public function do503($secsToGo, $reason)
{
wfConfig::inc('total503s');
wfUtils::doNotCache();
header('HTTP/1.1 503 Service Temporarily Unavailable');
header('Status: 503 Service Temporarily Unavailable');
if ($secsToGo) {
header('Retry-After: ' . $secsToGo);
}
require_once 'wf503.php';
exit;
}
public function do503($secsToGo, $reason)
{
$this->initLogRequest();
$this->currentRequest->statusCode = 403;
if (!$this->currentRequest->action) {
$this->currentRequest->action = 'blocked:wordfence';
}
if (!$this->currentRequest->actionDescription) {
$this->currentRequest->actionDescription = "blocked: " . $reason;
}
$this->logHit();
wfConfig::inc('total503s');
wfUtils::doNotCache();
header('HTTP/1.1 503 Service Temporarily Unavailable');
header('Status: 503 Service Temporarily Unavailable');
if ($secsToGo) {
header('Retry-After: ' . $secsToGo);
}
require_once 'wf503.php';
exit;
}
public static function veryFirstAction()
{
/** @var wpdb $wpdb ; */
global $wpdb;
self::initProtection();
$wfFunc = isset($_GET['_wfsf']) ? @$_GET['_wfsf'] : false;
if ($wfFunc == 'unlockEmail') {
$nonceValid = wp_verify_nonce(@$_POST['nonce'], 'wf-form');
if (!$nonceValid && method_exists(wfWAF::getInstance(), 'createNonce')) {
$nonceValid = wfWAF::getInstance()->verifyNonce(@$_POST['nonce'], 'wf-form');
}
if (!$nonceValid) {
die("Sorry but your browser sent an invalid security token when trying to use this form.");
}
$numTries = get_transient('wordfenceUnlockTries');
if ($numTries > 10) {
echo "<html><body><h1>Please wait 3 minutes and try again</h1><p>You have used this form too much. Please wait 3 minutes and try again.</p></body></html>";
exit;
}
if (!$numTries) {
$numTries = 1;
} else {
$numTries = $numTries + 1;
}
set_transient('wordfenceUnlockTries', $numTries, 180);
$email = trim(@$_POST['email']);
global $wpdb;
$ws = $wpdb->get_results($wpdb->prepare("SELECT ID, user_login FROM {$wpdb->users} WHERE user_email = %s", $email));
$found = false;
foreach ($ws as $user) {
$userDat = get_userdata($user->ID);
if (wfUtils::isAdmin($userDat)) {
if ($email == $userDat->user_email) {
$found = true;
break;
}
}
}
if (!$found) {
foreach (wfConfig::getAlertEmails() as $alertEmail) {
if ($alertEmail == $email) {
$found = true;
break;
}
}
}
if ($found) {
$key = wfUtils::bigRandomHex();
$IP = wfUtils::getIP();
set_transient('wfunlock_' . $key, $IP, 1800);
$content = wfUtils::tmpl('email_unlockRequest.php', array('siteName' => get_bloginfo('name', 'raw'), 'siteURL' => wfUtils::getSiteBaseURL(), 'unlockHref' => wfUtils::getSiteBaseURL() . '?_wfsf=unlockAccess&key=' . $key, 'key' => $key, 'IP' => $IP));
wp_mail($email, "Unlock email requested", $content, "Content-Type: text/html");
}
echo "<html><body><h1>Your request was received</h1><p>We received a request to email \"" . wp_kses($email, array()) . "\" instructions to unlock their access. If that is the email address of a site administrator or someone on the Wordfence alert list, then they have been emailed instructions on how to regain access to this sytem. The instructions we sent will expire 30 minutes from now.</body></html>";
exit;
} else {
if ($wfFunc == 'unlockAccess') {
if (!preg_match('/^\\d+\\.\\d+\\.\\d+\\.\\d+$/', get_transient('wfunlock_' . $_GET['key']))) {
echo "Invalid key provided for authentication.";
exit;
}
/* You can enable this for paranoid security leve.
