Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3063884

Timestamp:

04/03/2024 03:31:52 PM (21 months ago)

Author:

wfryan

Message:

7.11.5 - April 3, 2024

Fix: Revised the behavior of the reCAPTCHA verification to use the documented expiration period of the token and response to avoid sending verification requests too frequently, which could artificially lower scores in some circumstances
Fix: Addressed PHP 8 deprecation notices in the file differ used by file changed scan results
Fix: Reduced the frequency of Wordfence Central status update callbacks in sections of the scan that occur quickly in sequence

Location:

wordfence

Files:

: 130 added
: 130 deleted
: 32 edited
: 1 copied

tags/7.11.5 (copied) (copied from wordfence/trunk)
tags/7.11.5/css/activity-report-widget.1710170544.css (deleted)
tags/7.11.5/css/activity-report-widget.1712157296.css (added)
tags/7.11.5/css/diff.1710170544.css (deleted)
tags/7.11.5/css/diff.1712157296.css (added)
tags/7.11.5/css/fullLog.1710170544.css (deleted)
tags/7.11.5/css/fullLog.1712157296.css (added)
tags/7.11.5/css/iptraf.1710170544.css (deleted)
tags/7.11.5/css/iptraf.1712157296.css (added)
tags/7.11.5/css/jquery-ui-timepicker-addon.1710170544.css (deleted)
tags/7.11.5/css/jquery-ui-timepicker-addon.1712157296.css (added)
tags/7.11.5/css/jquery-ui.min.1710170544.css (deleted)
tags/7.11.5/css/jquery-ui.min.1712157296.css (added)
tags/7.11.5/css/jquery-ui.structure.min.1710170544.css (deleted)
tags/7.11.5/css/jquery-ui.structure.min.1712157296.css (added)
tags/7.11.5/css/jquery-ui.theme.min.1710170544.css (deleted)
tags/7.11.5/css/jquery-ui.theme.min.1712157296.css (added)
tags/7.11.5/css/license/care-global.1710170544.css (deleted)
tags/7.11.5/css/license/care-global.1712157296.css (added)
tags/7.11.5/css/license/care.1710170544.css (deleted)
tags/7.11.5/css/license/care.1712157296.css (added)
tags/7.11.5/css/license/free-global.1710170544.css (deleted)
tags/7.11.5/css/license/free-global.1712157296.css (added)
tags/7.11.5/css/license/free.1710170544.css (deleted)
tags/7.11.5/css/license/free.1712157296.css (added)
tags/7.11.5/css/license/premium-global.1710170544.css (deleted)
tags/7.11.5/css/license/premium-global.1712157296.css (added)
tags/7.11.5/css/license/premium.1710170544.css (deleted)
tags/7.11.5/css/license/premium.1712157296.css (added)
tags/7.11.5/css/license/response-global.1710170544.css (deleted)
tags/7.11.5/css/license/response-global.1712157296.css (added)
tags/7.11.5/css/license/response-variables.1710170544.css (deleted)
tags/7.11.5/css/license/response-variables.1712157296.css (added)
tags/7.11.5/css/license/response.1710170544.css (deleted)
tags/7.11.5/css/license/response.1712157296.css (added)
tags/7.11.5/css/main.1710170544.css (deleted)
tags/7.11.5/css/main.1712157296.css (added)
tags/7.11.5/css/phpinfo.1710170544.css (deleted)
tags/7.11.5/css/phpinfo.1712157296.css (added)
tags/7.11.5/css/wf-adminbar.1710170544.css (deleted)
tags/7.11.5/css/wf-adminbar.1712157296.css (added)
tags/7.11.5/css/wf-colorbox.1710170544.css (deleted)
tags/7.11.5/css/wf-colorbox.1712157296.css (added)
tags/7.11.5/css/wf-font-awesome.1710170544.css (deleted)
tags/7.11.5/css/wf-font-awesome.1712157296.css (added)
tags/7.11.5/css/wf-global.1710170544.css (deleted)
tags/7.11.5/css/wf-global.1712157296.css (added)
tags/7.11.5/css/wf-ionicons.1710170544.css (deleted)
tags/7.11.5/css/wf-ionicons.1712157296.css (added)
tags/7.11.5/css/wf-onboarding.1710170544.css (deleted)
tags/7.11.5/css/wf-onboarding.1712157296.css (added)
tags/7.11.5/css/wf-roboto-font.1710170544.css (deleted)
tags/7.11.5/css/wf-roboto-font.1712157296.css (added)
tags/7.11.5/css/wfselect2.min.1710170544.css (deleted)
tags/7.11.5/css/wfselect2.min.1712157296.css (added)
tags/7.11.5/css/wordfenceBox.1710170544.css (deleted)
tags/7.11.5/css/wordfenceBox.1712157296.css (added)
tags/7.11.5/js/admin.1710170544.js (deleted)
tags/7.11.5/js/admin.1712157296.js (added)
tags/7.11.5/js/admin.ajaxWatcher.1710170544.js (deleted)
tags/7.11.5/js/admin.ajaxWatcher.1712157296.js (added)
tags/7.11.5/js/admin.liveTraffic.1710170544.js (deleted)
tags/7.11.5/js/admin.liveTraffic.1712157296.js (added)
tags/7.11.5/js/chart.umd.1710170544.js (deleted)
tags/7.11.5/js/chart.umd.1712157296.js (added)
tags/7.11.5/js/date.1710170544.js (deleted)
tags/7.11.5/js/date.1712157296.js (added)
tags/7.11.5/js/jquery-ui-timepicker-addon.1710170544.js (deleted)
tags/7.11.5/js/jquery-ui-timepicker-addon.1712157296.js (added)
tags/7.11.5/js/jquery.colorbox-min.1710170544.js (deleted)
tags/7.11.5/js/jquery.colorbox-min.1712157296.js (added)
tags/7.11.5/js/jquery.colorbox.1710170544.js (deleted)
tags/7.11.5/js/jquery.colorbox.1712157296.js (added)
tags/7.11.5/js/jquery.qrcode.min.1710170544.js (deleted)
tags/7.11.5/js/jquery.qrcode.min.1712157296.js (added)
tags/7.11.5/js/jquery.tmpl.min.1710170544.js (deleted)
tags/7.11.5/js/jquery.tmpl.min.1712157296.js (added)
tags/7.11.5/js/knockout-3.5.1.1710170544.js (deleted)
tags/7.11.5/js/knockout-3.5.1.1712157296.js (added)
tags/7.11.5/js/wfdashboard.1710170544.js (deleted)
tags/7.11.5/js/wfdashboard.1712157296.js (added)
tags/7.11.5/js/wfdropdown.1710170544.js (deleted)
tags/7.11.5/js/wfdropdown.1712157296.js (added)
tags/7.11.5/js/wfglobal.1710170544.js (deleted)
tags/7.11.5/js/wfglobal.1712157296.js (added)
tags/7.11.5/js/wfi18n.1710170544.js (deleted)
tags/7.11.5/js/wfi18n.1712157296.js (added)
tags/7.11.5/js/wfonboarding.1710170544.js (deleted)
tags/7.11.5/js/wfonboarding.1712157296.js (added)
tags/7.11.5/js/wfpopover.1710170544.js (deleted)
tags/7.11.5/js/wfpopover.1712157296.js (added)
tags/7.11.5/js/wfselect2.min.1710170544.js (deleted)
tags/7.11.5/js/wfselect2.min.1712157296.js (added)
tags/7.11.5/languages/wordfence.pot (modified) (18 diffs)
tags/7.11.5/lib/Diff/SequenceMatcher.php (modified) (2 diffs)
tags/7.11.5/lib/wf503.php (modified) (1 diff)
tags/7.11.5/lib/wfCentralAPI.php (modified) (1 diff)
tags/7.11.5/lib/wfLockedOut.php (modified) (1 diff)
tags/7.11.5/models/scanner/wfScanner.php (modified) (4 diffs)
tags/7.11.5/modules/login-security/classes/controller/captcha.php (modified) (1 diff)
tags/7.11.5/modules/login-security/classes/controller/users.php (modified) (2 diffs)
tags/7.11.5/modules/login-security/classes/controller/wordfencels.php (modified) (1 diff)
tags/7.11.5/modules/login-security/css/admin-global.1710170544.css (deleted)
tags/7.11.5/modules/login-security/css/admin-global.1712157296.css (added)
tags/7.11.5/modules/login-security/css/admin.1710170544.css (deleted)
tags/7.11.5/modules/login-security/css/admin.1712157296.css (added)
tags/7.11.5/modules/login-security/css/colorbox.1710170544.css (deleted)
tags/7.11.5/modules/login-security/css/colorbox.1712157296.css (added)
tags/7.11.5/modules/login-security/css/embedded.1710170544.css (deleted)
tags/7.11.5/modules/login-security/css/embedded.1712157296.css (added)
tags/7.11.5/modules/login-security/css/font-awesome.1710170544.css (deleted)
tags/7.11.5/modules/login-security/css/font-awesome.1712157296.css (added)
tags/7.11.5/modules/login-security/css/ionicons.1710170544.css (deleted)
tags/7.11.5/modules/login-security/css/ionicons.1712157296.css (added)
tags/7.11.5/modules/login-security/css/jquery-ui.min.1710170544.css (deleted)
tags/7.11.5/modules/login-security/css/jquery-ui.min.1712157296.css (added)
tags/7.11.5/modules/login-security/css/jquery-ui.structure.min.1710170544.css (deleted)
tags/7.11.5/modules/login-security/css/jquery-ui.structure.min.1712157296.css (added)
tags/7.11.5/modules/login-security/css/jquery-ui.theme.min.1710170544.css (deleted)
tags/7.11.5/modules/login-security/css/jquery-ui.theme.min.1712157296.css (added)
tags/7.11.5/modules/login-security/css/login.1710170544.css (deleted)
tags/7.11.5/modules/login-security/css/login.1712157296.css (added)
tags/7.11.5/modules/login-security/css/woocommerce-account.1710170544.css (deleted)
tags/7.11.5/modules/login-security/css/woocommerce-account.1712157296.css (added)
tags/7.11.5/modules/login-security/js/admin-global.1710170544.js (deleted)
tags/7.11.5/modules/login-security/js/admin-global.1712157296.js (added)
tags/7.11.5/modules/login-security/js/admin.1710170544.js (deleted)
tags/7.11.5/modules/login-security/js/admin.1712157296.js (added)
tags/7.11.5/modules/login-security/js/chart.umd.1710170544.js (deleted)
tags/7.11.5/modules/login-security/js/chart.umd.1712157296.js (added)
tags/7.11.5/modules/login-security/js/jquery.colorbox.1710170544.js (deleted)
tags/7.11.5/modules/login-security/js/jquery.colorbox.1712157296.js (added)
tags/7.11.5/modules/login-security/js/jquery.colorbox.min.1710170544.js (deleted)
tags/7.11.5/modules/login-security/js/jquery.colorbox.min.1712157296.js (added)
tags/7.11.5/modules/login-security/js/jquery.qrcode.min.1710170544.js (deleted)
tags/7.11.5/modules/login-security/js/jquery.qrcode.min.1712157296.js (added)
