/** * @param string $striplen * @param string $path * @param array $only * @param array $themes * @param array $plugins * @param wfScanEngine $engine * @throws Exception */ public function __construct($striplen, $path, $only, $themes, $plugins, $engine) { $this->striplen = $striplen; $this->path = $path; $this->only = $only; $this->startTime = microtime(true); if (wfConfig::get('scansEnabled_core')) { $this->coreEnabled = true; } if (wfConfig::get('scansEnabled_plugins')) { $this->pluginsEnabled = true; } if (wfConfig::get('scansEnabled_themes')) { $this->themesEnabled = true; } if (wfConfig::get('scansEnabled_malware')) { $this->malwareEnabled = true; } $this->db = new wfDB(); //Doing a delete for now. Later we can optimize this to only scan modified files. //$this->db->queryWrite("update " . $this->db->prefix() . "wfFileMods set oldMD5 = newMD5"); $this->db->queryWrite("delete from " . $this->db->prefix() . "wfFileMods"); $fetchCoreHashesStatus = wordfence::statusStart("Fetching core, theme and plugin file signatures from Wordfence"); $dataArr = $engine->api->binCall('get_known_files', json_encode(array('plugins' => $plugins, 'themes' => $themes))); if ($dataArr['code'] != 200) { wordfence::statusEndErr(); throw new Exception("Got error response from Wordfence servers: " . $dataArr['code']); } $this->knownFiles = @json_decode($dataArr['data'], true); if (!is_array($this->knownFiles)) { wordfence::statusEndErr(); throw new Exception("Invalid response from Wordfence servers."); } wordfence::statusEnd($fetchCoreHashesStatus, false, true); if ($this->malwareEnabled) { $malwarePrefixStatus = wordfence::statusStart("Fetching list of known malware files from Wordfence"); $malwareData = $engine->api->getStaticURL('/malwarePrefixes.bin'); if (!$malwareData) { wordfence::statusEndErr(); throw new Exception("Could not fetch malware signatures from Wordfence servers."); } if (strlen($malwareData) % 4 != 0) { wordfence::statusEndErr(); throw new Exception("Malware data received from Wordfence servers was not valid."); } $this->malwareData = array(); for ($i = 0; $i < strlen($malwareData); $i += 4) { $this->malwareData[substr($malwareData, $i, 4)] = '1'; } wordfence::statusEnd($malwarePrefixStatus, false, true); } if ($this->path[strlen($this->path) - 1] != '/') { $this->path .= '/'; } if (!is_readable($path)) { throw new Exception("Could not read directory " . $this->path . " to do scan."); } $this->haveIssues = array('core' => false, 'themes' => false, 'plugins' => false, 'malware' => false); if ($this->coreEnabled) { $this->status['core'] = wordfence::statusStart("Comparing core WordPress files against originals in repository"); } else { wordfence::statusDisabled("Skipping core scan"); } if ($this->themesEnabled) { $this->status['themes'] = wordfence::statusStart("Comparing open source themes against WordPress.org originals"); } else { wordfence::statusDisabled("Skipping theme scan"); } if ($this->pluginsEnabled) { $this->status['plugins'] = wordfence::statusStart("Comparing plugins against WordPress.org originals"); } else { wordfence::statusDisabled("Skipping plugin scan"); } if ($this->malwareEnabled) { $this->status['malware'] = wordfence::statusStart("Scanning for known malware files"); } else { wordfence::statusDisabled("Skipping malware scan"); } }
private function scan_oldVersions() { $this->statusIDX['oldVersions'] = wordfence::statusStart("Scanning for old themes, plugins and core files"); if (!function_exists('get_preferred_from_update_core')) { require_once ABSPATH . 'wp-admin/includes/update.php'; } $cur = get_preferred_from_update_core(); $haveIssues = false; if (isset($cur->response) && $cur->response == 'upgrade') { if ($this->addIssue('wfUpgrade', 1, 'wfUpgrade' . $cur->current, 'wfUpgrade' . $cur->current, "Your WordPress version is out of date", "WordPress version " . $cur->current . " is now available. Please upgrade immediately to get the latest security updates from WordPress.", array('currentVersion' => $this->wp_version, 'newVersion' => $cur->current))) { $haveIssues = true; } } $update_plugins = get_site_transient('update_plugins'); if (isset($update_plugins) && !empty($update_plugins->response)) { if (isset($update_plugins) && $update_plugins->response) { foreach ($update_plugins->response as $plugin => $vals) { if (!function_exists('get_plugin_data')) { require_once ABSPATH . '/wp-admin/includes/plugin.php'; } $pluginFile = wfUtils::getPluginBaseDir() . $plugin; $data = get_plugin_data($pluginFile); $data['newVersion'] = $vals->new_version; $key = 'wfPluginUpgrade' . ' ' . $plugin . ' ' . $data['newVersion'] . ' ' . $data['Version']; if ($this->addIssue('wfPluginUpgrade', 1, $key, $key, "The Plugin \"" . $data['Name'] . "\" needs an upgrade.", "You need to upgrade \"" . $data['Name'] . "\" to the newest version to ensure you have any security fixes the developer has released.", $data)) { $haveIssues = true; } } } } $update_themes = get_site_transient('update_themes'); if (isset($update_themes) && !empty($update_themes->response)) { if (!function_exists('get_themes')) { require_once ABSPATH . '/wp-includes/theme.php'; } $themes = get_themes(); foreach ($update_themes->response as $theme => $vals) { foreach ($themes as $name => $themeData) { if (strtolower($name) == $theme) { $tData = array('newVersion' => $vals['new_version'], 'package' => $vals['package'], 'URL' => $vals['url'], 'name' => $themeData['Name'], 'version' => $themeData['Version']); $key = 'wfThemeUpgrade' . ' ' . $theme . ' ' . $tData['version'] . ' ' . $tData['newVersion']; if ($this->addIssue('wfThemeUpgrade', 1, $key, $key, "The Theme \"" . $themeData['Name'] . "\" needs an upgrade.", "You need to upgrade \"" . $themeData['Name'] . "\" to the newest version to ensure you have any security fixes the developer has released.", $tData)) { $haveIssues = true; } } } } } wordfence::statusEnd($this->statusIDX['oldVersions'], $haveIssues); }
/** * */ private function scan_oldVersions() { $this->statusIDX['oldVersions'] = wordfence::statusStart("Scanning for old themes, plugins and core files"); $haveIssues = false; $update_check = new wfUpdateCheck(); $update_check->checkAllUpdates(); // WordPress core updates needed if ($update_check->needsCoreUpdate()) { if ($this->addIssue('wfUpgrade', 1, 'wfUpgrade' . $update_check->getCoreUpdateVersion(), 'wfUpgrade' . $update_check->getCoreUpdateVersion(), "Your WordPress version is out of date", "WordPress version " . $update_check->getCoreUpdateVersion() . " is now available. Please upgrade immediately to get the latest security updates from WordPress.", array('currentVersion' => $this->wp_version, 'newVersion' => $update_check->getCoreUpdateVersion()))) { $haveIssues = true; } } // Plugin updates needed if (count($update_check->getPluginUpdates()) > 0) { foreach ($update_check->getPluginUpdates() as $plugin) { $key = 'wfPluginUpgrade' . ' ' . $plugin['pluginFile'] . ' ' . $plugin['newVersion'] . ' ' . $plugin['Version']; if ($this->addIssue('wfPluginUpgrade', 1, $key, $key, "The Plugin \"" . $plugin['Name'] . "\" needs an upgrade.", "You need to upgrade \"" . $plugin['Name'] . "\" to the newest version to ensure you have any security fixes the developer has released.", $plugin)) { $haveIssues = true; } } } // Theme updates needed if (count($update_check->getThemeUpdates()) > 0) { foreach ($update_check->getThemeUpdates() as $theme) { $key = 'wfThemeUpgrade' . ' ' . $theme['Name'] . ' ' . $theme['version'] . ' ' . $theme['newVersion']; if ($this->addIssue('wfThemeUpgrade', 1, $key, $key, "The Theme \"" . $theme['Name'] . "\" needs an upgrade.", "You need to upgrade \"" . $theme['Name'] . "\" to the newest version to ensure you have any security fixes the developer has released.", $theme)) { $haveIssues = true; } } } wordfence::statusEnd($this->statusIDX['oldVersions'], $haveIssues); }
public function scan_suspiciousAdminUsers() { $this->statusIDX['suspiciousAdminUsers'] = wordfence::statusStart("Scanning for admin users not created through WordPress"); $haveIssues = false; $adminUsers = new wfAdminUserMonitor(); if ($adminUsers->isEnabled() && ($suspiciousAdmins = $adminUsers->checkNewAdmins())) { foreach ($suspiciousAdmins as $userID) { $user = new WP_User($userID); $key = 'suspiciousAdminUsers' . $userID; if ($this->addIssue('suspiciousAdminUsers', 1, $key, $key, "An admin user with the username " . esc_html($user->user_login) . " was created outside of WordPress.", "An admin user with the username " . esc_html($user->user_login) . " was created outside of WordPress. It's\n\t\t\t\tpossible a plugin could have created the account, but if you do not recognize the user, we suggest you remove\n\t\t\t\tit.", array('userID' => $userID))) { $haveIssues = true; } } } wordfence::statusEnd($this->statusIDX['suspiciousAdminUsers'], $haveIssues); }