Anti-Malware Security and Brute-Force Firewall

Beschreibung

Funktionen:

  • Lade Definitionsaktualisierungen herunter, um dich vor neuen Bedrohungen zu schützen.
  • Führe einen vollständigen Scan durch, um bekannte Sicherheitsbedrohungen, Backdoor-Skripte und Datenbankinjektionen automatisch zu entfernen.
  • Die Firewall blockiert SoakSoak und andere Malware daran, Revolution Slider und andere Plugins mit bekannten Schwachstellen auszunutzen.
  • Aktualisiere anfällige Versionen von timthumb-Skripten.

Premium-Funktionen:

  • Patche deine wp-login.php-Datei und XMLRPC, um Brute-Force- und DDoS-Angriffe zu blockieren.
  • Überprüfe die Integrität deiner WordPress-Core-Dateien.
  • Lade automatisch neue Definitionsaktualisierungen herunter, wenn ein vollständiger Scan ausgeführt wird.

Registriere dieses Plugin bei GOTMLS.NET und erhalte Zugriff auf neue Definitionen von bekannten Bedrohungen und weiteren Funktionen, wie die automatische Entfernung und Patches für bestimmte Sicherheitslücken, wie z.B. alte Versionen von timthumb. Aktualisierte Definitionsdateien können automatisch im Admin heruntergeladen werden, sobald dein Key registriert ist. Andernfalls scannt dieses Plugin nur nach möglichen Bedrohungen und überlässt es dir, die bösartigen Bedrohungen zu identifizieren und zu entfernen.

HINWEIS: Dieses Plugin ruft GOTMLS.NET auf, um nach Updates zu suchen, ähnlich wie WordPress, wenn es deine Plugins und Themes auf neue Versionen überprüft. Auf dem neuesten Stand zu bleiben ist ein wesentlicher Bestandteil jedes Sicherheits-Plugins und dieses Plugin kann dich informieren, wenn neue Plugin- und Definitions-Updates verfügbar sind. Wenn du allergisch gegen „Phone Home“-Skripte bist, verwende dieses Plugin nicht (oder WordPress generell).

Besonderer Dank an:

  • Clarus Dignus für Gestaltungsvorschläge und grafische Gestaltungsarbeiten am Bannerbild.
  • Jelena Kovacevic und Andrew Kurtis von webhostinghub.com für die Bereitstellung der spanischen Übersetzung.
  • Marcelo Guernieri für die brasilianisch-portugiesische Übersetzung.
  • Umut Can Alparslan für die türkische Übersetzung.
  • Micha Cassola for the German translation.
  • Robi Erwin Setiawan for the Indonesian translation.

Screenshots

  • Das Menü mit Anti-Malware-Optionen.
  • Die Seite Scaneinstellungen im Admin.
  • Ein Beispiel-Scan, der einige Bedrohungen gefunden hat.
  • Das Ergebnisfenster, wenn die „Automatische Reparatur“ Bedrohungen behebt.
  • Die Quarantäne zeigt Bedrohungen an, die bereits behoben wurden.

Installation

  1. Lade das Plugin herunter und entpacke es im WordPress-Plugin-Verzeichnis (normalerweise /wp-content/plugins/).
  2. Aktiviere das Plugin im Plugin-Menü im WordPress-Backend.
  3. Registriere dich auf gotmls.net und lade die neuesten Definitionsupdates herunter, um nach bekannten Bedrohungen zu suchen.

FAQ

Wieso sollte ich mich registrieren?

Wenn du dich auf GOTMLS.NET registrierst, hast du Zugriff auf Definitions-Downloads neuer Bedrohungen und zusätzliche Funktionen wie die automatische Entfernung von bekannten Bedrohungen („Known Threats“) und Patches für spezielle Sicherheitsprobleme wie alte Versionen von timthumb und Brute-Force-Angriffe auf wp-login.php. Andernfalls scannt dieses Plugin nur nach möglichen Bedrohungen auf Ihrer Website. Es liegt dann an dir, die Guten von den Bösen zu unterscheiden und diese entsprechend zu entfernen.

Wie patche ich die Revolution-Slider-Schwachstelle?

Ganz einfach, wenn du dieses Anti-Malware-Plugin auf deiner Website installiert und aktiviert hast, werden Versuche, die Revolution-Slider-Schwachstelle auszunutzen, automatisch blockiert.