tags/7.11.5/modules/login-security/js/jquery.tmpl.min.1710170544.js (deleted)
tags/7.11.5/modules/login-security/js/jquery.tmpl.min.1712157296.js (added)
tags/7.11.5/modules/login-security/js/login.1710170544.js (deleted)
tags/7.11.5/modules/login-security/js/login.1712157296.js (added)
tags/7.11.5/modules/login-security/wordfence-login-security.php (modified) (1 diff)
tags/7.11.5/readme.txt (modified) (2 diffs)
tags/7.11.5/vendor/wordfence/wf-waf/src/views/403-roadblock.php (modified) (1 diff)
tags/7.11.5/vendor/wordfence/wf-waf/src/views/403.php (modified) (1 diff)
tags/7.11.5/vendor/wordfence/wf-waf/src/views/503-lockout.php (modified) (1 diff)
tags/7.11.5/vendor/wordfence/wf-waf/src/views/503.php (modified) (1 diff)
tags/7.11.5/wordfence.php (modified) (2 diffs)
trunk/css/activity-report-widget.1710170544.css (deleted)
trunk/css/activity-report-widget.1712157296.css (added)
trunk/css/diff.1710170544.css (deleted)
trunk/css/diff.1712157296.css (added)
trunk/css/fullLog.1710170544.css (deleted)
trunk/css/fullLog.1712157296.css (added)
trunk/css/iptraf.1710170544.css (deleted)
trunk/css/iptraf.1712157296.css (added)
trunk/css/jquery-ui-timepicker-addon.1710170544.css (deleted)
trunk/css/jquery-ui-timepicker-addon.1712157296.css (added)
trunk/css/jquery-ui.min.1710170544.css (deleted)
trunk/css/jquery-ui.min.1712157296.css (added)
trunk/css/jquery-ui.structure.min.1710170544.css (deleted)
trunk/css/jquery-ui.structure.min.1712157296.css (added)
trunk/css/jquery-ui.theme.min.1710170544.css (deleted)
trunk/css/jquery-ui.theme.min.1712157296.css (added)
trunk/css/license/care-global.1710170544.css (deleted)
trunk/css/license/care-global.1712157296.css (added)
trunk/css/license/care.1710170544.css (deleted)
trunk/css/license/care.1712157296.css (added)
trunk/css/license/free-global.1710170544.css (deleted)
trunk/css/license/free-global.1712157296.css (added)
trunk/css/license/free.1710170544.css (deleted)
trunk/css/license/free.1712157296.css (added)
trunk/css/license/premium-global.1710170544.css (deleted)
trunk/css/license/premium-global.1712157296.css (added)
trunk/css/license/premium.1710170544.css (deleted)
trunk/css/license/premium.1712157296.css (added)
trunk/css/license/response-global.1710170544.css (deleted)
trunk/css/license/response-global.1712157296.css (added)
trunk/css/license/response-variables.1710170544.css (deleted)
trunk/css/license/response-variables.1712157296.css (added)
trunk/css/license/response.1710170544.css (deleted)
trunk/css/license/response.1712157296.css (added)
trunk/css/main.1710170544.css (deleted)
trunk/css/main.1712157296.css (added)
trunk/css/phpinfo.1710170544.css (deleted)
trunk/css/phpinfo.1712157296.css (added)
trunk/css/wf-adminbar.1710170544.css (deleted)
trunk/css/wf-adminbar.1712157296.css (added)
trunk/css/wf-colorbox.1710170544.css (deleted)
trunk/css/wf-colorbox.1712157296.css (added)
trunk/css/wf-font-awesome.1710170544.css (deleted)
trunk/css/wf-font-awesome.1712157296.css (added)
trunk/css/wf-global.1710170544.css (deleted)
trunk/css/wf-global.1712157296.css (added)
trunk/css/wf-ionicons.1710170544.css (deleted)
trunk/css/wf-ionicons.1712157296.css (added)
trunk/css/wf-onboarding.1710170544.css (deleted)
trunk/css/wf-onboarding.1712157296.css (added)
trunk/css/wf-roboto-font.1710170544.css (deleted)
trunk/css/wf-roboto-font.1712157296.css (added)
trunk/css/wfselect2.min.1710170544.css (deleted)
trunk/css/wfselect2.min.1712157296.css (added)
trunk/css/wordfenceBox.1710170544.css (deleted)
trunk/css/wordfenceBox.1712157296.css (added)
trunk/js/admin.1710170544.js (deleted)
trunk/js/admin.1712157296.js (added)
trunk/js/admin.ajaxWatcher.1710170544.js (deleted)
trunk/js/admin.ajaxWatcher.1712157296.js (added)
trunk/js/admin.liveTraffic.1710170544.js (deleted)
trunk/js/admin.liveTraffic.1712157296.js (added)
trunk/js/chart.umd.1710170544.js (deleted)
trunk/js/chart.umd.1712157296.js (added)
trunk/js/date.1710170544.js (deleted)
trunk/js/date.1712157296.js (added)
trunk/js/jquery-ui-timepicker-addon.1710170544.js (deleted)
trunk/js/jquery-ui-timepicker-addon.1712157296.js (added)
trunk/js/jquery.colorbox-min.1710170544.js (deleted)
trunk/js/jquery.colorbox-min.1712157296.js (added)
trunk/js/jquery.colorbox.1710170544.js (deleted)
trunk/js/jquery.colorbox.1712157296.js (added)
trunk/js/jquery.qrcode.min.1710170544.js (deleted)
trunk/js/jquery.qrcode.min.1712157296.js (added)
trunk/js/jquery.tmpl.min.1710170544.js (deleted)
trunk/js/jquery.tmpl.min.1712157296.js (added)
trunk/js/knockout-3.5.1.1710170544.js (deleted)
trunk/js/knockout-3.5.1.1712157296.js (added)
trunk/js/wfdashboard.1710170544.js (deleted)
trunk/js/wfdashboard.1712157296.js (added)
trunk/js/wfdropdown.1710170544.js (deleted)
trunk/js/wfdropdown.1712157296.js (added)
trunk/js/wfglobal.1710170544.js (deleted)
trunk/js/wfglobal.1712157296.js (added)
trunk/js/wfi18n.1710170544.js (deleted)
trunk/js/wfi18n.1712157296.js (added)
trunk/js/wfonboarding.1710170544.js (deleted)
trunk/js/wfonboarding.1712157296.js (added)
trunk/js/wfpopover.1710170544.js (deleted)
trunk/js/wfpopover.1712157296.js (added)
trunk/js/wfselect2.min.1710170544.js (deleted)
trunk/js/wfselect2.min.1712157296.js (added)
trunk/languages/wordfence.pot (modified) (18 diffs)
trunk/lib/Diff/SequenceMatcher.php (modified) (2 diffs)
trunk/lib/wf503.php (modified) (1 diff)
trunk/lib/wfCentralAPI.php (modified) (1 diff)
trunk/lib/wfLockedOut.php (modified) (1 diff)
trunk/models/scanner/wfScanner.php (modified) (4 diffs)
trunk/modules/login-security/classes/controller/captcha.php (modified) (1 diff)
trunk/modules/login-security/classes/controller/users.php (modified) (2 diffs)
trunk/modules/login-security/classes/controller/wordfencels.php (modified) (1 diff)
trunk/modules/login-security/css/admin-global.1710170544.css (deleted)
trunk/modules/login-security/css/admin-global.1712157296.css (added)
trunk/modules/login-security/css/admin.1710170544.css (deleted)
trunk/modules/login-security/css/admin.1712157296.css (added)
trunk/modules/login-security/css/colorbox.1710170544.css (deleted)
trunk/modules/login-security/css/colorbox.1712157296.css (added)
trunk/modules/login-security/css/embedded.1710170544.css (deleted)
trunk/modules/login-security/css/embedded.1712157296.css (added)
trunk/modules/login-security/css/font-awesome.1710170544.css (deleted)
trunk/modules/login-security/css/font-awesome.1712157296.css (added)
trunk/modules/login-security/css/ionicons.1710170544.css (deleted)
trunk/modules/login-security/css/ionicons.1712157296.css (added)
trunk/modules/login-security/css/jquery-ui.min.1710170544.css (deleted)
trunk/modules/login-security/css/jquery-ui.min.1712157296.css (added)
trunk/modules/login-security/css/jquery-ui.structure.min.1710170544.css (deleted)
trunk/modules/login-security/css/jquery-ui.structure.min.1712157296.css (added)
trunk/modules/login-security/css/jquery-ui.theme.min.1710170544.css (deleted)
trunk/modules/login-security/css/jquery-ui.theme.min.1712157296.css (added)
trunk/modules/login-security/css/login.1710170544.css (deleted)
trunk/modules/login-security/css/login.1712157296.css (added)
trunk/modules/login-security/css/woocommerce-account.1710170544.css (deleted)
trunk/modules/login-security/css/woocommerce-account.1712157296.css (added)
trunk/modules/login-security/js/admin-global.1710170544.js (deleted)
trunk/modules/login-security/js/admin-global.1712157296.js (added)
trunk/modules/login-security/js/admin.1710170544.js (deleted)
trunk/modules/login-security/js/admin.1712157296.js (added)
trunk/modules/login-security/js/chart.umd.1710170544.js (deleted)
trunk/modules/login-security/js/chart.umd.1712157296.js (added)
trunk/modules/login-security/js/jquery.colorbox.1710170544.js (deleted)
trunk/modules/login-security/js/jquery.colorbox.1712157296.js (added)
trunk/modules/login-security/js/jquery.colorbox.min.1710170544.js (deleted)
trunk/modules/login-security/js/jquery.colorbox.min.1712157296.js (added)
trunk/modules/login-security/js/jquery.qrcode.min.1710170544.js (deleted)
trunk/modules/login-security/js/jquery.qrcode.min.1712157296.js (added)
trunk/modules/login-security/js/jquery.tmpl.min.1710170544.js (deleted)
trunk/modules/login-security/js/jquery.tmpl.min.1712157296.js (added)
trunk/modules/login-security/js/login.1710170544.js (deleted)
trunk/modules/login-security/js/login.1712157296.js (added)
trunk/modules/login-security/wordfence-login-security.php (modified) (1 diff)
trunk/readme.txt (modified) (1 diff)
trunk/vendor/wordfence/wf-waf/src/views/403-roadblock.php (modified) (1 diff)
trunk/vendor/wordfence/wf-waf/src/views/403.php (modified) (1 diff)
trunk/vendor/wordfence/wf-waf/src/views/503-lockout.php (modified) (1 diff)
trunk/vendor/wordfence/wf-waf/src/views/503.php (modified) (1 diff)
trunk/wordfence.php (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

