
636	require( 'wfAction.php' ); ?></td>
637	</tr>
638	<tr>
639	<th>If a human's page views exceed:<a
640	href="http://docs.wordfence.com/en/Wordfence_options#If_a_human.27s_page_views_exceed"
641	target="_blank" class="wfhelp"></a></th>
642	<td><?php $rateName = 'maxRequestsHumans';
643	require( 'wfRate.php' ); ?> then <?php $throtName = 'maxRequestsHumans_action';
644	require( 'wfAction.php' ); ?></td>
645	</tr>
646	<tr>
647	<th>If a human's pages not found (404s) exceed:<a
648	href="http://docs.wordfence.com/en/Wordfence_options#If_a_human.27s_pages_not_found_.28404s.29_exceed"
649	target="_blank" class="wfhelp"></a></th>
650	<td><?php $rateName = 'max404Humans';
651	require( 'wfRate.php' ); ?> then <?php $throtName = 'max404Humans_action';
652	require( 'wfAction.php' ); ?></td>
653	</tr>
654	<tr>
655	<th>If 404s for known vulnerable URLs exceed:<a
656	href="http://docs.wordfence.com/en/Wordfence_options#If_404.27s_for_known_vulnerable_URL.27s_exceed"
657	target="_blank" class="wfhelp"></a></th>
658	<td><?php $rateName = 'maxScanHits';
659	require( 'wfRate.php' ); ?> then <?php $throtName = 'maxScanHits_action';
660	require( 'wfAction.php' ); ?></td>
661	</tr>
662	<tr>
663	<th>How long is an IP address blocked when it breaks a rule:<a
664	href="http://docs.wordfence.com/en/Wordfence_options#How_long_is_an_IP_address_blocked_when_it_breaks_a_rule"
665	target="_blank" class="wfhelp"></a></th>
666	<td>
667	<select id="blockedTime" class="wfConfigElem" name="blockedTime">
668	<option value="60"<?php $w->sel( 'blockedTime', '60' ); ?>>1 minute</option>
669	<option value="300"<?php $w->sel( 'blockedTime', '300' ); ?>>5 minutes</option>
670	<option value="1800"<?php $w->sel( 'blockedTime', '1800' ); ?>>30 minutes</option>
671	<option value="3600"<?php $w->sel( 'blockedTime', '3600' ); ?>>1 hour</option>
672	<option value="7200"<?php $w->sel( 'blockedTime', '7200' ); ?>>2 hours</option>
673	<option value="21600"<?php $w->sel( 'blockedTime', '21600' ); ?>>6 hours</option>
674	<option value="43200"<?php $w->sel( 'blockedTime', '43200' ); ?>>12 hours</option>
675	<option value="86400"<?php $w->sel( 'blockedTime', '86400' ); ?>>1 day</option>
676	<option value="172800"<?php $w->sel( 'blockedTime', '172800' ); ?>>2 days</option>
677	<option value="432000"<?php $w->sel( 'blockedTime', '432000' ); ?>>5 days</option>
678	<option value="864000"<?php $w->sel( 'blockedTime', '864000' ); ?>>10 days</option>
679	<option value="2592000"<?php $w->sel( 'blockedTime', '2592000' ); ?>>1 month</option>
680	</select></td>
681	</tr>
682
683	<tr>
684	<td colspan="2">
685	<div class="wfMarker" id="wfMarkerLoginSecurity"></div>
686	<h3 class="wfConfigHeading">Login Security Options<a
687	href="http://docs.wordfence.com/en/Wordfence_options#Login_Security_Options"
688	target="_blank" class="wfhelp"></a></h3>
689	</td>
690	</tr>
691	<tr>
692	<th>Enforce strong passwords?<a
693	href="http://docs.wordfence.com/en/Wordfence_options#Enforce_strong_passwords.3F"