Wie behebe ich die wp-login-Schwachstelle?

Deine WordPress-Anmeldeseite ist anfällig für Brute-Force-Angriffe (wie jede andere Anmeldeseite). Diese Art von Angriff wird heutzutage immer häufiger und kann manchmal dazu führen, dass dein Server langsam wird oder nicht mehr reagiert, selbst wenn es dem Angriff nicht gelingt, Zugriff auf deine Website zu erlangen. Dieses Plugin kann einen Patch anwenden, der den Zugriff auf die WordPress-Anmeldeseite blockiert, wenn diese Art von Angriff erkannt wird. Klicke einfach auf die Schaltfläche Patch installieren unter Brute-Force-Schutz auf der Seite Anti-Malware-Einstellungen. Lies meinen Blog für weitere Informationen zu diesem Thema.

Warum kann ich potenzielle Bedrohungen in Gelb nicht automatisch entfernen?

Viele dieser Dateien verwenden möglicherweise eval und andere leistungsstarke PHP-Funktionen aus völlig legitimen Gründen und das Entfernen dieses Codes aus den Dateien würde wahrscheinlich deine Website lahmlegen oder sogar zerstören, daher habe ich die Funktion zum automatischen Entfernen nur für bekannte Bedrohungen („Know Threats“) aktiviert.

Woher weiß ich, ob eine der potenziellen Bedrohungen gefährlich ist?

Klicke auf den verlinkten Dateinamen, um ihn zu überprüfen, und klicke dann auf jeden nummerierten Link über dem Dateiinhaltsfeld, um den verdächtigen Code hervorzuheben. Wenn du nicht feststellen kannst, ob der Code bösartig ist oder nicht, lass ihn einfach in Ruhe oder bitte jemand anderen, ihn zu überprüfen. Wenn du feststellst, dass er bösartig ist, sende mir bitte eine Kopie der Datei, damit ich sie als bekannte Bedrohung („Know Threat“) zu meinem Definitionsupdate hinzufügen kann, dann kann sie automatisch entfernt werden.

Was ist, wenn der Scan stecken bleibt?

Lass es erst einmal für eine Weile in Ruhe. Wenn sich viele Dateien auf deinem Server befinden, kann dies eine ganze Weile dauern und manchmal so aussehen, als würden es sich überhaupt nicht bewegen, selbst wenn es wirklich funktioniert. Wenn es nach einer Weile immer noch zu hängen scheint, versuche erneut, den Scan auszuführen. Probiere sowohl den vollständigen Scan als auch den Schnell-Scan aus.

Wie wurde ich überhaupt gehackt?

Erstens, nimm den Angriff nicht persönlich. Viele Hacker führen routinemäßig automatisierte Skripte aus, die das Internet auf der Suche nach einfachen Zielen durchsuchen. Deine Website wurde wahrscheinlich gehackt, weil du unwissentlich ein leichtes Ziel bist. Dies kann daran liegen, dass du eine ältere Version von WordPress verwendest oder ein Plugin oder Theme mit einer Hintertür oder einer bekannten Sicherheitslücke installiert ist. Die häufigste Infektionsart, die ich sehe, ist jedoch die Querkontamination. Dies kann passieren, wenn sich deine Website auf einem gemeinsam genutzten Server (Shared Hosting) mit anderen ausnutzbaren Websites befindet, die infiziert wurden. In den meisten Shared-Hosting-Umgebungen ist es Hackern möglich, eine einzige infizierte Website zu verwenden, um andere Sites auf demselben Server zu infizieren, manchmal sogar dann, wenn sich die Sites auf verschiedenen Konten befinden.

Was kann ich tun, damit es nicht wieder passiert?

Es gibt keine absolut sichere Möglichkeit, deine Website vor jeder Art von Hackerangriff zu schützen. Sei aber kein leichtes Ziel. Einige grundlegende Schritte sollten Folgendes umfassen: Passwortsicherheit erhöhen, Aktualisieren aller Websites und Ausführen regelmäßiger Scans mit Anti-Malware-Software wie GOTMLS.NET

Warum meldet sucuri.net oder die Google Safe Browsing-Diagnoseseite immer noch, dass meine Website infiziert ist, nachdem ich den Schadcode entfernt habe?

sucuri.net speichert deine Scan-Ergebnisse im Cache und aktualisiert den Scan erst, wenn du auf den kleinen Link unten auf der Seite klickst, der „Force a Re-scan“ heißt, um den Cache zu leeren. Google speichert deine infizierten Seiten auch im Cache und es dauert normalerweise einige Zeit, bis deine Website erneut gecrawlt wird. Du kannst diesen Vorgang jedoch beschleunigen, indem du im Abschnitt Malware oder Sicherheit von Google Webmaster-Tools eine Überprüfung anforderst. Es ist sowieso eine gute Idee, ein Webmaster-Tools-Konto für deine Website zu haben, da es viele andere hilfreiche Informationen zu deiner Website bereitstellen kann.

