function mrt_sub0() { mrt_wpss_menu_head('WP - Security Scan'); ?> <div style="height:299px"> <table width="100%" border="0" cellspacing="0" cellpadding="3" style="text-align:center;"> <tr> <th style="border:0px;"><b>Name</b></th> <th style="border:0px;"><b>File/Dir</b></th> <th style="border:0px;"><b>Needed Chmod</b></th> <th style="border:0px;"><b>Current Chmod</b></th> <!-- <th style="border:0px;"><b>Change Permissions</b></th>--> </tr> <?php check_perms("root directory", "../", "0755"); check_perms("wp-includes/", "../wp-includes", "0755"); check_perms(".htaccess", "../.htaccess", "0644"); check_perms("wp-admin/index.php", "index.php", "0644"); check_perms("wp-admin/js/", "js/", "0755"); check_perms("wp-content/themes/", "../wp-content/themes", "0755"); check_perms("wp-content/plugins/", "../wp-content/plugins", "0755"); check_perms("wp-admin/", "../wp-admin", "0755"); check_perms("wp-content/", "../wp-content", "0755"); ?> </table> </div> <?php mrt_wpss_menu_footer(); }
function mrt_sub3() { // Show header mrt_wpss_menu_head('WP - Database Security'); $wsd_wpConfigFile = ABSPATH . 'wp-config.php'; // internal flag $canLoadPage = false; if (wsd_wpConfigCheckPermissions($wsd_wpConfigFile)) { $canLoadPage = true; } ?> <p class="wsd_user_notify"> <strong>Important</strong>: Make a backup of your database before using this tool! </p> <?php if (!$canLoadPage) { // Display the error message echo wsd_eInfo(' The <strong>wp-config.php</strong> file MUST be writable in order to perform this action. You have to manually change permissions for this file.'); } ?> <?php /*[ BEGIN PAGE DATABASE ]*/ ?> <div id="wsd_db_wrapper"> <?php /* Display the Database backup page */ echo wsd_getTemplate('db-backup'); ?> <br/> <div style="clear:both;"></div> <?php /* Stop here if the wp-config file is not writable or if we cannot change its permissions */ if ($canLoadPage) { // Display the Change Database Table prefix page echo wsd_getTemplate('db-change-prefix', array('wsd_wpConfigFile' => $wsd_wpConfigFile, 'old_prefix' => $GLOBALS['table_prefix'], 'new_prefix' => empty($_POST['newPrefixInput']) ? '' : $_POST['newPrefixInput'], 'isPostBack' => $_SERVER['REQUEST_METHOD'] == 'POST' ? true : false)); } ?> </div> <?php /*[ END PAGE DATABASE ]*/ ?> <p style="height:200px;"></p> <?php // Show footer mrt_wpss_menu_footer(); }
function mrt_sub1() { mrt_wpss_menu_head('WP - Password Tools'); ?> <div class="metabox-holder"> <div class="postbox" style="width: 60%;"> <h3 class="hndle"><span><?php echo __('Password Strength Tool'); ?> </span></h3> <div class="inside"> <p></p> <table id="wsd_pwdtool"> <tr valign="top"> <td> <form name="commandForm"> Type password: <input type="password" size="30" maxlength="50" name="password" onkeyup="testPassword(this.value);" value="" /> <br/> <span style="color:#808080">Minimum 6 Characters</span> </form> </td> <td style="padding-left: 6px;"> <span>Password Strength:</span> <div id="Words"> <p class="indicator"></p> <p><strong>Begin Typing</strong></p> </div> </td> </tr> </table> <p></p> </div> </div> </div> <div> <?php echo "<br /><strong>Strong Password Generator</strong><br />"; echo "Strong Password: "******"color:#f00;">' . make_password(15) . "</span>"; ?> </div> <br/><br/> <p style="margin-top: 75px;"></p> <hr align="left" size="2" width="612px" /> <?php mrt_wpss_menu_footer(); }
function mrt_sub2() { mrt_wpss_menu_head('WP - Security Support'); ?> <div style="height:299px"> Under Construction...<br /><br /> <ul> <li><a href='http://semperfiwebdesign.com/documentation/wp-security-scan/' target="_blank">Documentation</a></li> </ul> <br /><br /> <strong>Backup early, backup often!</strong> <br /><br /><br /><br /><br /> </div> <?php mrt_wpss_menu_footer(); }
