/**
* Create a folder in the WordPress upload directory where the plugin will
* store all the temporal or dynamic information.
*
* @return void
*/
public static function createStorageFolder()
{
$directory = SucuriScan::datastore_folder_path();
if (!file_exists($directory)) {
@mkdir($directory, 0755, true);
}
if (file_exists($directory)) {
// Create last-logins datastore file.
sucuriscan_lastlogins_datastore_exists();
// Create a htaccess file to deny access from all.
if (!SucuriScanHardening::is_hardened($directory)) {
SucuriScanHardening::harden_directory($directory);
}
// Create an index.html to avoid directory listing.
@file_put_contents($directory . '/index.html', '<!-- Prevent the directory listing. -->', LOCK_EX);
}
}
function sucuriscan_settings_general_resetoptions($nonce)
{
// Reset all the plugin's options.
if ($nonce && SucuriScanRequest::post(':reset_options') !== false) {
$process = SucuriScanRequest::post(':process_form');
if (intval($process) === 1) {
// Notify the event before the API key is removed.
$message = 'Sucuri plugin options were reset';
SucuriScanEvent::report_critical_event($message);
SucuriScanEvent::notify_event('plugin_change', $message);
// Remove all plugin options from the database.
SucuriScanOption::delete_plugin_options();
// Remove the scheduled tasks.
wp_clear_scheduled_hook('sucuriscan_scheduled_scan');
// Remove all the local security logs.
@unlink(SucuriScan::datastore_folder_path('.htaccess'));
@unlink(SucuriScan::datastore_folder_path('index.html'));
@unlink(SucuriScan::datastore_folder_path('sucuri-failedlogins.php'));
@unlink(SucuriScan::datastore_folder_path('sucuri-integrity.php'));
@unlink(SucuriScan::datastore_folder_path('sucuri-lastlogins.php'));
@unlink(SucuriScan::datastore_folder_path('sucuri-oldfailedlogins.php'));
@unlink(SucuriScan::datastore_folder_path('sucuri-plugindata.php'));
@unlink(SucuriScan::datastore_folder_path('sucuri-sitecheck.php'));
@unlink(SucuriScan::datastore_folder_path('sucuri-trustip.php'));
@rmdir(SucuriScan::datastore_folder_path());
// Revert hardening of core directories (includes, content, uploads).
SucuriScanHardening::dewhitelist('ms-files.php', 'wp-includes');
SucuriScanHardening::dewhitelist('wp-tinymce.php', 'wp-includes');
SucuriScanHardening::unharden_directory(ABSPATH . '/wp-includes');
SucuriScanHardening::unharden_directory(WP_CONTENT_DIR . '/uploads');
SucuriScanHardening::unharden_directory(WP_CONTENT_DIR);
SucuriScanInterface::info('Plugin options, core directory hardening, and security logs were reset');
} else {
SucuriScanInterface::error('You need to confirm that you understand the risk of this operation.');
}
}
return SucuriScanTemplate::get_section('settings-general-resetoptions');
}
/**
* Check whether the WordPress includes folder is protected or not.
*
* A htaccess file is placed in the includes folder denying the access to any php
* file that could be uploaded through a vulnerability in a Plugin, Theme or
* WordPress itself, there are some exceptions for some specific files that must
* be available publicly.
*
* @return void
*/
function sucuriscan_harden_wpincludes()
{
$dpath = ABSPATH . '/wp-includes';
if (SucuriScanRequest::post(':run_hardening')) {
if (SucuriScanRequest::post(':harden_wpincludes')) {
$result = SucuriScanHardening::harden_directory($dpath);
if ($result === true) {
$message = 'Hardening applied to the library directory';
SucuriScanEvent::report_notice_event($message);
SucuriScanInterface::info($message);
} else {
SucuriScanInterface::error('Error hardening directory, check the permissions.');
}
} elseif (SucuriScanRequest::post(':harden_wpincludes_unharden')) {
$result = SucuriScanHardening::unharden_directory($dpath);
if ($result === true) {
$message = 'Hardening reverted in the library directory';
SucuriScanEvent::report_error_event($message);
SucuriScanInterface::info($message);
} else {
SucuriScanInterface::info('Access file is not writable, check the permissions.');
}
}
}
// Check whether the directory is already hardened or not.
$is_hardened = SucuriScanHardening::is_hardened($dpath);
$cp = $is_hardened === true ? 1 : 0;
return sucuriscan_harden_status('Restrict wp-includes access', $cp, 'sucuriscan_harden_wpincludes', 'WP-Includes directory properly hardened', 'WP-Includes directory not hardened', 'This option blocks direct PHP access to any file inside <code>wp-includes</code>.', null);
}