How can I report security bugs?

You can report security bugs through the Patchstack Vulnerability Disclosure Program. The Patchstack team help validate, triage and handle any security vulnerabilities. Report a security vulnerability.

Rezensionen

This is a really nice little tool, it scans WP and nukes all the bad code/malware. Super effective, the free version is great. I gave them some cash years back and it still works. I have used this to fix hundreds of infected sites, doing one right now, ty plugin ppl 🙂
15. Januar 2024
Excelente gran herramienta, fue el único que pudo resolver los .htaccess maliciosos y encontrar el malware en todas las carpetas, cumple muy bien con su función.
14. Dezember 2023
Siempre ha funcionado, simple y efectivo, ojalá continúe su desarrollo. hace años que lo utilizamos y realizamos nuestro aporte para el proyecto desde el principio 🙂
26. September 2023
Awesome application, it really helps you find bad code, and get rid of it.It's a must! Marco
Alle 746 Rezensionen lesen

Mitwirkende & Entwickler

„Anti-Malware Security and Brute-Force Firewall“ ist Open-Source-Software. Folgende Menschen haben an diesem Plugin mitgewirkt:

Mitwirkende

„Anti-Malware Security and Brute-Force Firewall“ wurde in 13 Sprachen übersetzt. Danke an die Übersetzerinnen und Übersetzer für ihre Mitwirkung.

Übersetze „Anti-Malware Security and Brute-Force Firewall“ in deine Sprache.

Interessiert an der Entwicklung?

Durchstöbere den Code, sieh dir das SVN Repository an oder abonniere das Entwicklungsprotokoll per RSS.

Änderungsprotokoll

4.23.57

  • Removed session incompatibilities within the Brute-Force Login Protection that failed when other plugins had already output page headers.

4.23.56

  • Upgraded Brute-Force Login Protection to integrate the JS check on the login form with the session check.
  • Fixed definition update to only allow admin users to post the update, even if a valid nonce token is used.
  • Improved the Nonce tokens to incorperate user_id and context for better security.
  • Limited the Nonce token check to once single token per request for better security, instead of allowing multi-check capabilities with an array.
  • Redesigned Scan History to retain more of the detailed scan results.
  • Fixed usage of incorrect value for REMOTE_ADDR when the server is using a reverse proxy.
  • Added an option to manually recheck the donation status.
  • Checked code for compatibility with WordPress 6.4.3 and ClassicPress 1.7.2.

4.21.96

  • Fixed another Undefined Index Warning in new installs when no definition updates have been downloaded.
  • Improved timing of registration check and avoided cached results after new registrations are submitted.
  • Added an option to manually recheck the registration status of the site.
  • Checked code for compatibility with WordPress 6.3.1.

4.21.95

  • Fixed the Undefined Index Warning created in the last release.

4.21.94

  • Improved error handling for better scan completion.
  • Checked code for compatibility with WordPress 6.3 and ClassicPress 1.6.0.

4.21.93

  • Fixed the Undefined Index Warning when the Brute-Force Login Protection is invoked in certain situations.
  • Checked code for compatibility with WordPress 6.2.2 and ClassicPress 1.5.3.

4.21.92

  • Fixed the Uncaught Value Error when scanning files that use Windows-1252 encoding which is unsupported by the PHP function mb_regex_encoding.
  • Fixed other minor PHP Warnings about Undefined Indexes.

4.21.91

  • Fixed some HTML formatting issues.
  • Fixed a JavaScript error in the scan engine that prevented second attempts to scan directories that failed on the first try.

4.21.90

  • Fixed array compatibility with older versions of PHP.

4.21.89

  • Added more late escapes and sanitizated all _SERVER variables.
  • Checked code for compatibility with ClassicPress 1.5.0.