function mrt_sub0() { mrt_wpss_menu_head('WP - Security Scan'); ?> <div class="metabox-holder"> <div class="postbox"> <h3 class="hndle"><span><?php echo __('Directory Info'); ?> </span></h3> <div class="inside"> <table id="wsd_permissions_table" width="100%" border="0" cellspacing="0" cellpadding="3" style="text-align:center; border: solid 1px #333;"> <thead style="background: #333;"> <th style="border:0px; padding: 4px 4px;"><strong style="color: #f5f5f5">Name</strong></th> <th style="border:0px; padding: 4px 4px;"><strong style="color: #f5f5f5">File/Dir</strong></th> <th style="border:0px; padding: 4px 4px;"><strong style="color: #f5f5f5">Needed Chmod</strong></th> <th style="border:0px; padding: 4px 4px;"><strong style="color: #f5f5f5">Current Chmod</strong></th> </thead> <tbody> <?php // DIR_NAME | DIR_PATH | EXPECTED_PERMISSION check_perms("root directory", "../", "0755"); check_perms("wp-includes/", "../wp-includes", "0755"); check_perms(".htaccess", "../.htaccess", "0644"); check_perms("wp-admin/index.php", "index.php", "0644"); check_perms("wp-admin/js/", "js/", "0755"); check_perms("wp-content/themes/", "../wp-content/themes", "0755"); check_perms("wp-content/plugins/", "../wp-content/plugins", "0755"); check_perms("wp-admin/", "../wp-admin", "0755"); check_perms("wp-content/", "../wp-content", "0755"); ?> </tbody> </table> </div></div></div> <?php mrt_wpss_menu_footer(); }
function mrt_sub1() { mrt_wpss_menu_head('WP - Password Tools'); ?> <div style="height:299px"> <?php echo "<br /><strong>Password Strength Tool</strong>"; ?> <table><tr valign=top><td><form name="commandForm"> Type password: <input type=password size=30 maxlength=50 name=password onkeyup="testPassword(document.forms.commandForm.password.value);" value=""> <br/><font color="#808080">Minimum 6 Characters</td><td><font size="1"> Password Strength:</font><a id="Words"><table><tr><td><table><tr><td height=4 width=150 bgcolor=tan></td></tr></table></td><td> <b>Begin Typing</b></td></tr></table></a></td></tr></table></td></tr></table></form> <br /><hr align=left size=2 width=612px> <?php echo "<br /><br /><strong>Strong Password Generator</strong><br />"; echo "Strong Password: "******"red">' . make_password(15) . "</font>"; ?> </div> <?php mrt_wpss_menu_footer(); }
function mrt_opt_mng_pg() { mrt_wpss_menu_head('WP-Security Admin tools by WebsiteDefender'); add_meta_box("wpss_mrt_1", 'Initial Scan', "wpss_mrt_meta_box", "wpss"); add_meta_box("wpss_mrt_2", 'System Information Scan', "wpss_mrt_meta_box2", "wpss2"); add_meta_box("wpss_mrt_3", 'About Website Defender', "wsd_render_main", "wpss_wsd"); echo ' <div class="metabox-holder"> <div style="float:left; width:48%;" class="inner-sidebar1">'; do_meta_boxes('wpss', 'advanced', ''); do_meta_boxes('wpss2', 'advanced', ''); echo ' </div> <div style="float:right;width:48%;" class="inner-sidebar1">'; do_meta_boxes('wpss_wsd', 'advanced', ''); echo ' </div> <div style="clear:both"></div> </div>'; mrt_wpss_menu_footer(); }
function mrt_sub3() { mrt_wpss_menu_head('WP - Database Security'); ?> <div style="height:299px"><br /> <h3><i>Make a backup of your database before using this tool:</i></h3> <?php /*global $wpdb; $mrtright = $wpdb->get_results("SHOW GRANTS FOR '".DB_USER."'@'".DB_HOST."'", ARRAY_N); echo "rights: "; print_r($mrtright);*/ ?> <p>Change your database table prefix to mitigate zero-day SQL Injection attacks.</p> <p><b>Before running this script:</b> <ul><li>wp-config must be set to writable before running this script.</li> <li>the database user you're using with WordPress must have ALTER rights</li></ul> <form action='' method='post' name='prefixchanging'> <?php if (function_exists('wp_nonce_field')) { wp_nonce_field('prefix-changer-change_prefix'); } ?> Change the current:<input type="Text" name="prefix_n" value="<?php echo $GLOBALS['table_prefix']; ?