public static function install_actions()
{
register_activation_hook(WORDFENCE_FCPATH, 'wordfence::installPlugin');
register_deactivation_hook(WORDFENCE_FCPATH, 'wordfence::uninstallPlugin');
$versionInOptions = get_option('wordfence_version', false);
if (!$versionInOptions || version_compare(WORDFENCE_VERSION, $versionInOptions, '>')) {
//Either there is no version in options or the version in options is greater and we need to run the upgrade
self::runInstall();
}
self::initProtection();
//These access wfConfig::get('apiKey') and will fail if runInstall hasn't executed.
wfCache::setupCaching();
if (defined('MULTISITE') && MULTISITE === true) {
global $blog_id;
if ($blog_id == 1 && get_option('wordfenceActivated') != 1) {
return;
}
//Because the plugin is active once installed, even before it's network activated, for site 1 (WordPress team, why?!)
}
//User may be logged in or not, so register both handlers
add_action('wp_ajax_nopriv_wordfence_logHuman', 'wordfence::ajax_logHuman_callback');
add_action('wp_ajax_nopriv_wordfence_doScan', 'wordfence::ajax_doScan_callback');
add_action('wp_ajax_nopriv_wordfence_testAjax', 'wordfence::ajax_testAjax_callback');
add_action('wp_ajax_nopriv_wordfence_perfLog', 'wordfence::ajax_perfLog_callback');
if (wfUtils::hasLoginCookie()) {
//may be logged in. Fast way to check. These aren't secure functions, this is just a perf optimization, along with every other use of hasLoginCookie()
add_action('wp_ajax_wordfence_perfLog', 'wordfence::ajax_perfLog_callback');
add_action('wp_ajax_wordfence_logHuman', 'wordfence::ajax_logHuman_callback');
add_action('wp_ajax_wordfence_doScan', 'wordfence::ajax_doScan_callback');
add_action('wp_ajax_wordfence_testAjax', 'wordfence::ajax_testAjax_callback');
if (is_multisite()) {
add_action('wp_network_dashboard_setup', 'wordfence::addDashboardWidget');
} else {
add_action('wp_dashboard_setup', 'wordfence::addDashboardWidget');
}
}
add_action('wordfence_start_scheduled_scan', 'wordfence::wordfenceStartScheduledScan');
add_action('wordfence_daily_cron', 'wordfence::dailyCron');
add_action('wordfence_daily_autoUpdate', 'wfConfig::autoUpdate');
add_action('wordfence_hourly_cron', 'wordfence::hourlyCron');
add_action('plugins_loaded', 'wordfence::veryFirstAction');
add_action('init', 'wordfence::initAction');
add_action('template_redirect', 'wordfence::templateRedir', 1001);
add_action('shutdown', 'wordfence::shutdownAction');
if (version_compare(PHP_VERSION, '5.4.0') >= 0) {
add_action('wp_authenticate', 'wordfence::authActionNew', 1, 2);
} else {
add_action('wp_authenticate', 'wordfence::authActionOld', 1, 2);
}
add_filter('authenticate', 'wordfence::authenticateFilter', 99, 3);
if (self::isLockedOut(wfUtils::getIP())) {
add_filter('xmlrpc_enabled', '__return_false');
}
add_action('login_init', 'wordfence::loginInitAction');
add_action('wp_login', 'wordfence::loginAction');
add_action('wp_logout', 'wordfence::logoutAction');
add_action('lostpassword_post', 'wordfence::lostPasswordPost', '1');
if (wfUtils::hasLoginCookie()) {
add_action('user_profile_update_errors', 'wordfence::validateProfileUpdate', 0, 3);
add_action('profile_update', 'wordfence::profileUpdateAction', '99', 2);
add_action('validate_password_reset', 'wordfence::validatePassword', 10, 2);
}
add_action('publish_future_post', 'wordfence::publishFuturePost');
add_action('mobile_setup', 'wordfence::jetpackMobileSetup');
//Action called in Jetpack Mobile Theme: modules/minileven/minileven.php
// Add actions for the email summary
add_action('wordfence_email_activity_report', array('wfActivityReport', 'executeCronJob'));
//For debugging
//add_filter( 'cron_schedules', 'wordfence::cronAddSchedules' );
add_filter('wp_redirect', 'wordfence::wpRedirectFilter', 99, 2);
add_filter('pre_comment_approved', 'wordfence::preCommentApprovedFilter', '99', 2);
//html|xhtml|atom|rss2|rdf|comment|export
if (wfConfig::get('other_hideWPVersion')) {
add_filter('style_loader_src', 'wordfence::replaceVersion');
add_filter('script_loader_src', 'wordfence::replaceVersion');
add_action('upgrader_process_complete', 'wordfence::hideReadme');
}
add_filter('get_the_generator_html', 'wordfence::genFilter', 99, 2);
add_filter('get_the_generator_xhtml', 'wordfence::genFilter', 99, 2);
add_filter('get_the_generator_atom', 'wordfence::genFilter', 99, 2);
add_filter('get_the_generator_rss2', 'wordfence::genFilter', 99, 2);
add_filter('get_the_generator_rdf', 'wordfence::genFilter', 99, 2);
add_filter('get_the_generator_comment', 'wordfence::genFilter', 99, 2);
add_filter('get_the_generator_export', 'wordfence::genFilter', 99, 2);
add_filter('registration_errors', 'wordfence::registrationFilter', 99, 3);
// Change GoDaddy's limit login mu-plugin since it can interfere with the two factor auth message.
if (self::hasGDLimitLoginsMUPlugin()) {
add_action('login_errors', array('wordfence', 'fixGDLimitLoginsErrors'), 11);
}
if (is_admin()) {
add_action('admin_init', 'wordfence::admin_init');
if (is_multisite()) {
if (wfUtils::isAdminPageMU()) {
add_action('network_admin_menu', 'wordfence::admin_menus');
}
//else don't show menu
} else {
add_action('admin_menu', 'wordfence::admin_menus');
}
add_filter('pre_update_option_permalink_structure', 'wordfence::disablePermalinksFilter', 10, 2);
if (preg_match('/^(?:falcon|php)$/', wfConfig::get('cacheType'))) {
add_filter('post_row_actions', 'wordfence::postRowActions', 0, 2);
add_filter('page_row_actions', 'wordfence::pageRowActions', 0, 2);
add_action('post_submitbox_start', 'wordfence::postSubmitboxStart');
}
}
add_action('request', 'wordfence::preventAuthorNScans');
add_action('password_reset', 'wordfence::actionPasswordReset');
$adminUsers = new wfAdminUserMonitor();
if ($adminUsers->isEnabled()) {
add_action('set_user_role', array($adminUsers, 'updateToUserRole'), 10, 3);
add_action('grant_super_admin', array($adminUsers, 'grantSuperAdmin'), 10, 1);
add_action('revoke_super_admin', array($adminUsers, 'revokeSuperAdmin'), 10, 1);
} else {
if (wfConfig::get_ser('adminUserList', false)) {
// reset this in the event it's disabled or the network is too large
wfConfig::set_ser('adminUserList', false);
}
}
if (!self::getLog()->getCurrentRequest()->jsRun && wfConfig::liveTrafficEnabled()) {
add_action('wp_head', 'wordfence::wfLogHumanHeader');
add_action('login_head', 'wordfence::wfLogHumanHeader');
}
add_action('wordfence_processAttackData', 'wordfence::processAttackData');
if (!empty($_GET['wordfence_syncAttackData']) && get_site_option('wordfence_syncingAttackData') <= time() - 60) {
ignore_user_abort(true);
update_site_option('wordfence_syncingAttackData', time());
header('Content-Type: text/javascript');
add_action('init', 'wordfence::syncAttackData', 10, 0);
add_filter('woocommerce_unforce_ssl_checkout', '__return_false');
}
if (wfConfig::get('other_hideWPVersion')) {
add_filter('update_feedback', 'wordfence::restoreReadmeForUpgrade');
}
}
public function scan_suspiciousAdminUsers()
{
$this->statusIDX['suspiciousAdminUsers'] = wordfence::statusStart("Scanning for admin users not created through WordPress");
$haveIssues = false;
$adminUsers = new wfAdminUserMonitor();
if ($adminUsers->isEnabled() && ($suspiciousAdmins = $adminUsers->checkNewAdmins())) {
foreach ($suspiciousAdmins as $userID) {
$user = new WP_User($userID);
$key = 'suspiciousAdminUsers' . $userID;
if ($this->addIssue('suspiciousAdminUsers', 1, $key, $key, "An admin user with the username " . esc_html($user->user_login) . " was created outside of WordPress.", "An admin user with the username " . esc_html($user->user_login) . " was created outside of WordPress. It's\n\t\t\t\tpossible a plugin could have created the account, but if you do not recognize the user, we suggest you remove\n\t\t\t\tit.", array('userID' => $userID))) {
$haveIssues = true;
}
}
}
wordfence::statusEnd($this->statusIDX['suspiciousAdminUsers'], $haveIssues);
}