function mrt_sub0()
{
mrt_wpss_menu_head('WP - Security Scan');
?>
<div style="height:299px">
<table width="100%" border="0" cellspacing="0" cellpadding="3" style="text-align:center;">
<tr>
<th style="border:0px;"><b>Name</b></th>
<th style="border:0px;"><b>File/Dir</b></th>
<th style="border:0px;"><b>Needed Chmod</b></th>
<th style="border:0px;"><b>Current Chmod</b></th>
<!-- <th style="border:0px;"><b>Change Permissions</b></th>-->
</tr>
<?php
check_perms("root directory", "../", "0755");
check_perms("wp-includes/", "../wp-includes", "0755");
check_perms(".htaccess", "../.htaccess", "0644");
check_perms("wp-admin/index.php", "index.php", "0644");
check_perms("wp-admin/js/", "js/", "0755");
check_perms("wp-content/themes/", "../wp-content/themes", "0755");
check_perms("wp-content/plugins/", "../wp-content/plugins", "0755");
check_perms("wp-admin/", "../wp-admin", "0755");
check_perms("wp-content/", "../wp-content", "0755");
?>
</table>
</div>
<?php
mrt_wpss_menu_footer();
}
function mrt_sub3()
{
// Show header
mrt_wpss_menu_head('WP - Database Security');
$wsd_wpConfigFile = ABSPATH . 'wp-config.php';
// internal flag
$canLoadPage = false;
if (wsd_wpConfigCheckPermissions($wsd_wpConfigFile)) {
$canLoadPage = true;
}
?>
<p class="wsd_user_notify">
<strong>Important</strong>: Make a backup of your database before using this tool!
</p>
<?php
if (!$canLoadPage) {
// Display the error message
echo wsd_eInfo('
The <strong>wp-config.php</strong> file MUST be writable in order to perform this action.
You have to manually change permissions for this file.');
}
?>
<?php
/*[ BEGIN PAGE DATABASE ]*/
?>
<div id="wsd_db_wrapper">
<?php
/* Display the Database backup page */
echo wsd_getTemplate('db-backup');
?>
<br/>
<div style="clear:both;"></div>
<?php
/* Stop here if the wp-config file is not writable or if we cannot change its permissions */
if ($canLoadPage) {
// Display the Change Database Table prefix page
echo wsd_getTemplate('db-change-prefix', array('wsd_wpConfigFile' => $wsd_wpConfigFile, 'old_prefix' => $GLOBALS['table_prefix'], 'new_prefix' => empty($_POST['newPrefixInput']) ? '' : $_POST['newPrefixInput'], 'isPostBack' => $_SERVER['REQUEST_METHOD'] == 'POST' ? true : false));
}
?>
</div>
<?php
/*[ END PAGE DATABASE ]*/
?>
<p style="height:200px;"></p>
<?php
// Show footer
mrt_wpss_menu_footer();
}
function mrt_sub1()
{
mrt_wpss_menu_head('WP - Password Tools');
?>
<div class="metabox-holder">
<div class="postbox" style="width: 60%;">
<h3 class="hndle"><span><?php
echo __('Password Strength Tool');
?>
</span></h3>
<div class="inside">
<p></p>
<table id="wsd_pwdtool">
<tr valign="top">
<td>
<form name="commandForm">
Type password: <input type="password" size="30" maxlength="50" name="password" onkeyup="testPassword(this.value);" value="" />
<br/>
<span style="color:#808080">Minimum 6 Characters</span>
</form>
</td>
<td style="padding-left: 6px;">
<span>Password Strength:</span>
<div id="Words">
<p class="indicator"></p>
<p><strong>Begin Typing</strong></p>
</div>
</td>
</tr>
</table>
<p></p>
</div>
</div>
</div>
<div>
<?php
echo "<br /><strong>Strong Password Generator</strong><br />";
echo "Strong Password: "******"color:#f00;">' . make_password(15) . "</span>";
?>
</div>
<br/><br/>
<p style="margin-top: 75px;"></p>
<hr align="left" size="2" width="612px" />
<?php
mrt_wpss_menu_footer();
}
function mrt_sub2()
{
mrt_wpss_menu_head('WP - Security Support');
?>
<div style="height:299px">
Under Construction...<br /><br />
<ul>
<li><a href='http://semperfiwebdesign.com/documentation/wp-security-scan/' target="_blank">Documentation</a></li>
</ul>
<br /><br />
<strong>Backup early, backup often!</strong>
<br /><br /><br /><br /><br />
</div>
<?php
mrt_wpss_menu_footer();
}
function mrt_sub0()
{
mrt_wpss_menu_head('WP - Security Scan');
?>
<div class="metabox-holder">
<div class="postbox">
<h3 class="hndle"><span><?php