694	target="_blank" class="wfhelp"></a></th>
695	<td>
696	<select class="wfConfigElem" id="loginSec_strongPasswds" name="loginSec_strongPasswds">
697	<option value="">Do not force users to use strong passwords</option>
698	<option value="pubs"<?php $w->sel( 'loginSec_strongPasswds', 'pubs' ); ?>>Force admins and
699	publishers to use strong passwords (recommended)
700	</option>
701	<option value="all"<?php $w->sel( 'loginSec_strongPasswds', 'all' ); ?>>Force all members to
702	use strong passwords
703	</option>
704	</select>
705	<tr>
706	<th>Lock out after how many login failures<a
707	href="http://docs.wordfence.com/en/Wordfence_options#Lock_out_after_how_many_login_failures"
708	target="_blank" class="wfhelp"></a></th>
709	<td>
710	<select id="loginSec_maxFailures" class="wfConfigElem" name="loginSec_maxFailures">
711	<option value="1"<?php $w->sel( 'loginSec_maxFailures', '1' ); ?>>1</option>
712	<option value="2"<?php $w->sel( 'loginSec_maxFailures', '2' ); ?>>2</option>
713	<option value="3"<?php $w->sel( 'loginSec_maxFailures', '3' ); ?>>3</option>
714	<option value="4"<?php $w->sel( 'loginSec_maxFailures', '4' ); ?>>4</option>
715	<option value="5"<?php $w->sel( 'loginSec_maxFailures', '5' ); ?>>5</option>
716	<option value="6"<?php $w->sel( 'loginSec_maxFailures', '6' ); ?>>6</option>
717	<option value="7"<?php $w->sel( 'loginSec_maxFailures', '7' ); ?>>7</option>
718	<option value="8"<?php $w->sel( 'loginSec_maxFailures', '8' ); ?>>8</option>
719	<option value="9"<?php $w->sel( 'loginSec_maxFailures', '9' ); ?>>9</option>
720	<option value="10"<?php $w->sel( 'loginSec_maxFailures', '10' ); ?>>10</option>
721	<option value="20"<?php $w->sel( 'loginSec_maxFailures', '20' ); ?>>20</option>
722	<option value="30"<?php $w->sel( 'loginSec_maxFailures', '30' ); ?>>30</option>
723	<option value="40"<?php $w->sel( 'loginSec_maxFailures', '40' ); ?>>40</option>
724	<option value="50"<?php $w->sel( 'loginSec_maxFailures', '50' ); ?>>50</option>
725	<option value="100"<?php $w->sel( 'loginSec_maxFailures', '100' ); ?>>100</option>
726	<option value="200"<?php $w->sel( 'loginSec_maxFailures', '200' ); ?>>200</option>
727	<option value="500"<?php $w->sel( 'loginSec_maxFailures', '500' ); ?>>500</option>
728	</select>
729	</td>
730	</tr>
731	<tr>
732	<th>Lock out after how many forgot password attempts<a
733	href="http://docs.wordfence.com/en/Wordfence_options#Lock_out_after_how_many_forgot_password_attempts"
734	target="_blank" class="wfhelp"></a></th>
735	<td>
736	<select id="loginSec_maxForgotPasswd" class="wfConfigElem" name="loginSec_maxForgotPasswd">
737	<option value="1"<?php $w->sel( 'loginSec_maxForgotPasswd', '1' ); ?>>1</option>
738	<option value="2"<?php $w->sel( 'loginSec_maxForgotPasswd', '2' ); ?>>2</option>
739	<option value="3"<?php $w->sel( 'loginSec_maxForgotPasswd', '3' ); ?>>3</option>
740	<option value="4"<?php $w->sel( 'loginSec_maxForgotPasswd', '4' ); ?>>4</option>
741	<option value="5"<?php $w->sel( 'loginSec_maxForgotPasswd', '5' ); ?>>5</option>