4.21.88

  • Added late escapes to variables that were already escaped as requested by Code review team.
  • Fixed a PHP warning about is_dir when it attempts check the existance of a directory that was scanned in the past but is now outside the allowable scan path.

4.21.87

  • Code review and cleanup, added more sanitization.
  • Fixed an error when attempting to unserialize an array.

4.21.86

  • Improved the removal of database injections when values are serialized.
  • Fixed a vulnerability in using unserialize with Class Objects.
  • Fixed PHP warnings about undefined indexes.

4.21.85

  • Prevented infinite looping on recursive sub-directories.
  • Changed some default values.
  • Checked code for compatibility with WordPress 6.1.1 and ClassicPress 1.4.4.

4.21.84

  • Removed the no_error_reporting option used for debugging when server errors are breaking the site.
  • Checked code for compatibility with WordPress 6.0.2 and ClassicPress 1.4.2.

4.21.83

  • Fixed XSS vulnerability on debug URLs introduced in the last release, thanks Erwan Le Rousseau.
  • Updated code with other various minor improvements bug fixed.
  • Checked code for compatibility with WordPress 6.0.1 and ClassicPress 1.4.2.

4.21.74

  • Updated code with various minor improvements to efficiency and compatibility.
  • Checked code for compatibility with WordPress 6.0.

4.20.96

  • Fixed XSS vulnerability by removing unsanitized QUERY_STRING.
  • Cleaned up Quarantine code, removing legacy functions and adding more detailed info.
  • Fixed undefined variable notice and checked code for compatibility with WordPress 5.9.2.

4.20.95

  • Added more sanitization and validation to all user data entered for better security.
  • checked code for compatibility with WordPress 5.9.

4.20.94

  • Fixed an XSS vulnerability and checked code for compatibility with WordPress 5.8.3.

4.20.93

  • Fixed undefined variable warning.
  • Updated code for compatibility with PHP version 8.0.

4.20.92

  • Added German translation thanks to Micha Cassola.
  • Improved the Apache software version checker for better firewall compatibility.
  • Fixed session compatibility that was conflicting with the REST API check in Site Health.
  • Checked code for compatibility with WordPress 5.8.1 and ClassicPress 1.3.1.

4.20.72

  • Updated registration form to be more compatible with newer iframe restrictions.
  • Fixed session check on the Brute-Force patch to no longer need mod_rewrite.
  • Removed older code from WordPress Repository.

4.20.59

  • Various minor bug fixes.
  • Added Core Files Definitions for ClassicPress.
  • Tweaked code for better compatibility with WordPress 5.7.2 and ClassicPress 1.2.0.

4.19.69

  • Fixed a JavaScript error caused by a new French translation.
  • Checked code for compatibility with WordPress 5.4.1.

4.19.68

  • Updated some external links.
  • Tweaked code for better compatibility with PHP 7.4 and WordPress 5.4.

4.19.50

  • Added even more error handling to the DB Scan for servers with the PHP memory_limit set too low.
  • Modified the Directory Scan Depth to accept 0 as a value to indicate skipping the Directory Scan (use this to focus on the DB Scan).
  • Added some Help tips to some of the options on the Settings page.

4.19.44

  • Updated links to use HTTPS by default and fixed some old URLs.
  • Various performance improvements.
  • Added more error handling to the DB Scan.
  • Fixed a few minor bugs causing PHP Notices.
  • Fixed a path search to work on Windows servers.
  • Tweaked code for compatibility with WP 5.3 (latest release).

4.18.76

  • Cleaned up the Nonce Token creation and storage functions.
  • Cleaned up View Quarantine page and fixed recovery link.
  • Added debugging for login errors WP head and footer Hooks.

4.18.74

  • Fixed a bug in the Nonce Token Errors that was created by changes in the last release.

4.18.71

  • Added wp_options table to the db_scan.
  • Fixed a few minor bugs in the db scan quarantine view.
  • Changed some wording and other minor fomatting issues.
  • Checked code for compatibility with WP 5.2.1 (latest release).

4.18.69

  • Added a Warning message about the vulnerability in the yuzo-related-post plugin.
  • Updated the Quarantine interface and added a re-scan / re-clean feature.
  • Fixed a bug in the scan depth array that would produce PHP Notices in the error_log files under certain conditions.
  • Changed some wording and other minor fomatting issues.
  • Removed some outdated JavaScript that is no longer needed.
  • Checked code for compatibility with WP 5.2 (latest release).