if(get_transient('wfunlock_' . $_GET['key']) != wfUtils::getIP()){
echo "You can only use this link from the IP address you used to generate the unlock email.";
exit();
}
*/
$wfLog = new wfLog(wfConfig::get('apiKey'), wfUtils::getWPVersion());
if ($_GET['func'] == 'unlockMyIP') {
$wfLog->unblockIP(wfUtils::getIP());
$wfLog->unlockOutIP(wfUtils::getIP());
delete_transient('wflginfl_' . bin2hex(wfUtils::inet_pton(wfUtils::getIP())));
//Reset login failure counter
header('Location: ' . wp_login_url());
exit;
} else {
if ($_GET['func'] == 'unlockAllIPs') {
wordfence::status(1, 'info', "Request received via unlock email link to unblock all IPs.");
$wfLog->unblockAllIPs();
$wfLog->unlockAllIPs();
delete_transient('wflginfl_' . bin2hex(wfUtils::inet_pton(wfUtils::getIP())));
//Reset login failure counter
header('Location: ' . wp_login_url());
exit;
} else {
if ($_GET['func'] == 'disableRules') {
wfConfig::set('firewallEnabled', 0);
wfConfig::set('loginSecurityEnabled', 0);
wordfence::status(1, 'info', "Request received via unlock email link to unblock all IPs via disabling firewall rules.");
$wfLog->unblockAllIPs();
$wfLog->unlockAllIPs();
delete_transient('wflginfl_' . bin2hex(wfUtils::inet_pton(wfUtils::getIP())));
//Reset login failure counter
wfConfig::set('cbl_countries', '');
//unblock all countries
header('Location: ' . wp_login_url());
exit;
} else {
echo "Invalid function specified. Please check the link we emailed you and make sure it was not cut-off by your email reader.";
exit;
}
}
}
} else {
if ($wfFunc == 'detectProxy') {
wfUtils::doNotCache();
if (wfUtils::processDetectProxyCallback()) {
self::getLog()->getCurrentRequest()->action = 'scan:detectproxy';
//Exempt a valid callback from live traffic
echo wfConfig::get('detectProxyRecommendation', '-');
} else {
echo '0';
}
exit;
}
}
}
// Sync the WAF data with the database.
if (!WFWAF_SUBDIRECTORY_INSTALL && ($waf = wfWAF::getInstance())) {
try {
$configDefaults = array('apiKey' => wfConfig::get('apiKey'), 'isPaid' => wfConfig::get('isPaid'), 'siteURL' => site_url(), 'homeURL' => home_url(), 'whitelistedIPs' => (string) wfConfig::get('whitelisted'), 'howGetIPs' => (string) wfConfig::get('howGetIPs'), 'other_WFNet' => wfConfig::get('other_WFNet', true), 'pluginABSPATH' => ABSPATH);
foreach ($configDefaults as $key => $value) {
$waf->getStorageEngine()->setConfig($key, $value);
}
if (class_exists('wfWAFIPBlocksController')) {
wfWAFIPBlocksController::synchronizeConfigSettings();
}
if (empty($_GET['wordfence_syncAttackData'])) {
$lastAttackMicroseconds = $wpdb->get_var("SELECT MAX(attackLogTime) FROM {$wpdb->base_prefix}wfHits");
if (get_site_option('wordfence_lastSyncAttackData', 0) < time() - 4) {
if ($waf->getStorageEngine()->hasNewerAttackData($lastAttackMicroseconds)) {
if (get_site_option('wordfence_syncingAttackData') <= time() - 60) {
// Could be the request to itself is not completing, add ajax to the head as a workaround
$attempts = get_site_option('wordfence_syncAttackDataAttempts', 0);
if ($attempts > 10) {
add_action('wp_head', 'wordfence::addSyncAttackDataAjax');
add_action('login_head', 'wordfence::addSyncAttackDataAjax');
add_action('admin_head', 'wordfence::addSyncAttackDataAjax');
} else {
update_site_option('wordfence_syncAttackDataAttempts', ++$attempts);
wp_remote_post(add_query_arg('wordfence_syncAttackData', microtime(true), home_url('/')), array('timeout' => 0.01, 'blocking' => false, 'sslverify' => apply_filters('https_local_ssl_verify', false)));
}
}
}
}
}
if ($waf instanceof wfWAFWordPress && ($learningModeAttackException = $waf->getLearningModeAttackException())) {
$log = self::getLog();
$log->initLogRequest();
$request = $log->getCurrentRequest();
$request->action = 'learned:waf';
$request->attackLogTime = microtime(true);
$ruleIDs = array();
/** @var wfWAFRule $failedRule */
foreach ($learningModeAttackException->getFailedRules() as $failedRule) {
$ruleIDs[] = $failedRule->getRuleID();
}
$actionData = array('learningMode' => 1, 'failedRules' => $ruleIDs, 'paramKey' => $learningModeAttackException->getParamKey(), 'paramValue' => $learningModeAttackException->getParamValue());
if ($ruleIDs && $ruleIDs[0]) {
$rule = $waf->getRule($ruleIDs[0]);
if ($rule) {
$request->actionDescription = $rule->getDescription();
$actionData['category'] = $rule->getCategory();
$actionData['ssl'] = $waf->getRequest()->getProtocol() === 'https';
$actionData['fullRequest'] = base64_encode($waf->getRequest());
}
}
$request->actionData = wfRequestModel::serializeActionData($actionData);
register_shutdown_function(array($request, 'save'));
self::scheduleSendAttackData();
}
} catch (wfWAFStorageFileException $e) {
// We don't have anywhere to write files in this scenario.