wordfence/tags/7.11.5/languages/wordfence.pot

-                      r3049240
+                      r3063884
 msgid ""
 msgstr ""
 "Project-Id-Version: Wordfence Security 7.11.4\n"
 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/wordfence-zip-0H0vQX4ZS\n"
+"Project-Id-Version: Wordfence Security 7.11.5\n"
+"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/wordfence-zip-8lMCyXlaj\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <[email protected]>\n"
 …
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "POT-Creation-Date: 2024-03-11T15:22:25+00:00\n"
+"POT-Creation-Date: 2024-04-03T15:14:56+00:00\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "X-Generator: WP-CLI 2.7.1\n"
 …
 #: lib/menu_wordfence_central.php:56
 #: lib/wf503.php:390
 #: lib/wfCentralAPI.php:905
+#: lib/wfCentralAPI.php:906
 #: lib/wfScanEngine.php:307
 #: lib/wfScanEngine.php:642
 …
 #: lib/dashboard/widget_notifications.php:64
 #: lib/menu_wordfence_central.php:65
 #: lib/wfCentralAPI.php:897
+#: lib/wfCentralAPI.php:898
 msgid "Disconnect This Site"
 msgstr ""
 …
 #: lib/menu_scanner.php:81
 #: lib/menu_scanner_options.php:135
 #: models/scanner/wfScanner.php:829
+#: models/scanner/wfScanner.php:848
 msgid "Enable Premium Scan Signatures."
 msgstr ""
 …
 #: lib/menu_tools_twoFactor.php:23
 #: models/page/wfPage.php:117
 #: modules/login-security/classes/controller/wordfencels.php:888
 #: modules/login-security/classes/controller/wordfencels.php:889
+#: modules/login-security/classes/controller/wordfencels.php:902
+#: modules/login-security/classes/controller/wordfencels.php:903
 msgid "Two-Factor Authentication"
 msgstr ""
 …
 #: lib/menu_tools_diagnostic.php:428
 #: lib/menu_tools_diagnostic.php:471
 #: modules/login-security/classes/controller/users.php:538
+#: modules/login-security/classes/controller/users.php:542
 #: modules/login-security/classes/controller/wordfencels.php:490
 #: views/diagnostics/text.php:203
 …
 #: lib/menu_tools_diagnostic.php:430
 #: lib/menu_tools_diagnostic.php:473
 #: modules/login-security/classes/controller/users.php:547
+#: modules/login-security/classes/controller/users.php:551
 #: modules/login-security/classes/controller/wordfencels.php:490
 #: views/diagnostics/text.php:205
 …
 #: lib/wf503.php:385
 #: lib/wfLockedOut.php:394
 msgid "Wordfence is a security plugin installed on over 4 million WordPress sites. The owner of this site is using Wordfence to manage access to their site."
+msgid "Wordfence is a security plugin installed on over 5 million WordPress sites. The owner of this site is using Wordfence to manage access to their site."
 msgstr ""
 …
 #: lib/wfAdminNoticeQueue.php:193
 #: lib/wfCentralAPI.php:903
+#: lib/wfCentralAPI.php:904
 #: lib/wfSupportController.php:433
 #: lib/wordfenceClass.php:6303
 …
 msgstr ""
 #: lib/wfCentralAPI.php:890
+#: lib/wfCentralAPI.php:891
 msgid "Your site is currently linked to Wordfence Central under a different site URL."
 msgstr ""
 #: lib/wfCentralAPI.php:892
+#: lib/wfCentralAPI.php:893
 msgid "This may cause duplicated scan issues if both sites are currently active and reporting and is generally caused by duplicating the database from one site to another (e.g., from a production site to staging). We recommend disconnecting this site only, which will leave the matching site still connected."
 msgstr ""
 #: lib/wfCentralAPI.php:894
+#: lib/wfCentralAPI.php:895
 msgid "If this is a single site with multiple domains or subdomains, you can dismiss this message."
 msgstr ""
 #: lib/wfCentralAPI.php:900
+#: lib/wfCentralAPI.php:901
 msgid "Disconnect All"
 msgstr ""
 …
 #: lib/wordfenceClass.php:6335
 #: modules/login-security/classes/controller/wordfencels.php:490
 #: modules/login-security/classes/controller/wordfencels.php:855
+#: modules/login-security/classes/controller/wordfencels.php:869
 #: modules/login-security/views/manage/grace-period.php:22
 msgid "Locked Out"
 …
 msgstr ""
 #: models/scanner/wfScanner.php:116
+#: models/scanner/wfScanner.php:118
 msgid "Quick"
 msgstr ""
 #: models/scanner/wfScanner.php:118
+#: models/scanner/wfScanner.php:120
 msgid "Limited"
 msgstr ""
 #: models/scanner/wfScanner.php:120
+#: models/scanner/wfScanner.php:122
 #: views/scanner/scan-type.php:32
 msgid "High Sensitivity"
 msgstr ""
 #: models/scanner/wfScanner.php:122
+#: models/scanner/wfScanner.php:124
 #: views/scanner/scan-scheduling.php:50
 msgid "Custom"
 msgstr ""
 #: models/scanner/wfScanner.php:125
+#: models/scanner/wfScanner.php:127
 msgid "Standard"
 msgstr ""
 #: models/scanner/wfScanner.php:139
+#: models/scanner/wfScanner.php:141
 msgid "Low resource utilization, limited detection capability"
 msgstr ""
 #: models/scanner/wfScanner.php:141
+#: models/scanner/wfScanner.php:143
 msgid "Standard detection capability, chance of false positives"
 msgstr ""
 #: models/scanner/wfScanner.php:143
+#: models/scanner/wfScanner.php:145
 msgid "Custom scan options selected"
 msgstr ""
 #: models/scanner/wfScanner.php:146
+#: models/scanner/wfScanner.php:148
 msgid "Standard detection capability"
 msgstr ""
 #: models/scanner/wfScanner.php:838
+#: models/scanner/wfScanner.php:857
 msgid "Enable Premium Reputation Checks."
 msgstr ""
 #: models/scanner/wfScanner.php:846
+#: models/scanner/wfScanner.php:865
 msgid "Enable %d scan option."
 msgid_plural "Enable %d scan options."
 …
 msgstr[1] ""
 #: models/scanner/wfScanner.php:888
+#: models/scanner/wfScanner.php:907
 msgid "Enable scan option to check if this website is being \"Spamvertised\"."
 msgstr ""
 #: models/scanner/wfScanner.php:889
+#: models/scanner/wfScanner.php:908
 msgid "Enable scan option to check if your website IP is generating spam."
 msgstr ""
 #: models/scanner/wfScanner.php:890
+#: models/scanner/wfScanner.php:909
 msgid "Enable scan option to check if your website is on a domain blocklist."
 msgstr ""
 #: models/scanner/wfScanner.php:994
+#: models/scanner/wfScanner.php:1013
 msgid "User defined scan pattern"
 msgstr ""
 #. translators: 1. Day of week. 2. Hour of day. 3. Localized date.
 #: models/scanner/wfScanner.php:1272
+#: models/scanner/wfScanner.php:1291
 msgid "Scheduled time for day %s hour %s is: %s"
 msgstr ""
 …
 msgstr ""
 #: modules/login-security/classes/controller/users.php:517
+#: modules/login-security/classes/controller/users.php:521
 #: modules/login-security/classes/controller/wordfencels.php:486
 msgid "2FA Status"
 msgstr ""
 #: modules/login-security/classes/controller/users.php:521
+#: modules/login-security/classes/controller/users.php:525
 msgid "Last Login"
 msgstr ""
 #: modules/login-security/classes/controller/users.php:523
+#: modules/login-security/classes/controller/users.php:527
 msgid "Last CAPTCHA"
 msgstr ""
 #: modules/login-security/classes/controller/users.php:533
+#: modules/login-security/classes/controller/users.php:537
 msgid "Not Allowed"
 msgstr ""
 #: modules/login-security/classes/controller/users.php:541
+#: modules/login-security/classes/controller/users.php:545
 msgid "Inactive<small class=\"wfls-sub-status\">(Grace Period)</small>"
 msgstr ""
 #: modules/login-security/classes/controller/users.php:544
+#: modules/login-security/classes/controller/users.php:548
 msgid "Locked Out<small class=\"wfls-sub-status\">(Grace Period Disabled)</small>"
 msgstr ""
 #: modules/login-security/classes/controller/users.php:544
+#: modules/login-security/classes/controller/users.php:548
 msgid "Locked Out<small class=\"wfls-sub-status\">(Grace Period Exceeded)</small>"
 msgstr ""
 #: modules/login-security/classes/controller/users.php:560
+#: modules/login-security/classes/controller/users.php:564
 msgid "(not required)"
 msgstr ""
 #: modules/login-security/classes/controller/users.php:654
+#: modules/login-security/classes/controller/users.php:658
 msgid "Edit two-factor authentication for %s"
 msgstr ""
 #: modules/login-security/classes/controller/users.php:654
+#: modules/login-security/classes/controller/users.php:658
 #: modules/login-security/views/settings/options.php:9
 msgid "2FA"
 msgstr ""
 #: modules/login-security/classes/controller/users.php:665
+#: modules/login-security/classes/controller/users.php:669
 #: modules/login-security/views/settings/user-stats.php:25
 msgid "2FA Active"
 msgstr ""
 #: modules/login-security/classes/controller/users.php:666
+#: modules/login-security/classes/controller/users.php:670
 #: modules/login-security/views/settings/user-stats.php:26
 msgid "2FA Inactive"
 …
 msgstr ""
+#: modules/login-security/classes/controller/wordfencels.php:671
+#: modules/login-security/classes/controller/wordfencels.php:645
+msgid "<strong>CAPTCHA EXPIRED</strong>: The CAPTCHA verification for this login attempt has expired. Please try again."
+msgstr ""
+#: modules/login-security/classes/controller/wordfencels.php:685
 msgid "Login Verification Required"
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:676
+#: modules/login-security/classes/controller/wordfencels.php:690
 msgid "<strong>VERIFICATION REQUIRED</strong>: Additional verification is required for login. If there is a valid account for the provided login credentials, please check the email address associated with it for a verification link to continue logging in."
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:692
+#: modules/login-security/classes/controller/wordfencels.php:706
 msgid "<strong>CODE INVALID</strong>: The 2FA code provided is either expired or invalid. Please try again."
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:701
+#: modules/login-security/classes/controller/wordfencels.php:715
 msgid "<strong>CODE REQUIRED</strong>: Please enter your 2FA code immediately after your password in the same field."
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:703
+#: modules/login-security/classes/controller/wordfencels.php:717
 msgid "<strong>CODE REQUIRED</strong>: Please provide your 2FA code when prompted."
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:706
+#: modules/login-security/classes/controller/wordfencels.php:720
 msgid "<strong>LOGIN BLOCKED</strong>: 2FA is required to be active on your account. Please contact the site administrator."
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:709
+#: modules/login-security/classes/controller/wordfencels.php:723
 msgid "You do not currently have two-factor authentication active on your account, which will be required beginning %s. <a href=\"%s\">Configure 2FA</a>"
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:759
+#: modules/login-security/classes/controller/wordfencels.php:773
 msgid "Email verification succeeded. Please continue logging in."
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:762
+#: modules/login-security/classes/controller/wordfencels.php:776
 msgid "Email verification invalid or expired. Please try again."
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:816
 #: modules/login-security/classes/controller/wordfencels.php:819
+#: modules/login-security/classes/controller/wordfencels.php:830
+#: modules/login-security/classes/controller/wordfencels.php:833
 msgid "Login Security"
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:847
+#: modules/login-security/classes/controller/wordfencels.php:861
 #: modules/login-security/views/settings/options.php:23
 #: modules/login-security/views/settings/user-stats.php:33
 …
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:851
+#: modules/login-security/classes/controller/wordfencels.php:865
 #: modules/login-security/views/manage/grace-period.php:22
 #: modules/login-security/views/options/option-roles.php:57
 …
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:870
+#: modules/login-security/classes/controller/wordfencels.php:884
 msgid "Users without 2FA active (%s)"
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:889
+#: modules/login-security/classes/controller/wordfencels.php:903
 msgid "Learn more<span class=\"wfls-hidden-xs\"> about Two-Factor Authentication</span>"
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:898
+#: modules/login-security/classes/controller/wordfencels.php:912
 msgid "Settings"
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:899
+#: modules/login-security/classes/controller/wordfencels.php:913
 msgid "Login Security Settings"
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:899
+#: modules/login-security/classes/controller/wordfencels.php:913
 msgid "Learn more<span class=\"wfls-hidden-xs\"> about Login Security</span>"
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:925
+#: modules/login-security/classes/controller/wordfencels.php:939
 msgid "<strong>REGISTRATION ATTEMPT BLOCKED</strong>: This site requires a security token created when the page loads for all registration attempts. Please ensure JavaScript is enabled and try again."
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:932
+#: modules/login-security/classes/controller/wordfencels.php:946
 msgid "<strong>REGISTRATION ATTEMPT BLOCKED</strong>: The security token for the login attempt was invalid or expired. Please reload the page and try again."
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:945
+#: modules/login-security/classes/controller/wordfencels.php:959
 msgid "<strong>REGISTRATION BLOCKED</strong>: The registration request was blocked because it was flagged as spam. Please try again or <a href=\"#\" class=\"wfls-registration-captcha-contact\" data-token=\"%s\">contact the site owner</a> for help."
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:948
+#: modules/login-security/classes/controller/wordfencels.php:962
 msgid "<strong>REGISTRATION BLOCKED</strong>: The registration request was blocked because it was flagged as spam. Please try again or contact the site owner for help."
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:1018
+#: modules/login-security/classes/controller/wordfencels.php:1032
 msgid "Wordfence 2FA"
 msgstr ""