4.18.63

  • Fixed a major bug in the Firewall updates that could cause a False Positive lockout.

4.18.62

  • Fixed a bug in the Firewall that prevented some iPad devices from logging in.
  • Fixed an encoding bug that prevented the Examine File window from dispaying some file formats.
  • Restored the File Details window in the Examine File window.
  • Updated code for compatibility with WP 5.1.1 (latest release).

4.18.52

  • Added a whole new DB Scan category that looks for links and scripts injected directly into the database content and removes them.
  • Updated Firewall landing page for HTTPS compatibility.
  • Removed some old code that was no longer needed.
  • Added a feature to clear cache files before running the Complete Scan, this will speed up the scan and prevent malware from being saved on your cached paged.
  • Updated code for compatibility with WP 5.0.2 (latest release).

4.17.69

  • Updated code for compatibility with WP 4.9.8 (latest release).
  • Fixed PHP Notice for the unknown offset of SERVER_parts.
  • Escaped single-quotes in translated strings for use within JavaScript.

4.17.68

  • Updated code for compatibility with WP 4.9.7 (latest release).
  • Removed wrong size dashicon from Settings link in plugin list.
  • Removed the broken link to vote WORKS on wordpress.org.
  • Reordered priorety on fixing Known Threats to be more efficient.

4.17.58

  • Updated code for compatibility with WP 4.9.4 (latest release).
  • Fixed dashicons sizing in css.
  • Add ability to update registration email from within the plugin settings.
  • Cleaned up expired nonce tokens left behind from an older version.

4.17.57

  • Updated code for compatibility with WP 4.9.3 (latest release).
  • Fixed registration form and alternate domain for definition updates to work on HTTPS.
  • Fixed the wording on the Title check error message.

4.17.44

  • Added Title check to make sure it does say you were hacked.
  • Updated code for compatibility with WP 4.8.3 (latest release).
  • Fixed Undefined variable error in Quarantine.
  • Fixed XSS vulnerability in nonce error output.

4.17.29

  • Changed the definition update URL to only use SSL when required.
  • Updated PayPal form for better domestic IPN compatibility.

4.17.28

  • Added the Turkish translation thanks to Umut Can Alparslan.
  • Improved the auto update so that old definitions could be phased out and new threat types would be selected by default.
  • Fixed the admin username change feature on multisite installs.
  • Fixed the details window so that it scrolls to the highlighted code.
  • Set defaults to disable the Potential Threat scan if other threats definitions are enabled.
  • Encoded definitions array for DB storage.
  • Fixed syntax error in the XMLRPC patch for newer versions of Apache.
  • Added fall-back to manual updates if the Automatic update feature fails.
  • Fixed PHP Notices about undefined variable added in last Version release.
  • Improved Apache version detection.
  • Changed Automatic update feature to automatically download all definitions and firewall updates.
  • Added PHP and Apache version detections and changed the XMLRPC patch to work with Apache 2.4 directives.
  • Removed the onbeforeunload function because Norton detected it as a False Positive.
  • Removed code that was deprecated in PHP Version 7.
  • Fixed PHP Notice about an array to string conversion with some rare global variable conditions.
  • Added more firewall options.
  • Moved Scan Log from the Quarantine page to the main Setings page.
  • Fixed PHP Warning about an invalid argument in foreach and some other bugs too.
  • Fixed „What to look for“ Options so that changes are saved.
  • Changed get_currentuserinfo to wp_get_current_user because the get_currentuserinfo function was deprecated in WP 4.5

