Changeset 3430895

Timestamp:

01/02/2026 07:45:22 AM (7 weeks ago)

Author:

malcure

Message:

new release

Location:

wp-malware-removal/trunk

Files:

• readme.txt (modified) (9 diffs)
• traits/wpmr_client_js.php (modified) (5 diffs)
• traits/wpmr_stateful_scanner.php (modified) (4 diffs)
• wpmr.php (modified) (2 diffs)

wp-malware-removal/trunk/readme.txt

@@ -1 @@
-=== Malcure Malware Scanner — Precision Virus Removal and Firewall ===
+=== Malcure Malware Scanner — Precision Virus Scan and Firewall ===
 Contributors: malcure,cybermalcure
-Tags: malware scanner, antivirus, firewall, vulnerability scanner, hack repair
+Tags: malware scanner, antivirus, firewall, vulnerability scanner, security
 Requires at least: 3.7.4
 Tested up to: 6.9
 Requires PHP: 5.6
-Stable tag: 19.3
+Stable tag: 19.4
 License: MIT
 License URI: https://opensource.org/licenses/MIT
 
-Precision-engineered malware detection & WAF. Zero false positives. Trusted by experts to clean hacked sites instantly.
+High Accuracy malware scanner & WAF. Clean hacked sites easily.
 
 == Description ==
@@ -19 +19 @@
 Trusted by 10,000+ site owners and security professionals, Malcure doesn't just "scan" — it investigates. From hidden backdoors in your database to obfuscated code in your images, we find what others miss.
 
