Changeset 1455997

Timestamp:

07/17/2016 04:07:22 PM (10 years ago)

Author:

fdoromo

Message:

tags/3.3.8

Location:

total-security

Files:

• tags/3.3.8 (added)
• tags/3.3.8/css (added)
• tags/3.3.8/css/admin.css (added)
• tags/3.3.8/css/bookmarklet.css (added)
• tags/3.3.8/css/snippet.min.css (added)
• tags/3.3.8/images (added)
• tags/3.3.8/images/_16x16-3.png (added)
• tags/3.3.8/images/_16x16.png (added)
• tags/3.3.8/images/ajax-loader.gif (added)
• tags/3.3.8/images/bg.png (added)
• tags/3.3.8/images/error2.png (added)
• tags/3.3.8/images/ext (added)
• tags/3.3.8/images/ext/_no.png (added)
• tags/3.3.8/images/ext/css.png (added)
• tags/3.3.8/images/ext/data.png (added)
• tags/3.3.8/images/ext/exe.png (added)
• tags/3.3.8/images/ext/f1.png (added)
• tags/3.3.8/images/ext/f2.png (added)
• tags/3.3.8/images/ext/flash.png (added)
• tags/3.3.8/images/ext/html.png (added)
• tags/3.3.8/images/ext/java.png (added)
• tags/3.3.8/images/ext/jpg.png (added)
• tags/3.3.8/images/ext/js.png (added)
• tags/3.3.8/images/ext/pdf.png (added)
• tags/3.3.8/images/ext/php.png (added)
• tags/3.3.8/images/ext/txt.png (added)
• tags/3.3.8/images/ext/zip.png (added)
• tags/3.3.8/images/h3_icons (added)
• tags/3.3.8/images/h3_icons/bug.png (added)
• tags/3.3.8/images/h3_icons/code.png (added)
• tags/3.3.8/images/h3_icons/locate.png (added)
• tags/3.3.8/images/h3_icons/star.png (added)
• tags/3.3.8/images/info.png (added)
• tags/3.3.8/images/info0.png (added)
• tags/3.3.8/images/info2.png (added)
• tags/3.3.8/images/loading.gif (added)
• tags/3.3.8/images/paypal.png (added)
• tags/3.3.8/images/success.png (added)
• tags/3.3.8/images/warning.png (added)
• tags/3.3.8/js (added)
• tags/3.3.8/js/admin.js (added)
• tags/3.3.8/js/jquery.blockUI.js (added)
• tags/3.3.8/js/snippet.min.js (added)
• tags/3.3.8/lang (added)
• tags/3.3.8/lang/Help translating it.url (added)
• tags/3.3.8/lang/total-security-ru_RU.mo (added)
• tags/3.3.8/libs (added)
• tags/3.3.8/libs/bookmarklet (added)
• tags/3.3.8/libs/bookmarklet/_footer.php (added)
• tags/3.3.8/libs/bookmarklet/_head.php (added)
• tags/3.3.8/libs/bookmarklet/password_hash.php (added)
• tags/3.3.8/libs/brute-force-dictionary.txt (added)
• tags/3.3.8/libs/hashes-4.5.3.php (added)
• tags/3.3.8/modules (added)
• tags/3.3.8/modules/class-p2.php (added)
• tags/3.3.8/modules/class-p3.php (added)
• tags/3.3.8/modules/class-p4.php (added)
• tags/3.3.8/modules/class-p5.php (added)
• tags/3.3.8/modules/class-p7.php (added)
• tags/3.3.8/modules/class-process.php (added)
• tags/3.3.8/modules/inc-p1.php (added)
• tags/3.3.8/modules/inc-p2.php (added)
• tags/3.3.8/modules/inc-p3.php (added)
• tags/3.3.8/modules/inc-p4.php (added)
• tags/3.3.8/modules/inc-p5.php (added)
• tags/3.3.8/modules/inc-p6.php (added)
• tags/3.3.8/modules/inc-p7.php (added)
• tags/3.3.8/modules/inc-popup.php (added)
• tags/3.3.8/modules/inc-sidebar.php (added)
• tags/3.3.8/readme.txt (added)
• tags/3.3.8/total-security.php (added)
• tags/3.3.8/uninstall.php (added)
• trunk/libs/brute-force-dictionary.txt (added)
• trunk/libs/hashes-4.5.3.php (added)
• trunk/modules/class-p2.php (modified) (3 diffs)
• trunk/modules/inc-p2.php (modified) (2 diffs)
• trunk/modules/inc-popup.php (modified) (1 diff)
• trunk/readme.txt (modified) (3 diffs)
• trunk/total-security.php (modified) (4 diffs)

total-security/trunk/modules/class-p2.php

@@ -17 +17 @@
 'user_exists'              => array(),
 'id1_user_check'           => array(),
-'force_ssl_admin'          => array(),
+'bruteforce_login'         => array(),
 'secure_hidden_login'      => array() ); //end
 
 function __construct() {
 add_action('wp_ajax_sn_run_tests', array($this, 'run_tests'));
+
+$fail2 = get_site_option( 'fdx_p2_red2' );// p2
+$fail3 = get_site_option( 'fdx_p2_red3' );// p2
 
 $fail4 = get_site_option( 'fdx_p2_red4' );
@@ -33 +36 @@
 $fail12 = get_site_option( 'fdx_p2_red12' );
 $fail13 = get_site_option( 'fdx_p2_red13' );
-$fail14 = get_site_option( 'fdx_p2_red14' );
-$fail_p2_t = $fail2+$fail3+$fail4+$fail5+$fail6+$fail7+$fail8+$fail9+$fail10+$fail11+$fail12+$fail13+$fail14;
+$fail_p2_t = $fail2+$fail3+$fail4+$fail5+$fail6+$fail7+$fail8+$fail9+$fail10+$fail11+$fail12+$fail13;  //12
 update_option('fdx_p2_red_total', $fail_p2_t );
 
@@ -413 +415 @@
 
 
+
 /* -------16
- *
- */
-   function force_ssl_admin() {
-   $url = add_query_arg( array( 'popup' => 'pp_page', 'target' => 'force_ssl_admin' ), menu_page_url( $this->hook . '-'.$this->_p2, false ) );
-   $msgTIT = __('Check if SSL Logins and SSL Admin Access is enabled.', $this->hook);
-    if (defined('FORCE_SSL_ADMIN') && FORCE_SSL_ADMIN) {
-      $return['status'] = '<span class="pb_label pb_label-success">&#10003;</span>';
-      $return['msg'] = '<tr><td><span class="fdx-actions">'.$msgTIT .'</span></td><td>&nbsp;</td>';
-      update_option('fdx_p2_red14', '0' );
-    } else {
-      $return['status'] = '<span class="pb_label pb_label-important">X</span>';
-      $return['msg'] = '<tr class="alternate"><td><span class="fdx-actions">'.$msgTIT .'</span></td><td><a href="'.$url.'" class="fdx-dialog" title="'.__('Fix', $this->hook ).'"><strong>'.__('Disabled', $this->hook).'</strong></a></td>';
-      update_option('fdx_p2_red14', '1' );
-    }
-    return $return;
-   }
-
-
-
+ * bruteforce user login
+ */
+//-1
+ Public static function try_login($username, $password) {
+    $user = apply_filters('authenticate', null, $username, $password);
+    if (isset($user->ID) && !empty($user->ID)) {
+      return true;
+    } else {
+      return false;
+    }
+  }
+//-2
+function bruteforce_login() {
+   $msgTIT = sprintf( __('Check admin password strength with a <em>%s</em> most commonly used' , $this->hook) , '1050' );
+   $passwords = file(plugins_url( 'libs/brute-force-dictionary.txt', dirname(__FILE__)), FILE_IGNORE_NEW_LINES);
+   $bad_usernames = array();
+    $users = get_users(array('role' => 'administrator'));
+    foreach ($users as $user) {
+      foreach ($passwords as $password) {
+        if (self::try_login($user->user_login, $password)) {
+          $bad_usernames[] = $user->user_login;
+          break;
+        }
+      }
+    }
+    if (empty($bad_usernames)){
+      $return['status'] = '<span class="pb_label pb_label-success">&#10003;</span>';
+      $return['msg'] = '<tr><td><span class="fdx-actions">'.$msgTIT .'</span></td><td>&nbsp;</td>';
+      update_option('fdx_p2_red13', '0' );
+    } else {
+      $return['status'] = '<span class="pb_label pb_label-important">X</span>';
+      $return['msg'] = '<tr class="alternate"><td><span class="fdx-actions">'.$msgTIT . '</span></td><td><a href="'. admin_url('profile.php'). '" title="'.__('Fix', $this->hook ).'"><strong>'.__('Weak Password', $this->hook).'</strong></a>&nbsp; <span class="fdx-info"><a class="pluginbuddy_tip" href="javascript:void(0)" title="'.__('Following users have extremely weak passwords: ', $this->hook).implode(' ,', $bad_usernames).'"></a></span></td>';
+      update_option('fdx_p2_red13', '1' );
+    }
+    return $return;
+  }
+//------------------------------------------------------------------------
 
 /* -------17

total-security/trunk/modules/inc-p2.php

@@ -2 +2 @@
 $tests = get_option($this->p2_options_key);
 $tests2 = array();
+
+$p2_url1 = add_query_arg( array( 'popup' => 'pp_page', 'target' => 'php' ), menu_page_url( $this->hook . '-'.$this->_p2 , false ) );
+$p2_url2 = add_query_arg( array( 'popup' => 'pp_page', 'target' => 'php2' ), menu_page_url( $this->hook . '-'.$this->_p2 , false ) );
+$p2_url3 = add_query_arg( array( 'popup' => 'pp_page', 'target' => 'chmod' ), menu_page_url( $this->hook . '-'.$this->_p2 , false ) );
+/* ----------------------------------
+ * MYSQL VERSION
+ */
+global $wpdb;
+        $parent_class_test = array(
+                        'title'         =>      'MySQL Version',
+                        'suggestion'    =>      $this->mySQL_lastver,
+                        'value'         =>      $wpdb->db_version(),
+                        'tip'           =>      '<span class="fdx-info"><a class="pluginbuddy_tip" href="javascript:void(0)" title="'.__('Version of your database server (mysql) as reported to this script by WordPress.', $this->hook ).'"></a></span>',
+                    );
+        if ( version_compare( $wpdb->db_version(), $this->mySQL_lastver, '<' ) ) {
+            $parent_class_test['status'] = 'INFO';
+        } else {
+            $parent_class_test['status'] = 'OK';
+        }
+        array_push( $tests2, $parent_class_test );
+
+/* ----------------------------------
+ * PHP VERSION
+ */
+    $parent_class_test = array(
+                    'title'         =>      'PHP Version',
+                    'suggestion'    =>      $this->php_lastver,
+                    'value'         =>      phpversion(),
+                    'tip'           =>      '<span class="fdx-info"><a class="pluginbuddy_tip" href="javascript:void(0)" title="'.__('Version of PHP currently running on this site.', $this->hook ).'"></a></span>',
+                );
+    if ( version_compare( PHP_VERSION, $this->php_lastver, '<' ) ) {
+        $parent_class_test['status'] = 'INFO';
+    } else {
+        $parent_class_test['status'] = 'OK';
+    }
+    array_push( $tests2, $parent_class_test );
+
+/* ----------------------------------
+ * PHP max_execution_tim
+ */
+$parent_class_test = array(
+                    'title'         =>      'PHP <em>max_execution_time</em>',
+                    'suggestion'    =>      '60s',
+                    'value'         =>      ini_get( 'max_execution_time' ).'s',
+                    'tip'           =>      '<span class="fdx-info"><a class="pluginbuddy_tip" href="javascript:void(0)" title="'.__('Maximum amount of time that PHP allows scripts to run. After this limit is reached the script is killed. The more time available the better. 30 seconds is most common though 60 seconds is ideal.', $this->hook ).'"></a></span>',
+                );
+    if ( ini_get( 'max_execution_time' )  < 60 ) {
+        $parent_class_test['status'] = 'INFO';
+    } else {
+        $parent_class_test['status'] = 'OK';
+    }
+    array_push( $tests2, $parent_class_test );
+
+/* ----------------------------------
+ * MEMORY LIMIT
+ */
+    if ( !ini_get( 'memory_limit' ) ) {
+        $parent_class_val = 'unknown';
+    } else {
+        $parent_class_val = ini_get( 'memory_limit' );
+    }
+    $parent_class_test = array(
+                    'title'         =>      'PHP Memory Limit',
+                    'suggestion'    =>      '256M',
+                    'value'         =>      $parent_class_val,
+                    'tip'           =>      '<span class="fdx-info"><a class="pluginbuddy_tip" href="javascript:void(0)" title="'.__('The amount of memory this site is allowed to consume. (256M+ best)', $this->hook ).'"></a></span>',
+                );
+    if ( preg_match( '/(\d+)(\w*)/', $parent_class_val, $matches ) ) {
+        $parent_class_val = $matches[1];
+        $unit = $matches[2];
+        // Up memory limit if currently lower than 256M.
+        if ( 'g' !== strtolower( $unit ) ) {
+            if ( ( $parent_class_val < 256 ) || ( 'm' !== strtolower( $unit ) ) ) {
+                $parent_class_test['status'] = 'INFO';
+            } else {
+                $parent_class_test['status'] = 'OK';
+            }
+        }
+    } else {
+        $parent_class_test['status'] = 'ERROR';
+    }
+    array_push( $tests2, $parent_class_test );
+
+if ($tests['last_run']) {
+/* ----------------------------------
+ * php allow_url_include
+ */
+    $parent_class_test = array(
+                        'title'         =>      'PHP <em>allow_url_include</em>',
+                        'suggestion'    =>      __('Turned Off', $this->hook),
+                        'tip'           =>      '',
+                    );
+        if ( ini_get('allow_url_include') == 1) {
+            $parent_class_test['status'] = 'WARNING';
+            $parent_class_test['value'] = '<a href="'.$p2_url2.'" class="fdx-dialog" title="'.__('Fix', $this->hook ).'"><strong>'.__('Turned On', $this->hook).'</strong></a>';
+            update_option('fdx_p2_yel5', '1' );
+        } else {
+            $parent_class_test['status'] = 'OK';
+            $parent_class_test['value'] = __('Turned Off', $this->hook);
+             update_option('fdx_p2_yel5', '0' );
+        }
+        array_push( $tests2, $parent_class_test );
+
+/* ----------------------------------
+ * php allow_url_fopen
+ */
+    $parent_class_test = array(
+                        'title'         =>      'PHP <em>allow_url_fopen</em>',
+                        'suggestion'    =>      __('Turned Off', $this->hook),
+                        'tip'           =>      '',
+                    );
+        if ( ini_get('allow_url_fopen') == 1) {
+            $parent_class_test['status'] = 'WARNING';
+            $parent_class_test['value'] = '<a href="'.$p2_url2.'" class="fdx-dialog" title="'.__('Fix', $this->hook ).'"><strong>'.__('Turned On', $this->hook).'</strong></a>';
+            update_option('fdx_p2_yel4', '1' );
+        } else {
+            $parent_class_test['status'] = 'OK';
+            $parent_class_test['value'] = __('Turned Off', $this->hook);
+            update_option('fdx_p2_yel4', '0' );
+        }
+        array_push( $tests2, $parent_class_test );
+
+/* Dangerous PHP Functions
+ * exec,passthru,shell_exec,proc_open,system
+ */
+    $disabled_functions = ini_get( 'disable_functions' );
+    if ( $disabled_functions == '' ) {
+        $disabled_functions = __('none', $this->hook );
+    }
+    $parent_class_test = array(
+                    'title'         =>      __('Dangerous PHP Functions', $this->hook ),
+                    'suggestion'    =>      __('Disable All', $this->hook ),
+                    'tip'           =>      '',
+                );
+  //   $disabled_functions_array = explode( ',', $disabled_functions );
+       $disabled_functions_array = array_map('trim', explode(',', $disabled_functions)); //ignore space
+       $parent_class_test['status'] = 'WARNING';
+       $parent_class_test['value'] = '<a href="'.$p2_url1.'" class="fdx-dialog" title="'.__('Fix', $this->hook ).'"><strong>'.__('Disabled', $this->hook ).'</strong></a>:&nbsp; <span class="fdx-info"><a class="pluginbuddy_tip" href="javascript:void(0)" title="'.$disabled_functions.'"></a></span>';
+       update_option('fdx_p2_yel7', '1' );
+        if (
+        ( true === in_array( 'exec', $disabled_functions_array ) )
+        &&
+        ( true === in_array( 'system', $disabled_functions_array ) )
+        &&
+        ( true === in_array( 'passthru', $disabled_functions_array ) )
+        &&
+        ( true === in_array( 'shell_exec', $disabled_functions_array ) )
+        &&
+        ( true === in_array( 'proc_open', $disabled_functions_array ) )
+        ) {
+        $parent_class_test['status'] = 'OK';
+        $parent_class_test['value'] = __('Disabled', $this->hook ).':&nbsp; <span class="fdx-info"><a class="pluginbuddy_tip" title="'.$disabled_functions.'"></a></span>';
+
+        update_option('fdx_p2_yel7', '0' );
+    }
+    array_push( $tests2, $parent_class_test );
+
+} //if no run
+
+/* -------3
+ * File Permissions - chmod
+ */
+define( 'FDX_P1_URL1', $p2_url3 );
+define( 'FDX_P1_TIT1', __('Fix', $this->hook ) );
+function fdx_check_perms($name,$path,$perm, $class) {
+   clearstatcache();
+   $current_perms = @substr(sprintf("%o", fileperms($path)), -3);
+   if ( $perm == $current_perms ) {
+            echo '<tr>';
+            echo '<td>' . $name .'</td>';
+            echo '<td>'.$perm.'</td>';
+            echo '<td><code>'. $current_perms .'</code></td>';
+            echo '<td><span class="pb_label pb_label-success">&#10003;</span></td>';
+            update_option('fdx_p2_red2', '0' ); //2
+            update_option('fdx_p2_red3', '0' );
+    } elseif ($current_perms == '0') {
+            echo '<tr class="alternate">';
+            echo '<td>' . $name .'</td>';
+            echo '<td>'.$perm.'</td>';
+            echo '<td><code>---</code></td>';
+            echo '<td><span class="pb_label pb_label-desat">&Oslash;</span></td>';
+            echo '</tr>';
+    } else {
+           echo '<tr class="alternate">';
+           echo '<td>' . $name .'</td>';
+           echo '<td>'.$perm.'</td>';
+           echo '<td><a href="'.FDX_P1_URL1.'" class="fdx-dialog" title="'.FDX_P1_TIT1.'"><strong><code>'. $current_perms.'</a></code></strong></td>';
+
+         if ($name == "<span id='mime2'>.htaccess</span>") {
+           echo '<td><span class="pb_label pb_label-'.$class.'">X</span></td>';
+           update_option('fdx_p2_red2', '1' );
+
+         } elseif ($name == "<span id='mime3'>wp-config.php</span>") {
+              echo '<td><span class="pb_label pb_label-'.$class.'">X</span></td>';
+           update_option('fdx_p2_red3', '1' );
+
+         } else {
+             echo '<td><span class="pb_label pb_label-'.$class.'">&#10003;</span></td>';
+
+         }
+           echo '</tr>';
+    }
+}
 
 /* wrap
@@ -59 +262 @@
 
 //--------------------
+             echo '<table class="widefat"><thead><tr class="thead">';
+             echo '<th>', __('Server Configuration', $this->hook ), '</th>',
+                     '<th style="width: 120px;"><small>', __('Recommendation', $this->hook ), '</small></th>',
+                     '<th style="width: 120px;"><small>', __('Result', $this->hook), '</small></th>',
+                     '<th style="width: 30px;"></th>';
+
+            echo '</tr></thead><tbody>';
+            foreach( $tests2 as $parent_class_test ) {
+            echo '<tr>';
+            echo '  <td>' . $parent_class_test['title'] . '</td>';
+            echo '  <td>' . $parent_class_test['tip'] . $parent_class_test['suggestion'] . '</td>';
+            echo '  <td>' . $parent_class_test['value'] . '</td>';
+            //echo '    <td>' . $parent_class_test['status'] . '</td>';
+            echo '  <td>';
+            if ( $parent_class_test['status'] == 'OK' ) {
+                echo '<span class="pb_label pb_label-success">&#10003;</span>';
+            } elseif ( $parent_class_test['status'] == 'FAIL' ) {
+            echo '<span class="pb_label pb_label-important">X</span>';
+            } elseif ( $parent_class_test['status'] == 'WARNING') {
+                echo '<span class="pb_label pb_label-warning">!</span>';
+            } elseif ( $parent_class_test['status'] == 'INFO') {
+                echo '<span class="pb_label pb_label-info">&#10003;</span>';
+            } elseif ( $parent_class_test['status'] == 'ERROR') {
+                echo '<span class="pb_label pb_label-desat">&Oslash;</span>';
+            }
+            echo '</td></tr>';
+            }
+           echo '</tbody></table>';
+    echo '<table class="widefat">';
+    echo '<thead><tr>';
+    echo '<th>'.__('File Permissions - ', $this->hook).'chmod </th>';
+    echo '<th style="width: 120px;"><small>'.__('Recommendation', $this->hook ).'</small></th>';
+    echo '<th style="width: 120px;"><small>'.__('Result', $this->hook).'</small></th>';
+    echo '<th  style="width: 30px;"></th>';
+    echo '</tr></thead><tbody>';
+    $siteurl = get_bloginfo('url');
+    $wpurl = get_bloginfo('wpurl');
+    fdx_check_perms("<span id='mime0'>/</span>","../","755", "info");
+    fdx_check_perms("<span id='mime1'>wp-admin</span>","../wp-admin","755", "info");
+    fdx_check_perms("<span id='mime1'>wp-content</span>","../wp-content","755", "info");
+    fdx_check_perms("<span id='mime1'>wp-includes</span>","../wp-includes","755", "info");
+    if ($siteurl == $wpurl) {
+    fdx_check_perms("<span id='mime2'>.htaccess</span>",ABSPATH."/.htaccess","444", "important");
+    fdx_check_perms("<span id='mime3'>index.php</span>",ABSPATH."/index.php","640", "info");
+    } else {
+     fdx_check_perms("<span id='mime2'>.htaccess</span>",dirname(ABSPATH)."/.htaccess","444", "important");
+     fdx_check_perms("<span id='mime3'>index.php</span>",dirname(ABSPATH)."/index.php","640", "info");
+    }
+    fdx_check_perms("<span id='mime3'>wp-config.php</span>","../wp-config.php","400", "important");
+    fdx_check_perms("<span id='mime3'>wp-blog-header.php</span>","../wp-blog-header.php","640", "info");
+    echo '</tbody></table>';
+
 
 

total-security/trunk/modules/inc-popup.php

@@ -108 +108 @@
 echo '<p>' .__('Fixing is easy; create a new user with the same privileges. Then delete the old one with <em> "ID=1" </em> and tell WP to transfer all of his content to the new user.', $this->hook) . '</p>';
 
-// force_ssl_admin
-} elseif ($target == 'force_ssl_admin'){
-echo __('Check if SSL Logins and SSL Admin Access is enabled.', $this->hook);
-echo '</strong></th></tr></thead><tbody><tr><td>';
-echo '<p>' .__('To easily enable (and enforce) WordPress administration over SSL, there are two constants that you can define in your site\'s <code>wp-config.php</code> file. <strong>You must also already have SSL configured on the server and a (virtual) host configured for the secure server before your site will work properly with these constants set to true.</strong>', $this->hook) . '</p>';
-echo '</strong></th></tr></thead><tbody><tr class="alternate"><td>';
-echo '<p>' .sprintf(__('Please read: <a href="%s"><strong>Administration Over SSL</strong></a>', $this->hook), 'http://codex.wordpress.org/Administration_Over_SSL' ) . '</p>';
+//php info
+} elseif ($target == 'php'){
+echo __('Dangerous PHP Functions', $this->hook);
+echo '</strong></th></tr></thead><tbody><tr><td>';
+echo '<p>' .__('When the PHP code is used in an improper way or any insecure php code, potentially it can messed up with a web hosting server and can simply be hacked by hackers. Insecure PHP code can literally harm your server data at the level you cannot even imagine it.', $this->hook) . '</p>';
+echo '<p>' .__('Using the insecure PHP code, as a security hole hackers could enable some very dangerous and powerful PHP functions and can take control over your web hosting server. There are many such php function which should be disabled in the PHP configuration file. Let\'s check out the functions that should be disabled in the php configuration file right away on your web server.', $this->hook) . '</p>';
+
+echo '</tr><tr class="alternate"><td>' .__('<em>disable_functions</em> is a directive used to disable the insecure php functions. Once you find the <em>disable_functions</em> directive in the configuration file <code>php.ini</code> and add the following string to the line starting with:', $this->hook) .'</p>';
+echo '<pre class="fdx_snippet">
+disable_functions = system,exec,passthru,shell_exec,proc_open
+</pre>';
+echo '<br/><p><strong>'.__('A more paranoid list of dangerous functions', $this->hook) . ':</strong></p>';
+echo '<p><em><strong>disable_functions</strong></em> <code>=</code> apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, inject_code, mysql_pconnect, openlog, passthru, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, syslog, system, xmlrpc_entity_decode</p>';
+
+} elseif ($target == 'php2'){
+echo 'PHP: <em>"allow_url_fopen"</em> - <em>"allow_url_include"</em>';
+echo '</strong></th></tr></thead><tbody><tr><td>';
+echo '<p>' .__('The PHP settings <em>allow_url_fopen</em> and <em>allow_url_include</em> allow the abuse of insecurely coded code within your WordPress setup and have been the cause for many hacked websites in the past.', $this->hook) . '</p>';
+echo '<p>' .__('Having this PHP directive will leave your site exposed to cross-site attacks (XSS). There\'s absolutely no valid reason to enable this directive and using any PHP code that requires it is very risky.', $this->hook) . '</p>';
+
+echo '</tr><tr class="alternate"><td>' .__('Once you find the directive in the configuration file <code>php.ini</code>, disable both settings.', $this->hook) .'</p>';
+echo '<pre class="fdx_snippet">
+allow_url_include = off
+allow_url_fopen = off
+</pre>';
+
+} elseif ($target == 'chmod'){
+echo __('File Permissions - chmod', $this->hook);
+echo '</strong></th></tr></thead><tbody><tr><td>';
+echo '<p>' .__('Some neat features of WordPress come from allowing various files to be writable by the web server. However, allowing write access to your files is potentially dangerous, particularly in a shared hosting environment.', $this->hook) . '</p>';
+echo '<p>' .__('It is best to lock down your file permissions as much as possible and to loosen those restrictions on the occasions that you need to allow write access, or to create specific folders with less restrictions for the purpose of doing things like uploading files.', $this->hook) . '</p>';
+echo '</tr><tr class="alternate"><td>';
+echo '<p>' .sprintf(__('Information on file permissions in WordPress and different ways of how to change permissions can be found <a href="%s"><strong>here!</strong></a>', $this->hook), 'http://codex.wordpress.org/Changing_File_Permissions' ) . '</p>';
+
 
 //table-info

total-security/trunk/readme.txt

@@ -4 +4 @@
 Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=8DHY4NXW35T4Y
 Tags: security, scan ,scanner, hack, exploit, secure, malware, phishing, vulnerability, scours, unsafe, total, 404 log, error 404, stealth login, hidden login, Bookmarklet,Log Viewer, debug.log
-Requires at least: 4.5.2
-Tested up to: 4.5.2
-Stable tag: 3.4
+Requires at least: 4.5.3
+Tested up to: 4.5.3
+Stable tag: 3.3.8
 License: GPLv2 or later
 
@@ -18 +18 @@
 * Check your site for security vulnerabilities and holes.
 * Numerous installation parameters tests
+* Apache and PHP related tests
+* File permissions
 * WP options tests
 * Detailed help and description
@@ -124 +126 @@
 
 == Changelog ==
-* 3.4
-    * NEW - New Test: SSL Logins and SSL Admin Access 
-    * IMPROVED - Performance Improvements
-    * IMPROVED - Removal of Obsolete Tests
+* 3.3.8
+    * IMPROVED - Compatibility with WordPress 4.5.3
 
 * 3.3.7

total-security/trunk/total-security.php

@@ -4 +4 @@
  * Plugin URI: http://fabrix.net/total-security/
  * Description: Checks your WordPress installation and provides detailed reporting on discovered vulnerabilities, anything suspicious and how to fix them.
- * Version: 3.4
+ * Version: 3.3.8
  * Author: Fabrix DoRoMo
  * Author URI: http://fabrix.net
@@ -14 +14 @@
 
 class Total_Security {
-        public $min_wp_ver          = '4.5.2'; //
-        public $pluginversion       = '3.4';
+        public $min_wp_ver          = '4.5.3'; //
+        public $pluginversion       = '3.3.8';
+
+        public $php_lastver         = '7.0.5'; // PHP - http://php.net/downloads.php
+        public $mySQL_lastver       = '5.7.12'; // MYSQL - http://dev.mysql.com/downloads/
+
         public $pluginname          = 'Total Security';
         public $hook                = 'total-security';
@@ -636 +640 @@
 
 // red
-delete_option('fdx_p2_red2'); //vestigios da ultima instalação remover no futuro
-delete_option('fdx_p2_red3'); //vestigios da ultima instalação remover no futuro
-//---------------------------------------------------------------------------------
+delete_option('fdx_p2_red2');
+delete_option('fdx_p2_red3');
 delete_option('fdx_p2_red4');
 delete_option('fdx_p2_red5');
@@ -649 +652 @@
 delete_option('fdx_p2_red12');
 delete_option('fdx_p2_red13');
-delete_option('fdx_p2_red14');
 //yel
 delete_option('fdx_p2_yel1');