4.16.17

  • Removed Menu Item Placement Options because the add_object_page function was deprecated in WP 4.5.
  • Added firewall options for better compatibility with WP Firewall 2.
  • Fixed an XSS vulnerability in the debug output of the nonce token.
  • Moved the Firewall Options to it’s own page linked to from the admin menu.
  • Moved the Quick Scan from the admin menu to the top of the Scan Settings page.
  • Fixed PHP Warning about in_array function expecting parameter 2 to be an array, found by Georgey B.
  • Made a few minor cosmetic changes and fixed a few other small bugs in the interface.
  • Fixed the Nonce Token error caused by W3 Total Cache breaking the set_transient function in WordPress.
  • Added the Brazilian Portuguese language files, thanks to Marcelo Guernieri for the translation.
  • Fixed the admin menu and also some links that did not work on Windows server.
  • Added Core Files to the Quick Scan list on the admin menu.
  • Added a nonce token to prevent Cross-Site Request Forgery by admins who are logged-in from another site.
  • Hardened against XSS vulnerability triggered by the file names being scanned (thanks to Mahadev Subedi).
  • Improved brute-force patch compatibility with alternate wp-config.php location.
  • Had to remove the encoding of the Default Definitions to meet the WordPress Plugin Guidelines.
  • Improved the JavaScript in the new Brute-Force login patch so that it works with caching enabled on the login page.
  • Improved the Brute-Force login patch with custom fields and JavaScript.
  • Added a Save button to that Scan Settings page.
  • Fixed a bug in the XMLRPC Patch „Unblock“ feature.
  • Added a link to purge the deleted Quarantine items from the database.
  • Added firewall option to Block all XMLRPC calls.
  • Fixed a few cosmetic bugs in the quarantine and firewall options.
  • Fixed a bugs in the Quarantine that was memory_limit errors if there number of files in the was too high.
  • Added the highlight malicious code feature back to the Quarantine file viewer.
  • Added the ability to change the admin username if the current username is „admin“.
  • Improved the code in the Brute-Force Protection patch.
  • Fixed a few bugs in the Core Files Check that was preventing it from fixing some unusual file modifications.
  • Fixed a major bug that made multisite scan extremely slow and sometimes error out.
  • Moved all ajax call out of the init function and into their own functions for better handling time.
  • Moved the quarantine files into the database and deleted the old directory in uploads.
  • Fixed some minor formatting issues in the HTML output on the settings page.
  • Added a warning message if base64_decode has been disabled.
  • Hardened against injected HTML content by encoding the tags with variables.
  • Fixed debug option to exclude individual definitions.
  • Hardened admin_init with current_user_can and realpath on the quarantine file deletion (thanks to J.D. Grimes).
  • Fixed another XSS vulnerabilities in the admin (thanks to James H.)
  • Hardened against XSS vulnerabilities in the admin (thanks to Tim Coen).
  • Added feature to restore default settings for Exclude Extensions.
  • Changed the encoding on the index.php file in the Quarantine to make it more human-readable.
  • Fixed a few small bugs that were throwing PHP Notices in some configurations and added more info to some error messages.
  • Extended execution_time during the Fix process to increase the number of files that could be fixed at a time.
  • Added a Quarantine log to the database.
  • Fixed a couple of minor bugs that would throw PHP notices.

4.15.16

  • Created an automatic update feature that downloads any new definition updates before starting the scan.
  • Added WordPress Core files to the new definitions update process and included a scan option to check the integrity of the Core files.
  • Automatically whitelisted the unmodified WordPress Core files.
  • Made more improvements to the Brute-Force protection patch and other minor cosmetic changes to the interface.
  • Protected the HTML in my plugin from filter injections and fixed a few other minor bugs.
  • Fixed a problem with deleting files from the Quarantine folder.
  • Added a descriptive reason to the error displayed if the fix was unsuccessful.
  • Added link to restore the default location of the Examine Results window.
  • Improved the encoding of definition updates so that they would not be blocked by poorly written firewall rules.
  • Suppressed the „Please make a donation“ nag if the fix was unsuccessful, to avoid confusion over premium services.
  • Removed debug alert from initial session check.
  • Improved rewrite compatibility of session check for the Brute-Force Protection Installation.
  • Improved session check for the option to Install Brute-Force Protection and added an error message on failure.
  • Improved support for Multisite by only allowing Network Admins access to the Anti-Malware menu.
  • Added link to view a simple scan history on the Quarantine page.
  • Updated firewall to better protect agains new variations of the RevSlider Exploit.
  • Improved check for session support before giving the option to Install Brute-Force patch.
  • Added option to skip scanning the Quarantined files.
  • Updated Brute-Force patch to fix the problem of being included more that once.
  • Fixed a few minor bugs (better window positioning and css, cleaner results page, updated new help tab, etc.).
  • Made sure that the plugin does not check my servers for updates unless you have registered (this opt-in requirement is part of the WordPress Repository Guidelines).
  • Added exception for the social.png files to the skip files by extension list.
  • Fixed removal of Known Threats from files in the Quarantine directory.
  • Block SoakSoak and other malware from exploiting the Slider Revolution Vulnerability (THIS IS A WIDESPREAD THREAT RIGHT NOW).
  • Enabled the Brute-Force protection option directly from the Settings page.
  • Fixed window position to auto-adjust on small screens.