echo __('Directory Info');
?>
</span></h3>
<div class="inside">
<table id="wsd_permissions_table" width="100%" border="0" cellspacing="0" cellpadding="3"
style="text-align:center; border: solid 1px #333;">
<thead style="background: #333;">
<th style="border:0px; padding: 4px 4px;"><strong style="color: #f5f5f5">Name</strong></th>
<th style="border:0px; padding: 4px 4px;"><strong style="color: #f5f5f5">File/Dir</strong></th>
<th style="border:0px; padding: 4px 4px;"><strong style="color: #f5f5f5">Needed Chmod</strong></th>
<th style="border:0px; padding: 4px 4px;"><strong style="color: #f5f5f5">Current Chmod</strong></th>
</thead>
<tbody>
<?php
// DIR_NAME | DIR_PATH | EXPECTED_PERMISSION
check_perms("root directory", "../", "0755");
check_perms("wp-includes/", "../wp-includes", "0755");
check_perms(".htaccess", "../.htaccess", "0644");
check_perms("wp-admin/index.php", "index.php", "0644");
check_perms("wp-admin/js/", "js/", "0755");
check_perms("wp-content/themes/", "../wp-content/themes", "0755");
check_perms("wp-content/plugins/", "../wp-content/plugins", "0755");
check_perms("wp-admin/", "../wp-admin", "0755");
check_perms("wp-content/", "../wp-content", "0755");
?>
</tbody>
</table>
</div></div></div>
<?php
mrt_wpss_menu_footer();
}
function mrt_sub1()
{
mrt_wpss_menu_head('WP - Password Tools');
?>
<div style="height:299px">
<?php
echo "<br /><strong>Password Strength Tool</strong>";
?>
<table><tr valign=top><td><form name="commandForm">
Type password: <input type=password size=30 maxlength=50 name=password onkeyup="testPassword(document.forms.commandForm.password.value);" value="">
<br/><font color="#808080">Minimum 6 Characters</td><td><font size="1"> Password Strength:</font><a id="Words"><table><tr><td><table><tr><td height=4 width=150 bgcolor=tan></td></tr></table></td><td> <b>Begin Typing</b></td></tr></table></a></td></tr></table></td></tr></table></form>
<br /><hr align=left size=2 width=612px>
<?php
echo "<br /><br /><strong>Strong Password Generator</strong><br />";
echo "Strong Password: "******"red">' . make_password(15) . "</font>";
?>
</div>
<?php
mrt_wpss_menu_footer();
}
function mrt_opt_mng_pg()
{
mrt_wpss_menu_head('WP-Security Admin tools by WebsiteDefender');
add_meta_box("wpss_mrt_1", 'Initial Scan', "wpss_mrt_meta_box", "wpss");
add_meta_box("wpss_mrt_2", 'System Information Scan', "wpss_mrt_meta_box2", "wpss2");
add_meta_box("wpss_mrt_3", 'About Website Defender', "wsd_render_main", "wpss_wsd");
echo '
<div class="metabox-holder">
<div style="float:left; width:48%;" class="inner-sidebar1">';
do_meta_boxes('wpss', 'advanced', '');
do_meta_boxes('wpss2', 'advanced', '');
echo '
</div>
<div style="float:right;width:48%;" class="inner-sidebar1">';
do_meta_boxes('wpss_wsd', 'advanced', '');
echo '
</div>
<div style="clear:both"></div>
</div>';
mrt_wpss_menu_footer();
}
function mrt_sub3()
{
mrt_wpss_menu_head('WP - Database Security');
?>
<div style="height:299px"><br />
<h3><i>Make a backup of your database before using this tool:</i></h3>
<?php
/*global $wpdb;
$mrtright = $wpdb->get_results("SHOW GRANTS FOR '".DB_USER."'@'".DB_HOST."'", ARRAY_N);
echo "rights: ";
print_r($mrtright);*/
?>
<p>Change your database table prefix to mitigate zero-day SQL Injection attacks.</p>
<p><b>Before running this script:</b>
<ul><li>wp-config must be set to writable before running this script.</li>
<li>the database user you're using with WordPress must have ALTER rights</li></ul>
<form action='' method='post' name='prefixchanging'>
<?php
if (function_exists('wp_nonce_field')) {
wp_nonce_field('prefix-changer-change_prefix');
}
?>
Change the current:<input type="Text" name="prefix_n" value="<?php
echo $GLOBALS['table_prefix'];
?>
" size="20" maxlength="50"> prefix to something different if it's the default wp_<br />
Allowed Chars are all latin Alphanumeric Chars as well as the Chars <strong>-</strong> and <strong>_</strong>.