wordfence/tags/7.11.5/lib/Diff/SequenceMatcher.php

-                      r2430969
+                      r3063884
         'ignoreCase' => false
     );
+    private $matchingBlocks = null;
+    private $opCodes = null;
+    private $fullBCount = null;
     /**
 …
+        }
         if(count($a) == $count($b)) {
+        if(count($a) == count($b)) {
             return 0;
+        }

wordfence/tags/7.11.5/lib/wf503.php

r2583566	r3063884
383	383	<div class="about-text">
384	384	<h3 class="h4"><?php esc_html_e('About Wordfence', 'wordfence'); ?></h3>
385		<p><?php esc_html_e('Wordfence is a security plugin installed on over 4 million WordPress sites. The owner of this site is using Wordfence to manage access to their site.', 'wordfence'); ?></p>
	385	<p><?php esc_html_e('Wordfence is a security plugin installed on over 5 million WordPress sites. The owner of this site is using Wordfence to manage access to their site.', 'wordfence'); ?></p>
386	386	<p><?php esc_html_e('You can also read the documentation to learn about Wordfence\'s blocking tools, or visit wordfence.com to learn more about Wordfence.', 'wordfence'); ?></p>
387	387	</div>

wordfence/tags/7.11.5/lib/wfCentralAPI.php

r3036535	r3063884
585	585	try {
586	586	$response = $request->execute();
	587	wfConfig::set('lastScanStageStatusUpdate', time(), wfConfig::DONT_AUTOLOAD);
587	588	return $response;
588	589	}

wordfence/tags/7.11.5/lib/wfLockedOut.php

r2583566	r3063884
392	392	<div class="about-text">
393	393	<h3 class="h4"><?php esc_html_e('About Wordfence', 'wordfence'); ?></h3>
394		<p><?php esc_html_e('Wordfence is a security plugin installed on over 4 million WordPress sites. The owner of this site is using Wordfence to manage access to their site.', 'wordfence'); ?></p>
	394	<p><?php esc_html_e('Wordfence is a security plugin installed on over 5 million WordPress sites. The owner of this site is using Wordfence to manage access to their site.', 'wordfence'); ?></p>
395	395	<p><?php esc_html_e('You can also read the documentation to learn about Wordfence\'s blocking tools, or visit wordfence.com to learn more about Wordfence.', 'wordfence'); ?></p>
396	396	</div>

wordfence/tags/7.11.5/models/scanner/wfScanner.php

-                      r3049240
+                      r3063884
     const SUMMARY_SCANNED_USERS = 'scannedUsers';
     const SUMMARY_SCANNED_URLS = 'scannedURLs';
+    const CENTRAL_STAGE_UPDATE_THRESHOLD = 5;
     private $_scanType = false;
 …
+    }
+    private function _shouldForceUpdate($stageID) {
+        if ($stageID == wfScanner::STAGE_MALWARE_SCAN) {
+            return true;
+        }
+        return false;
+    }
     /**
      * Increments the stage started counter and marks it as running if not already in that state.
 …
         $runningStatus[$stageID]['started'] += 1;
         wfConfig::set_ser('scanStageStatuses', $runningStatus, false, wfConfig::DONT_AUTOLOAD);
         if (wfCentral::isConnected()) {
+        if (wfCentral::isConnected() && ($this->_shouldForceUpdate($stageID) || (time() - wfConfig::getInt('lastScanStageStatusUpdate', 0)) > self::CENTRAL_STAGE_UPDATE_THRESHOLD)) {
             wfCentral::updateScanStatus($runningStatus);
+        }
 …
         wfConfig::set_ser('scanStageStatuses', $runningStatus, false, wfConfig::DONT_AUTOLOAD);
         if (wfCentral::isConnected()) {
+            wfCentral::updateScanStatus($runningStatus);
+            $forceSend = true; //Force sending the last stage completion update even if the timing would otherwise prevent it
+            foreach ($runningStatus as $stageID => $stage) {
+                if ($runningStatus[$stageID]['finished'] < $runningStatus[$stageID]['expected']) {
+                    $forceSend = false;
+                    break;
+                }
+            }
+            if ($forceSend || (time() - wfConfig::getInt('lastScanStageStatusUpdate', 0)) > self::CENTRAL_STAGE_UPDATE_THRESHOLD) {
+                wfCentral::updateScanStatus($runningStatus);
+            }
+        }

wordfence/tags/7.11.5/modules/login-security/classes/controller/captcha.php

-                      r3049240
+                      r3063884
                 $jsonResponse = wp_remote_retrieve_body($response);
                 $decoded = @json_decode($jsonResponse, true);
+                if (is_array($decoded) && isset($decoded['success']) && isset($decoded['score']) && isset($decoded['action'])) {
+                    if ($decoded['success'] && $decoded['action'] == $action) {
+                        return (float) $decoded['score'];
+                if (is_array($decoded) && isset($decoded['success'])) {
+                    if ($decoded['success']) {
+                        if (isset($decoded['score']) && isset($decoded['action']) && $decoded['action'] == $action) {
+                            return (float) $decoded['score'];
+                        }
+                    }
                     return false;