> " size="20" maxlength="50"> prefix to something different if it's the default wp_<br /> Allowed Chars are all latin Alphanumeric Chars as well as the Chars <strong>-</strong> and <strong>_</strong>. <input type='submit' name='renameprefix' value='Start Renaming'/> </form> <?php if (isset($_POST['prefix_n'])) { check_admin_referer('prefix-changer-change_prefix'); $wpdb =& $GLOBALS['wpdb']; $newpref = ereg_replace("[^0-9a-zA-Z_-]", "", $_POST['prefix_n']); //checking if user has enough rights to alter the Tablestructure $rights = $wpdb->get_results("SHOW GRANTS FOR '" . DB_USER . "'@'" . DB_HOST . "'", ARRAY_N); foreach ($rights as $right) { if (ereg("ALTER(.*)(\\*|`" . str_replace("_", "\\_", DB_NAME) . "`)\\.(\\*|`" . DB_HOST . "`) TO '" . DB_USER . "'@'" . DB_HOST . "'", $right[0]) || ereg("ALL PRIVILEGES ON (\\*|`" . str_replace("_", "\\_", DB_NAME) . "`)\\.(\\*|`" . DB_HOST . "`) TO '" . DB_USER . "'@'" . DB_HOST . "'", $right[0])) { $rightsenough = true; $rightstomuch = true; break; } else { if (ereg("ALTER(.*)`" . DB_NAME . "`", $right[0])) { $rightsenough = true; break; } } } if (!isset($rightsenough) && $rightsenough != true) { exit('<font color="#ff0000">Your User which is used to access your Wordpress Tables/Database, hasn\'t enough rights( is missing ALTER-right) to alter your Tablestructure. Please visit the plugin <a href="http://semperfiwebdesign.com/documentation/wp-security-scan/change-wordpress-database-table-name-prefix/" target=_blank">documentation</a> for more information. If you believe you have alter rights, please <a href="http://semperfiwebdesign.com/contact/">contact</a> the plugin author for assistance.<br />'); } if (isset($rightstomuch) && $rightstomuch === true) { echo '<font color="#FF9B05">Your currently used User to Access the Wordpress Database, holds too many rights. ' . 'We suggest that you limit his rights or to use another User with more limited rights instead, to increase your Security.</font><br />'; } if ($newpref == $GLOBALS['table_prefix']) { exit("No change: Please select a new table_prefix value.</div>"); } elseif (strlen($newpref) < strlen($_POST['prefix_n'])) { echo "You used some Chars which aren't allowed within Tablenames" . "The sanitized prefix is used instead: " . $newpref; } echo "<h2>Started Prefix Changer:</h2>"; //we rename the tables before we change the Config file, so We can aviod changed Configs, without changed prefixes. echo "<h3> Start Renaming of Tables:</h3>"; $oldtables = $wpdb->get_results("SHOW TABLES LIKE '" . $GLOBALS['table_prefix'] . "%'", ARRAY_N); //retrieving all tables named with the prefix on start $table_c = count($oldtables); $table_s = 0; //holds the count of successful changed tables. $table_f[] = ''; //holds all table names which failed to be changed for ($i = 0; $i < $table_c; $i++) { //renaming each table to the new prefix $wpdb->hide_errors(); $table_n = str_replace($GLOBALS['table_prefix'], $newpref, $oldtables[$i][0]); echo " Renaming " . $oldtables[$i][0] . " to {$table_n}:"; $table_r = $wpdb->query("RENAME TABLE " . $oldtables[$i][0] . " TO {$table_n}"); if ($table_r === 0) { echo '<font color="#00ff00"> Success</font><br />'; $table_s++; } elseif ($table_r === FALSE) { echo '<font color="#ff0000"> Failed</font><br />'; $table_f[] = $oldtables[$i][0]; } } //changing some "hardcoded" wp values within the tables echo "<h3> Start changing Databasesettings:</h3>"; if ($wpdb->query($wpdb->prepare("UPDATE " . $newpref . "options SET option_name='" . $newpref . "user_roles' WHERE option_name='" . $GLOBALS['table_prefix'] . "user_roles' LIMIT 1")) != 1) { echo ' Changing values in table ' . $newpref . 'options: 1/1 <font color="#ff0000">Failed</font><br />'; } else { echo ' Changing values in table ' . $GLOBALS['table_prefix'] . 