<input type='submit' name='renameprefix' value='Start Renaming'/>
</form>
<?php
if (isset($_POST['prefix_n'])) {
check_admin_referer('prefix-changer-change_prefix');
$wpdb =& $GLOBALS['wpdb'];
$newpref = ereg_replace("[^0-9a-zA-Z_-]", "", $_POST['prefix_n']);
//checking if user has enough rights to alter the Tablestructure
$rights = $wpdb->get_results("SHOW GRANTS FOR '" . DB_USER . "'@'" . DB_HOST . "'", ARRAY_N);
foreach ($rights as $right) {
if (ereg("ALTER(.*)(\\*|`" . str_replace("_", "\\_", DB_NAME) . "`)\\.(\\*|`" . DB_HOST . "`) TO '" . DB_USER . "'@'" . DB_HOST . "'", $right[0]) || ereg("ALL PRIVILEGES ON (\\*|`" . str_replace("_", "\\_", DB_NAME) . "`)\\.(\\*|`" . DB_HOST . "`) TO '" . DB_USER . "'@'" . DB_HOST . "'", $right[0])) {
$rightsenough = true;
$rightstomuch = true;
break;
} else {
if (ereg("ALTER(.*)`" . DB_NAME . "`", $right[0])) {
$rightsenough = true;
break;
}
}
}
if (!isset($rightsenough) && $rightsenough != true) {
exit('<font color="#ff0000">Your User which is used to access your Wordpress Tables/Database, hasn\'t enough rights( is missing ALTER-right) to alter your Tablestructure. Please visit the plugin <a href="http://semperfiwebdesign.com/documentation/wp-security-scan/change-wordpress-database-table-name-prefix/" target=_blank">documentation</a> for more information. If you believe you have alter rights, please <a href="http://semperfiwebdesign.com/contact/">contact</a> the plugin author for assistance.<br />');
}
if (isset($rightstomuch) && $rightstomuch === true) {
echo '<font color="#FF9B05">Your currently used User to Access the Wordpress Database, holds too many rights. ' . 'We suggest that you limit his rights or to use another User with more limited rights instead, to increase your Security.</font><br />';
}
if ($newpref == $GLOBALS['table_prefix']) {
exit("No change: Please select a new table_prefix value.</div>");
} elseif (strlen($newpref) < strlen($_POST['prefix_n'])) {
echo "You used some Chars which aren't allowed within Tablenames" . "The sanitized prefix is used instead: " . $newpref;
}
echo "<h2>Started Prefix Changer:</h2>";
//we rename the tables before we change the Config file, so We can aviod changed Configs, without changed prefixes.
echo "<h3> Start Renaming of Tables:</h3>";
$oldtables = $wpdb->get_results("SHOW TABLES LIKE '" . $GLOBALS['table_prefix'] . "%'", ARRAY_N);
//retrieving all tables named with the prefix on start
$table_c = count($oldtables);
$table_s = 0;
//holds the count of successful changed tables.
$table_f[] = '';
//holds all table names which failed to be changed
for ($i = 0; $i < $table_c; $i++) {
//renaming each table to the new prefix
$wpdb->hide_errors();
$table_n = str_replace($GLOBALS['table_prefix'], $newpref, $oldtables[$i][0]);
echo " Renaming " . $oldtables[$i][0] . " to {$table_n}:";
$table_r = $wpdb->query("RENAME TABLE " . $oldtables[$i][0] . " TO {$table_n}");
if ($table_r === 0) {
echo '<font color="#00ff00"> Success</font><br />';
$table_s++;
} elseif ($table_r === FALSE) {
echo '<font color="#ff0000"> Failed</font><br />';
$table_f[] = $oldtables[$i][0];
}
}
//changing some "hardcoded" wp values within the tables
echo "<h3> Start changing Databasesettings:</h3>";
if ($wpdb->query($wpdb->prepare("UPDATE " . $newpref . "options SET option_name='" . $newpref . "user_roles' WHERE option_name='" . $GLOBALS['table_prefix'] . "user_roles' LIMIT 1")) != 1) {
echo ' Changing values in table ' . $newpref . 'options: 1/1 <font color="#ff0000">Failed</font><br />';
} else {
echo ' Changing values in table ' . $GLOBALS['table_prefix'] . 'options 1/1: <font color="#00ff00">Success</font><br />';
}
if ($wpdb->query($wpdb->prepare("UPDATE " . $newpref . "usermeta SET meta_key='" . $newpref . "capabilities' WHERE meta_key='" . $GLOBALS['table_prefix'] . "capabilities'") != 1)) {