742	<option value="6"<?php $w->sel( 'loginSec_maxForgotPasswd', '6' ); ?>>6</option>
743	<option value="7"<?php $w->sel( 'loginSec_maxForgotPasswd', '7' ); ?>>7</option>
744	<option value="8"<?php $w->sel( 'loginSec_maxForgotPasswd', '8' ); ?>>8</option>
745	<option value="9"<?php $w->sel( 'loginSec_maxForgotPasswd', '9' ); ?>>9</option>
746	<option value="10"<?php $w->sel( 'loginSec_maxForgotPasswd', '10' ); ?>>10</option>
747	<option value="20"<?php $w->sel( 'loginSec_maxForgotPasswd', '20' ); ?>>20</option>
748	<option value="30"<?php $w->sel( 'loginSec_maxForgotPasswd', '30' ); ?>>30</option>
749	<option value="40"<?php $w->sel( 'loginSec_maxForgotPasswd', '40' ); ?>>40</option>
750	<option value="50"<?php $w->sel( 'loginSec_maxForgotPasswd', '50' ); ?>>50</option>
751	<option value="100"<?php $w->sel( 'loginSec_maxForgotPasswd', '100' ); ?>>100</option>
752	<option value="200"<?php $w->sel( 'loginSec_maxForgotPasswd', '200' ); ?>>200</option>
753	<option value="500"<?php $w->sel( 'loginSec_maxForgotPasswd', '500' ); ?>>500</option>
754	</select>
755	</td>
756	</tr>
757	<tr>
758	<th>Count failures over what time period<a
759	href="http://docs.wordfence.com/en/Wordfence_options#Count_failures_over_what_time_period"
760	target="_blank" class="wfhelp"></a></th>
761	<td>
762	<select id="loginSec_countFailMins" class="wfConfigElem" name="loginSec_countFailMins">
763	<option value="5"<?php $w->sel( 'loginSec_countFailMins', '5' ); ?>>5 minutes</option>
764	<option value="10"<?php $w->sel( 'loginSec_countFailMins', '10' ); ?>>10 minutes</option>
765	<option value="30"<?php $w->sel( 'loginSec_countFailMins', '30' ); ?>>30 minutes</option>
766	<option value="60"<?php $w->sel( 'loginSec_countFailMins', '60' ); ?>>1 hour</option>
767	<option value="120"<?php $w->sel( 'loginSec_countFailMins', '120' ); ?>>2 hours</option>
768	<option value="360"<?php $w->sel( 'loginSec_countFailMins', '360' ); ?>>6 hours</option>
769	<option value="720"<?php $w->sel( 'loginSec_countFailMins', '720' ); ?>>12 hours</option>
770	<option value="1440"<?php $w->sel( 'loginSec_countFailMins', '1440' ); ?>>1 day</option>
771	</select>
772	</td>
773	</tr>
774	<tr>
775	<th>Amount of time a user is locked out<a
776	href="http://docs.wordfence.com/en/Wordfence_options#Amount_of_time_a_user_is_locked_out"
777	target="_blank" class="wfhelp"></a></th>
778	<td>
779	<select id="loginSec_lockoutMins" class="wfConfigElem" name="loginSec_lockoutMins">
780	<option value="5"<?php $w->sel( 'loginSec_lockoutMins', '5' ); ?>>5 minutes</option>
781	<option value="10"<?php $w->sel( 'loginSec_lockoutMins', '10' ); ?>>10 minutes</option>
782	<option value="30"<?php $w->sel( 'loginSec_lockoutMins', '30' ); ?>>30 minutes</option>
783	<option value="60"<?php $w->sel( 'loginSec_lockoutMins', '60' ); ?>>1 hour</option>
784	<option value="120"<?php $w->sel( 'loginSec_lockoutMins', '120' ); ?>>2 hours</option>
785	<option value="360"<?php $w->sel( 'loginSec_lockoutMins', '360' ); ?>>6 hours</option>