'options 1/1: <font color="#00ff00">Success</font><br />'; } if ($wpdb->query($wpdb->prepare("UPDATE " . $newpref . "usermeta SET meta_key='" . $newpref . "capabilities' WHERE meta_key='" . $GLOBALS['table_prefix'] . "capabilities'") != 1)) { echo ' Changing values in table ' . $GLOBALS['table_prefix'] . 'usermeta 1/3: <font color="#ff0000">Failed</font><br />'; } else { echo ' Changing values in table ' . $GLOBALS['table_prefix'] . 'usermeta 1/3: <font color="#00ff00">Success</font><br />'; } if ($wpdb->query($wpdb->prepare("UPDATE " . $newpref . "usermeta SET meta_key='" . $newpref . "user_level' WHERE meta_key='" . $GLOBALS['table_prefix'] . "user_level'")) === FALSE) { echo ' Changing values in table ' . $GLOBALS['table_prefix'] . 'usermeta 2/3: <font color="#ff0000">Failed</font><br />'; } else { echo ' Changing values in table ' . $GLOBALS['table_prefix'] . 'usermeta 2/3: <font color="#00ff00">Success</font><br />'; } if ($wpdb->query($wpdb->prepare("UPDATE " . $newpref . "usermeta SET meta_key='" . $newpref . "autosave_draft_ids' WHERE meta_key='" . $GLOBALS['table_prefix'] . "autosave_draft_ids'")) === 0) { echo ' Changing values in table ' . $GLOBALS['table_prefix'] . 'usermeta 3/3: <font color="#000000">Value doesn\'t exist</font><br />'; } else { echo ' Changing values in table ' . $GLOBALS['table_prefix'] . 'usermeta 3/3: <font color="#00ff00">Success</font><br />'; } if ($table_s == 0) { exit('<font color="#ff0000">Some Error occured, it wasn\'t possible to change any Tableprefix. Please retry, no changes are done to your wp-config File.</font><br />'); } elseif ($table_s < $table_c) { echo '<font color="#ff0000">It wasn\'t possible to rename some of your Tables prefix. Please change them manually. Following you\'ll see all failed tables:<br />'; for ($i = 1; $i < count($tables_f); $i++) { echo $tables_f[$i] . "<br />"; } exit('No changes where done to your wp-config File.</font><br />'); } echo "<h3>Changing Config File:</h3>"; $conf_f = "../wp-config.php"; @chmod($conf_f, 0777); //making the the config readable to change the prefix if (!is_writeable($conf_f)) { //when automatic config file changing isn't possible the user get's all needed information to do it manually echo ' 1/1 file writeable: <font color="#ff0000">Not Writeable</font><br />'; echo '<b>Please make your wp-config.php file writable for this process.</b>'; die("</div>"); } else { //changing if possible the config file automatically echo ' 1/3 file writeable: <font color="#00ff00"> Writeable</font><br />'; $handle = @fopen($conf_f, "r+"); if ($handle) { while (!feof($handle)) { $lines[] = fgets($handle, 4096); } //while feof fclose($handle); $handle = @fopen($conf_f, "w+"); foreach ($lines as $line) { if (strpos($line, $GLOBALS['table_prefix'])) { $line = str_replace($GLOBALS['table_prefix'], $newpref, $line); echo ' 2/3 <font color="#00ff00">table prefix changed!</font><br />'; } //if strpos fwrite($handle, $line); } //foreach $lines fclose($handle); if (chmod($conf_f, 0644)) { echo ' 3/3 <font color="#00ff00">Config files permission set to 644, for security purpose.</font><br />'; } else { echo ' 3/3 wasn\'t able to set chmod to 644, please check if your files permission is set back to 644!<br />'; } //if chmod } //if handle } //if is_writeable } //if prefix ?> </div> <?php mrt_wpss_menu_footer(); }
function mrt_sub2() { mrt_wpss_menu_head('WP - Security Support'); /* <div> <br/> <p>Under Construction...</p> <br /><br /> <ul> <li><a href='http://www.websitedefender.com/category/faq/' target="_blank">Documentation</a></li> </ul> <br /><br /> <strong>Backup early, backup often!</strong> <br /><br /><br /><br /><br /> </div> */ ?> <div class="metabox-holder"> <div class="postbox"> <h3 class="hndle"><span><?php echo __('About WebsiteDefender'); ?