echo ' Changing values in table ' . $GLOBALS['table_prefix'] . 'usermeta 1/3: <font color="#ff0000">Failed</font><br />';
} else {
echo ' Changing values in table ' . $GLOBALS['table_prefix'] . 'usermeta 1/3: <font color="#00ff00">Success</font><br />';
}
if ($wpdb->query($wpdb->prepare("UPDATE " . $newpref . "usermeta SET meta_key='" . $newpref . "user_level' WHERE meta_key='" . $GLOBALS['table_prefix'] . "user_level'")) === FALSE) {
echo ' Changing values in table ' . $GLOBALS['table_prefix'] . 'usermeta 2/3: <font color="#ff0000">Failed</font><br />';
} else {
echo ' Changing values in table ' . $GLOBALS['table_prefix'] . 'usermeta 2/3: <font color="#00ff00">Success</font><br />';
}
if ($wpdb->query($wpdb->prepare("UPDATE " . $newpref . "usermeta SET meta_key='" . $newpref . "autosave_draft_ids' WHERE meta_key='" . $GLOBALS['table_prefix'] . "autosave_draft_ids'")) === 0) {
echo ' Changing values in table ' . $GLOBALS['table_prefix'] . 'usermeta 3/3: <font color="#000000">Value doesn\'t exist</font><br />';
} else {
echo ' Changing values in table ' . $GLOBALS['table_prefix'] . 'usermeta 3/3: <font color="#00ff00">Success</font><br />';
}
if ($table_s == 0) {
exit('<font color="#ff0000">Some Error occured, it wasn\'t possible to change any Tableprefix. Please retry, no changes are done to your wp-config File.</font><br />');
} elseif ($table_s < $table_c) {
echo '<font color="#ff0000">It wasn\'t possible to rename some of your Tables prefix. Please change them manually. Following you\'ll see all failed tables:<br />';
for ($i = 1; $i < count($tables_f); $i++) {
echo $tables_f[$i] . "<br />";
}
exit('No changes where done to your wp-config File.</font><br />');
}
echo "<h3>Changing Config File:</h3>";
$conf_f = "../wp-config.php";
@chmod($conf_f, 0777);
//making the the config readable to change the prefix
if (!is_writeable($conf_f)) {
//when automatic config file changing isn't possible the user get's all needed information to do it manually
echo ' 1/1 file writeable: <font color="#ff0000">Not Writeable</font><br />';
echo '<b>Please make your wp-config.php file writable for this process.</b>';
die("</div>");
} else {
//changing if possible the config file automatically
echo ' 1/3 file writeable: <font color="#00ff00"> Writeable</font><br />';
$handle = @fopen($conf_f, "r+");
if ($handle) {
while (!feof($handle)) {
$lines[] = fgets($handle, 4096);
}
//while feof
fclose($handle);
$handle = @fopen($conf_f, "w+");
foreach ($lines as $line) {
if (strpos($line, $GLOBALS['table_prefix'])) {
$line = str_replace($GLOBALS['table_prefix'], $newpref, $line);
echo ' 2/3 <font color="#00ff00">table prefix changed!</font><br />';
}
//if strpos
fwrite($handle, $line);
}
//foreach $lines
fclose($handle);
if (chmod($conf_f, 0644)) {
echo ' 3/3 <font color="#00ff00">Config files permission set to 644, for security purpose.</font><br />';
} else {
echo ' 3/3 wasn\'t able to set chmod to 644, please check if your files permission is set back to 644!<br />';
}
//if chmod
}
//if handle
}
//if is_writeable
}
//if prefix
?>
</div>
<?php
mrt_wpss_menu_footer();
}
function mrt_sub2()
{
mrt_wpss_menu_head('WP - Security Support');
/*
<div>
<br/>
<p>Under Construction...</p>
<br /><br />
<ul>
<li><a href='http://www.websitedefender.com/category/faq/' target="_blank">Documentation</a></li>
</ul>
<br /><br />
<strong>Backup early, backup often!</strong>
<br /><br /><br /><br /><br />
</div>
*/
?>
<div class="metabox-holder">
<div class="postbox">
<h3 class="hndle"><span><?php
echo __('About WebsiteDefender');
?>
</span></h3>
<div class="inside">
<p><?php
echo __('A secure website, free from malware, where your customers can feel safe is vital to your online success.