786	<option value="720"<?php $w->sel( 'loginSec_lockoutMins', '720' ); ?>>12 hours</option>
787	<option value="1440"<?php $w->sel( 'loginSec_lockoutMins', '1440' ); ?>>1 day</option>
788	<option value="2880"<?php $w->sel( 'loginSec_lockoutMins', '2880' ); ?>>2 days</option>
789	<option value="7200"<?php $w->sel( 'loginSec_lockoutMins', '7200' ); ?>>5 days</option>
790	<option value="14400"<?php $w->sel( 'loginSec_lockoutMins', '14400' ); ?>>10 days</option>
791	<option value="28800"<?php $w->sel( 'loginSec_lockoutMins', '28800' ); ?>>20 days</option>
792	<option value="43200"<?php $w->sel( 'loginSec_lockoutMins', '43200' ); ?>>30 days</option>
793	<option value="86400"<?php $w->sel( 'loginSec_lockoutMins', '86400' ); ?>>60 days</option>
794	</select>
795	</td>
796	</tr>
797	<tr>
798	<th>Immediately lock out invalid usernames<a
799	href="http://docs.wordfence.com/en/Wordfence_options#Immediately_lock_out_invalid_usernames"
800	target="_blank" class="wfhelp"></a></th>
801	<td><input type="checkbox" id="loginSec_lockInvalidUsers" class="wfConfigElem"
802	name="loginSec_lockInvalidUsers" <?php $w->cb( 'loginSec_lockInvalidUsers' ); ?> /></td>
803	</tr>
804	<tr>
805	<th>Don't let WordPress reveal valid users in login errors<a
806	href="http://docs.wordfence.com/en/Wordfence_options#Don.27t_let_WordPress_reveal_valid_users_in_login_errors"
807	target="_blank" class="wfhelp"></a></th>
808	<td><input type="checkbox" id="loginSec_maskLoginErrors" class="wfConfigElem"
809	name="loginSec_maskLoginErrors" <?php $w->cb( 'loginSec_maskLoginErrors' ); ?> /></td>
810	</tr>
811	<tr>
812	<th>Prevent users registering 'admin' username if it doesn't exist<a
813	href="http://docs.wordfence.com/en/Wordfence_options#Prevent_users_registering_.27admin.27_username_if_it_doesn.27t_exist"
814	target="_blank" class="wfhelp"></a></th>
815	<td><input type="checkbox" id="loginSec_blockAdminReg" class="wfConfigElem"
816	name="loginSec_blockAdminReg" <?php $w->cb( 'loginSec_blockAdminReg' ); ?> /></td>
817	</tr>
818	<tr>
819	<th>Prevent discovery of usernames through '/?author=N' scans and the oEmbed API<a
820	href="http://docs.wordfence.com/en/Wordfence_options#Prevent_discovery_of_usernames_through_.27.3F.2Fauthor.3DN.27_scans"
821	target="_blank" class="wfhelp"></a></th>
822	<td><input type="checkbox" id="loginSec_disableAuthorScan" class="wfConfigElem"
823	name="loginSec_disableAuthorScan" <?php $w->cb( 'loginSec_disableAuthorScan' ); ?> />
824	</td>
825	</tr>
826	<tr>
827	<th>Immediately block the IP of users who try to sign in as these usernames<a
828	href="http://docs.wordfence.com/en/Wordfence_options#Immediately_block_the_IP_of_users_who_try_to_sign_in_as_these_usernames"
829	target="_blank" class="wfhelp"></a></th>
830	<td>
831	<textarea name="loginSec_userBlacklist" cols="40" rows="4" id="loginSec_userBlacklist"><?php
832	echo wfUtils::cleanupOneEntryPerLine($w->getHTML( 'loginSec_userBlacklist' ))
833	?></textarea><br/>
834	(One per line. Existing users won't be blocked.)