> </span></h3> <div class="inside"> <p><?php echo __('A secure website, free from malware, where your customers can feel safe is vital to your online success. Unfortunately, the number of web hacking attacks has risen dramatically. Website security is an absolute must. If you do not protect your website, hackers can gain access to your website, modify your web content, install malware and have your site banned from Google. They could modify scripts and gain access to your customer data and their credit card details…'); ?> </p> <p><?php echo __('WebsiteDefender is an online service that monitors your website for hacker activity, audits the security of your web site and gives you easy to understand solutions to keep your website safe. With WebsiteDefender you can:'); ?> </p> <ul class="wsd_info_list"> <li><?php echo __('Detect Malware present on your website'); ?> </li> <li><?php echo __('Audit your web site for security issues'); ?> </li> <li><?php echo __('Avoid getting blacklisted by Google'); ?> </li> <li><?php echo __('Keep your web site content & data safe'); ?> </li> <li><?php echo __('Get alerted to suspicious hacker activity'); ?> </li> </ul> <p><?php echo __('All via an easy-to-understand web based dashboard which gives step by step solutions! Sign up for your FREE account <a href="admin.php?page=wp-security-scan/securityscan.php">here</a>.'); ?> </p> </div> </div> </div> <div class="metabox-holder"> <div class="postbox"> <h3 class="hndle"><span><?php echo __('Get Involved!'); ?> </span></h3> <div class="inside"> <p></p> <ul class="wsd_info_list"> <li> <span><a href="http://www.websitedefender.com/forums/" target="_blank"><?php echo __('WebsiteDefender forums'); ?> </a></span> </li> <li> <span><a href="http://www.websitedefender.com/blog/" target="_blank"><?php echo __('WebsiteDefender blog'); ?> </a></span> </li> <li> <span><a href="http://twitter.com/#!/websitedefender" target="_blank"><?php echo __('WebsiteDefender on Twitter'); ?> </a></span> </li> <li> <span><a href="http://www.facebook.com/WebsiteDefender" target="_blank"><?php echo __('WebsiteDefender on Facebook'); ?> </a></span> </li> </ul> <p></p> </div> </div> </div> <?php mrt_wpss_menu_footer(); }
function mrt_sub4() { mrt_wpss_menu_head('Plugin options'); ?> <div class="metabox-holder"> <div class="postbox" style="width: 60%;"> <h3 class="hndle"><span><?php echo __('Plugin options'); ?> </span></h3> <div class="inside"> <p></p> <?php if (function_exists('wp_create_nonce')) { $wsdwpss_opt_nonce = wp_create_nonce(); } else { $wsdwpss_opt_nonce = ''; } //# 10/04/2011 $_checked = false; if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (function_exists('check_admin_referer')) { check_admin_referer('_wsdwpss_opt_wpnonce'); $_nonce = $_POST['_wsdwpss_opt_wpnonce']; if (empty($_nonce) || $_nonce != $wsdwpss_opt_nonce) { wp_die("Invalid request!"); } } if ($_POST['show_rss_widget'] == 'on') { update_option('WSD-RSS-WGT-DISPLAY', 'yes'); $_checked = true; } else { update_option('WSD-RSS-WGT-DISPLAY', 'no'); $_checked = false; } } $wsdRssWidgetVisible = get_option('WSD-RSS-WGT-DISPLAY'); if (empty($wsdRssWidgetVisible) || $wsdRssWidgetVisible == 'yes') { add_option('WSD-RSS-WGT-DISPLAY', 'yes'); $_checked = true; } else { if (strtolower($wsdRssWidgetVisible) == 'no') { $_checked = false; } } //@++ ?> <div class="acx-section-box"> <form id="plugin_options_form" method="post"> <?php if (function_exists('wp_nonce_field')) { echo '<input type="hidden" name="_wsdwpss_opt_wpnonce" value="' . $wsdwpss_opt_nonce . '" />'; wp_nonce_field('_wsdwpss_opt_wpnonce'); } ?> <div> <input type="checkbox" name="show_rss_widget" id="show_rss_widget" <?php echo $_checked ? 'checked="checked"' : ''; ?> /> <label for="show_rss_widget"><?php echo __("Show the WebsiteDefender News dashboard widget"); ?> </label> </div> <div> <p style="margin-top: 25px"> <input type="submit" class="button-primary" value="<?php echo __('Update'); ?> "/> </p> </div> </form> </div> <p></p> </div> </div> </div> <?php mrt_wpss_menu_footer(); }