}
}
if (wfConfig::get('firewallEnabled')) {
$wfLog = self::getLog();
$wfLog->firewallBadIPs();
$IP = wfUtils::getIP();
if ($wfLog->isWhitelisted($IP)) {
return;
}
if (wfConfig::get('neverBlockBG') == 'neverBlockUA' && wfCrawl::isGoogleCrawler()) {
return;
}
if (wfConfig::get('neverBlockBG') == 'neverBlockVerified' && wfCrawl::isVerifiedGoogleCrawler()) {
return;
}
if (wfConfig::get('blockFakeBots')) {
if (wfCrawl::isGooglebot() && !wfCrawl::isVerifiedGoogleCrawler()) {
$wfLog->blockIP($IP, "Fake Google crawler automatically blocked");
wordfence::status(2, 'info', "Blocking fake Googlebot at IP {$IP}");
$wfLog->do503(3600, "Fake Google crawler automatically blocked.");
}
}
if (wfConfig::get('bannedURLs', false)) {
$URLs = explode(',', wfConfig::get('bannedURLs'));
foreach ($URLs as $URL) {
if (preg_match(wfUtils::patternToRegex($URL, ''), $_SERVER['REQUEST_URI'])) {
$wfLog->blockIP($IP, "Accessed a banned URL.");
$wfLog->do503(3600, "Accessed a banned URL.");
//exits
}
}
}
if (wfConfig::get('other_blockBadPOST') == '1' && $_SERVER['REQUEST_METHOD'] == 'POST' && empty($_SERVER['HTTP_USER_AGENT']) && empty($_SERVER['HTTP_REFERER'])) {
$wfLog->blockIP($IP, "POST received with blank user-agent and referer");
$wfLog->do503(3600, "POST received with blank user-agent and referer");
//exits
}
}
}
private function redirect($URL)
{
wfUtils::doNotCache();
wp_redirect($URL, 302);
exit;
}
<?php
wfUtils::doNotCache();
header('HTTP/1.1 503 Service Temporarily Unavailable');
header('Status: 503 Service Temporarily Unavailable');
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>You are temporarily locked out</title>
</head>
<body>
<h1>You are temporarily locked out</h1>
<p style="width: 500px;">
You have been temporarily locked out of this system. This means
that you will not be able to sign-in or use several other features that may compromise security.
Please try back in a short while.
<ul>
<li><a href="<?php
echo site_url();
?>
">Return to the site home page</a></li>
<li><a href="<?php
echo admin_url();
?>
">Attempt to return to the admin login page (you may still be locked out)</a></li>
</ul>
<br /><br />
<?php
require 'wfUnlockMsg.php';
public static function ajax_logHuman_callback()
{
wfUtils::doNotCache();
$hid = $_GET['hid'];
$hid = wfUtils::decrypt($hid);
if (!preg_match('/^\\d+$/', $hid)) {
exit;
}
$db = new wfDB();
global $wpdb;
$p = $wpdb->base_prefix;
$db->queryWrite("update LOW_PRIORITY {$p}" . "wfHits set jsRun=1 where id=%d", $hid);
if (!headers_sent()) {
//suppress content-type warning in chrome
header('Content-type: image/gif');
}
die("");
}
