Changeset 2107617

Timestamp:

06/17/2019 07:05:45 PM (7 years ago)

Author:

wfmatt

Message:

• Improvement: Added security events and alerting features built into Wordfence Central.

Location:

wordfence

Files:

• tags/7.3.4 (copied) (copied from wordfence/trunk)
• tags/7.3.4/css/activity-report-widget.1560275180.css (deleted)
• tags/7.3.4/css/activity-report-widget.1560795818.css (added)
• tags/7.3.4/css/diff.1560275180.css (deleted)
• tags/7.3.4/css/diff.1560795818.css (added)
• tags/7.3.4/css/dt_table.1560275180.css (deleted)
• tags/7.3.4/css/dt_table.1560795818.css (added)
• tags/7.3.4/css/fullLog.1560275180.css (deleted)
• tags/7.3.4/css/fullLog.1560795818.css (added)
• tags/7.3.4/css/iptraf.1560275180.css (deleted)
• tags/7.3.4/css/iptraf.1560795818.css (added)
• tags/7.3.4/css/jquery-ui-timepicker-addon.1560275180.css (deleted)
• tags/7.3.4/css/jquery-ui-timepicker-addon.1560795818.css (added)
• tags/7.3.4/css/jquery-ui.min.1560275180.css (deleted)
• tags/7.3.4/css/jquery-ui.min.1560795818.css (added)
• tags/7.3.4/css/jquery-ui.structure.min.1560275180.css (deleted)
• tags/7.3.4/css/jquery-ui.structure.min.1560795818.css (added)
• tags/7.3.4/css/jquery-ui.theme.min.1560275180.css (deleted)
• tags/7.3.4/css/jquery-ui.theme.min.1560795818.css (added)
• tags/7.3.4/css/main.1560275180.css (deleted)
• tags/7.3.4/css/main.1560795818.css (added)
• tags/7.3.4/css/phpinfo.1560275180.css (deleted)
• tags/7.3.4/css/phpinfo.1560795818.css (added)
• tags/7.3.4/css/wf-adminbar.1560275180.css (deleted)
• tags/7.3.4/css/wf-adminbar.1560795818.css (added)
• tags/7.3.4/css/wf-colorbox.1560275180.css (deleted)
• tags/7.3.4/css/wf-colorbox.1560795818.css (added)
• tags/7.3.4/css/wf-font-awesome.1560275180.css (deleted)
• tags/7.3.4/css/wf-font-awesome.1560795818.css (added)
• tags/7.3.4/css/wf-global.1560275180.css (deleted)
• tags/7.3.4/css/wf-global.1560795818.css (added)
• tags/7.3.4/css/wf-ionicons.1560275180.css (deleted)
• tags/7.3.4/css/wf-ionicons.1560795818.css (added)
• tags/7.3.4/css/wf-onboarding.1560275180.css (deleted)
• tags/7.3.4/css/wf-onboarding.1560795818.css (added)
• tags/7.3.4/css/wf-roboto-font.1560275180.css (deleted)
• tags/7.3.4/css/wf-roboto-font.1560795818.css (added)
• tags/7.3.4/css/wfselect2.min.1560275180.css (deleted)
• tags/7.3.4/css/wfselect2.min.1560795818.css (added)
• tags/7.3.4/css/wordfenceBox.1560275180.css (deleted)
• tags/7.3.4/css/wordfenceBox.1560795818.css (added)
• tags/7.3.4/js/Chart.bundle.min.1560275180.js (deleted)
• tags/7.3.4/js/Chart.bundle.min.1560795818.js (added)
• tags/7.3.4/js/admin.1560275180.js (deleted)
• tags/7.3.4/js/admin.1560795818.js (added)
• tags/7.3.4/js/admin.ajaxWatcher.1560275180.js (deleted)
• tags/7.3.4/js/admin.ajaxWatcher.1560795818.js (added)
• tags/7.3.4/js/admin.liveTraffic.1560275180.js (deleted)
• tags/7.3.4/js/admin.liveTraffic.1560795818.js (added)
• tags/7.3.4/js/date.1560275180.js (deleted)
• tags/7.3.4/js/date.1560795818.js (added)
• tags/7.3.4/js/jquery-ui-timepicker-addon.1560275180.js (deleted)
• tags/7.3.4/js/jquery-ui-timepicker-addon.1560795818.js (added)
• tags/7.3.4/js/jquery.colorbox-min.1560275180.js (deleted)
• tags/7.3.4/js/jquery.colorbox-min.1560795818.js (added)
• tags/7.3.4/js/jquery.colorbox.1560275180.js (deleted)
• tags/7.3.4/js/jquery.colorbox.1560795818.js (added)
• tags/7.3.4/js/jquery.dataTables.min.1560275180.js (deleted)
• tags/7.3.4/js/jquery.dataTables.min.1560795818.js (added)
• tags/7.3.4/js/jquery.qrcode.min.1560275180.js (deleted)
• tags/7.3.4/js/jquery.qrcode.min.1560795818.js (added)
• tags/7.3.4/js/jquery.tmpl.min.1560275180.js (deleted)
• tags/7.3.4/js/jquery.tmpl.min.1560795818.js (added)
• tags/7.3.4/js/jquery.tools.min.1560275180.js (deleted)
• tags/7.3.4/js/jquery.tools.min.1560795818.js (added)
• tags/7.3.4/js/knockout-3.3.0.1560275180.js (deleted)
• tags/7.3.4/js/knockout-3.3.0.1560795818.js (added)
• tags/7.3.4/js/wfdashboard.1560275180.js (deleted)
• tags/7.3.4/js/wfdashboard.1560795818.js (added)
• tags/7.3.4/js/wfdropdown.1560275180.js (deleted)
• tags/7.3.4/js/wfdropdown.1560795818.js (added)
• tags/7.3.4/js/wfglobal.1560275180.js (deleted)
• tags/7.3.4/js/wfglobal.1560795818.js (added)
• tags/7.3.4/js/wfpopover.1560275180.js (deleted)
• tags/7.3.4/js/wfpopover.1560795818.js (added)
• tags/7.3.4/js/wfselect2.min.1560275180.js (deleted)
• tags/7.3.4/js/wfselect2.min.1560795818.js (added)
• tags/7.3.4/lib/wfAlerts.php (added)
• tags/7.3.4/lib/wfCentralAPI.php (modified) (2 diffs)
• tags/7.3.4/lib/wfConfig.php (modified) (3 diffs)
• tags/7.3.4/lib/wfLog.php (modified) (3 diffs)
• tags/7.3.4/lib/wordfenceClass.php (modified) (9 diffs)
• tags/7.3.4/modules/login-security/css/admin-global.1560275180.css (deleted)
• tags/7.3.4/modules/login-security/css/admin-global.1560795818.css (added)
• tags/7.3.4/modules/login-security/css/admin.1560275180.css (deleted)
• tags/7.3.4/modules/login-security/css/admin.1560795818.css (added)
• tags/7.3.4/modules/login-security/css/colorbox.1560275180.css (deleted)
• tags/7.3.4/modules/login-security/css/colorbox.1560795818.css (added)
• tags/7.3.4/modules/login-security/css/font-awesome.1560275180.css (deleted)
• tags/7.3.4/modules/login-security/css/font-awesome.1560795818.css (added)
• tags/7.3.4/modules/login-security/css/ionicons.1560275180.css (deleted)
• tags/7.3.4/modules/login-security/css/ionicons.1560795818.css (added)
• tags/7.3.4/modules/login-security/css/jquery-ui-timepicker-addon.1560275180.css (deleted)
• tags/7.3.4/modules/login-security/css/jquery-ui-timepicker-addon.1560795818.css (added)
• tags/7.3.4/modules/login-security/css/jquery-ui.min.1560275180.css (deleted)
• tags/7.3.4/modules/login-security/css/jquery-ui.min.1560795818.css (added)
• tags/7.3.4/modules/login-security/css/jquery-ui.structure.min.1560275180.css (deleted)
• tags/7.3.4/modules/login-security/css/jquery-ui.structure.min.1560795818.css (added)
• tags/7.3.4/modules/login-security/css/jquery-ui.theme.min.1560275180.css (deleted)
• tags/7.3.4/modules/login-security/css/jquery-ui.theme.min.1560795818.css (added)
• tags/7.3.4/modules/login-security/css/login.1560275180.css (deleted)
• tags/7.3.4/modules/login-security/css/login.1560795818.css (added)
• tags/7.3.4/modules/login-security/js/admin-global.1560275180.js (deleted)
• tags/7.3.4/modules/login-security/js/admin-global.1560795818.js (added)
• tags/7.3.4/modules/login-security/js/admin.1560275180.js (deleted)
• tags/7.3.4/modules/login-security/js/admin.1560795818.js (added)
• tags/7.3.4/modules/login-security/js/jquery-ui-timepicker-addon.1560275180.js (deleted)
• tags/7.3.4/modules/login-security/js/jquery-ui-timepicker-addon.1560795818.js (added)
• tags/7.3.4/modules/login-security/js/jquery.colorbox.1560275180.js (deleted)
• tags/7.3.4/modules/login-security/js/jquery.colorbox.1560795818.js (added)
• tags/7.3.4/modules/login-security/js/jquery.colorbox.min.1560275180.js (deleted)
• tags/7.3.4/modules/login-security/js/jquery.colorbox.min.1560795818.js (added)
• tags/7.3.4/modules/login-security/js/jquery.qrcode.min.1560275180.js (deleted)
• tags/7.3.4/modules/login-security/js/jquery.qrcode.min.1560795818.js (added)
• tags/7.3.4/modules/login-security/js/jquery.tmpl.min.1560275180.js (deleted)
• tags/7.3.4/modules/login-security/js/jquery.tmpl.min.1560795818.js (added)