wordfence/tags/7.11.5/modules/login-security/classes/controller/users.php

-                      r3049240
+                      r3063884
     const META_KEY_ALLOW_GRACE_PERIOD = 'wfls-allow-grace-period';
     const META_KEY_VERIFICATION_TOKENS = 'wfls-verification-tokens';
+    const META_KEY_CAPTCHA_SCORES = 'wfls-captcha-scores';
     const VERIFICATION_TOKEN_BYTES = 64;
     const VERIFICATION_TOKEN_LIMIT = 5; //Max number of concurrent tokens
     const VERIFICATION_TOKEN_TRANSIENT_PREFIX = 'wfls_verify_';
+    const CAPTCHA_SCORE_LIMIT = 2; //Max number of captcha scores cached
+    const CAPTCHA_SCORE_TRANSIENT_PREFIX = 'wfls_captcha_';
+    const CAPTCHA_SCORE_CACHE_DURATION = 60; //seconds
     const LARGE_USER_BASE_THRESHOLD = 1000;
     const TRUNCATED_ROLE_KEY = 1;
 …
         return $userId !== null && ($user === null || $userId === $user->ID);
+    }
+    /**
+     * Returns the key used to store a captcha score transient.
+     *
+     * @param string $hash
+     * @return string
+     */
+    private function get_captcha_score_transient_key($hash) {
+        return self::CAPTCHA_SCORE_TRANSIENT_PREFIX . $hash;
+    }
+    /**
+     * Attempts to look up a stored captcha score for the given hash and user. If found, returns the score. If not,
+     * returns null.
+     *
+     * @param string $hash
+     * @param \WP_User $user
+     * @return float|false
+     */
+    private function load_captcha_score($hash, $user) {
+        $key = $this->get_captcha_score_transient_key($hash);
+        $data = get_transient($key);
+        if ($data === false) {
+            return false;
+        }
+        if (!$user->exists() || $data['user'] !== $user->ID) {
+            return false;
+        }
+        return floatval($data['score']);
+    }
+    /**
+     * Deletes the stored captcha score if present for the given hash.
+     *
+     * @param string $hash
+     */
+    private function clear_captcha_score($token, $user) {
+        $hash = $this->hash_captcha_token($token);
+        $key = $this->get_captcha_score_transient_key($hash);
+        delete_transient($key);
+        $storedHashes = get_user_meta($user->ID, self::META_KEY_CAPTCHA_SCORES, true);
+        $validHashes = array();
+        if (is_array($storedHashes)) {
+            foreach ($storedHashes as $hash) {
+                $storedScore = $this->load_captcha_score($hash, $user);
+                if ($storedScore !== false) {
+                    $validHashes[] = $hash;
+                }
+            }
+        }
+        $validHashes = array_slice($validHashes, 0, self::CAPTCHA_SCORE_LIMIT);
+        update_user_meta($user->ID, self::META_KEY_CAPTCHA_SCORES, $validHashes);
+    }
+    /**
+     * Hashes the captcha token for storage.
+     *
+     * @param string $token
+     * @return string
+     */
+    private function hash_captcha_token($token) {
+        return wp_hash($token);
+    }
+    /**
+     * Returns the cached score for the given captcha score and user if available. This action removes it from the cache
+     * since the intent is for it only to be used for the initial login request to validate credentials + the follow-up
+     * request either finalizing the login (no 2FA set) or with the 2FA token.
+     *
+     * $expired will be set to `true` if the reason for returning `false` is because the $token is recently expired. It
+     * will be false when the $token is either uncached or has been expired long enough to be removed from the internal
+     * list.
+     *
+     * @param string $token
+     * @param \WP_User $user
+     * @param bool $expired
+     * @return float|false
+     */
+    public function cached_captcha_score($token, $user, &$expired = false) {
+        $hash = $this->hash_captcha_token($token);
+        $score = $this->load_captcha_score($hash, $user);
+        if ($score === false) {
+            $storedHashes = get_user_meta($user->ID, self::META_KEY_CAPTCHA_SCORES, true);
+            if (is_array($storedHashes)) {
+                $expired = in_array($hash, $storedHashes);
+            }
+        }
+        $this->clear_captcha_score($token, $user);
+        return $score;
+    }
+    /**
+     * Caches the $token/$score pair for $user, automatically pruning its cached list to the maximum allowable count
+     *
+     * @param string $token
+     * @param float|false $score
+     * @param \WP_User $user
+     */
+    public function cache_captcha_score($token, $score, $user) {
+        if ($score === false) {
+            return;
+        }
+        $storedHashes = get_user_meta($user->ID, self::META_KEY_CAPTCHA_SCORES, true);
+        $validHashes = array();
+        if (is_array($storedHashes)) {
+            foreach ($storedHashes as $hash) {
+                $storedScore = $this->load_captcha_score($hash, $user);
+                if ($storedScore !== false) {
+                    $validHashes[] = $hash;
+                }
+            }
+        }
+        $hash = $this->hash_verification_token($token);
+        array_unshift($validHashes, $hash);
+        while (count($validHashes) > self::CAPTCHA_SCORE_LIMIT) {
+            $excessHash = array_pop($validHashes);
+            delete_transient($this->get_captcha_score_transient_key($excessHash));
+        }
+        $key = $this->get_captcha_score_transient_key($hash);
+        set_transient($key, array('user' => $user->ID, 'score' => $score), self::CAPTCHA_SCORE_CACHE_DURATION);
+        update_user_meta($user->ID, self::META_KEY_CAPTCHA_SCORES, $validHashes);
+    }
     public function get_user_count() {

wordfence/tags/7.11.5/modules/login-security/classes/controller/wordfencels.php

-                      r3049240
+                      r3063884
             $score = false;
             if ($requireCAPTCHA && !$performVerification) {
+                $score = Controller_CAPTCHA::shared()->score($token);
+                $expired = false;
+                if (is_object($user) && $user instanceof \WP_User) {
+                    $score = Controller_Users::shared()->cached_captcha_score($token, $user, $expired);
+                }
+                if ($score === false) {
+                    if ($expired) {
+                        return new \WP_Error('wfls_captcha_expired', wp_kses(__('<strong>CAPTCHA EXPIRED</strong>: The CAPTCHA verification for this login attempt has expired. Please try again.', 'wordfence'), array('strong'=>array())));
+                    }
+                    $score = Controller_CAPTCHA::shared()->score($token);
+                    if ($score !== false && is_object($user) && $user instanceof \WP_User) {
+                        Controller_Users::shared()->cache_captcha_score($token, $score, $user);
+                        Controller_Users::shared()->record_captcha_score($user, $score);
+                    }
+                }
                 if ($score === false && !Controller_CAPTCHA::shared()->test_mode()) { //An invalid token will require additional verification (if test mode is not active)
                     $performVerification = true;
+                }
-                else if (is_object($user) && $user instanceof \WP_User) {
-                    Controller_Users::shared()->record_captcha_score($user, $score);
+                }
+            }

wordfence/tags/7.11.5/modules/login-security/wordfence-login-security.php

-                      r3049240
+                      r3063884
     define('WORDFENCE_LS_FROM_CORE', ($wfCoreActive && isset($wfCoreLoading) && $wfCoreLoading));
     define('WORDFENCE_LS_VERSION', '1.1.10');
     define('WORDFENCE_LS_BUILD_NUMBER', '1710170544');
+    define('WORDFENCE_LS_VERSION', '1.1.11');
+    define('WORDFENCE_LS_BUILD_NUMBER', '1712157296');
     define('WORDFENCE_LS_PLUGIN_BASENAME', plugin_basename(__FILE__));

wordfence/tags/7.11.5/readme.txt

-                      r3056308
+                      r3063884
 Requires PHP: 5.5
 Tested up to: 6.5
 Stable tag: 7.11.4
+Stable tag: 7.11.5
 License: GPLv3
 License URI: https://www.gnu.org/licenses/gpl-3.0.html
 …
 == Changelog ==
+= 7.11.5 - April 3, 2024 =
+* Fix: Revised the behavior of the reCAPTCHA verification to use the documented expiration period of the token and response to avoid sending verification requests too frequently, which could artificially lower scores in some circumstances
+* Fix: Addressed PHP 8 deprecation notices in the file differ used by file changed scan results
+* Fix: Reduced the frequency of Wordfence Central status update callbacks in sections of the scan that occur quickly in sequence
 = 7.11.4 - March 11, 2024 =

wordfence/tags/7.11.5/vendor/wordfence/wf-waf/src/views/403-roadblock.php

r2583566	r3063884
439	439	<div class="about-text">
440	440	<h3 class="h4"><?php wfWAFI18n::esc_html_e('About Wordfence') ?></h3>
441		<p><?php wfWAFI18n::esc_html_e('Wordfence is a security plugin installed on over 4 million WordPress sites. The owner of this site is using Wordfence to manage access to their site.') ?></p>
	441	<p><?php wfWAFI18n::esc_html_e('Wordfence is a security plugin installed on over 5 million WordPress sites. The owner of this site is using Wordfence to manage access to their site.') ?></p>
442	442	<p><?php wfWAFI18n::esc_html_e('You can also read the documentation to learn about Wordfence\'s blocking tools, or visit wordfence.com to learn more about Wordfence.') ?></p>
443	443	</div>

wordfence/tags/7.11.5/vendor/wordfence/wf-waf/src/views/403.php

r2583566	r3063884
354	354	<div class="about-text">
355	355	<h3 class="h4"><?php wfWAFI18n::esc_html_e('About Wordfence') ?></h3>
356		<p><?php wfWAFI18n::esc_html_e('Wordfence is a security plugin installed on over 4 million WordPress sites. The owner of this site is using Wordfence to manage access to their site.') ?></p>
	356	<p><?php wfWAFI18n::esc_html_e('Wordfence is a security plugin installed on over 5 million WordPress sites. The owner of this site is using Wordfence to manage access to their site.') ?></p>
357	357	<p><?php wfWAFI18n::esc_html_e('You can also read the documentation to learn about Wordfence\'s blocking tools, or visit wordfence.com to learn more about Wordfence.') ?></p>
358	358	</div>

wordfence/tags/7.11.5/vendor/wordfence/wf-waf/src/views/503-lockout.php

r2583566	r3063884
381	381	<div class="about-text">
382	382	<h3 class="h4"><?php wfWAFI18n::esc_html_e('About Wordfence') ?></h3>
383		<p><?php wfWAFI18n::esc_html_e('Wordfence is a security plugin installed on over 4 million WordPress sites. The owner of this site is using Wordfence to manage access to their site.') ?></p>
	383	<p><?php wfWAFI18n::esc_html_e('Wordfence is a security plugin installed on over 5 million WordPress sites. The owner of this site is using Wordfence to manage access to their site.') ?></p>
384	384	<p><?php wfWAFI18n::esc_html_e('You can also read the documentation to learn about Wordfence\'s blocking tools, or visit wordfence.com to learn more about Wordfence.') ?></p>
385	385	</div>

wordfence/tags/7.11.5/vendor/wordfence/wf-waf/src/views/503.php

r2583566	r3063884
375	375	<div class="about-text">
376	376	<h3 class="h4"><?php wfWAFI18n::esc_html_e('About Wordfence') ?></h3>
377		<p><?php wfWAFI18n::esc_html_e('Wordfence is a security plugin installed on over 4 million WordPress sites. The owner of this site is using Wordfence to manage access to their site.') ?></p>
	377	<p><?php wfWAFI18n::esc_html_e('Wordfence is a security plugin installed on over 5 million WordPress sites. The owner of this site is using Wordfence to manage access to their site.') ?></p>
378	378	<p><?php wfWAFI18n::esc_html_e('You can also read the documentation to learn about Wordfence\'s blocking tools, or visit wordfence.com to learn more about Wordfence.') ?></p>
379	379	</div>

wordfence/tags/7.11.5/wordfence.php

-                      r3049240
+                      r3063884
 Description: Wordfence Security - Anti-virus, Firewall and Malware Scan
 Author: Wordfence
 Version: 7.11.4
+Version: 7.11.5
 Author URI: https://www.wordfence.com/
 Text Domain: wordfence
 …
     exit;
+}
 define('WORDFENCE_VERSION', '7.11.4');
 define('WORDFENCE_BUILD_NUMBER', '1710170544');
+define('WORDFENCE_VERSION', '7.11.5');
+define('WORDFENCE_BUILD_NUMBER', '1712157296');
 define('WORDFENCE_BASENAME', function_exists('plugin_basename') ? plugin_basename(__FILE__) :
     basename(dirname(__FILE__)) . '/' . basename(__FILE__));