835	</td>
836	</tr>
837	<tr>
838	<td colspan="2">
839	<div class="wfMarker" id="wfMarkerOtherOptions"></div>
840	<h3 class="wfConfigHeading">Other Options<a
841	href="http://docs.wordfence.com/en/Wordfence_options#Other_Options" target="_blank"
842	class="wfhelp"></a></h3>
843	</td>
844	</tr>
845
846	<tr>
847	<th>Whitelisted IP addresses that bypass all rules:<a
848	href="http://docs.wordfence.com/en/Wordfence_options#Whitelisted_IP_addresses_that_bypass_all_rules"
849	target="_blank" class="wfhelp"></a></th>
850	<td><textarea name="whitelisted" id="whitelisted" cols="40" rows="4"><?php echo esc_html(preg_replace('/,/', "\n", $w->get('whitelisted'))); ?></textarea></td>
851	</tr>
852	<tr>
853	<th colspan="2" style="color: #999;">Whitelisted IPs must be separated by commas or placed on separate lines. You can specify
854	ranges using the following format: 123.23.34.[1-50]<br/>Wordfence automatically whitelists <a
855	href="http://en.wikipedia.org/wiki/Private_network" target="_blank">private networks</a>
856	because these are not routable on the public Internet.<br/><br/></th>
857	</tr>
858
859	<tr>
860	<th>Immediately block IPs that access these URLs:<a
861	href="http://docs.wordfence.com/en/Wordfence_options#Immediately_block_IP.27s_that_access_these_URLs"
862	target="_blank" class="wfhelp"></a></th>
863	<td><textarea type="text" name="bannedURLs" id="bannedURLs" cols="40" rows="4"><?php echo esc_html(preg_replace('/,/', "\n", $w->get('bannedURLs'))); ?></textarea></td>
864	</tr>
865	<tr>
866	<th colspan="2" style="color: #999;">Separate multiple URLs with commas or place them on separate lines. Asterisks are wildcards,
867	but use with care. If you see an attacker repeatedly probing your site for a known vulnerability
868	you can use this to immediately block them. All URLs must start with a '/' without quotes and
869	must be relative. e.g. /badURLone/, /bannedPage.html, /dont-access/this/URL/, /starts/with-*
870	<br/><br/></th>
871	</tr>
872
873	<tr>
874	<th style="vertical-align: top;">Whitelisted 404 URLs (one per line). <a href="http://docs.wordfence.com/en/Wordfence_options#Whitelisted_404_URLs" target="_blank" class="wfhelp"></a></th>
875	<td><textarea name="allowed404s" id="" cols="40" rows="4"><?php echo $w->getHTML( 'allowed404s' ); ?></textarea></td>
876	</tr>
877	<tr>
878	<th colspan="2" style="color: #999;">These URL patterns will be excluded from
879	the throttling rules used to limit crawlers.
880	<br/><br/></th>
881	</tr>
882
883	<tr>
884	<th>Hide WordPress version<a
885	href="http://docs.wordfence.com/en/Wordfence_options#Hide_WordPress_version" target="_blank"
886	class="wfhelp"></a></th>
887	<td><input type="checkbox" id="other_hideWPVersion" class="wfConfigElem" name="other_hideWPVersion"
888	value="1" <?php $w->cb( 'other_hideWPVersion' ); ?> /></td>
889	</tr>
890	<tr>
891	<th>Block IP's who send POST requests with blank User-Agent and Referer<a
892	href="http://docs.wordfence.com/en/Wordfence_options#Block_IP.27s_who_send_POST_requests_with_blank_User-Agent_and_Referer" target="_blank"
893	class="wfhelp"></a></th>
894	<td><input type="checkbox" id="other_blockBadPOST" class="wfConfigElem" name="other_blockBadPOST"
895	value="1" <?php $w->cb( 'other_blockBadPOST' ); ?> /></td>
896	</tr>
897	<tr>
898	<th>Hold anonymous comments using member emails for moderation<a
899	href="http://docs.wordfence.com/en/Wordfence_options#Hold_anonymous_comments_using_member_emails_for_moderation"
900	target="_blank" class="wfhelp"></a></th>
901	<td><input type="checkbox" id="other_noAnonMemberComments" class="wfConfigElem"
