public function run($engine)
{
//base path and 'only' is a list of files and dirs in the bast that are the only ones that should be processed. Everything else in base is ignored. If only is empty then everything is processed.
if ($this->totalForks > 1000) {
throw new Exception("Wordfence file scanner detected a possible infinite loop. Exiting on file: " . $this->stoppedOnFile);
}
$this->engine = $engine;
$files = scandir($this->path);
foreach ($files as $file) {
if ($file == '.' || $file == '..') {
continue;
}
if (sizeof($this->only) > 0 && !in_array($file, $this->only)) {
continue;
}
$file = $this->path . $file;
wordfence::status(4, 'info', "Hashing item in base dir: {$file}");
$this->_dirHash($file);
}
wordfence::status(2, 'info', "Analyzed " . $this->totalFiles . " files containing " . wfUtils::formatBytes($this->totalData) . " of data.");
if ($this->coreEnabled) {
wordfence::statusEnd($this->status['core'], $this->haveIssues['core']);
}
if ($this->themesEnabled) {
wordfence::statusEnd($this->status['themes'], $this->haveIssues['themes']);
}
if ($this->pluginsEnabled) {
wordfence::statusEnd($this->status['plugins'], $this->haveIssues['plugins']);
}
if (sizeof($this->possibleMalware) > 0) {
$malwareResp = $engine->api->binCall('check_possible_malware', json_encode($this->possibleMalware));
if ($malwareResp['code'] != 200) {
wordfence::statusEndErr();
throw new Exception("Invalid response from Wordfence API during check_possible_malware");
}
$malwareList = json_decode($malwareResp['data'], true);
if (is_array($malwareList) && sizeof($malwareList) > 0) {
for ($i = 0; $i < sizeof($malwareList); $i++) {
$file = $malwareList[$i][0];
$md5 = $malwareList[$i][1];
$name = $malwareList[$i][2];
$this->haveIssues['malware'] = true;
$this->engine->addIssue('file', 1, $this->path . $file, $md5, 'This file is suspected malware: ' . $file, "This file's signature matches a known malware file. The title of the malware is '" . $name . "'. Immediately inspect this file using the 'View' option below and consider deleting it from your server.", array('file' => $file, 'cType' => 'unknown', 'canDiff' => false, 'canFix' => false, 'canDelete' => true));
}
}
}
if ($this->malwareEnabled) {
wordfence::statusEnd($this->status['malware'], $this->haveIssues['malware']);
}
}
private function scan_oldVersions()
{
$this->statusIDX['oldVersions'] = wordfence::statusStart("Scanning for old themes, plugins and core files");
if (!function_exists('get_preferred_from_update_core')) {
require_once ABSPATH . 'wp-admin/includes/update.php';
}
$cur = get_preferred_from_update_core();
$haveIssues = false;
if (isset($cur->response) && $cur->response == 'upgrade') {
if ($this->addIssue('wfUpgrade', 1, 'wfUpgrade' . $cur->current, 'wfUpgrade' . $cur->current, "Your WordPress version is out of date", "WordPress version " . $cur->current . " is now available. Please upgrade immediately to get the latest security updates from WordPress.", array('currentVersion' => $this->wp_version, 'newVersion' => $cur->current))) {
$haveIssues = true;
}
}
$update_plugins = get_site_transient('update_plugins');
if (isset($update_plugins) && !empty($update_plugins->response)) {
if (isset($update_plugins) && $update_plugins->response) {
foreach ($update_plugins->response as $plugin => $vals) {
if (!function_exists('get_plugin_data')) {
require_once ABSPATH . '/wp-admin/includes/plugin.php';
}
$pluginFile = wfUtils::getPluginBaseDir() . $plugin;
$data = get_plugin_data($pluginFile);
$data['newVersion'] = $vals->new_version;
$key = 'wfPluginUpgrade' . ' ' . $plugin . ' ' . $data['newVersion'] . ' ' . $data['Version'];
if ($this->addIssue('wfPluginUpgrade', 1, $key, $key, "The Plugin \"" . $data['Name'] . "\" needs an upgrade.", "You need to upgrade \"" . $data['Name'] . "\" to the newest version to ensure you have any security fixes the developer has released.", $data)) {
$haveIssues = true;
}
}
}