wordfence/trunk/languages/wordfence.pot

-                      r3049240
+                      r3063884
 msgid ""
 msgstr ""
 "Project-Id-Version: Wordfence Security 7.11.4\n"
 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/wordfence-zip-0H0vQX4ZS\n"
+"Project-Id-Version: Wordfence Security 7.11.5\n"
+"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/wordfence-zip-8lMCyXlaj\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <[email protected]>\n"
 …
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "POT-Creation-Date: 2024-03-11T15:22:25+00:00\n"
+"POT-Creation-Date: 2024-04-03T15:14:56+00:00\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "X-Generator: WP-CLI 2.7.1\n"
 …
 #: lib/menu_wordfence_central.php:56
 #: lib/wf503.php:390
 #: lib/wfCentralAPI.php:905
+#: lib/wfCentralAPI.php:906
 #: lib/wfScanEngine.php:307
 #: lib/wfScanEngine.php:642
 …
 #: lib/dashboard/widget_notifications.php:64
 #: lib/menu_wordfence_central.php:65
 #: lib/wfCentralAPI.php:897
+#: lib/wfCentralAPI.php:898
 msgid "Disconnect This Site"
 msgstr ""
 …
 #: lib/menu_scanner.php:81
 #: lib/menu_scanner_options.php:135
 #: models/scanner/wfScanner.php:829
+#: models/scanner/wfScanner.php:848
 msgid "Enable Premium Scan Signatures."
 msgstr ""
 …
 #: lib/menu_tools_twoFactor.php:23
 #: models/page/wfPage.php:117
 #: modules/login-security/classes/controller/wordfencels.php:888
 #: modules/login-security/classes/controller/wordfencels.php:889
+#: modules/login-security/classes/controller/wordfencels.php:902
+#: modules/login-security/classes/controller/wordfencels.php:903
 msgid "Two-Factor Authentication"
 msgstr ""
 …
 #: lib/menu_tools_diagnostic.php:428
 #: lib/menu_tools_diagnostic.php:471
 #: modules/login-security/classes/controller/users.php:538
+#: modules/login-security/classes/controller/users.php:542
 #: modules/login-security/classes/controller/wordfencels.php:490
 #: views/diagnostics/text.php:203
 …
 #: lib/menu_tools_diagnostic.php:430
 #: lib/menu_tools_diagnostic.php:473
 #: modules/login-security/classes/controller/users.php:547
+#: modules/login-security/classes/controller/users.php:551
 #: modules/login-security/classes/controller/wordfencels.php:490
 #: views/diagnostics/text.php:205
 …
 #: lib/wf503.php:385
 #: lib/wfLockedOut.php:394
 msgid "Wordfence is a security plugin installed on over 4 million WordPress sites. The owner of this site is using Wordfence to manage access to their site."
+msgid "Wordfence is a security plugin installed on over 5 million WordPress sites. The owner of this site is using Wordfence to manage access to their site."
 msgstr ""
 …
 #: lib/wfAdminNoticeQueue.php:193
 #: lib/wfCentralAPI.php:903
+#: lib/wfCentralAPI.php:904
 #: lib/wfSupportController.php:433
 #: lib/wordfenceClass.php:6303
 …
 msgstr ""
 #: lib/wfCentralAPI.php:890
+#: lib/wfCentralAPI.php:891
 msgid "Your site is currently linked to Wordfence Central under a different site URL."
 msgstr ""
 #: lib/wfCentralAPI.php:892
+#: lib/wfCentralAPI.php:893
 msgid "This may cause duplicated scan issues if both sites are currently active and reporting and is generally caused by duplicating the database from one site to another (e.g., from a production site to staging). We recommend disconnecting this site only, which will leave the matching site still connected."
 msgstr ""
 #: lib/wfCentralAPI.php:894
+#: lib/wfCentralAPI.php:895
 msgid "If this is a single site with multiple domains or subdomains, you can dismiss this message."
 msgstr ""
 #: lib/wfCentralAPI.php:900
+#: lib/wfCentralAPI.php:901
 msgid "Disconnect All"
 msgstr ""
 …
 #: lib/wordfenceClass.php:6335
 #: modules/login-security/classes/controller/wordfencels.php:490
 #: modules/login-security/classes/controller/wordfencels.php:855
+#: modules/login-security/classes/controller/wordfencels.php:869
 #: modules/login-security/views/manage/grace-period.php:22
 msgid "Locked Out"
 …
 msgstr ""
 #: models/scanner/wfScanner.php:116
+#: models/scanner/wfScanner.php:118
 msgid "Quick"
 msgstr ""
 #: models/scanner/wfScanner.php:118
+#: models/scanner/wfScanner.php:120
 msgid "Limited"
 msgstr ""
 #: models/scanner/wfScanner.php:120
+#: models/scanner/wfScanner.php:122
 #: views/scanner/scan-type.php:32
 msgid "High Sensitivity"
 msgstr ""
 #: models/scanner/wfScanner.php:122
+#: models/scanner/wfScanner.php:124
 #: views/scanner/scan-scheduling.php:50
 msgid "Custom"
 msgstr ""
 #: models/scanner/wfScanner.php:125
+#: models/scanner/wfScanner.php:127
 msgid "Standard"
 msgstr ""
 #: models/scanner/wfScanner.php:139
+#: models/scanner/wfScanner.php:141
 msgid "Low resource utilization, limited detection capability"
 msgstr ""
 #: models/scanner/wfScanner.php:141
+#: models/scanner/wfScanner.php:143
 msgid "Standard detection capability, chance of false positives"
 msgstr ""
 #: models/scanner/wfScanner.php:143
+#: models/scanner/wfScanner.php:145
 msgid "Custom scan options selected"
 msgstr ""
 #: models/scanner/wfScanner.php:146
+#: models/scanner/wfScanner.php:148
 msgid "Standard detection capability"
 msgstr ""
 #: models/scanner/wfScanner.php:838
+#: models/scanner/wfScanner.php:857
 msgid "Enable Premium Reputation Checks."
 msgstr ""
 #: models/scanner/wfScanner.php:846
+#: models/scanner/wfScanner.php:865
 msgid "Enable %d scan option."
 msgid_plural "Enable %d scan options."
 …
 msgstr[1] ""
 #: models/scanner/wfScanner.php:888
+#: models/scanner/wfScanner.php:907
 msgid "Enable scan option to check if this website is being \"Spamvertised\"."
 msgstr ""
 #: models/scanner/wfScanner.php:889
+#: models/scanner/wfScanner.php:908
 msgid "Enable scan option to check if your website IP is generating spam."
 msgstr ""
 #: models/scanner/wfScanner.php:890
+#: models/scanner/wfScanner.php:909
 msgid "Enable scan option to check if your website is on a domain blocklist."
 msgstr ""
 #: models/scanner/wfScanner.php:994
+#: models/scanner/wfScanner.php:1013
 msgid "User defined scan pattern"
 msgstr ""
 #. translators: 1. Day of week. 2. Hour of day. 3. Localized date.
 #: models/scanner/wfScanner.php:1272
+#: models/scanner/wfScanner.php:1291
 msgid "Scheduled time for day %s hour %s is: %s"
 msgstr ""
 …
 msgstr ""
 #: modules/login-security/classes/controller/users.php:517
+#: modules/login-security/classes/controller/users.php:521
 #: modules/login-security/classes/controller/wordfencels.php:486
 msgid "2FA Status"
 msgstr ""
 #: modules/login-security/classes/controller/users.php:521
+#: modules/login-security/classes/controller/users.php:525
 msgid "Last Login"
 msgstr ""
 #: modules/login-security/classes/controller/users.php:523
+#: modules/login-security/classes/controller/users.php:527
 msgid "Last CAPTCHA"
 msgstr ""
 #: modules/login-security/classes/controller/users.php:533
+#: modules/login-security/classes/controller/users.php:537
 msgid "Not Allowed"
 msgstr ""
 #: modules/login-security/classes/controller/users.php:541
+#: modules/login-security/classes/controller/users.php:545
 msgid "Inactive<small class=\"wfls-sub-status\">(Grace Period)</small>"
 msgstr ""
 #: modules/login-security/classes/controller/users.php:544
+#: modules/login-security/classes/controller/users.php:548
 msgid "Locked Out<small class=\"wfls-sub-status\">(Grace Period Disabled)</small>"
 msgstr ""
 #: modules/login-security/classes/controller/users.php:544
+#: modules/login-security/classes/controller/users.php:548
 msgid "Locked Out<small class=\"wfls-sub-status\">(Grace Period Exceeded)</small>"
 msgstr ""
 #: modules/login-security/classes/controller/users.php:560
+#: modules/login-security/classes/controller/users.php:564
 msgid "(not required)"
 msgstr ""
 #: modules/login-security/classes/controller/users.php:654
+#: modules/login-security/classes/controller/users.php:658
 msgid "Edit two-factor authentication for %s"
 msgstr ""
 #: modules/login-security/classes/controller/users.php:654
+#: modules/login-security/classes/controller/users.php:658
 #: modules/login-security/views/settings/options.php:9
 msgid "2FA"
 msgstr ""
 #: modules/login-security/classes/controller/users.php:665
+#: modules/login-security/classes/controller/users.php:669
 #: modules/login-security/views/settings/user-stats.php:25
 msgid "2FA Active"
 msgstr ""
 #: modules/login-security/classes/controller/users.php:666
+#: modules/login-security/classes/controller/users.php:670
 #: modules/login-security/views/settings/user-stats.php:26
 msgid "2FA Inactive"
 …
 msgstr ""
+#: modules/login-security/classes/controller/wordfencels.php:671
+#: modules/login-security/classes/controller/wordfencels.php:645
+msgid "<strong>CAPTCHA EXPIRED</strong>: The CAPTCHA verification for this login attempt has expired. Please try again."
+msgstr ""
+#: modules/login-security/classes/controller/wordfencels.php:685
 msgid "Login Verification Required"
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:676
+#: modules/login-security/classes/controller/wordfencels.php:690
 msgid "<strong>VERIFICATION REQUIRED</strong>: Additional verification is required for login. If there is a valid account for the provided login credentials, please check the email address associated with it for a verification link to continue logging in."
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:692
+#: modules/login-security/classes/controller/wordfencels.php:706
 msgid "<strong>CODE INVALID</strong>: The 2FA code provided is either expired or invalid. Please try again."
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:701
+#: modules/login-security/classes/controller/wordfencels.php:715
 msgid "<strong>CODE REQUIRED</strong>: Please enter your 2FA code immediately after your password in the same field."
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:703
+#: modules/login-security/classes/controller/wordfencels.php:717
 msgid "<strong>CODE REQUIRED</strong>: Please provide your 2FA code when prompted."
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:706
+#: modules/login-security/classes/controller/wordfencels.php:720
 msgid "<strong>LOGIN BLOCKED</strong>: 2FA is required to be active on your account. Please contact the site administrator."
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:709
+#: modules/login-security/classes/controller/wordfencels.php:723
 msgid "You do not currently have two-factor authentication active on your account, which will be required beginning %s. <a href=\"%s\">Configure 2FA</a>"
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:759
+#: modules/login-security/classes/controller/wordfencels.php:773
 msgid "Email verification succeeded. Please continue logging in."
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:762
+#: modules/login-security/classes/controller/wordfencels.php:776
 msgid "Email verification invalid or expired. Please try again."
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:816
 #: modules/login-security/classes/controller/wordfencels.php:819
+#: modules/login-security/classes/controller/wordfencels.php:830
+#: modules/login-security/classes/controller/wordfencels.php:833
 msgid "Login Security"
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:847
+#: modules/login-security/classes/controller/wordfencels.php:861
 #: modules/login-security/views/settings/options.php:23
 #: modules/login-security/views/settings/user-stats.php:33
 …
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:851
+#: modules/login-security/classes/controller/wordfencels.php:865
 #: modules/login-security/views/manage/grace-period.php:22
 #: modules/login-security/views/options/option-roles.php:57
 …
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:870
+#: modules/login-security/classes/controller/wordfencels.php:884
 msgid "Users without 2FA active (%s)"
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:889
+#: modules/login-security/classes/controller/wordfencels.php:903
 msgid "Learn more<span class=\"wfls-hidden-xs\"> about Two-Factor Authentication</span>"
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:898
+#: modules/login-security/classes/controller/wordfencels.php:912
 msgid "Settings"
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:899
+#: modules/login-security/classes/controller/wordfencels.php:913
 msgid "Login Security Settings"
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:899
+#: modules/login-security/classes/controller/wordfencels.php:913
 msgid "Learn more<span class=\"wfls-hidden-xs\"> about Login Security</span>"
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:925
+#: modules/login-security/classes/controller/wordfencels.php:939
 msgid "<strong>REGISTRATION ATTEMPT BLOCKED</strong>: This site requires a security token created when the page loads for all registration attempts. Please ensure JavaScript is enabled and try again."
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:932
+#: modules/login-security/classes/controller/wordfencels.php:946
 msgid "<strong>REGISTRATION ATTEMPT BLOCKED</strong>: The security token for the login attempt was invalid or expired. Please reload the page and try again."
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:945
+#: modules/login-security/classes/controller/wordfencels.php:959
 msgid "<strong>REGISTRATION BLOCKED</strong>: The registration request was blocked because it was flagged as spam. Please try again or <a href=\"#\" class=\"wfls-registration-captcha-contact\" data-token=\"%s\">contact the site owner</a> for help."
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:948
+#: modules/login-security/classes/controller/wordfencels.php:962
 msgid "<strong>REGISTRATION BLOCKED</strong>: The registration request was blocked because it was flagged as spam. Please try again or contact the site owner for help."
 msgstr ""
 #: modules/login-security/classes/controller/wordfencels.php:1018
+#: modules/login-security/classes/controller/wordfencels.php:1032
 msgid "Wordfence 2FA"
 msgstr ""