902	name="other_noAnonMemberComments"
903	value="1" <?php $w->cb( 'other_noAnonMemberComments' ); ?> /></td>
904	</tr>
905	<tr>
906	<th>Filter comments for malware and phishing URL's<a
907	href="http://docs.wordfence.com/en/Wordfence_options#Filter_comments_for_malware_and_phishing_URL.27s"
908	target="_blank" class="wfhelp"></a></th>
909	<td><input type="checkbox" id="other_scanComments" class="wfConfigElem" name="other_scanComments"
910	value="1" <?php $w->cb( 'other_scanComments' ); ?> /></td>
911	</tr>
912	<tr>
913	<th>Check password strength on profile update<a
914	href="http://docs.wordfence.com/en/Wordfence_options#Check_password_strength_on_profile_update"
915	target="_blank" class="wfhelp"></a></th>
916	<td><input type="checkbox" id="other_pwStrengthOnUpdate" class="wfConfigElem"
917	name="other_pwStrengthOnUpdate"
918	value="1" <?php $w->cb( 'other_pwStrengthOnUpdate' ); ?> /></td>
919	</tr>
920	<tr>
921	<th>Participate in the Real-Time WordPress Security Network<a
922	href="http://docs.wordfence.com/en/Wordfence_options#Participate_in_the_Real-Time_WordPress_Security_Network"
923	target="_blank" class="wfhelp"></a></th>
924	<td><input type="checkbox" id="other_WFNet" class="wfConfigElem" name="other_WFNet"
925	value="1" <?php $w->cb( 'other_WFNet' ); ?> /></td>
926	</tr>
927	<tr>
928	<th>How much memory should Wordfence request when scanning<a
929	href="http://docs.wordfence.com/en/Wordfence_options#How_much_memory_should_Wordfence_request_when_scanning"
930	target="_blank" class="wfhelp"></a></th>
931	<td><input type="text" id="maxMem" name="maxMem" value="<?php $w->f( 'maxMem' ); ?>" size="4"/>Megabytes
932	</td>
933	</tr>
934	<tr>
935	<th>Maximum execution time for each scan stage<a
936	href="http://docs.wordfence.com/en/Wordfence_options#Maximum_execution_time_for_each_scan_stage"
937	target="_blank" class="wfhelp"></a></th>
938	<td><input type="text" id="maxExecutionTime" name="maxExecutionTime"
939	value="<?php $w->f( 'maxExecutionTime' ); ?>" size="4"/>Blank for default. Must be
940	greater than 9.
941	</td>
942	</tr>
943	<tr>
944	<th>Update interval in seconds (2 is default)<a
945	href="http://docs.wordfence.com/en/Wordfence_options#Update_interval_in_seconds"
946	target="_blank" class="wfhelp"></a></th>
947	<td><input type="text" id="actUpdateInterval" name="actUpdateInterval"
948	value="<?php $w->f( 'actUpdateInterval' ); ?>" size="4"/>Setting higher will reduce
949	browser traffic but slow scan starts, live traffic & status updates.
950	</td>
951	</tr>
952	<tr>
953	<th>Delete Wordfence tables and data on deactivation?<a
954	href="http://docs.wordfence.com/en/Wordfence_options#Delete_Wordfence_tables_and_data_on_deactivation.3F"
955	target="_blank" class="wfhelp"></a></th>
956	<td><input type="checkbox" id="deleteTablesOnDeact" class="wfConfigElem" name="deleteTablesOnDeact"
957	value="1" <?php $w->cb( 'deleteTablesOnDeact' ); ?> /></td>
958	</tr>
959
960
961	<tr>
962	<th>Disable Wordfence Cookies<a
963	href="http://docs.wordfence.com/en/Wordfence_options#Disable_Wordfence_Cookies"
964	target="_blank" class="wfhelp"></a></th>
965	<td><input type="checkbox" id="disableCookies" class="wfConfigElem" name="disableCookies"
966	value="1" <?php $w->cb( 'disableCookies' ); ?> />(when enabled all visits in live traffic
967	will appear to be new visits)
968	</td>
969	</tr>
970	<tr>
971	<th><label for="disableCodeExecutionUploads">Disable Code Execution for Uploads directory</label><a
972	href="http://docs.wordfence.com/en/Wordfence_options#Disable_Code_Execution_for_Uploads_directory"