}
$update_themes = get_site_transient('update_themes');
if (isset($update_themes) && !empty($update_themes->response)) {
if (!function_exists('get_themes')) {
require_once ABSPATH . '/wp-includes/theme.php';
}
$themes = get_themes();
foreach ($update_themes->response as $theme => $vals) {
foreach ($themes as $name => $themeData) {
if (strtolower($name) == $theme) {
$tData = array('newVersion' => $vals['new_version'], 'package' => $vals['package'], 'URL' => $vals['url'], 'name' => $themeData['Name'], 'version' => $themeData['Version']);
$key = 'wfThemeUpgrade' . ' ' . $theme . ' ' . $tData['version'] . ' ' . $tData['newVersion'];
if ($this->addIssue('wfThemeUpgrade', 1, $key, $key, "The Theme \"" . $themeData['Name'] . "\" needs an upgrade.", "You need to upgrade \"" . $themeData['Name'] . "\" to the newest version to ensure you have any security fixes the developer has released.", $tData)) {
$haveIssues = true;
}
}
}
}
}
wordfence::statusEnd($this->statusIDX['oldVersions'], $haveIssues);
}
/**
*
*/
private function scan_oldVersions()
{
$this->statusIDX['oldVersions'] = wordfence::statusStart("Scanning for old themes, plugins and core files");
$haveIssues = false;
$update_check = new wfUpdateCheck();
$update_check->checkAllUpdates();
// WordPress core updates needed
if ($update_check->needsCoreUpdate()) {
if ($this->addIssue('wfUpgrade', 1, 'wfUpgrade' . $update_check->getCoreUpdateVersion(), 'wfUpgrade' . $update_check->getCoreUpdateVersion(), "Your WordPress version is out of date", "WordPress version " . $update_check->getCoreUpdateVersion() . " is now available. Please upgrade immediately to get the latest security updates from WordPress.", array('currentVersion' => $this->wp_version, 'newVersion' => $update_check->getCoreUpdateVersion()))) {
$haveIssues = true;
}
}
// Plugin updates needed
if (count($update_check->getPluginUpdates()) > 0) {
foreach ($update_check->getPluginUpdates() as $plugin) {
$key = 'wfPluginUpgrade' . ' ' . $plugin['pluginFile'] . ' ' . $plugin['newVersion'] . ' ' . $plugin['Version'];
if ($this->addIssue('wfPluginUpgrade', 1, $key, $key, "The Plugin \"" . $plugin['Name'] . "\" needs an upgrade.", "You need to upgrade \"" . $plugin['Name'] . "\" to the newest version to ensure you have any security fixes the developer has released.", $plugin)) {
$haveIssues = true;
}
}
}
// Theme updates needed
if (count($update_check->getThemeUpdates()) > 0) {
foreach ($update_check->getThemeUpdates() as $theme) {
$key = 'wfThemeUpgrade' . ' ' . $theme['Name'] . ' ' . $theme['version'] . ' ' . $theme['newVersion'];
if ($this->addIssue('wfThemeUpgrade', 1, $key, $key, "The Theme \"" . $theme['Name'] . "\" needs an upgrade.", "You need to upgrade \"" . $theme['Name'] . "\" to the newest version to ensure you have any security fixes the developer has released.", $theme)) {
$haveIssues = true;
}
}
}
wordfence::statusEnd($this->statusIDX['oldVersions'], $haveIssues);
}
public function scan_suspiciousAdminUsers()
{
$this->statusIDX['suspiciousAdminUsers'] = wordfence::statusStart("Scanning for admin users not created through WordPress");
$haveIssues = false;
$adminUsers = new wfAdminUserMonitor();
if ($adminUsers->isEnabled() && ($suspiciousAdmins = $adminUsers->checkNewAdmins())) {
foreach ($suspiciousAdmins as $userID) {
$user = new WP_User($userID);
$key = 'suspiciousAdminUsers' . $userID;
if ($this->addIssue('suspiciousAdminUsers', 1, $key, $key, "An admin user with the username " . esc_html($user->user_login) . " was created outside of WordPress.", "An admin user with the username " . esc_html($user->user_login) . " was created outside of WordPress. It's\n\t\t\t\tpossible a plugin could have created the account, but if you do not recognize the user, we suggest you remove\n\t\t\t\tit.", array('userID' => $userID))) {
$haveIssues = true;
}
}
}
wordfence::statusEnd($this->statusIDX['suspiciousAdminUsers'], $haveIssues);
}