Unfortunately, the number of web hacking attacks has risen dramatically. Website security is an absolute must.
If you do not protect your website, hackers can gain access to your website, modify your web content, install malware
and have your site banned from Google. They could modify scripts and gain access to your customer data and their credit card details…');
?>
</p>
<p><?php
echo __('WebsiteDefender is an online service that monitors your website for hacker activity, audits the security
of your web site and gives you easy to understand solutions to keep your website safe. With WebsiteDefender you can:');
?>
</p>
<ul class="wsd_info_list">
<li><?php
echo __('Detect Malware present on your website');
?>
</li>
<li><?php
echo __('Audit your web site for security issues');
?>
</li>
<li><?php
echo __('Avoid getting blacklisted by Google');
?>
</li>
<li><?php
echo __('Keep your web site content & data safe');
?>
</li>
<li><?php
echo __('Get alerted to suspicious hacker activity');
?>
</li>
</ul>
<p><?php
echo __('All via an easy-to-understand web based dashboard which gives step by step solutions!
Sign up for your FREE account <a href="admin.php?page=wp-security-scan/securityscan.php">here</a>.');
?>
</p>
</div>
</div>
</div>
<div class="metabox-holder">
<div class="postbox">
<h3 class="hndle"><span><?php
echo __('Get Involved!');
?>
</span></h3>
<div class="inside">
<p></p>
<ul class="wsd_info_list">
<li>
<span><a href="http://www.websitedefender.com/forums/" target="_blank"><?php
echo __('WebsiteDefender forums');
?>
</a></span>
</li>
<li>
<span><a href="http://www.websitedefender.com/blog/" target="_blank"><?php
echo __('WebsiteDefender blog');
?>
</a></span>
</li>
<li>
<span><a href="http://twitter.com/#!/websitedefender" target="_blank"><?php
echo __('WebsiteDefender on Twitter');
?>
</a></span>
</li>
<li>
<span><a href="http://www.facebook.com/WebsiteDefender" target="_blank"><?php
echo __('WebsiteDefender on Facebook');
?>
</a></span>
</li>
</ul>
<p></p>
</div>
</div>
</div>
<?php
mrt_wpss_menu_footer();
}
function mrt_sub4()
{
mrt_wpss_menu_head('Plugin options');
?>
<div class="metabox-holder">
<div class="postbox" style="width: 60%;">
<h3 class="hndle"><span><?php
echo __('Plugin options');
?>
</span></h3>
<div class="inside">
<p></p>
<?php
if (function_exists('wp_create_nonce')) {
$wsdwpss_opt_nonce = wp_create_nonce();
} else {
$wsdwpss_opt_nonce = '';
}
//# 10/04/2011
$_checked = false;
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (function_exists('check_admin_referer')) {
check_admin_referer('_wsdwpss_opt_wpnonce');
$_nonce = $_POST['_wsdwpss_opt_wpnonce'];
if (empty($_nonce) || $_nonce != $wsdwpss_opt_nonce) {
wp_die("Invalid request!");
}
}
if ($_POST['show_rss_widget'] == 'on') {
update_option('WSD-RSS-WGT-DISPLAY', 'yes');
$_checked = true;
} else {
update_option('WSD-RSS-WGT-DISPLAY', 'no');
$_checked = false;
}
}
$wsdRssWidgetVisible = get_option('WSD-RSS-WGT-DISPLAY');
if (empty($wsdRssWidgetVisible) || $wsdRssWidgetVisible == 'yes') {
add_option('WSD-RSS-WGT-DISPLAY', 'yes');
$_checked = true;
} else {
if (strtolower($wsdRssWidgetVisible) == 'no') {
$_checked = false;
}
}
//@++
?>
<div class="acx-section-box">
<form id="plugin_options_form" method="post">
<?php
if (function_exists('wp_nonce_field')) {
echo '<input type="hidden" name="_wsdwpss_opt_wpnonce" value="' . $wsdwpss_opt_nonce . '" />';
wp_nonce_field('_wsdwpss_opt_wpnonce');
}
?>
<div>
<input type="checkbox" name="show_rss_widget" id="show_rss_widget" <?php
echo $_checked ? 'checked="checked"' : '';
?>
/>
<label for="show_rss_widget"><?php
echo __("Show the WebsiteDefender News dashboard widget");
?>
</label>
</div>
<div>
<p style="margin-top: 25px">
<input type="submit" class="button-primary" value="<?php
echo __('Update');
?>
"/>
</p>
</div>
</form>
</div>
<p></p>
</div>
</div>
</div>
<?php
mrt_wpss_menu_footer();
}