wordfence/trunk/lib/Diff/SequenceMatcher.php

-                      r2430969
+                      r3063884
         'ignoreCase' => false
     );
+    private $matchingBlocks = null;
+    private $opCodes = null;
+    private $fullBCount = null;
     /**
 …
+        }
         if(count($a) == $count($b)) {
+        if(count($a) == count($b)) {
             return 0;
+        }

wordfence/trunk/lib/wf503.php

r2583566	r3063884
383	383	<div class="about-text">
384	384	<h3 class="h4"><?php esc_html_e('About Wordfence', 'wordfence'); ?></h3>
385		<p><?php esc_html_e('Wordfence is a security plugin installed on over 4 million WordPress sites. The owner of this site is using Wordfence to manage access to their site.', 'wordfence'); ?></p>
	385	<p><?php esc_html_e('Wordfence is a security plugin installed on over 5 million WordPress sites. The owner of this site is using Wordfence to manage access to their site.', 'wordfence'); ?></p>
386	386	<p><?php esc_html_e('You can also read the documentation to learn about Wordfence\'s blocking tools, or visit wordfence.com to learn more about Wordfence.', 'wordfence'); ?></p>
387	387	</div>

wordfence/trunk/lib/wfCentralAPI.php

r3036535	r3063884
585	585	try {
586	586	$response = $request->execute();
	587	wfConfig::set('lastScanStageStatusUpdate', time(), wfConfig::DONT_AUTOLOAD);
587	588	return $response;
588	589	}

wordfence/trunk/lib/wfLockedOut.php

r2583566	r3063884
392	392	<div class="about-text">
393	393	<h3 class="h4"><?php esc_html_e('About Wordfence', 'wordfence'); ?></h3>
394		<p><?php esc_html_e('Wordfence is a security plugin installed on over 4 million WordPress sites. The owner of this site is using Wordfence to manage access to their site.', 'wordfence'); ?></p>
	394	<p><?php esc_html_e('Wordfence is a security plugin installed on over 5 million WordPress sites. The owner of this site is using Wordfence to manage access to their site.', 'wordfence'); ?></p>
395	395	<p><?php esc_html_e('You can also read the documentation to learn about Wordfence\'s blocking tools, or visit wordfence.com to learn more about Wordfence.', 'wordfence'); ?></p>
396	396	</div>

wordfence/trunk/models/scanner/wfScanner.php

-                      r3049240
+                      r3063884
     const SUMMARY_SCANNED_USERS = 'scannedUsers';
     const SUMMARY_SCANNED_URLS = 'scannedURLs';
+    const CENTRAL_STAGE_UPDATE_THRESHOLD = 5;
     private $_scanType = false;
 …
+    }
+    private function _shouldForceUpdate($stageID) {
+        if ($stageID == wfScanner::STAGE_MALWARE_SCAN) {
+            return true;
+        }
+        return false;
+    }
     /**
      * Increments the stage started counter and marks it as running if not already in that state.
 …
         $runningStatus[$stageID]['started'] += 1;
         wfConfig::set_ser('scanStageStatuses', $runningStatus, false, wfConfig::DONT_AUTOLOAD);
         if (wfCentral::isConnected()) {
+        if (wfCentral::isConnected() && ($this->_shouldForceUpdate($stageID) || (time() - wfConfig::getInt('lastScanStageStatusUpdate', 0)) > self::CENTRAL_STAGE_UPDATE_THRESHOLD)) {
             wfCentral::updateScanStatus($runningStatus);
+        }
 …
         wfConfig::set_ser('scanStageStatuses', $runningStatus, false, wfConfig::DONT_AUTOLOAD);
         if (wfCentral::isConnected()) {
+            wfCentral::updateScanStatus($runningStatus);
+            $forceSend = true; //Force sending the last stage completion update even if the timing would otherwise prevent it
+            foreach ($runningStatus as $stageID => $stage) {
+                if ($runningStatus[$stageID]['finished'] < $runningStatus[$stageID]['expected']) {
+                    $forceSend = false;
+                    break;
+                }
+            }
+            if ($forceSend || (time() - wfConfig::getInt('lastScanStageStatusUpdate', 0)) > self::CENTRAL_STAGE_UPDATE_THRESHOLD) {
+                wfCentral::updateScanStatus($runningStatus);
+            }
+        }

wordfence/trunk/modules/login-security/classes/controller/captcha.php

-                      r3049240
+                      r3063884
                 $jsonResponse = wp_remote_retrieve_body($response);
                 $decoded = @json_decode($jsonResponse, true);
+                if (is_array($decoded) && isset($decoded['success']) && isset($decoded['score']) && isset($decoded['action'])) {
+                    if ($decoded['success'] && $decoded['action'] == $action) {
+                        return (float) $decoded['score'];
+                if (is_array($decoded) && isset($decoded['success'])) {
+                    if ($decoded['success']) {
+                        if (isset($decoded['score']) && isset($decoded['action']) && $decoded['action'] == $action) {
+                            return (float) $decoded['score'];
+                        }
+                    }
                     return false;

wordfence/trunk/modules/login-security/classes/controller/users.php

-                      r3049240
+                      r3063884
     const META_KEY_ALLOW_GRACE_PERIOD = 'wfls-allow-grace-period';
     const META_KEY_VERIFICATION_TOKENS = 'wfls-verification-tokens';
+    const META_KEY_CAPTCHA_SCORES = 'wfls-captcha-scores';
     const VERIFICATION_TOKEN_BYTES = 64;
     const VERIFICATION_TOKEN_LIMIT = 5; //Max number of concurrent tokens
     const VERIFICATION_TOKEN_TRANSIENT_PREFIX = 'wfls_verify_';
+    const CAPTCHA_SCORE_LIMIT = 2; //Max number of captcha scores cached
+    const CAPTCHA_SCORE_TRANSIENT_PREFIX = 'wfls_captcha_';
+    const CAPTCHA_SCORE_CACHE_DURATION = 60; //seconds
     const LARGE_USER_BASE_THRESHOLD = 1000;
     const TRUNCATED_ROLE_KEY = 1;
 …
         return $userId !== null && ($user === null || $userId === $user->ID);
+    }
+    /**
+     * Returns the key used to store a captcha score transient.
+     *
+     * @param string $hash
+     * @return string
+     */
+    private function get_captcha_score_transient_key($hash) {
+        return self::CAPTCHA_SCORE_TRANSIENT_PREFIX . $hash;
+    }
+    /**
+     * Attempts to look up a stored captcha score for the given hash and user. If found, returns the score. If not,
+     * returns null.
+     *
+     * @param string $hash
+     * @param \WP_User $user
+     * @return float|false
+     */
+    private function load_captcha_score($hash, $user) {
+        $key = $this->get_captcha_score_transient_key($hash);
+        $data = get_transient($key);
+        if ($data === false) {
+            return false;
+        }
+        if (!$user->exists() || $data['user'] !== $user->ID) {
+            return false;
+        }
+        return floatval($data['score']);
+    }
+    /**
+     * Deletes the stored captcha score if present for the given hash.
+     *
+     * @param string $hash
+     */
+    private function clear_captcha_score($token, $user) {
+        $hash = $this->hash_captcha_token($token);
+        $key = $this->get_captcha_score_transient_key($hash);
+        delete_transient($key);
+        $storedHashes = get_user_meta($user->ID, self::META_KEY_CAPTCHA_SCORES, true);
+        $validHashes = array();
+        if (is_array($storedHashes)) {
+            foreach ($storedHashes as $hash) {
+                $storedScore = $this->load_captcha_score($hash, $user);
+                if ($storedScore !== false) {
+                    $validHashes[] = $hash;
+                }
+            }
+        }
+        $validHashes = array_slice($validHashes, 0, self::CAPTCHA_SCORE_LIMIT);
+        update_user_meta($user->ID, self::META_KEY_CAPTCHA_SCORES, $validHashes);
+    }
+    /**
+     * Hashes the captcha token for storage.
+     *
+     * @param string $token
+     * @return string
+     */
+    private function hash_captcha_token($token) {
+        return wp_hash($token);
+    }
+    /**
+     * Returns the cached score for the given captcha score and user if available. This action removes it from the cache
+     * since the intent is for it only to be used for the initial login request to validate credentials + the follow-up
+     * request either finalizing the login (no 2FA set) or with the 2FA token.
+     *
+     * $expired will be set to `true` if the reason for returning `false` is because the $token is recently expired. It
+     * will be false when the $token is either uncached or has been expired long enough to be removed from the internal
+     * list.
+     *
+     * @param string $token
+     * @param \WP_User $user
+     * @param bool $expired
+     * @return float|false
+     */
+    public function cached_captcha_score($token, $user, &$expired = false) {
+        $hash = $this->hash_captcha_token($token);
+        $score = $this->load_captcha_score($hash, $user);
+        if ($score === false) {
+            $storedHashes = get_user_meta($user->ID, self::META_KEY_CAPTCHA_SCORES, true);
+            if (is_array($storedHashes)) {
+                $expired = in_array($hash, $storedHashes);
+            }
+        }
+        $this->clear_captcha_score($token, $user);
+        return $score;
+    }
+    /**
+     * Caches the $token/$score pair for $user, automatically pruning its cached list to the maximum allowable count
+     *
+     * @param string $token
+     * @param float|false $score
+     * @param \WP_User $user
+     */
+    public function cache_captcha_score($token, $score, $user) {
+        if ($score === false) {
+            return;
+        }
+        $storedHashes = get_user_meta($user->ID, self::META_KEY_CAPTCHA_SCORES, true);
+        $validHashes = array();
+        if (is_array($storedHashes)) {
+            foreach ($storedHashes as $hash) {
+                $storedScore = $this->load_captcha_score($hash, $user);
+                if ($storedScore !== false) {
+                    $validHashes[] = $hash;
+                }
+            }
+        }
+        $hash = $this->hash_verification_token($token);
+        array_unshift($validHashes, $hash);
+        while (count($validHashes) > self::CAPTCHA_SCORE_LIMIT) {
+            $excessHash = array_pop($validHashes);
+            delete_transient($this->get_captcha_score_transient_key($excessHash));
+        }
+        $key = $this->get_captcha_score_transient_key($hash);
+        set_transient($key, array('user' => $user->ID, 'score' => $score), self::CAPTCHA_SCORE_CACHE_DURATION);
+        update_user_meta($user->ID, self::META_KEY_CAPTCHA_SCORES, $validHashes);
+    }
     public function get_user_count() {