-### Powered by Malcure API: Real-Time Threat Intelligence
+= Powered by Malcure API: Real-Time Threat Intelligence =
 Hackers don't sleep, and neither do we. Malcure connects to our real-time API to fetch the latest threat definitions.
-*   **Zero-Day Alerts:** Our API analyzes new threats in real-time, ensuring the site is scanned against the latest vulnerabilities.
-*   **Smart Checksums:** We verify your core files against the official WordPress repository using our API, ensuring absolute integrity.
-*   **Lightweight:** By offloading heavy analysis to our API, we keep your server fast and responsive.
-
-### Why Malcure?
-
-*   **Precision, Not Noise:** Our advanced heuristic engine is tuned to distinguish between legitimate code and malicious payloads. No more heart attacks over false alarms.
-*   **Surgical Cleanup:** Don't nuke your site. Malcure identifies the exact infection so you can surgically remove the malicious code while keeping your website fully functional.
-*   **Performance First:** Built to be lightweight. We scan rigorously without bringing your server to its knees.
-
-### Core Features (Free Forever)
-
-*   **Deep Malware Scan:** Scans core files, themes, plugins, images, and your entire database for viruses, trojans, backdoors, and malicious redirects.
-    *   **Files:** Scans core files, themes, plugins, images, and uploads for backdoors, shells (C99, R57), and obfuscated code.
-    *   **Database:** Scans database tables for malicious injections and spam links.
-    *   **SEO Spam Detection:** Specifically checks page titles and database records for "Japanese Keyword Hack" and other SEO spam symptoms.
-    *   **Vulnerability Scanner:** Checks your installed plugins and themes against our real-time database of known security vulnerabilities.
-    *   **Intelligent Checksum Verification:** Automatically verifies your files against the official WordPress repository. If a core file has been tampered with, we know instantly.
-    *   **Uncompromising Detection:** Detects C99, R57, RootShell, Crystal Shell, Matamu, and thousands of other known and unknown variants.
-*   **Firewall (WAF) & Hardening:**
-    *   **Block Path Traversal:** Stops attackers from accessing sensitive system files.
-    *   **Block PHP Uploads:** Prevents malicious scripts from being uploaded to your site.
-    *   **Stop User Enumeration:** Blocks bots from fishing for your username.
-    *   **REST API Protection:** Prevents user data leakage via the WP REST API.
-*   **Incident Response Toolkit:**
-    *   **Nuke User Sessions:** Instantly force-logout every user on the site to kick out intruders.
-    *   **Salt Shuffler:** One-click rotation of WordPress security keys (salts) to invalidate all browser cookies.
-    *   **Comprehensive Event Logging:** Track every security event. Know exactly *when* and *how* a breach might have occurred with our 100-day event log.
-*   **Google Search Console Integration:** Connect directly to Google to fetch security warnings and blacklist status in real-time.
-*   **Real-Time API Updates:** Connects to the Malcure Cloud to detect the latest threats and vulnerabilities.
-
-### Upgrade to Advanced Edition
-
-For mission-critical websites that demand the ultimate protection and recovery tools.
-
-*   **1-Click Fixes:** Inspect, Delete or Repair infected files instantly with a single clicks.
-*   **Real-Time Definition Updates:** Stay protected against the very latest threats discovered by our security labs.
-*   **WP-CLI Integration:** Automate scans and cleanups via command line — a developer's dream.
-*   **Custom Whitelisting:** Full control to whitelist specific files or folders.
-*   **High-Priority Support:** Direct access to our security analysts.
+
+This plugin relies on the Malcure API to provide real-time threat intelligence and checksum verification.
+-   **Data Transmission:** To perform scans, the plugin sends file checksums and your site's domain to Malcure servers. No sensitive user data or file contents are transmitted unless you explicitly use the "Inspect File" feature.
+-   **Terms & Privacy:** Use of the API is subject to our [Terms of Use](https://www.malcure.com/?p=1720&utm_source=readme&utm_medium=web&utm_campaign=wpmr) and [Privacy Policy](https://malcure.com/?p=3&utm_source=readme&utm_medium=web&utm_campaign=wpmr).
+
+-   **Zero-Day Alerts:** Our API analyzes new threats in real-time, ensuring the site is scanned against the latest vulnerabilities.
+-   **Smart Checksums:** We verify your core files against the official WordPress repository using our API, ensuring absolute integrity.
+-   **Lightweight:** By offloading heavy analysis to our API, we keep your server fast and responsive.
+
+= Why Malcure? =
+
+-   **Precision, Not Noise:** Our advanced heuristic engine is tuned to distinguish between legitimate code and malicious payloads. No more heart attacks over false alarms.
+-   **Surgical Cleanup:** Don't nuke your site. Malcure identifies the exact infection so you can surgically remove the malicious code while keeping your website fully functional.
+-   **Performance First:** Built to be lightweight. We scan rigorously without bringing your server to its knees.
+
+= Who This Plugin Is For =
+
+-   **Site owners** who want clear, actionable results (what was flagged and where).
+-   **Agencies & developers** who need fast triage across multiple sites.
+-   **WooCommerce / membership / lead-gen sites** where downtime and SEO damage are expensive.
+-   **Anyone** who wants a scanner that cuts through the noise to focus on *signal*—real threats with practical remediation paths.
+
+= How It Works (Scan → Review → Clean) =
+
+1.  **Scan**
+    -   Go to **Malcure Scanner** in your WordPress admin.
+    -   Run a scan to check your files and database for malware, backdoors, suspicious code, and integrity issues.
+
+2.  **Review**
+    -   Malcure reports findings with clear locations (file paths / database records) so you can verify what changed and why it was flagged.
+    -   Use the results to decide what should be repaired, deleted, or kept (for example, legitimate custom code).
+
+3.  **Clean & Recover**
+    -   The free edition helps you identify issues and understand what needs fixing.
+    -   The Advanced Edition adds cleanup tools (Inspect / Repair / Delete for infected files) and workflow features like custom whitelisting.
+
+= Free vs Advanced (Feature Comparison) =
+
+Below is a practical feature comparison to help you choose the right edition.
+
+Feature | Free | Advanced
+------- | ---- | --------
+Deep malware scan (files + database) | Yes | Yes
+Checksum verification (WordPress core integrity) | Yes | Yes
+Vulnerability scanner | Yes | Yes
+Firewall (WAF) & hardening | Yes | Yes
+Incident response toolkit (sessions, salts, etc.) | Yes | Yes
+Event logging | Yes | Yes
+Google Search Console integration | Yes | Yes
+1‑click cleanup actions (Inspect / Repair / Delete infected files) | No | Yes
+Custom whitelisting (files/folders) | No | Yes
+WP‑CLI integration | No | Yes
+High‑priority support | No | Yes
+Real‑time definition updates | No | Yes
+
+[youtube https://www.youtube.com/watch?v=EbSbxiTOc8k]
+
+= Core Features (Free Forever) =
+
+-   **Deep Malware Scan:** Scans core files, themes, plugins, images, and your entire database for viruses, trojans, backdoors, and [malicious redirects](https://malcure.com/?p=60&utm_source=readme&utm_medium=web&utm_campaign=wpmr).
+    -   **Files:** Scans core files, themes, plugins, images, and uploads for backdoors, shells (C99, R57), and obfuscated code.
+    -   **Database:** Scans database tables for malicious injections and spam links.
+    -   **SEO Spam Detection:** Specifically checks page titles and database records for "Japanese Keyword Hack", "Pharma Hack" and other SEO spam symptoms.
+    -   **Vulnerability Scanner:** Checks your installed plugins and themes against our real-time database of known security vulnerabilities.
+    -   **Intelligent Checksum Verification:** Automatically verifies your files against the official WordPress repository. If a core file has been tampered with, we know instantly.
+    -   **Uncompromising Detection:** Detects C99, R57, RootShell, Crystal Shell, Matamu, and thousands of other known and unknown variants.
+-   **Firewall (WAF) & Hardening:**
+    -   **Block Path Traversal:** Stops attackers from accessing sensitive system files.
+    -   **Block PHP Uploads:** Prevents malicious scripts from being uploaded to your site.
+    -   **Stop User Enumeration:** Blocks bots from fishing for your username.
+    -   **REST API Protection:** Prevents user data leakage via the WP REST API.
+    -   **[Security Hardening](https://malcure.com/?p=1622&utm_source=readme&utm_medium=web&utm_campaign=wpmr):** Learn more about securing your WordPress site.
+-   **Incident Response Toolkit:**
+    -   **Nuke User Sessions:** Instantly force-logout every user on the site to kick out intruders.
+    -   **Salt Shuffler:** One-click rotation of [WordPress security keys (salts)](https://malcure.com/?p=5230&utm_source=readme&utm_medium=web&utm_campaign=wpmr) to invalidate all browser cookies.
+    -   **Comprehensive Event Logging:** Track every security event. Know exactly *when* and *how* a breach might have occurred with our 100-day event log.
+-   **Google Search Console Integration:** Connect directly to Google to fetch security warnings and blacklist status in real-time.
+-   **Real-Time API Updates:** Connects to the Malcure Cloud to detect the latest threats and vulnerabilities.
+
+= Upgrade to Advanced Edition =
+
+For mission-critical websites that demand comprehensive protection and recovery tools.
+
+-   **1-Click Fixes:** Inspect, Delete or Repair infected files instantly with a single clicks.
+-   **Real-Time Definition Updates:** Stay protected against the very latest threats discovered by our security labs.
+-   **WP-CLI Integration:** Automate scans and cleanups via command line — a developer's dream. See our [WP-CLI Cheatsheet](https://malcure.com/?p=9102&utm_source=readme&utm_medium=web&utm_campaign=wpmr).
+-   **Custom Whitelisting:** Full control to whitelist specific files or folders.
+-   **High-Priority Support:** Direct access to our security analysts.
 