973	target="_blank" class="wfhelp"></a></th>
974	<td><input type="checkbox" id="disableCodeExecutionUploads" class="wfConfigElem"
975	name="disableCodeExecutionUploads"
976	value="1" <?php $w->cb( 'disableCodeExecutionUploads' ); ?> /></td>
977	</tr>
978
979	<tr>
980	<td colspan="2">
981	<div class="wfMarker" id="wfMarkerExportOptions"></div>
982	<h3 class="wfConfigHeading">Exporting and Importing Wordfence Settings<a
983	href="http://docs.wordfence.com/en/Wordfence_options#Exporting_and_Importing_Wordfence_Settings"
984	target="_blank" class="wfhelp"></a></h3>
985	</td>
986	</tr>
987
988	<tr>
989	<th>Export this site's Wordfence settings for import on another site:</th>
990	<td><input type="button" id="exportSettingsBut" value="Export Wordfence Settings"
991	onclick="WFAD.exportSettings(); return false;"/></td>
992	</tr>
993	<tr>
994	<th>Import Wordfence settings from another site using a token:</th>
995	<td><input type="text" size="20" value="" id="importToken"/> <input type="button"
996	name="importSettingsButton"
997	value="Import Settings"
998	onclick="WFAD.importSettings(jQuery('#importToken').val()); return false;"/>
999	</td>
1000	</tr>
1001	</table>
1002	<p>
1003	<table border="0" cellpadding="0" cellspacing="0">
1004	<tr>
1005	<td><input type="button" id="button1" name="button1" class="button-primary" value="Save Changes"
1006	onclick="WFAD.saveConfig();"/></td>
1007	<td style="height: 24px;">
1008	<div class="wfAjax24"></div>
1009	<span class="wfSavedMsg"> Your changes have been saved!</span></td>
1010	</tr>
1011	</table>
1012	</p>
1013	</div>
1014	</form>
1015	</div>
1016	<script type="text/x-jquery-template" id="wfContentBasicOptions">
1017	<div>
1018	<h3>Basic Options</h3>
1019
1020	<p>
1021	Using Wordfence is simple. Install Wordfence, enter an email address on this page to send alerts to, and
1022	then do your first scan and work through the security alerts we provide.
1023	We give you a few basic security levels to choose from, depending on your needs. Remember to hit the "Save"
1024	button to save any changes you make.
1025	</p>
1026
1027	<p>
1028	If you use the free edition of Wordfence, you don't need to worry about entering an API key in the "API Key"
1029	field above. One is automatically created for you. If you choose to <a
1030	href="https://www.wordfence.com/gnl1optUpg1/wordfence-signup/" target="_blank">upgrade to Wordfence Premium
1031	edition</a>, you will receive an API key. You will need to copy and paste that key into the "API Key"
1032	field above and hit "Save" to activate your key.
1033	</p>
1034	</div>
1035	</script>
1036	<script type="text/x-jquery-template" id="wfContentLiveTrafficOptions">
1037	<div>
1038	<h3>Live Traffic Options</h3>
1039
1040	<p>
1041	These options let you ignore certain types of visitors, based on their level of access, usernames, IP
1042	address or browser type.
1043	If you run a very high traffic website where it is not feasible to see your visitors in real-time, simply
1044	un-check the live traffic option and nothing will be written to the Wordfence tracking tables.
1045	</p>
1046	</div>
1047	</script>
1048	<script type="text/x-jquery-template" id="wfContentScansToInclude">
1049	<div>
1050	<h3>Scans to Include</h3>
1051
1052	<p>
1053	This section gives you the ability to fine-tune what we scan.
1054	If you use many themes or plugins from the public WordPress directory we recommend you
1055	enable theme and plugin scanning. This will verify the integrity of all these themes and plugins and alert
1056	you of any changes.
1057
1058	<p>
1059
1060	<p>
1061	The option to "scan files outside your WordPress installation" will cause Wordfence to do a much wider
1062	security scan
1063	that is not limited to your base WordPress directory and known WordPress subdirectories. This scan may take
1064	longer
1065	but can be very useful if you have other infected files outside this WordPress installation that you would
1066	like us to look for.
1067	</p>
1068	</div>
1069	</script>
1070	<script type="text/x-jquery-template" id="wfContentFirewallRules">
1071	<div>
1072	<h3>Rate Limiting Rules</h3>
1073
1074	<p>
1075	<strong>NOTE:</strong> Before modifying these rules, make sure you have access to the email address
1076	associated with this site's administrator account. If you accidentally lock yourself out, you will be given
1077	the option
1078	to enter that email address and receive an "unlock email" which will allow you to regain access.
1079	</p>
1080
1081	<p>
1082	<strong>Tips:</strong>
1083
1084	<p>• If you choose to limit the rate at which your site can be accessed, you need to customize the
1085	settings for your site.</p>
1086
1087	<p>• If your users usually skip quickly between pages, you should set the values for human visitors to be
1088	high.</p>
1089
1090	<p>• If you are aggressively crawled by non-Google crawlers like Baidu, you should set the page view limit
1091	for crawlers to a high value.</p>
1092
1093	<p>• If you are currently under attack and want to aggressively protect your site or your content, you can
1094	set low values for most options.</p>
1095
1096	<p>• In general we recommend you don't block fake Google crawlers unless you have a specific problem with
1097	someone stealing your content.</p>
1098
1099	<p>
1100	Remember that as long as you have your administrator email set correctly in this site's user administration,
1101	and you are able to receive email at that address,
1102	you will be able to regain access if you are accidentally locked out because your rules are too strict.
1103	</p>
1104	</div>
1105	</script>
1106	<script type="text/x-jquery-template" id="wfContentLoginSecurity">
1107	<div>
1108	<h3>Login Security</h3>
1109
1110	<p>
1111	We have found that real brute force login attacks make hundreds or thousands of requests trying to guess
1112	passwords or user login names.
1113	So in general you can leave the number of failed logins before a user is locked out as a fairly high number.
1114	We have found that blocking after 20 failed attempts is sufficient for most sites and it allows your real
1115	site users enough
1116	attempts to guess their forgotten passwords without getting locked out.
1117	</p>
1118	</div>
1119	</script>
1120	<script type="text/x-jquery-template" id="wfContentOtherOptions">
1121	<div>
1122	<h3>Other Options</h3>
1123
1124	<p>
1125	We have worked hard to make Wordfence memory efficient and much of the heavy lifting is done for your site
1126	by our cloud scanning servers in our Seattle data center.
1127	On most sites Wordfence will only use about 8 megabytes of additional memory when doing a scan, even if you
1128	have large files or a large number of files.
1129	You should not have to adjust the maximum memory that Wordfence can use, but we have provided the option.
1130	Remember that this does not affect the actual memory usage of Wordfence, simply the maximum Wordfence can
1131	use if it needs to.
1132	</p>
1133
1134	<p>
1135	You may find debugging mode helpful if Wordfence is not able to start a scan on your site or
1136	if you are experiencing some other problem. Enable debugging by checking the box, save your options
1137	and then try to do a scan. You will notice a lot more output on the "Scan" page.
1138	</p>
1139
1140	<p>
1141	If you decide to permanently remove Wordfence, you can choose the option to delete all data on deactivation.
1142	We also provide helpful links at the bottom of this page which lets you see your systems configuration and
1143	test how
1144	much memory your host really allows you to use.
1145	</p>
1146
1147	<p>
1148	Thanks for completing this tour and I'm very happy to have you as our newest Wordfence customer. Don't
1149	forget to <a href="http://wordpress.org/extend/plugins/wordfence/" target="_blank">rate us 5 stars if you
1150	love Wordfence</a>.<br/>
1151	<br/>
1152	<strong>Mark Maunder</strong> - Wordfence Creator.
1153	</p>
1154	</div>
1155	</script>
1156
1157