wordfence/trunk/modules/login-security/classes/controller/wordfencels.php

-                      r3049240
+                      r3063884
             $score = false;
             if ($requireCAPTCHA && !$performVerification) {
+                $score = Controller_CAPTCHA::shared()->score($token);
+                $expired = false;
+                if (is_object($user) && $user instanceof \WP_User) {
+                    $score = Controller_Users::shared()->cached_captcha_score($token, $user, $expired);
+                }
+                if ($score === false) {
+                    if ($expired) {
+                        return new \WP_Error('wfls_captcha_expired', wp_kses(__('<strong>CAPTCHA EXPIRED</strong>: The CAPTCHA verification for this login attempt has expired. Please try again.', 'wordfence'), array('strong'=>array())));
+                    }
+                    $score = Controller_CAPTCHA::shared()->score($token);
+                    if ($score !== false && is_object($user) && $user instanceof \WP_User) {
+                        Controller_Users::shared()->cache_captcha_score($token, $score, $user);
+                        Controller_Users::shared()->record_captcha_score($user, $score);
+                    }
+                }
                 if ($score === false && !Controller_CAPTCHA::shared()->test_mode()) { //An invalid token will require additional verification (if test mode is not active)
                     $performVerification = true;
+                }
-                else if (is_object($user) && $user instanceof \WP_User) {
-                    Controller_Users::shared()->record_captcha_score($user, $score);
+                }
+            }

wordfence/trunk/modules/login-security/wordfence-login-security.php

-                      r3049240
+                      r3063884
     define('WORDFENCE_LS_FROM_CORE', ($wfCoreActive && isset($wfCoreLoading) && $wfCoreLoading));
     define('WORDFENCE_LS_VERSION', '1.1.10');
     define('WORDFENCE_LS_BUILD_NUMBER', '1710170544');
+    define('WORDFENCE_LS_VERSION', '1.1.11');
+    define('WORDFENCE_LS_BUILD_NUMBER', '1712157296');
     define('WORDFENCE_LS_PLUGIN_BASENAME', plugin_basename(__FILE__));

wordfence/trunk/readme.txt

-                      r3056308
+                      r3063884
 == Changelog ==
+= 7.11.5 - April 3, 2024 =
+* Fix: Revised the behavior of the reCAPTCHA verification to use the documented expiration period of the token and response to avoid sending verification requests too frequently, which could artificially lower scores in some circumstances
+* Fix: Addressed PHP 8 deprecation notices in the file differ used by file changed scan results
+* Fix: Reduced the frequency of Wordfence Central status update callbacks in sections of the scan that occur quickly in sequence
 = 7.11.4 - March 11, 2024 =

wordfence/trunk/vendor/wordfence/wf-waf/src/views/403-roadblock.php

r2583566	r3063884
439	439	<div class="about-text">
440	440	<h3 class="h4"><?php wfWAFI18n::esc_html_e('About Wordfence') ?></h3>
441		<p><?php wfWAFI18n::esc_html_e('Wordfence is a security plugin installed on over 4 million WordPress sites. The owner of this site is using Wordfence to manage access to their site.') ?></p>
	441	<p><?php wfWAFI18n::esc_html_e('Wordfence is a security plugin installed on over 5 million WordPress sites. The owner of this site is using Wordfence to manage access to their site.') ?></p>
442	442	<p><?php wfWAFI18n::esc_html_e('You can also read the documentation to learn about Wordfence\'s blocking tools, or visit wordfence.com to learn more about Wordfence.') ?></p>
443	443	</div>

wordfence/trunk/vendor/wordfence/wf-waf/src/views/403.php

r2583566	r3063884
354	354	<div class="about-text">
355	355	<h3 class="h4"><?php wfWAFI18n::esc_html_e('About Wordfence') ?></h3>
356		<p><?php wfWAFI18n::esc_html_e('Wordfence is a security plugin installed on over 4 million WordPress sites. The owner of this site is using Wordfence to manage access to their site.') ?></p>
	356	<p><?php wfWAFI18n::esc_html_e('Wordfence is a security plugin installed on over 5 million WordPress sites. The owner of this site is using Wordfence to manage access to their site.') ?></p>
357	357	<p><?php wfWAFI18n::esc_html_e('You can also read the documentation to learn about Wordfence\'s blocking tools, or visit wordfence.com to learn more about Wordfence.') ?></p>
358	358	</div>

wordfence/trunk/vendor/wordfence/wf-waf/src/views/503-lockout.php

r2583566	r3063884
381	381	<div class="about-text">
382	382	<h3 class="h4"><?php wfWAFI18n::esc_html_e('About Wordfence') ?></h3>
383		<p><?php wfWAFI18n::esc_html_e('Wordfence is a security plugin installed on over 4 million WordPress sites. The owner of this site is using Wordfence to manage access to their site.') ?></p>
	383	<p><?php wfWAFI18n::esc_html_e('Wordfence is a security plugin installed on over 5 million WordPress sites. The owner of this site is using Wordfence to manage access to their site.') ?></p>
384	384	<p><?php wfWAFI18n::esc_html_e('You can also read the documentation to learn about Wordfence\'s blocking tools, or visit wordfence.com to learn more about Wordfence.') ?></p>
385	385	</div>

wordfence/trunk/vendor/wordfence/wf-waf/src/views/503.php

r2583566	r3063884
375	375	<div class="about-text">
376	376	<h3 class="h4"><?php wfWAFI18n::esc_html_e('About Wordfence') ?></h3>
377		<p><?php wfWAFI18n::esc_html_e('Wordfence is a security plugin installed on over 4 million WordPress sites. The owner of this site is using Wordfence to manage access to their site.') ?></p>
	377	<p><?php wfWAFI18n::esc_html_e('Wordfence is a security plugin installed on over 5 million WordPress sites. The owner of this site is using Wordfence to manage access to their site.') ?></p>
378	378	<p><?php wfWAFI18n::esc_html_e('You can also read the documentation to learn about Wordfence\'s blocking tools, or visit wordfence.com to learn more about Wordfence.') ?></p>
379	379	</div>

wordfence/trunk/wordfence.php

-                      r3049240
+                      r3063884
 Description: Wordfence Security - Anti-virus, Firewall and Malware Scan
 Author: Wordfence
 Version: 7.11.4
+Version: 7.11.5
 Author URI: https://www.wordfence.com/
 Text Domain: wordfence
 …
     exit;
+}
 define('WORDFENCE_VERSION', '7.11.4');
 define('WORDFENCE_BUILD_NUMBER', '1710170544');
+define('WORDFENCE_VERSION', '7.11.5');
+define('WORDFENCE_BUILD_NUMBER', '1712157296');
 define('WORDFENCE_BASENAME', function_exists('plugin_basename') ? plugin_basename(__FILE__) :
     basename(dirname(__FILE__)) . '/' . basename(__FILE__));

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory

Context Navigation

Changeset 3063884

7.11.5 - April 3, 2024

Legend:

wordfence/tags/7.11.5/languages/wordfence.pot

wordfence/tags/7.11.5/lib/Diff/SequenceMatcher.php

wordfence/tags/7.11.5/lib/wf503.php

wordfence/tags/7.11.5/lib/wfCentralAPI.php

wordfence/tags/7.11.5/lib/wfLockedOut.php

wordfence/tags/7.11.5/models/scanner/wfScanner.php

wordfence/tags/7.11.5/modules/login-security/classes/controller/captcha.php

wordfence/tags/7.11.5/modules/login-security/classes/controller/users.php

wordfence/tags/7.11.5/modules/login-security/classes/controller/wordfencels.php

wordfence/tags/7.11.5/modules/login-security/wordfence-login-security.php

wordfence/tags/7.11.5/readme.txt

wordfence/tags/7.11.5/vendor/wordfence/wf-waf/src/views/403-roadblock.php

wordfence/tags/7.11.5/vendor/wordfence/wf-waf/src/views/403.php

wordfence/tags/7.11.5/vendor/wordfence/wf-waf/src/views/503-lockout.php

wordfence/tags/7.11.5/vendor/wordfence/wf-waf/src/views/503.php

wordfence/tags/7.11.5/wordfence.php

wordfence/trunk/languages/wordfence.pot

wordfence/trunk/lib/Diff/SequenceMatcher.php

wordfence/trunk/lib/wf503.php

wordfence/trunk/lib/wfCentralAPI.php

wordfence/trunk/lib/wfLockedOut.php

wordfence/trunk/models/scanner/wfScanner.php

wordfence/trunk/modules/login-security/classes/controller/captcha.php

wordfence/trunk/modules/login-security/classes/controller/users.php

wordfence/trunk/modules/login-security/classes/controller/wordfencels.php

wordfence/trunk/modules/login-security/wordfence-login-security.php

wordfence/trunk/readme.txt

wordfence/trunk/vendor/wordfence/wf-waf/src/views/403-roadblock.php

wordfence/trunk/vendor/wordfence/wf-waf/src/views/403.php

wordfence/trunk/vendor/wordfence/wf-waf/src/views/503-lockout.php

wordfence/trunk/vendor/wordfence/wf-waf/src/views/503.php

wordfence/trunk/wordfence.php

Download in other formats: