-
Notifications
You must be signed in to change notification settings - Fork 30
/
sucuri.php
335 lines (289 loc) · 10.6 KB
/
sucuri.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
<?php
/**
* Plugin Name: Sucuri Security - Auditing, Malware Scanner and Hardening
* Description: The <a href="https://sucuri.net/" target="_blank">Sucuri</a> plugin provides the website owner the best Activity Auditing, SiteCheck Remote Malware Scanning, Effective Security Hardening and Post-Hack features. SiteCheck will check for malware, spam, blocklisting and other security issues like .htaccess redirects, hidden eval code, etc. The best thing about it is it's completely free.
* Plugin URI: https://wordpress.sucuri.net/
* Author URI: https://sucuri.net/
* Author: Sucuri Inc.
* Text Domain: sucuri-scanner
* Domain Path: /lang
* Version: 1.9.6
* License: GPL v2 or later
* License URI: https://www.gnu.org/licenses/gpl-2.0.html
*
* PHP version 7
*
* @category Library
* @package Sucuri
* @subpackage SucuriScanner
* @author Daniel Cid <dcid@sucuri.net>
* @copyright 2010-2024 Sucuri Inc.
* @license https://www.gnu.org/licenses/gpl-2.0.txt GPL2
* @link https://wordpress.org/plugins/sucuri-scanner
*/
/**
* Main file to control the plugin.
*
* The constant will be used in the additional PHP files to determine if the
* code is being called from a legitimate interface or not. It is expected that
* during the direct access of any of the extra PHP files the interpreter will
* return a 403/Forbidden response and immediately exit the execution, this will
* prevent unwanted access to code with unmet dependencies.
*/
define('SUCURISCAN_INIT', true);
/**
* Plugin dependencies.
*
* List of required functions for the execution of this plugin, we are assuming
* that this site was built on top of the WordPress project, and that it is
* being loaded through a pluggable system, these functions most be defined
* before to continue.
*
* @var array
*/
$sucuriscan_dependencies = array(
'wp',
'wp_die',
'add_action',
'remove_action',
'wp_remote_get',
'wp_remote_post',
);
/* terminate execution if dependencies are not met */
foreach ($sucuriscan_dependencies as $dependency) {
if (!function_exists($dependency)) {
/* Report invalid access if possible. */
header('HTTP/1.1 403 Forbidden');
exit(0);
}
}
/* check if installation path is available */
if (!defined('ABSPATH') || !defined('WP_CONTENT_DIR')) {
/* Report invalid access if possible. */
header('HTTP/1.1 403 Forbidden');
exit(0);
}
/**
* Plugin's constants.
*
* These constants will hold the basic information of the plugin, file/folder
* paths, version numbers, read-only variables that will affect the functioning
* of the rest of the code. The conditional will act as a container helping in
* the readability of the code considering the total number of lines that this
* file will have.
*/
/**
* Unique name of the plugin through out all the code.
*/
define('SUCURISCAN', 'sucuriscan');
/**
* Current version of the plugin's code.
*/
define('SUCURISCAN_VERSION', '1.9.6');
/**
* Defines the human readable name of the plugin.
*/
define('SUCURISCAN_PLUGIN_NAME', 'Sucuri Security - Auditing, Malware Scanner and Hardening');
/**
* The name of the folder where the plugin's files will be located.
*
* Note that we are using the constant FILE instead of DIR because some
* installations of PHP are either outdated or are not supporting the access to
* that definition, to keep things simple we will select the name of the
* directory name of the current file, then select the base name of that
* directory.
*/
define('SUCURISCAN_PLUGIN_FOLDER', basename(dirname(__FILE__)));
/**
* The fullpath where the plugin's files will be located.
*/
define('SUCURISCAN_PLUGIN_PATH', WP_PLUGIN_DIR . '/' . SUCURISCAN_PLUGIN_FOLDER);
/**
* The local URL where the plugin's files and assets are served.
*/
define('SUCURISCAN_URL', rtrim(plugin_dir_url(__FILE__), '/'));
/**
* Latest version of the public Sucuri API.
*/
define('SUCURISCAN_API_VERSION', 'v1');
/**
* Remote URL where the firewall API service is running.
*/
define('SUCURISCAN_CLOUDPROXY_API', 'https://waf.sucuri.net/api');
/**
* Latest version of the firewall API.
*/
define('SUCURISCAN_CLOUDPROXY_API_VERSION', 'v2');
/**
* The maximum quantity of entries that will be displayed in the last login page.
*/
define('SUCURISCAN_LASTLOGINS_USERSLIMIT', 25);
/**
* The life time of the cache for the audit logs to help API perforamnce.
*/
define('SUCURISCAN_AUDITLOGS_LIFETIME', 600);
/**
* The maximum quantity of entries that will be displayed in the audit logs page.
*/
define('SUCURISCAN_AUDITLOGS_PER_PAGE', 25);
/**
* The maximum quantity of entries that will be displayed in the integrity section.
*/
define('SUCURISCAN_INTEGRITY_FILES_PER_PAGE', 15);
/**
* The maximum quantity of buttons in the paginations.
*/
define('SUCURISCAN_MAX_PAGINATION_BUTTONS', 16);
/**
* Frequency of the file system scans in seconds.
*/
define('SUCURISCAN_SCANNER_FREQUENCY', 10800);
/**
* The life time of the cache for the results of the SiteCheck scans.
*/
define('SUCURISCAN_SITECHECK_LIFETIME', 21600);
/**
* The life time of the cache for the results of the get_plugins function.
*/
define('SUCURISCAN_GET_PLUGINS_LIFETIME', 1800);
/**
* The maximum execution time of a HTTP request before timeout.
*/
define('SUCURISCAN_MAX_REQUEST_TIMEOUT', 5);
/**
* Sets the text that will preceed the admin notices.
*
* If you have defined SUCURISCAN_THROW_EXCEPTIONS to throw a generic exception
* when an info or error alert is triggered, this text will be replaced by the
* type of alert that was fired (either Info or Error respectively) which is
* useful when you are executing code in a testing environment.
*/
define('SUCURISCAN_ADMIN_NOTICE_PREFIX', '<b>SUCURI:</b>');
/* Fix missing server name in non-webview context */
if (!array_key_exists('SERVER_NAME', $_SERVER)) {
$_SERVER['SERVER_NAME'] = 'localhost';
}
/* Load plugin translations */
function sucuriscan_load_plugin_textdomain()
{
load_plugin_textdomain('sucuri-scanner', false, basename(dirname(__FILE__)) . '/lang/');
}
add_action('plugins_loaded', 'sucuriscan_load_plugin_textdomain');
/* Load all classes before anything else. */
require_once 'src/base.lib.php';
require_once 'src/request.lib.php';
require_once 'src/fileinfo.lib.php';
require_once 'src/cache.lib.php';
require_once 'src/option.lib.php';
require_once 'src/cron.lib.php';
require_once 'src/event.lib.php';
require_once 'src/hook.lib.php';
require_once 'src/api.lib.php';
require_once 'src/mail.lib.php';
require_once 'src/command.lib.php';
require_once 'src/template.lib.php';
require_once 'src/fsscanner.lib.php';
require_once 'src/hardening.lib.php';
require_once 'src/interface.lib.php';
require_once 'src/auditlogs.lib.php';
require_once 'src/sitecheck.lib.php';
require_once 'src/wordpress-recommendations.lib.php';
require_once 'src/integrity.lib.php';
require_once 'src/firewall.lib.php';
require_once 'src/installer-skin.lib.php';
require_once 'src/cachecontrol.lib.php';
/* Load page and ajax handlers */
require_once 'src/pagehandler.php';
/* Load handlers for main pages (lastlogins). */
require_once 'src/lastlogins.php';
require_once 'src/lastlogins-loggedin.php';
require_once 'src/lastlogins-failed.php';
/* Load handlers for main pages (settings). */
require_once 'src/settings.php';
require_once 'src/settings-general.php';
require_once 'src/settings-scanner.php';
require_once 'src/settings-integrity.php';
require_once 'src/settings-hardening.php';
require_once 'src/settings-posthack.php';
require_once 'src/settings-alerts.php';
require_once 'src/settings-headers.php';
require_once 'src/settings-apiservice.php';
require_once 'src/settings-webinfo.php';
/* Load global variables and triggers */
require_once 'src/globals.php';
/* Load WP-CLI command */
if (defined('WP_CLI') && WP_CLI) {
include_once 'src/cli.lib.php';
}
add_action('send_headers', 'sucuriscanSetCacheHeaders');
function sucuriscanSetCacheHeaders()
{
$isCacheControlHeaderDisabled = SucuriScanOption::getOption(':headers_cache_control') === 'disabled';
if ($isCacheControlHeaderDisabled) {
return;
}
$sucuriScanCacheHeaders = new SucuriScanCacheHeaders();
$sucuriScanCacheHeaders->setCacheHeaders();
}
/**
* Deactivated the plugin
*
* Remove the scheduled task, but don't clear other things yet until the plugin is uninstalled.
*
* @return void
*/
function sucuriscanResetAndDeactivate()
{
/* Delete scheduled task from the system */
wp_clear_scheduled_hook('sucuriscan_scheduled_scan');
SucuriScanEvent::reportDebugEvent('Sucuri plugin has been deactivated');
}
/**
* Uninstalled the plugin
*
* When the user decides to uninstall the plugin it will call this method to
* delete all traces of data inserted into the database by older versions of the
* code, will delete the options inserted into the sub-database associated to a
* multi-site installation, will revert the hardening applied to the core
* directories, and will delete all the logs, cache and additional data stored
* in the storage directory.
*
* @return void
*/
function sucuriscanUninstall()
{
if (array_key_exists('wpdb', $GLOBALS)) {
/* Delete all plugin related options from the database */
$options = $GLOBALS['wpdb']->get_results(
'SELECT option_id, option_name FROM ' . $GLOBALS['wpdb']->options
. ' WHERE option_name LIKE "' . SUCURISCAN . '%"'
);
foreach ($options as $option) {
delete_site_option($option->option_name);
delete_option($option->option_name);
}
}
/* Delete settings from the database if they exist */
$options = SucuriScanOption::getDefaultOptionNames();
foreach ($options as $option_name) {
delete_site_option($option_name);
delete_option($option_name);
}
/* Delete hardening in standard directories */
SucuriScanHardening::removeFromAllowlist('ms-files.php', 'wp-includes');
SucuriScanHardening::removeFromAllowlist('wp-tinymce.php', 'wp-includes');
SucuriScanHardening::unhardenDirectory(WP_CONTENT_DIR);
SucuriScanHardening::unhardenDirectory(WP_CONTENT_DIR . '/uploads');
SucuriScanHardening::unhardenDirectory(ABSPATH . '/wp-includes');
SucuriScanHardening::unhardenDirectory(ABSPATH . '/wp-admin');
/* Delete cache files from disk */
$fifo = new SucuriScanFileInfo();
$fifo->ignore_files = false;
$fifo->ignore_directories = false;
$fifo->run_recursively = false;
$directory = SucuriScan::dataStorePath();
$fifo->removeDirectoryTree($directory);
SucuriScanEvent::reportDebugEvent(__('Sucuri plugin has been uninstalled', 'sucuri-scanner'));
}
register_deactivation_hook(__FILE__, 'sucuriscanResetAndDeactivate');
register_uninstall_hook(__FILE__, 'sucuriscanUninstall');