4.14.47

  • Major upgrade to the protection for wp-login.php Brute-Force attempts.
  • Fixes a bug in setting the permissions for read-only files so that they could still be cleaned.
  • Fixes a minor bug with pass-by-reference which raises a fatal error in PHP v5.4.
  • Enhanced the Examine File window with better styles and more info.
  • Changed form submission of encrypted file lists to array values instead of keys.
  • Fixes other minor bugs.
  • Made the Examine File window sizable.
  • Fixed a few small bugs and removed some old code.
  • Added a link to my new twitter account.
  • Re-purposed Quick Scan to just scan the most affected areas.
  • Set the registration form to display by defaulted in the definition update section.
  • Fixed a few small bugs in advanced features and directory depth determination.
  • Fixed a session bug to display the last directory scanned.
  • Fixed a few small cosmetic bugs for WP 3.8.
  • Added Spanish translation, thanks to Jelena Kovacevic and Andrew Kurtis at webhostinghub.com.
  • Updated string in the code and added a .pot file to be ready for translation into other languages.
  • Added „Select All“ checkbox to Quarantine and a new button to delete items from the Quarantine.
  • Added a trace.php file for advanced session tracking.
  • Fixed undefined index bug with menu_group item in settings array.
  • Added support for multisite network admin menu and the ability to restrict admin access.
  • Fixed a session bug in the progress bar related to the last release.
  • Fixed a session bug that conflicted with jigoshop. (Thanks dragonflyfla)
  • Fixed a few bug in the Whitelist definition feature.

3.07.06

  • Added SSL support for definition updates and registration form.
  • Upgraded the Whitelist feature so the it could not contain duplicates.
  • Downgraded the WP-Login threat and changed it to an opt-in fix.
  • Fixed a bug in the Add to Whitelist feature so the you do not need to update the definitions after whitelisting a file.
  • Added ability to whitelist files.
  • Fixed a major bug in yesterdays release broke the login page on some sites.
  • Added a patch for the wp-login.php brute force attack that has been going around.
  • Created a process to restore files from the Quarantine.
  • Fixed a few other small bugs including path issues on Winblows server.

1.3.02.15

  • Improved security on the Quarantine directory to fix the 500 error on some servers.
  • Fixed count of Quarantined items.
  • Added htaccess security to the Uploads directory.
  • Linked the Quarantined items to the File Examiner.
  • Added a scan category for Backdoor Scripts.
  • Consolidated the Definition Types and added a Whitelist category.
  • Completely redesigned the Definition Updates to handle incremental updates.
  • Added „View Quarantine“ to the menu.
  • Enhanced Output Buffer to work with compression enabled (like ob_gzhandler).
  • Moved the quarantine to the uploads directory to protect against blanket inclusion.
  • Fixed Output Buffer issue for when ob_start has already been called.
  • Enhanced the Automatic Fix process to handle bad directory permissions.
  • Added more detailed error messages for different types of file errors.
  • Improved overall error handling.
  • Minor UI enhancements and a few bug fixes.
  • Completely revamped the scan engine to handle large file systems with better error handling.
  • Enhanced the results for the Automatic Fix process.
  • Fixed a few other small bugs.
  • Enhanced the iFrame for the File Viewer and Automatic Fix process.
  • Improved error handling during the scan.
  • Moved the File Viewer and Automatic Fix process into an iFrame to decrease scan time and memory usage.
  • Enhanced the Automatic Fix process for better success with read-only files.
  • Improved code cleanup process and general efficiency of the scan.
  • Encoded definition update for better compatibility with some servers that have post limitation.
  • Fixed XSS vulnerability.
  • Changed registration to allow for multiple sites/keys to be registered under one user/email.
  • Changed auto-update path to update threat level array for all new definition updates.
  • Updated timthumb replacement patch to version 2.8.10 per WordPress.org plugins requirement.
  • Fixed option to exclude directories so that the scan would not get stuck if omitted.
  • Added support for winblows servers using BACKSLASH directory structures.
  • Changed definition updates to write to the DB instead of a file.

1.2.03.23

  • First versions available for WordPress (code removed, no longer compatible).