• tags/7.3.4/modules/login-security/js/login.1560275180.js (deleted)
• tags/7.3.4/modules/login-security/js/login.1560795818.js (added)
• tags/7.3.4/modules/login-security/wordfence-login-security.php (modified) (1 diff)
• tags/7.3.4/readme.txt (modified) (1 diff)
• tags/7.3.4/vendor/composer/038918d7 (deleted)
• tags/7.3.4/vendor/geoip2/geoip2/maxmind-db (deleted)
• tags/7.3.4/wordfence.php (modified) (2 diffs)
• trunk/css/activity-report-widget.1560275180.css (deleted)
• trunk/css/activity-report-widget.1560795818.css (added)
• trunk/css/diff.1560275180.css (deleted)
• trunk/css/diff.1560795818.css (added)
• trunk/css/dt_table.1560275180.css (deleted)
• trunk/css/dt_table.1560795818.css (added)
• trunk/css/fullLog.1560275180.css (deleted)
• trunk/css/fullLog.1560795818.css (added)
• trunk/css/iptraf.1560275180.css (deleted)
• trunk/css/iptraf.1560795818.css (added)
• trunk/css/jquery-ui-timepicker-addon.1560275180.css (deleted)
• trunk/css/jquery-ui-timepicker-addon.1560795818.css (added)
• trunk/css/jquery-ui.min.1560275180.css (deleted)
• trunk/css/jquery-ui.min.1560795818.css (added)
• trunk/css/jquery-ui.structure.min.1560275180.css (deleted)
• trunk/css/jquery-ui.structure.min.1560795818.css (added)
• trunk/css/jquery-ui.theme.min.1560275180.css (deleted)
• trunk/css/jquery-ui.theme.min.1560795818.css (added)
• trunk/css/main.1560275180.css (deleted)
• trunk/css/main.1560795818.css (added)
• trunk/css/phpinfo.1560275180.css (deleted)
• trunk/css/phpinfo.1560795818.css (added)
• trunk/css/wf-adminbar.1560275180.css (deleted)
• trunk/css/wf-adminbar.1560795818.css (added)
• trunk/css/wf-colorbox.1560275180.css (deleted)
• trunk/css/wf-colorbox.1560795818.css (added)
• trunk/css/wf-font-awesome.1560275180.css (deleted)
• trunk/css/wf-font-awesome.1560795818.css (added)
• trunk/css/wf-global.1560275180.css (deleted)
• trunk/css/wf-global.1560795818.css (added)
• trunk/css/wf-ionicons.1560275180.css (deleted)
• trunk/css/wf-ionicons.1560795818.css (added)
• trunk/css/wf-onboarding.1560275180.css (deleted)
• trunk/css/wf-onboarding.1560795818.css (added)
• trunk/css/wf-roboto-font.1560275180.css (deleted)
• trunk/css/wf-roboto-font.1560795818.css (added)
• trunk/css/wfselect2.min.1560275180.css (deleted)
• trunk/css/wfselect2.min.1560795818.css (added)
• trunk/css/wordfenceBox.1560275180.css (deleted)
• trunk/css/wordfenceBox.1560795818.css (added)
• trunk/js/Chart.bundle.min.1560275180.js (deleted)
• trunk/js/Chart.bundle.min.1560795818.js (added)
• trunk/js/admin.1560275180.js (deleted)
• trunk/js/admin.1560795818.js (added)
• trunk/js/admin.ajaxWatcher.1560275180.js (deleted)
• trunk/js/admin.ajaxWatcher.1560795818.js (added)
• trunk/js/admin.liveTraffic.1560275180.js (deleted)
• trunk/js/admin.liveTraffic.1560795818.js (added)
• trunk/js/date.1560275180.js (deleted)
• trunk/js/date.1560795818.js (added)
• trunk/js/jquery-ui-timepicker-addon.1560275180.js (deleted)
• trunk/js/jquery-ui-timepicker-addon.1560795818.js (added)
• trunk/js/jquery.colorbox-min.1560275180.js (deleted)
• trunk/js/jquery.colorbox-min.1560795818.js (added)
• trunk/js/jquery.colorbox.1560275180.js (deleted)
• trunk/js/jquery.colorbox.1560795818.js (added)
• trunk/js/jquery.dataTables.min.1560275180.js (deleted)
• trunk/js/jquery.dataTables.min.1560795818.js (added)
• trunk/js/jquery.qrcode.min.1560275180.js (deleted)
• trunk/js/jquery.qrcode.min.1560795818.js (added)
• trunk/js/jquery.tmpl.min.1560275180.js (deleted)
• trunk/js/jquery.tmpl.min.1560795818.js (added)
• trunk/js/jquery.tools.min.1560275180.js (deleted)
• trunk/js/jquery.tools.min.1560795818.js (added)
• trunk/js/knockout-3.3.0.1560275180.js (deleted)
• trunk/js/knockout-3.3.0.1560795818.js (added)
• trunk/js/wfdashboard.1560275180.js (deleted)
• trunk/js/wfdashboard.1560795818.js (added)
• trunk/js/wfdropdown.1560275180.js (deleted)
• trunk/js/wfdropdown.1560795818.js (added)
• trunk/js/wfglobal.1560275180.js (deleted)
• trunk/js/wfglobal.1560795818.js (added)
• trunk/js/wfpopover.1560275180.js (deleted)
• trunk/js/wfpopover.1560795818.js (added)
• trunk/js/wfselect2.min.1560275180.js (deleted)
• trunk/js/wfselect2.min.1560795818.js (added)
• trunk/lib/wfAlerts.php (added)
• trunk/lib/wfCentralAPI.php (modified) (2 diffs)
• trunk/lib/wfConfig.php (modified) (3 diffs)
• trunk/lib/wfLog.php (modified) (3 diffs)
• trunk/lib/wordfenceClass.php (modified) (9 diffs)
• trunk/modules/login-security/css/admin-global.1560275180.css (deleted)
• trunk/modules/login-security/css/admin-global.1560795818.css (added)
• trunk/modules/login-security/css/admin.1560275180.css (deleted)
• trunk/modules/login-security/css/admin.1560795818.css (added)
• trunk/modules/login-security/css/colorbox.1560275180.css (deleted)
• trunk/modules/login-security/css/colorbox.1560795818.css (added)
• trunk/modules/login-security/css/font-awesome.1560275180.css (deleted)
• trunk/modules/login-security/css/font-awesome.1560795818.css (added)
• trunk/modules/login-security/css/ionicons.1560275180.css (deleted)
• trunk/modules/login-security/css/ionicons.1560795818.css (added)
• trunk/modules/login-security/css/jquery-ui-timepicker-addon.1560275180.css (deleted)
• trunk/modules/login-security/css/jquery-ui-timepicker-addon.1560795818.css (added)
• trunk/modules/login-security/css/jquery-ui.min.1560275180.css (deleted)
• trunk/modules/login-security/css/jquery-ui.min.1560795818.css (added)
• trunk/modules/login-security/css/jquery-ui.structure.min.1560275180.css (deleted)
• trunk/modules/login-security/css/jquery-ui.structure.min.1560795818.css (added)
• trunk/modules/login-security/css/jquery-ui.theme.min.1560275180.css (deleted)
• trunk/modules/login-security/css/jquery-ui.theme.min.1560795818.css (added)
• trunk/modules/login-security/css/login.1560275180.css (deleted)
• trunk/modules/login-security/css/login.1560795818.css (added)
• trunk/modules/login-security/js/admin-global.1560275180.js (deleted)
• trunk/modules/login-security/js/admin-global.1560795818.js (added)
• trunk/modules/login-security/js/admin.1560275180.js (deleted)
• trunk/modules/login-security/js/admin.1560795818.js (added)
• trunk/modules/login-security/js/jquery-ui-timepicker-addon.1560275180.js (deleted)
• trunk/modules/login-security/js/jquery-ui-timepicker-addon.1560795818.js (added)
• trunk/modules/login-security/js/jquery.colorbox.1560275180.js (deleted)
• trunk/modules/login-security/js/jquery.colorbox.1560795818.js (added)
• trunk/modules/login-security/js/jquery.colorbox.min.1560275180.js (deleted)
• trunk/modules/login-security/js/jquery.colorbox.min.1560795818.js (added)
• trunk/modules/login-security/js/jquery.qrcode.min.1560275180.js (deleted)
• trunk/modules/login-security/js/jquery.qrcode.min.1560795818.js (added)
• trunk/modules/login-security/js/jquery.tmpl.min.1560275180.js (deleted)
• trunk/modules/login-security/js/jquery.tmpl.min.1560795818.js (added)
• trunk/modules/login-security/js/login.1560275180.js (deleted)
• trunk/modules/login-security/js/login.1560795818.js (added)
• trunk/modules/login-security/wordfence-login-security.php (modified) (1 diff)
• trunk/readme.txt (modified) (1 diff)
• trunk/vendor/composer/038918d7 (deleted)
• trunk/vendor/geoip2/geoip2/maxmind-db (deleted)
• trunk/wordfence.php (modified) (2 diffs)

wordfence/tags/7.3.4/lib/wfCentralAPI.php

@@ -48 +48 @@
             $args['headers'] = array();
         }
-        $args['cookies']['XDEBUG_SESSION'] = 'XDEBUG_ECLIPSE';
 
         $token = $this->getToken();
@@ -502 +501 @@
         return false;
     }
+
+    /**
+     * @param string $event
+     * @param array $data
+     * @param callable|null $alertCallback
+     */
+    public static function sendSecurityEvent($event, $data = array(), $alertCallback = null) {
+        $alerted = false;
+        if (!self::pluginAlertingDisabled() && is_callable($alertCallback)) {
+            call_user_func($alertCallback);
+            $alerted = true;
+        }
+
+        $siteID = wfConfig::get('wordfenceCentralSiteID');
+        $request = new wfCentralAuthenticatedAPIRequest('/site/' . $siteID . '/security-events', 'POST', array(
+            'data' => array(
+                array(
+                    'type'       => 'security-event',
+                    'attributes' => array(
+                        'type'       => $event,
+                        'data'       => $data,
+                        'event_time' => microtime(true),
+                    ),
+                ),
+            ),
+        ));
+        try {
+            // Attempt to send the security event to Central.
+            $response = $request->execute();
+        } catch (wfCentralAPIException $e) {
+            // If we didn't alert previously, notify the user now in the event Central is down.
+            if (!$alerted && is_callable($alertCallback)) {
+                call_user_func($alertCallback);
+            }
+        }
+    }
+
+    /**
+     * @param $event
+     * @param array $data
+     * @param callable|null $alertCallback
+     */
+    public static function sendAlertCallback($event, $data = array(), $alertCallback = null) {
+        if (is_callable($alertCallback)) {
+            call_user_func($alertCallback);
+        }
+    }
+
+    public static function pluginAlertingDisabled() {
+        if (!self::isConnected()) {
+            return false;
+        }
+
+        return wfConfig::get('wordfenceCentralPluginAlertingDisabled', false);
+    }
 }

wordfence/tags/7.3.4/lib/wfConfig.php

@@ -232 +232 @@
         'wordfenceCentralUserSiteAuthGrant',
         'wordfenceCentralConnected',
+        'wordfenceCentralPluginAlertingDisabled',
     );
 
@@ -990 +991 @@
             if($upret){
                 $cont = file_get_contents(WORDFENCE_FCPATH);
-                if(wfConfig::get('alertOn_update') == '1' && preg_match('/Version: (\d+\.\d+\.\d+)/', $cont, $matches) ){
-                    wordfence::alert("Wordfence Upgraded to version " . $matches[1], "Your Wordfence installation has been upgraded to version " . $matches[1], '127.0.0.1');
-                }
+                preg_match('/Version: (\d+\.\d+\.\d+)/', $cont, $matches);
+                $version = !empty($matches) ? $matches[1] : null;
+                $alertCallback = array(new wfAutoUpdatedAlert($version), 'send');
+                do_action('wordfence_security_event', 'autoUpdate', array(
+                    'version' => $version,
+                    'ip' => wfUtils::getIP(),
+                ), $alertCallback);
+
                 wfConfig::set('autoUpdateAttempts', 0);
             }
@@ -1329 +1335 @@
                     
                     if ($value == wfFirewall::FIREWALL_MODE_DISABLED) {
-                        if (wfConfig::get('alertOn_wafDeactivated')) {
-                            $currentUser = wp_get_current_user();
-                            $username = $currentUser->user_login;
-                            wordfence::alert(__('Wordfence WAF Deactivated', 'wordfence'), sprintf(__('A user with username "%s" deactivated the Wordfence Web Application Firewall on your WordPress site.', 'wordfence'), $username), wfUtils::getIP());
-                        }
+                        $currentUser = wp_get_current_user();
+                        $username = $currentUser->user_login;
+
+                        $alertCallback = array(new wfWafDeactivatedAlert($username, wfUtils::getIP()), 'send');
+                        do_action('wordfence_security_event', 'wafDeactivated', array(
+                            'username' => $username,
+                            'ip' => wfUtils::getIP(),
+                        ), $alertCallback);
                     }
                     

wordfence/tags/7.3.4/lib/wfLog.php

@@ -633 +633 @@
                 wfActivityReport::logBlockedIP($IP, null, 'throttle');
                 $this->tagRequestForBlock($reason);
-                
-                if (wfConfig::get('alertOn_block')) {
-                    $message = sprintf(__('Wordfence has blocked IP address %s.', 'wordfence'), $IP) . "\n";
-                    $message .= sprintf(__('The reason is: "%s".', 'wordfence'), $reason);
-                    if ($secsToGo > 0) {
-                        $message .= "\n" . sprintf(__('The duration of the block is %s.', 'wordfence'), wfUtils::makeDuration($secsToGo, true));
-                    }
-                    wordfence::alert(sprintf(__('Blocking IP %s', 'wordfence'), $IP), $message, $IP);
-                }
+
+                $alertCallback = array(new wfBlockAlert($IP, $reason, $secsToGo), 'send');
+
+                do_action('wordfence_security_event', 'block', array(
+                    'ip' => $IP,
+                    'reason' => $reason,
+                    'duration' => $secsToGo,
+                ), $alertCallback);
                 wordfence::status(2, 'info', sprintf(__('Blocking IP %s. %s', 'wordfence'), $IP, $reason));
             }
@@ -648 +647 @@
                 wfBlock::createRateThrottle($reason, $IP, $secsToGo);
                 wfActivityReport::logBlockedIP($IP, null, 'throttle');
-                
+
+                do_action('wordfence_security_event', 'throttle', array(
+                    'ip' => $IP,
+                    'reason' => $reason,
+                    'duration' => $secsToGo,
+                ));
                 wordfence::status(2, 'info', sprintf(__('Throttling IP %s. %s', 'wordfence'), $IP, $reason));
                 wfConfig::inc('totalIPsThrottled');
             }
-            $this->do503($secsToGo, $reason);
+            $this->do503($secsToGo, $reason, false);
         }
         
@@ -670 +674 @@
     }
     
-    public function do503($secsToGo, $reason){
+    public function do503($secsToGo, $reason, $sendEventToCentral = true){
         $this->initLogRequest();
+
+        if ($sendEventToCentral) {
+            do_action('wordfence_security_event', 'block', array(
+                'ip' => wfUtils::inet_ntop($this->currentRequest->IP),
+                'reason' => $this->currentRequest->actionDescription ? $this->currentRequest->actionDescription : $reason,
+                'duration' => $secsToGo,
+            ));
+        }
+
         $this->currentRequest->statusCode = 503;
         if (!$this->currentRequest->action) {

wordfence/tags/7.3.4/lib/wordfenceClass.php

@@ -42 +42 @@
 require_once(dirname(__FILE__) . '/wfAdminNoticeQueue.php');
 require_once(dirname(__FILE__) . '/wfModuleController.php');
+require_once(dirname(__FILE__) . '/wfAlerts.php');
 
 if (version_compare(phpversion(), '5.3', '>=')) {
@@ -96 +97 @@
     public static function uninstallPlugin(){
         //Send admin alert
-        if (wfConfig::get('alertOn_wordfenceDeactivated')) {
-            $currentUser = wp_get_current_user();
-            $username = $currentUser->user_login;
-            wordfence::alert("Wordfence Deactivated", "A user with username \"$username\" deactivated Wordfence on your WordPress site.", wfUtils::getIP());
-        }
+        $currentUser = wp_get_current_user();
+        $username = $currentUser->user_login;
+        $alertCallback = array(new wfWordfenceDeactivatedAlert($username, wfUtils::getIP()), 'send');
+        do_action('wordfence_security_event', 'wordfenceDeactivated', array(
+            'username' => $username,
+            'ip' => wfUtils::getIP(),
+        ), $alertCallback);
         
         //Check if caching is enabled and if it is, disable it and fix the .htaccess file.
@@ -1311 +1314 @@
         add_action('rest_api_init', 'wordfence::initRestAPI');
 
+        if (wfCentral::isConnected()) {
+            add_action('wordfence_security_event', 'wfCentral::sendSecurityEvent', 10, 3);
+        } else {
+            add_action('wordfence_security_event', 'wfCentral::sendAlertCallback', 10, 3);
+        }
     }
     public static function _pluginPageActionLinks($links) {
@@ -1665 +1673 @@
 
         if($user){
-            if(wfConfig::get('alertOn_lostPasswdForm')){
-                wordfence::alert("Password recovery attempted", "Someone tried to recover the password for user with email address: " . wp_kses($user->user_email, array()), $IP);
-            }
+            $alertCallback = array(new wfLostPasswdFormAlert($user, wfUtils::getIP()), 'send');
+            do_action('wordfence_security_event', 'lostPasswdForm', array(
+                'email' => $user->user_email,
+                'ip' => wfUtils::getIP(),
+            ), $alertCallback);
+
         }
         if(wfConfig::get('loginSecurityEnabled')){
@@ -1688 +1699 @@
         wfBlock::createLockout($reason, $IP, wfBlock::lockoutDuration(), time(), time(), 1);
         self::getLog()->tagRequestForLockout($reason);
-        if (wfConfig::get('alertOn_loginLockout')) {
-            $message = sprintf(__('A user with IP addr %s has been locked out from signing in or using the password recovery form for the following reason: %s.', 'wordfence'), $IP, $reason);
-            if (wfBlock::lockoutDuration() > 0) {
-                $message .= "\n" . sprintf(__('The duration of the lockout is %s.', 'wordfence'), wfUtils::makeDuration(wfBlock::lockoutDuration(), true));
-            }
-            wordfence::alert(__('User locked out from signing in', 'wordfence'), $message, $IP);
-        }
+        $alertCallback = array(new wfLoginLockoutAlert($IP, $reason), 'send');
+        do_action('wordfence_security_event', 'loginLockout', array(
+            'ip'       => $IP,
+            'reason'   => $reason,
+            'duration' => wfBlock::lockoutDuration(),
+        ), $alertCallback);
+
     }
 
@@ -2403 +2414 @@
         $cookievalue = hash_hmac('sha256', $user->user_login, $salt);
         if(wfUtils::isAdmin($userID)){
-            if(wfConfig::get('alertOn_adminLogin')){
-                $shouldAlert = true;
-                if (wfConfig::get('alertOn_firstAdminLoginOnly') && isset($_COOKIE[$cookiename])) {
-                    $shouldAlert = !hash_equals($cookievalue, $_COOKIE[$cookiename]);
-                }
-                
-                if ($shouldAlert) {
-                    wordfence::alert("Admin Login", "A user with username \"$username\" who has administrator access signed in to your WordPress site.", wfUtils::getIP());
-                }
-            }
+            $securityEvent = 'adminLoginNewLocation';
+            if (isset($_COOKIE[$cookiename]) && hash_equals($cookievalue, $_COOKIE[$cookiename])) {
+                $securityEvent = 'adminLogin';
+            }
+            $alertCallback = array(new wfAdminLoginAlert($cookiename, $cookievalue, $username, wfUtils::getIP()), 'send');
+            do_action('wordfence_security_event', $securityEvent, array(
+                'username' => $username,
+                'ip' => wfUtils::getIP(),
+            ), $alertCallback);
+
         } else {
-            if(wfConfig::get('alertOn_nonAdminLogin')){
-                $shouldAlert = true;
-                if (wfConfig::get('alertOn_firstNonAdminLoginOnly') && isset($_COOKIE[$cookiename])) {
-                    $shouldAlert = !hash_equals($cookievalue, $_COOKIE[$cookiename]);
-                }
-                
-                if ($shouldAlert) {
-                    wordfence::alert("User login", "A non-admin user with username \"$username\" signed in to your WordPress site.", wfUtils::getIP());
-                }
-            }
+            $securityEvent = 'nonAdminLoginNewLocation';
+            if (isset($_COOKIE[$cookiename]) && hash_equals($cookievalue, $_COOKIE[$cookiename])) {
+                $securityEvent = 'nonAdminLogin';
+            }
+            $alertCallback = array(new wfNonAdminLoginAlert($cookiename, $cookievalue, $username, wfUtils::getIP()), 'send');
+            do_action('wordfence_security_event', $securityEvent, array(
+                'username' => $username,
+                'ip' => wfUtils::getIP(),
+            ), $alertCallback);
         }
         
@@ -2923 +2933 @@
                         $username = $authUser->user_login;
                         self::getLog()->logLogin('loginFailValidUsername', 1, $username);
-                        if (wfConfig::get('alertOn_breachLogin')) {
-                            wordfence::alert(__('User login blocked for insecure password', 'wordfence'), sprintf(__('A user with username "%s" tried to sign in to your WordPress site. Access was denied because the password being used exists on lists of passwords leaked in data breaches. Attackers use such lists to break into sites and install malicious code. Please change or reset the password (%s) to reactivate this account. Learn More: %s', 'wordfence'), $username, wp_lostpassword_url(), wfSupportController::esc_supportURL(wfSupportController::ITEM_USING_BREACH_PASSWORD)), wfUtils::getIP());
-                        }
+                        $alertCallback = array(new wfBreachLoginAlert($username, wp_lostpassword_url(), wfSupportController::esc_supportURL(wfSupportController::ITEM_USING_BREACH_PASSWORD), wfUtils::getIP()), 'send');
+
+                        do_action('wordfence_security_event', 'breachLogin', array(
+                            'username' => $username,
+                            'resetPasswordURL' => wp_lostpassword_url(),
+                            'supportURL' => wfSupportController::esc_supportURL(wfSupportController::ITEM_USING_BREACH_PASSWORD),
+                            'ip' => wfUtils::getIP(),
+                        ), $alertCallback);
                         
                         remove_action('login_errors', 'limit_login_fixup_error_messages'); //We're forced to do this because limit-login-attempts does not have any allowances for legitimate error messages
@@ -2952 +2967 @@
                 $username = $authUser->user_login;
                 self::getLog()->logLogin('loginFailValidUsername', 1, $username);
-                if (wfConfig::get('alertOn_breachLogin')) {
-                    wordfence::alert(__('User login blocked for insecure password', 'wordfence'), sprintf(__('A user with username "%s" tried to sign in to your WordPress site. Access was denied because the password being used exists on lists of passwords leaked in data breaches. Attackers use such lists to break into sites and install malicious code. Please change or reset the password (%s) to reactivate this account. Learn More: %s', 'wordfence'), $username, wp_lostpassword_url(), wfSupportController::esc_supportURL(wfSupportController::ITEM_USING_BREACH_PASSWORD)), wfUtils::getIP());
-                }
-                
+                $alertCallback = array(new wfBreachLoginAlert($username, wp_lostpassword_url(), wfSupportController::esc_supportURL(wfSupportController::ITEM_USING_BREACH_PASSWORD), wfUtils::getIP()), 'send');
+
+                do_action('wordfence_security_event', 'breachLogin', array(
+                    'username' => $username,
+                    'resetPasswordURL' => wp_lostpassword_url(),
+                    'supportURL' => wfSupportController::esc_supportURL(wfSupportController::ITEM_USING_BREACH_PASSWORD),
+                    'ip' => wfUtils::getIP(),
+                ), $alertCallback);
+
                 remove_action('login_errors', 'limit_login_fixup_error_messages'); //We're forced to do this because limit-login-attempts does not have any allowances for legitimate error messages
                 self::$authError = new WP_Error('breached_password', sprintf(__('<strong>INSECURE PASSWORD:</strong> Your login attempt has been blocked because the password you are using exists on lists of passwords leaked in data breaches. Attackers use such lists to break into sites and install malicious code. Please <a href="%s">reset your password</a> to reactivate your account. <a href="%s" target="_blank" rel="noopener noreferrer">Learn More</a>'), wp_lostpassword_url(), wfSupportController::esc_supportURL(wfSupportController::ITEM_USING_BREACH_PASSWORD)));
@@ -7876 +7896 @@
                 }
 
-                self::alert('Increased Attack Rate', $message, false);
+                $alertCallback = array(new wfIncreasedAttackRateAlert($message), 'send');
+                do_action('wordfence_security_event', 'increasedAttackRate', array(
+                    'attackCount' => $attackCount,
+                    'attackTable' => $attackTable,
+                    'duration' => $alertInterval,
+                    'ip' => wfUtils::getIP(),
+                ), $alertCallback);
+
                 wfConfig::set('wafAlertLastSendTime', time());
             }

wordfence/tags/7.3.4/modules/login-security/wordfence-login-security.php

@@ -28 +28 @@
     
     define('WORDFENCE_LS_VERSION', '1.0.2');
-    define('WORDFENCE_LS_BUILD_NUMBER', '1560275180');
+    define('WORDFENCE_LS_BUILD_NUMBER', '1560795818');
     
     if (!WORDFENCE_LS_FROM_CORE) {

wordfence/tags/7.3.4/readme.txt

@@ -183 +183 @@
 
 == Changelog ==
+
+= 7.3.4 - June 17, 2019 =
+* Improvement: Added security events and alerting features built into Wordfence Central.
 
 = 7.3.3 - June 11, 2019 =

wordfence/tags/7.3.4/wordfence.php

@@ -5 +5 @@
 Description: Wordfence Security - Anti-virus, Firewall and Malware Scan
 Author: Wordfence
-Version: 7.3.3
+Version: 7.3.4
 Author URI: http://www.wordfence.com/
 Network: true
@@ -16 +16 @@
     exit;
 }
-define('WORDFENCE_VERSION', '7.3.3');
-define('WORDFENCE_BUILD_NUMBER', '1560275180');
+define('WORDFENCE_VERSION', '7.3.4');
+define('WORDFENCE_BUILD_NUMBER', '1560795818');
 define('WORDFENCE_BASENAME', function_exists('plugin_basename') ? plugin_basename(__FILE__) :
     basename(dirname(__FILE__)) . '/' . basename(__FILE__));

wordfence/trunk/lib/wfCentralAPI.php

@@ -48 +48 @@
             $args['headers'] = array();
         }
-        $args['cookies']['XDEBUG_SESSION'] = 'XDEBUG_ECLIPSE';
 
         $token = $this->getToken();
@@ -502 +501 @@
         return false;
     }
+
+    /**
+     * @param string $event
+     * @param array $data
+     * @param callable|null $alertCallback
+     */
+    public static function sendSecurityEvent($event, $data = array(), $alertCallback = null) {
+        $alerted = false;
+        if (!self::pluginAlertingDisabled() && is_callable($alertCallback)) {
+            call_user_func($alertCallback);
+            $alerted = true;
+        }
+
+        $siteID = wfConfig::get('wordfenceCentralSiteID');
+        $request = new wfCentralAuthenticatedAPIRequest('/site/' . $siteID . '/security-events', 'POST', array(
+            'data' => array(
+                array(
+                    'type'       => 'security-event',
+                    'attributes' => array(
+                        'type'       => $event,
+                        'data'       => $data,
+                        'event_time' => microtime(true),
+                    ),
+                ),
+            ),
+        ));
+        try {
+            // Attempt to send the security event to Central.
+            $response = $request->execute();
+        } catch (wfCentralAPIException $e) {
+            // If we didn't alert previously, notify the user now in the event Central is down.
+            if (!$alerted && is_callable($alertCallback)) {
+                call_user_func($alertCallback);
+            }
+        }
+    }
+
+    /**
+     * @param $event
+     * @param array $data
+     * @param callable|null $alertCallback
+     */
+    public static function sendAlertCallback($event, $data = array(), $alertCallback = null) {
+        if (is_callable($alertCallback)) {
+            call_user_func($alertCallback);
+        }
+    }
+
+    public static function pluginAlertingDisabled() {
+        if (!self::isConnected()) {
+            return false;
+        }
+
+        return wfConfig::get('wordfenceCentralPluginAlertingDisabled', false);
+    }
 }

wordfence/trunk/lib/wfConfig.php

@@ -232 +232 @@
         'wordfenceCentralUserSiteAuthGrant',
         'wordfenceCentralConnected',
+        'wordfenceCentralPluginAlertingDisabled',
     );
 
@@ -990 +991 @@
             if($upret){
                 $cont = file_get_contents(WORDFENCE_FCPATH);
-                if(wfConfig::get('alertOn_update') == '1' && preg_match('/Version: (\d+\.\d+\.\d+)/', $cont, $matches) ){
-                    wordfence::alert("Wordfence Upgraded to version " . $matches[1], "Your Wordfence installation has been upgraded to version " . $matches[1], '127.0.0.1');
-                }
+                preg_match('/Version: (\d+\.\d+\.\d+)/', $cont, $matches);
+                $version = !empty($matches) ? $matches[1] : null;
+                $alertCallback = array(new wfAutoUpdatedAlert($version), 'send');
+                do_action('wordfence_security_event', 'autoUpdate', array(
+                    'version' => $version,
+                    'ip' => wfUtils::getIP(),
+                ), $alertCallback);
+
                 wfConfig::set('autoUpdateAttempts', 0);
             }
@@ -1329 +1335 @@
                     
                     if ($value == wfFirewall::FIREWALL_MODE_DISABLED) {
-                        if (wfConfig::get('alertOn_wafDeactivated')) {
-                            $currentUser = wp_get_current_user();
-                            $username = $currentUser->user_login;
-                            wordfence::alert(__('Wordfence WAF Deactivated', 'wordfence'), sprintf(__('A user with username "%s" deactivated the Wordfence Web Application Firewall on your WordPress site.', 'wordfence'), $username), wfUtils::getIP());
-                        }
+                        $currentUser = wp_get_current_user();
+                        $username = $currentUser->user_login;
+
+                        $alertCallback = array(new wfWafDeactivatedAlert($username, wfUtils::getIP()), 'send');
+                        do_action('wordfence_security_event', 'wafDeactivated', array(
+                            'username' => $username,
+                            'ip' => wfUtils::getIP(),
+                        ), $alertCallback);
                     }
                     

wordfence/trunk/lib/wfLog.php

@@ -633 +633 @@
                 wfActivityReport::logBlockedIP($IP, null, 'throttle');
                 $this->tagRequestForBlock($reason);
-                
-                if (wfConfig::get('alertOn_block')) {
-                    $message = sprintf(__('Wordfence has blocked IP address %s.', 'wordfence'), $IP) . "\n";
-                    $message .= sprintf(__('The reason is: "%s".', 'wordfence'), $reason);
-                    if ($secsToGo > 0) {
-                        $message .= "\n" . sprintf(__('The duration of the block is %s.', 'wordfence'), wfUtils::makeDuration($secsToGo, true));
-                    }
-                    wordfence::alert(sprintf(__('Blocking IP %s', 'wordfence'), $IP), $message, $IP);
-                }
+
+                $alertCallback = array(new wfBlockAlert($IP, $reason, $secsToGo), 'send');
+
+                do_action('wordfence_security_event', 'block', array(
+                    'ip' => $IP,
+                    'reason' => $reason,
+                    'duration' => $secsToGo,
+                ), $alertCallback);
                 wordfence::status(2, 'info', sprintf(__('Blocking IP %s. %s', 'wordfence'), $IP, $reason));
             }
@@ -648 +647 @@
                 wfBlock::createRateThrottle($reason, $IP, $secsToGo);
                 wfActivityReport::logBlockedIP($IP, null, 'throttle');
-                
+
+                do_action('wordfence_security_event', 'throttle', array(
+                    'ip' => $IP,
+                    'reason' => $reason,
+                    'duration' => $secsToGo,
+                ));
                 wordfence::status(2, 'info', sprintf(__('Throttling IP %s. %s', 'wordfence'), $IP, $reason));
                 wfConfig::inc('totalIPsThrottled');
             }
-            $this->do503($secsToGo, $reason);
+            $this->do503($secsToGo, $reason, false);
         }
         
@@ -670 +674 @@
     }
     
-    public function do503($secsToGo, $reason){
+    public function do503($secsToGo, $reason, $sendEventToCentral = true){
         $this->initLogRequest();
+
+        if ($sendEventToCentral) {
+            do_action('wordfence_security_event', 'block', array(
+                'ip' => wfUtils::inet_ntop($this->currentRequest->IP),
+                'reason' => $this->currentRequest->actionDescription ? $this->currentRequest->actionDescription : $reason,
+                'duration' => $secsToGo,
+            ));
+        }
+
         $this->currentRequest->statusCode = 503;
         if (!$this->currentRequest->action) {

wordfence/trunk/lib/wordfenceClass.php

@@ -42 +42 @@
 require_once(dirname(__FILE__) . '/wfAdminNoticeQueue.php');
 require_once(dirname(__FILE__) . '/wfModuleController.php');
+require_once(dirname(__FILE__) . '/wfAlerts.php');
 
 if (version_compare(phpversion(), '5.3', '>=')) {
@@ -96 +97 @@
     public static function uninstallPlugin(){
         //Send admin alert
-        if (wfConfig::get('alertOn_wordfenceDeactivated')) {
-            $currentUser = wp_get_current_user();
-            $username = $currentUser->user_login;
-            wordfence::alert("Wordfence Deactivated", "A user with username \"$username\" deactivated Wordfence on your WordPress site.", wfUtils::getIP());
-        }
+        $currentUser = wp_get_current_user();
+        $username = $currentUser->user_login;
+        $alertCallback = array(new wfWordfenceDeactivatedAlert($username, wfUtils::getIP()), 'send');
+        do_action('wordfence_security_event', 'wordfenceDeactivated', array(
+            'username' => $username,
+            'ip' => wfUtils::getIP(),
+        ), $alertCallback);
         
         //Check if caching is enabled and if it is, disable it and fix the .htaccess file.
@@ -1311 +1314 @@
         add_action('rest_api_init', 'wordfence::initRestAPI');
 
+        if (wfCentral::isConnected()) {
+            add_action('wordfence_security_event', 'wfCentral::sendSecurityEvent', 10, 3);
+        } else {
+            add_action('wordfence_security_event', 'wfCentral::sendAlertCallback', 10, 3);
+        }
     }
     public static function _pluginPageActionLinks($links) {
@@ -1665 +1673 @@
 
         if($user){
-            if(wfConfig::get('alertOn_lostPasswdForm')){
-                wordfence::alert("Password recovery attempted", "Someone tried to recover the password for user with email address: " . wp_kses($user->user_email, array()), $IP);
-            }
+            $alertCallback = array(new wfLostPasswdFormAlert($user, wfUtils::getIP()), 'send');
+            do_action('wordfence_security_event', 'lostPasswdForm', array(
+                'email' => $user->user_email,
+                'ip' => wfUtils::getIP(),
+            ), $alertCallback);
+
         }
         if(wfConfig::get('loginSecurityEnabled')){
@@ -1688 +1699 @@
         wfBlock::createLockout($reason, $IP, wfBlock::lockoutDuration(), time(), time(), 1);
         self::getLog()->tagRequestForLockout($reason);
-        if (wfConfig::get('alertOn_loginLockout')) {
-            $message = sprintf(__('A user with IP addr %s has been locked out from signing in or using the password recovery form for the following reason: %s.', 'wordfence'), $IP, $reason);
-            if (wfBlock::lockoutDuration() > 0) {
-                $message .= "\n" . sprintf(__('The duration of the lockout is %s.', 'wordfence'), wfUtils::makeDuration(wfBlock::lockoutDuration(), true));
-            }
-            wordfence::alert(__('User locked out from signing in', 'wordfence'), $message, $IP);
-        }
+        $alertCallback = array(new wfLoginLockoutAlert($IP, $reason), 'send');
+        do_action('wordfence_security_event', 'loginLockout', array(
+            'ip'       => $IP,
+            'reason'   => $reason,
+            'duration' => wfBlock::lockoutDuration(),
+        ), $alertCallback);
+
     }
 
@@ -2403 +2414 @@
         $cookievalue = hash_hmac('sha256', $user->user_login, $salt);
         if(wfUtils::isAdmin($userID)){
-            if(wfConfig::get('alertOn_adminLogin')){
-                $shouldAlert = true;
-                if (wfConfig::get('alertOn_firstAdminLoginOnly') && isset($_COOKIE[$cookiename])) {
-                    $shouldAlert = !hash_equals($cookievalue, $_COOKIE[$cookiename]);
-                }
-                
-                if ($shouldAlert) {
-                    wordfence::alert("Admin Login", "A user with username \"$username\" who has administrator access signed in to your WordPress site.", wfUtils::getIP());
-                }
-            }
+            $securityEvent = 'adminLoginNewLocation';
+            if (isset($_COOKIE[$cookiename]) && hash_equals($cookievalue, $_COOKIE[$cookiename])) {
+                $securityEvent = 'adminLogin';
+            }
+            $alertCallback = array(new wfAdminLoginAlert($cookiename, $cookievalue, $username, wfUtils::getIP()), 'send');
+            do_action('wordfence_security_event', $securityEvent, array(
+                'username' => $username,
+                'ip' => wfUtils::getIP(),
+            ), $alertCallback);
+
         } else {
-            if(wfConfig::get('alertOn_nonAdminLogin')){
-                $shouldAlert = true;
-                if (wfConfig::get('alertOn_firstNonAdminLoginOnly') && isset($_COOKIE[$cookiename])) {
-                    $shouldAlert = !hash_equals($cookievalue, $_COOKIE[$cookiename]);
-                }
-                
-                if ($shouldAlert) {
-                    wordfence::alert("User login", "A non-admin user with username \"$username\" signed in to your WordPress site.", wfUtils::getIP());
-                }
-            }
+            $securityEvent = 'nonAdminLoginNewLocation';
+            if (isset($_COOKIE[$cookiename]) && hash_equals($cookievalue, $_COOKIE[$cookiename])) {
+                $securityEvent = 'nonAdminLogin';
+            }
+            $alertCallback = array(new wfNonAdminLoginAlert($cookiename, $cookievalue, $username, wfUtils::getIP()), 'send');
+            do_action('wordfence_security_event', $securityEvent, array(
+                'username' => $username,
+                'ip' => wfUtils::getIP(),
+            ), $alertCallback);
         }
         
@@ -2923 +2933 @@
                         $username = $authUser->user_login;
                         self::getLog()->logLogin('loginFailValidUsername', 1, $username);
-                        if (wfConfig::get('alertOn_breachLogin')) {
-                            wordfence::alert(__('User login blocked for insecure password', 'wordfence'), sprintf(__('A user with username "%s" tried to sign in to your WordPress site. Access was denied because the password being used exists on lists of passwords leaked in data breaches. Attackers use such lists to break into sites and install malicious code. Please change or reset the password (%s) to reactivate this account. Learn More: %s', 'wordfence'), $username, wp_lostpassword_url(), wfSupportController::esc_supportURL(wfSupportController::ITEM_USING_BREACH_PASSWORD)), wfUtils::getIP());
-                        }
+                        $alertCallback = array(new wfBreachLoginAlert($username, wp_lostpassword_url(), wfSupportController::esc_supportURL(wfSupportController::ITEM_USING_BREACH_PASSWORD), wfUtils::getIP()), 'send');
+
+                        do_action('wordfence_security_event', 'breachLogin', array(
+                            'username' => $username,
+                            'resetPasswordURL' => wp_lostpassword_url(),
+                            'supportURL' => wfSupportController::esc_supportURL(wfSupportController::ITEM_USING_BREACH_PASSWORD),
+                            'ip' => wfUtils::getIP(),
+                        ), $alertCallback);
                         
                         remove_action('login_errors', 'limit_login_fixup_error_messages'); //We're forced to do this because limit-login-attempts does not have any allowances for legitimate error messages
@@ -2952 +2967 @@
                 $username = $authUser->user_login;
                 self::getLog()->logLogin('loginFailValidUsername', 1, $username);
-                if (wfConfig::get('alertOn_breachLogin')) {
-                    wordfence::alert(__('User login blocked for insecure password', 'wordfence'), sprintf(__('A user with username "%s" tried to sign in to your WordPress site. Access was denied because the password being used exists on lists of passwords leaked in data breaches. Attackers use such lists to break into sites and install malicious code. Please change or reset the password (%s) to reactivate this account. Learn More: %s', 'wordfence'), $username, wp_lostpassword_url(), wfSupportController::esc_supportURL(wfSupportController::ITEM_USING_BREACH_PASSWORD)), wfUtils::getIP());
-                }
-                
+                $alertCallback = array(new wfBreachLoginAlert($username, wp_lostpassword_url(), wfSupportController::esc_supportURL(wfSupportController::ITEM_USING_BREACH_PASSWORD), wfUtils::getIP()), 'send');
+
+                do_action('wordfence_security_event', 'breachLogin', array(
+                    'username' => $username,
+                    'resetPasswordURL' => wp_lostpassword_url(),
+                    'supportURL' => wfSupportController::esc_supportURL(wfSupportController::ITEM_USING_BREACH_PASSWORD),
+                    'ip' => wfUtils::getIP(),
+                ), $alertCallback);
+
                 remove_action('login_errors', 'limit_login_fixup_error_messages'); //We're forced to do this because limit-login-attempts does not have any allowances for legitimate error messages
                 self::$authError = new WP_Error('breached_password', sprintf(__('<strong>INSECURE PASSWORD:</strong> Your login attempt has been blocked because the password you are using exists on lists of passwords leaked in data breaches. Attackers use such lists to break into sites and install malicious code. Please <a href="%s">reset your password</a> to reactivate your account. <a href="%s" target="_blank" rel="noopener noreferrer">Learn More</a>'), wp_lostpassword_url(), wfSupportController::esc_supportURL(wfSupportController::ITEM_USING_BREACH_PASSWORD)));
@@ -7876 +7896 @@
                 }
 
-                self::alert('Increased Attack Rate', $message, false);
+                $alertCallback = array(new wfIncreasedAttackRateAlert($message), 'send');
+                do_action('wordfence_security_event', 'increasedAttackRate', array(
+                    'attackCount' => $attackCount,
+                    'attackTable' => $attackTable,
+                    'duration' => $alertInterval,
+                    'ip' => wfUtils::getIP(),
+                ), $alertCallback);
+
                 wfConfig::set('wafAlertLastSendTime', time());
             }

wordfence/trunk/modules/login-security/wordfence-login-security.php

@@ -28 +28 @@
     
     define('WORDFENCE_LS_VERSION', '1.0.2');
-    define('WORDFENCE_LS_BUILD_NUMBER', '1560275180');
+    define('WORDFENCE_LS_BUILD_NUMBER', '1560795818');
     
     if (!WORDFENCE_LS_FROM_CORE) {

wordfence/trunk/readme.txt

@@ -183 +183 @@
 
 == Changelog ==
+
+= 7.3.4 - June 17, 2019 =
+* Improvement: Added security events and alerting features built into Wordfence Central.
 
 = 7.3.3 - June 11, 2019 =

wordfence/trunk/wordfence.php

@@ -5 +5 @@
 Description: Wordfence Security - Anti-virus, Firewall and Malware Scan
 Author: Wordfence
-Version: 7.3.3
+Version: 7.3.4
 Author URI: http://www.wordfence.com/
 Network: true
@@ -16 +16 @@
     exit;
 }
-define('WORDFENCE_VERSION', '7.3.3');
-define('WORDFENCE_BUILD_NUMBER', '1560275180');
+define('WORDFENCE_VERSION', '7.3.4');
+define('WORDFENCE_BUILD_NUMBER', '1560795818');
 define('WORDFENCE_BASENAME', function_exists('plugin_basename') ? plugin_basename(__FILE__) :
     basename(dirname(__FILE__)) . '/' . basename(__FILE__));