 [**Get Malcure Advanced Edition**](https://malcure.com/?p=116&utm_source=readme&utm_medium=web&utm_campaign=wpmr)
 
-### What Our Users Say
-
-> "Found my issues – Brilliant Support. This plugin worked like a charm and identified a problem that other plugins had missed." — @promofinity
-
-> "Does what it says on the tin. Malcure was able to detect the Alfa webshell backdoor in my WordPress site with great precision while many others could not." — @ftanger
-
-> "Works like a charm. My website started getting infected and even after cleaning it didn’t seem to work… I did a scan with this plugin... and by 3rd scan… I was clean." — @albusaidys
-
-### Expert Malware Removal Service
+= What Our Users Say =
+
+> "Best by far, better than Wordfence and other giants... I spent hours trying to find a plugin like this... Simple and effective." — [@dalingzaf](https://wordpress.org/support/topic/best-by-far-better-than-wordfence-and-other-giants/)
+
+> "The ONLY plugin that scans files in real time. I am a web developer and have tried many malware removal plugins, including popular ones like Wordfence and Sucuri. However, none of them detected some unusual files that were actually malware causing regular attacks." — [@devzeeshanx](https://wordpress.org/support/topic/the-only-plugin-that-scans-files-in-real-time-2/)
+
+> "Accurately shows which Database table row is infected and it helps resolve the hacking attempt instantly. Saves a lot of time for the developers." — [@s3630](https://wordpress.org/support/topic/best-malware-removal-plugin-in-just-few-minutes/)
+
+> "It’s not just a “teaser”. This plugin really found the malware, and removed it. Really for free." — [@halucska](https://wordpress.org/support/topic/its-not-just-a-teaser/)
+
+= Additional Resources for Malware Removal =
+
+Follow these expert guides to remove malware, recover lost traffic, and restore your online reputation:
+
+-   [A step by step guide to remove the malware](https://malcure.com/?p=1540&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr)
+-   [Japanese Keyword Hack: How to Remove SEO Spam](https://malcure.com/?p=13946&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr)
+-   [What is the WordPress Pharma Hack & How to fix it](https://malcure.com/?p=5728&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr)
+-   [How to Fix Google Ads Disapproved for Malicious Software](https://malcure.com/?p=14143&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr)
+-   [How to Prevent WordPress SQL Injection Attacks](https://malcure.com/?p=14477&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr)
+-   [Live Malware Infection Removal & Analysis](https://malcure.com/?p=5265&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr)
+-   [How to Fix “This Site May Harm Your Computer” Warning](https://malcure.com/?p=7207&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr)
+-   [Comprehensive Guide to Removing JavaScript Redirect Malware](https://malcure.com/?p=60&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr)
+-   [How to Fix a Blank WP-Admin Page](https://malcure.com/?p=5699&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr)
+-   [Malcure WP CLI Integration & Cheatsheet](https://malcure.com/?p=9102&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr)
+-   [How to Prevent Brute Force Attacks](https://malcure.com/?p=14375&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr)
+-   [How to Change WordPress Salt Keys](https://malcure.com/?p=5230&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr)
+
+= Expert Malware Removal Service =
 
 In over your head? Our security analysts are on standby. We offer a complete **Malware Removal Service** that includes:
-*   **100% Removal Guarantee:** We guarantee to remove all malware from your website.
-*   **Same Day Service:** Fast turnaround time to get your business back online.
-*   **DeepScan™ Technology:** Scans backups, archives, images, and hidden files where malware hides.
-*   **Manual Inspection:** Our experts manually inspect critical files (htaccess, wp-config, index.php) and your database.
-*   **Blacklist Removal:** We handle the removal of your site from blacklists like Google, Norton, McAfee, etc.
-*   **Security Hardening:** We identify the root cause and patch vulnerabilities to prevent future infections.
-*   **15-Day Cover:** Security analysts available 24/7/365 to ensure your site stays clean.
+-   **100% Removal Guarantee:** We guarantee to remove all malware from your website.
+-   **Same Day Service:** Fast turnaround time to get your business back online.
+-   **DeepScan™ Technology:** Scans backups, archives, images, and hidden files where malware hides.
+-   **Manual Inspection:** Our experts manually inspect critical files (htaccess, wp-config, index.php) and your database.
+-   **Blacklist Removal:** We handle the removal of your site from blacklists like Google, Norton, McAfee, etc.
+-   **Security Hardening:** We identify the root cause and patch vulnerabilities to prevent future infections.
+-   **15-Day Cover:** Security analysts available 24/7/365 to ensure your site stays clean.
 
 [**Book Expert Malware Removal**](https://malcure.com/?p=107&utm_source=readme&utm_medium=web&utm_campaign=wpmr)
@@ -97 +164 @@
 Option 1: If you are tech-savvy, you can use this plugin, analyse the results and remove malware yourself.
 
-Option 2: You can file a service request with us. Don’t delay—malware spreads fast! Our service includes malware cleanup and blacklist removal by our security analysts. [Please click here to file a support request](https://malcure.com/?p=107&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr).
+Option 2: You can file a service request with us. Don't delay—malware spreads fast! Our service includes malware cleanup and blacklist removal by our security analysts. [Please click here to file a support request](https://malcure.com/?p=107&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr).
 
 = How to remove malware from website? =
@@ -119 +186 @@
 = What support options are available for Malcure Malware Scanner users? =
 
-Providing excellent support is extremely important to us. You can file a ticket at Malcure website and our dedicated web-security specialist will ensure that the matter is resolved to your satisfaction.
-
-= Some files are detected by Malcure Malware Scanner as "suspicious". What gives? =
-
-Malcure's SmartScan checks each file for malware. However some files aren't pure malware but may contain code that is suspicious and could do nasty things. You should carefully review and analyse them to see if they indeed do anything nasty.
-
-= I can't get Malcure Malware Scanner to work. It hangs / doesn't complete the scan / breaks for some reason. =
-
-If you think that the plugin is broken, [please report it here](https://malcure.com/?p=5677&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr).
-
-Malcure Malware Scanner (or for that matter other plugins) may break on malware affected / broken websites. [Malcure Advanced Edition](https://malcure.com/?p=116&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr) integrates with WP CLI and allows you to complete the scan from WP CLI.
-
-= My site is infected however Malcure Malware Scanner doesn't detect the infection. =
-
-Malware keeps evolving. If you come across malware that Malcure Malware Scanner is not able to identify, you may [please report it here](https://malcure.com/?p=157&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr).
+Providing excellent support is extremely important to us. You can report the issue at [Malcure forums](https://malcure.com/?p=5677&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr) and our dedicated web-security specialist will ensure that the matter is resolved to your satisfaction.
 
 = What makes Malcure Malware Scanner different from other security plugins? =
@@ -144 +197 @@
 
 Malcure Malware Scanner only runs when you want it to. At all other times it sleeps silently. The firewall triggers extremely quickly and is optimized for performance.
-
-= The scan gets stuck midway. What should I do? =
-
-In case of such an event, please file a support request with us and we'll be more than happy to troubleshoot the issue.
-
-Please visit [this page](https://malcure.com/?p=5677&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr).
-
-= I cleaned my site but it got infected again. What should I do? =
-
-Malware cleanup is a waste of time and effort unless you find the root cause behind the malware infection. How was someone able to infect your website? Have you plugged in that security hole?
-
-Please read [Why Do Websites Get Hacked](https://malcure.com/blog/security/why-do-wordpress-websites-get-hacked/).
-
-= Google Safe Browsing site status (or some other scanner) still shows my site as infected. What should I do? =
-
-First make sure you purge your site cache. Second, Google (and other scanners) cache the results for some time. You'll need to force or refresh the scan. You can also file a request with us to [get your site off any blacklists](https://www.malcure.com/?p=107&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr).
 
 = Where can I find the Malcure Terms of Use and Privacy Policy? =
@@ -174 +211 @@
 No. Malcure is designed to be lightweight and runs only when you trigger a scan or schedule one.
 
+= What data is sent to the Malcure API? =
+To perform scans, the plugin sends file checksums and your site's domain to Malcure servers. No sensitive user data or file contents are transmitted unless you explicitly use the "Inspect File" feature.
+
+= What's the difference between Free and Advanced? =
+Both editions scan files and the database, verify WordPress core integrity, and include firewall/hardening features.
+
+The Advanced Edition adds cleanup workflows (Inspect / Repair / Delete for infected files), WP-CLI integration, custom whitelisting, and high-priority support.
+
+= How should I interpret results like "infected" vs "suspicious"? =
+"Infected" generally means the scanner has high confidence the code matches malicious patterns.
+
+"Suspicious" can indicate risky/obfuscated behavior or something that warrants review (for example, heavily minified code or unusual PHP patterns). If you're unsure, use Inspect (Advanced) or [contact support](https://malcure.com/?p=157&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr).
+
+== Troubleshooting ==
+
+= Some files are detected by Malcure Malware Scanner as "suspicious". What gives? =
+
+Malcure's SmartScan checks each file for malware. However some files aren't pure malware but may contain code that is suspicious and could do nasty things. You should carefully review and analyse them to see if they indeed do anything nasty.
+
+= I can't get Malcure Malware Scanner to work. It hangs / doesn't complete the scan / breaks for some reason. =
+
+If you think that the plugin is broken, [please report it here](https://malcure.com/?p=5677&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr).
+
+Malcure Malware Scanner (or for that matter other plugins) may break on malware affected / broken websites. [Malcure Advanced Edition](https://malcure.com/?p=116&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr) integrates with WP CLI and allows you to complete the scan from WP CLI.
+
+= My site is infected however Malcure Malware Scanner doesn't detect the infection. =
+
+Malware keeps evolving. If you come across malware that Malcure Malware Scanner is not able to identify, you may [please report it here](https://malcure.com/?p=157&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr).
+
+= The scan gets stuck midway. What should I do? =
+
+In case of such an event, please file a support request with us and we'll be more than happy to troubleshoot the issue.
+
+Please visit [this page](https://malcure.com/?p=5677&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr).
+
+= I cleaned my site but it got infected again. What should I do? =
+
+Malware cleanup is a waste of time and effort unless you find the root cause behind the malware infection. How was someone able to infect your website? Have you plugged in that security hole?
+
+Please read [Why Do Websites Get Hacked](https://malcure.com/blog/security/why-do-wordpress-websites-get-hacked/?utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr).
+
+= Google Safe Browsing site status (or some other scanner) still shows my site as infected. What should I do? =
+
+First make sure you purge your site cache. Second, Google (and other scanners) cache the results for some time. You'll need to force or refresh the scan. You can also file a request with us to [get your site off any blacklists](https://www.malcure.com/?p=107&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr).
+
 = I found a suspicious file, what now? =
 If Malcure flags it, it's likely malicious. You can inspect the file content using our built-in inspector. If you're unsure, consider our [Expert Malware Removal Service](https://malcure.com/?p=107&utm_source=readme&utm_medium=web&utm_campaign=wpmr).
@@ -179 +261 @@
 == Screenshots ==
 
-1. Plugin in Action.
-2. Scan Results.
-3. Event Log.
-4. Advanced Scan Filters.
-5. File Inspector.
-6. Scan Log.
-7. Hardening Settings.
-8. Full View.
-9. Malcure in WP CLI.
-10. Malcure Scan Results in WP CLI.
+1. Start a malware scan from the Malcure Scanner dashboard.
+2. Scan results highlighting affected files and database records.
+3. Event Log showing security-relevant site activity (updates and actions).
+4. Scan filters to help narrow results by type and severity.
+5. File Inspector to review suspicious or infected files (Advanced Edition).
+6. Scan Log / activity history to track what ran and when.
+7. Hardening settings and firewall rules.
+8. Full view of scan findings for deeper investigation.
+9. Running scans via WP-CLI (Advanced Edition).
+10. Reviewing scan results via WP-CLI (Advanced Edition).
 
 == Changelog ==
+
+= 19.4 =
+* Major Bugfix: Fatal error during auto-upgrade.
+* Updated readme.
 
 = 19.3 =
@@ -211 +297 @@
 * Bugfix: Enhanced detection of suspicious empty files in core directories.
 
-= 17.9 =
-* UI: Updated to follow repository guidelines.
-
-= 17.8 =
-* UX: Updated to work with new checksum endpoint.
-
-= 17.7 =
-* Bugfix: Fixed a bug where errors during definition update wouldn't be reported.
-* Bugfix: Fixed a bug where plugin would run out of memory during definition update.
-* Others: Refactored code.
-
-= 17.6 =
-* UI: Improved installation experience.
-* UI: Improved licensing validation.
-* Bugfix: Improved timeout during certain conditions.
-
-= 17.5 =
-* UX: Added animation for operations in progress.
-Bugfix: Fixed timeout for certain operations.
-
-= 17.4 =
-* Feature: Major UI revamp.
-* Feature: Copy results button generated a well-formatted scan report.
-* Bugfix: Page hack scan would generate incorrect URL format.
-* Bugfix: Scan results would show all clear even when certain scans are skipped.
-
-= 17.3 =
-* Bugfix: Potential false negatives for certain default files.
-* Bugfix: Fixed formating in WP CLI commands.
-* Bugfix: Core files could be whitelisted in the UI without effect.
-
-= 17.2 =
-* Bugfix: File cleanup not working in advanced edition.
-
-= 17.1.2 =
-* Bugfix: Fixed error if checksums could not be fetched.
-
-= 17.1.1 =
-* Bugfix: Fixed error during activating from WP CLI.
-
-= 17.1 =
-* Security: Strongly recommend all users update to version 17.1 immediately.
-* Security: Fixes CSRF and broken access control vulnerabilities.
-
-= 16.9 =
-* Security: Critical security update. Fixes CSRF and broken access control vulnerabilities in AJAX endpoints. All users should update immediately. Credit: Darius Sveikauskas, author oversight.
-
-= 16.8 =
-* Bugfix: Admin Notice not clearing after cleanup.
-
-= 16.7 =
-* Bugfix: More accurate memory handling.
-* Bugfix: Better handling of database exclusions.
-
-= 16.6 =
-* Bugfix: Page hack test would throw an error under certain conditions.
-* Bugfix: Database scan output had an anomaly.
-* Others: Removed donation links.
-
-= 16.5 =
-* Minor: UI Update.
-* Bugfix: Added license link for easy access.
-
-= 16.4 =
-* Bugfix: Fixed database query to scan options.
-
-= 16.3 =
-* Bugfix: Fixed UI not reflecting infection when infection detected in database.
-* Bugfix: Fixed infection detected in database being missed in certain conditions.
-
-= 16.2 =
-* Bugfix: In certain conditions, suspicious files inside WP core directories would not show up on rescan.
-* Bugfux: Not all sessions of the current user were terminated.
-
-= 16.1 =
-* Feature: Add logging for theme deletion and plugin deletion.
-* Compatibility: Works with Multisite Newtwork.
-* Minor: Updated capturing URL of failed logins.
-* Minor: Better logging for checksum fetching failures.
-* Minor: Other UI updates.
-
-= 16.0 =
-* Bugfix: Scanner Page could break on large sites.
-* Minor: Other code refactoring and optimizations.
-
-= 15.9 =
-* Feature: Activation via WP CLI asks for license key so that it doesn't show in the shell history.
-* Feature: Capture IP for events automatically.
-* Bugfix: Metabox not showing sometimes.
-* Minor: Show plugin version when in WP CLI.
-* Minor: UI improvements.
-
-= 15.8 =
-* Feature: Faster Database Scans.
-* Bugfix: Fixed shuffle_salts function.
-* Bugfix: Fixed destroy_sessions function.
-* Minor: Limited event log to 10,000 entries.
-* Minor: More details for upgrade event in event log.
-* Minor: Added serial number to the event log.
-* Minor: Updated screenshots.
-
-= 15.7 =
-* Bugfix: Fixed issues with hidden meta-boxes.
-* Bugfix: Fixed styling / sorting of Event Log.
-
-= 15.6 =
-* Feature: Comprehensive Event Log.
-* Bugfix: Fixed issues with missing meta-boxes.
-
-= 15.5 =
-* Bugfix: Fixed issues with missing PHP function.
-* Bugfix: Session buttons were not working.
-* UX: Updated UX to sit better with branding.
-* UX: Better UX with license management.
-
-= 15.4 =
-* Bugfix: Some paths were not queued for scan.
-
-= 15.3 =
-* Feature: Windows / Server / IIS compatible.
-* Bugfix: Malware not reported when using WP CLI.
-* Others: Various other refactorings.
-
-= 15.2 =
-* Bugfix: Redirect Hack Test is more robust.
-* Bugfix: Scanning single file using WP CLI wasn't working.
-* Better documentation for WP CLI usage.
-
-= 15.1 =
-* Bugfix: Database scan breks on strict hosts.
-
-= 15.0 =
-* Major: Scan database using batch processing.
-* Ability to scan slow and large databases.
-* Bugfix: Attempt to validate malware patterns.
-* Bugfix: Checking site redirects throws warning under certain conditions.
-
-= 14.3 =
-* Changed default UI to dark skin.
-* Added file blacklist.
-
-= 14.2 =
-* Updated logging.
-* Made redirect scan optional.
-* Other minor UI updates.
-
-= 14.1 =
-* Updated to exclude database records of a few security plugins.
-
-= 14.0 =
-* Bugfix: Incorrect activations displayed in Malcure Advanced Edition.
-
-= 13.9 =
-* Feature: Consistent UI.
-
-= 13.8 =
-* Feature: Allow clearing logs (Advanced Edition).
-* Bugfix: Reset via WP CLI would fail.
-* Several UI Updates.
-* Several UX Updates.
-* Updated WP CLI Help / Documentation.
-
-= 13.7 =
-* Bugfix: File Inspector doesn't reset when inspecting a new file.
-* Bugfix: Unreadable files are not reported.
-* Bugfix: Infection count is not copied in Advanced Edition.
-
-= 13.6 =
-* Minor Bugfix: Some hosts deny access to certain files.
-* Minor Bugfix: Sometimes WP CLI scan times out.
-* Minor Bugfix: Consolidated file validation calls.
-* Major Update: Retired HTTP based scan via WP CLI.
-
-= 13.5.1 =
-* Minor Bugfix: Audio notifications not working by default.
-
-= 13.5 =
-* Feature: Audio notifications on scan completion.
-* Bugfix: Better locale detection.
-
-= 13.4 =
-* Minor UI Update.
-* Tweak to reduce load on API Server.
-
-= 13.3 =
-* Bugfix: Fully compatible with PHP 8.2.
-* Bugfix: Fixed timeout issues. Our server is slow and we are working to expand our infrastructure and costs.
-* Feature: Verbose details when copying results (Advanced Edition).
-
-= 13.2 =
-* Bugfix: Some ajax actions throw PHP warnings.
-
-= 13.1 =
-* Bugfix: Aggregate Scan-speed and start-time broken on second iteration.
-
-= 13.0 =
-* UX: Mouse-wheel event to update the scan speed slider.
-* UX: Updated the default scan speed to 11.
-* UX: Realistic time remaining on second iteration.
-
-= 12.9 =
-* Bugfix: File incorrectly being reported as a file inside core direrctories.
-
-= 12.8 =
-* Bugfix: Notification doesn't show correct message in some cases.
-
-= 12.7 =
-* Major UX improvements.
-* Feature: Better notification system.
-* Feature: Salt Shuffler.
-
-= 12.6 =
-* Feature: Added ability to save scan-log to a file when used with WP-CLI.
-
-= 12.5 =
-* Bugfix: Fixed formatting of copied results.
-* Bugfix: Fixed js error when trying to repair a file.
-
-= 12.4 =
-* Bugfix: Error thrown when repairing a file.
-* Bugfix: UI not reflecting the updated version of signatures.
-* Bugfix: Better file filtering when website is installed in a custom directory.
-* Bugfix: Better verbosity in WP CLI.
-* Feature: Major revamp in CLI functions.
-* Feature: Major revamp in CLI function documentation.
-
-= 12.3 =
-* Bugfix: Better support for symlinks on some web-hosts.
-* Bugfix: Minor performance optimisations.
-
-= 12.2 =
-* Bugfix: Better support for symlinks.
-* Bugfix: Results do not reset on rescan.
-
-= 12.1 =
-* Bugfix: Emergency Release. Missing function hrtime in PHP 5.6 breaks the plugin.
-
-= 12.0 =
-* Bugfix: Definition updates not available when automating with WP CLI.
-* Feature: Ability to force reset in unattended mode with WP CLI
-* Bugfix: Inconsistency with get_home_path and ABSPATH.
-* Feature: Report timings during scan.
-* Feature: Report when website is installed in a custom directory.
-* Feature: Many UX improvements.
-* Feature: Many code optimisations / refactoring, ability to traverse into softlinks.
-
-= 11.9 =
-* Bugfix: Scan failure reported as suspicious.
-* Bugfix: Core file not reported if suspicious.
-* Bugfix: Mismatching of version.php.
-* Feature: Reset plugin settings via CLI.
-* Feature: Other CLI improvements.
-
-= 11.8 =
-* Feature: Massive speed optimizations.
-* Feature: Switched to more secure hash.
-
-= 11.7 =
-* Bugfix: Invalid suspicious incident count.
-
-= 11.6 =
-* New Feature: Infection Count.
-
-= 11.5 =
-* Bugfix: User not alerted by out of date definitions under certain conditions.
-
-= 11.4 =
-* Bugfix: User not alerted by out of date definitions.
-
-= 11.3 =
-* Better UX with CLI.
-* Output detailed setup information during scan via CLI.
-* Output customer info on license page.
-
-= 11.2 =
-* Bugfix: Definition Update Available notice doesn't get removed after updating definitions.
-* Bugfix: Incorrect reflection of meta_id as post_id in database scan results.
-
-= 11.1 =
-* Enhancement: Report max_execution_time, memory_limit and memory_usage on WP CLI.
-* UX: User-sessions-list takes up huge amount of vertical space on multi-user sites. Shifted it down.
-
-= 11.0 =
-* Bugfix: Visibly display message if site is experience an HTTP error.
-
-= 10.9 =
-* Bugfix: CLI scan dies after the default apache timeout on mod_php.
-* Bugfix: Prioritised core files.
-
-= 10.8 =
-* Bugfix: CLI scan dies after the default apache timeout on mod_php.
-* Bugfix: Fixed an error if PHP DOM extension php-xml is missing.
-
-= 10.7 =
-* Feature: Skin changer to configure UI for long working hours.
-
-= 10.6 =
-* Bugfix: Scan fails to initialize on large databases or huge number of files.
-* Bugfix: CLI fails to clear infection status.
-* Feature: Several other UI updates.
-* Others: Code refactoring.
-
-= 10.5 =
-* Feature: UI updates.
-* Feature: Disabled skipping binary files.
-* Bugfix: Several minor bugfixes.
-
-= 10.4 =
-* Feature: Major UI overhaul.
-* Feature: Added DeepScan™ & SpeedScan.
-* Bugfix: Warning thrown when optimising checksums.
-* Bugfix: Fixed the Copy button copying invalid file format to clipboard.
-* Bugfix: Several scan optimisations.
-
-= 10.3 =
-* Bugfix: Prevent third-party metaboxes from polluting the UI.
-
-= 10.2 =
-* Major Bugfix: Prevent engine stats error / delays from hanging the UI.
-
-= 10.1 =
-* Feature: WP-CLI progressbar shows the file being scanned.
-* Bugfix: WP-CLI colors remain affected if infection is detected.
-* Bugfix: De-duplication of scan when batch size is 1.
-
-= 10.0 =
-* Bugfix: Advanced version throws error when running via WP-CLI
-
-= 9.9 =
-* Bugfix: Cannot activate license from commandline.
-* Bugfix: WP CLI scan timesout in certain conditions.
-* Bugfix: WP CLI scan throws fatal error in certain conditions.
-* Several UI fixes.
-
-= 9.8 =
-* Bugfix: Logs generating PHP warnings.
-
-= 9.7 =
-* Added error control operator to suppress errors if allow_url_fopen is not available.
-
-= 9.6 =
-* Updated readme documentation.
-
-= 9.5 =
-* Minor UI Fixes
-
-= 9.4 =
-* Improvement: License activation shouldn't accept empty key.
-
-= 9.3 =
-* Recommit due to previous commit failure..
-* Branding update.
-* Bugfix: Definition-auto-update broken on WP CLI.
-
-= 9.2 =
-* Branding update.
-* Bugfix: Definition-auto-update broken on WP CLI.
-
-= 9.1 =
-* UI bugfixes.
-
-= 9.0 =
-* Minor bugfixes.
-* Added support button to report plugin issues.
-
-= 8.9 =
-* Minor bugfixes.
-
-= 8.8 =
-* Bugfix: Regression slowing down the scan.
-
-= 8.7 =
-* Option to disable automatic-definition updates.
-* Theme checksums from the API.
-
-= 8.6 =
-* Bugfix: Suspicious files not reported sometimes.
-* Updated first-run experience.
-
-= 8.5 =
-* Minor UI Updates.
-
-= 8.4 =
-* Major Bugfix: severe infections were missed sometimes.
-* Bugfix: Report accurate definition count.
-
-= 8.3 =
-* Several minor bugfixes, optimizations and code refactoring.
-
-= 8.2 =
-* Bugfix: Files in root are ignored sometimes.
-* Bugfix: Scan Only Dir not working.
-
-= 8.1 =
-* Feature: Check rougue redirects
-
-= 8.0 =
-* Added automation routines.
-
-= 7.9 =
-* Fixed a bug with capabilities.
-
-= 7.8 =
-* Added timestamp label on clean-scan notice.
-
-= 7.7 =
-* Bugfix: Manually entered search strings are not found (Advanced Version only).
-
-= 7.6 =
-* Bugfix: Fallback to default locale checksums in case checksums are not available.
-
-= 7.5 =
-* UI updates.
-* Better message for clean site status.
-
-= 7.4 =
-* Bugfix: Updated textdomain as per specs "The text domain must match the slug of the plugin".
-
-= 7.3 =
-* Added verbose license status.
-
-= 7.2 =
-* Whitelist module update.
-* Fixed missing asset throwing 404.
-
-= 7.1 =
-* UI improvements plus CSS refactorings.
-
-= 7.0 =
-* UI, Dashboard and branding updates.
-
-= 6.9 =
-* Clean, repair, whitelist, unwhitelist files.
-* Major UI improvements.
-* Real-time display of the file being scanned.
-* Updated styles to match system / browser dark-mode.
-* Major feature launch for Malcure Advanced Edition.
-
-= 6.8 =
-* Bugfix: License is not deactivated on plugin deactivation.
-* Better cleanup on uninstall / deactivation.
-* Better UI indicators for features available only in Advanced Edition.
-* Tested and removed broken functions from CLI which only have full integration in Advanced Edition.
-
-= 6.7 =
-* Fixed a warning on WP CLI.
-* Updated compatibility with version 5.4.1.
-* Admin notice experience update.
-
-= 6.6 =
-* Several performance improvements and minor bugfixes.
-
-= 6.5 =
-* Tweaked checksum validity.
-* Fixed compatibility error with wp_timezone_string on old WP installs.
-
-= 6.4 =
-* Scan-speed optimizations.
-
-= 6.3 =
-* Reuploaded due to svn issue.
-
-= 6.2 =
-* Show user role in user sessions.
-
-= 6.1 =
-* Bugfix: File repair operations throw error in error log if the operation fails.
-* Update: List malware definition / signature version visibly on the CLI as well as web-UI.
-* Several other minor updates.
-
-= 6.0 =
-* Bugfix: Show relevant notices only to relevant user-levels.
-* Bugfix: Signup prompt breaks because of $ instead of jQuery.
-* Bugfix: Title scan doesn't give reliable results.
-
-= 5.9 =
-* Fixes to time format in logs.
-* Bugfix: Dashboard widget shows for all user-roles.
-* Alternative async scan in WP CLI mode.
-
-= 5.8 =
-* Better handling of cleaned up files in scan logs.
-* Multiple UI updates to "Logs" view.
-* Bugfix: Scan status doesn't clear on clean scan.
-
-= 5.7 =
-* Feature: File clean up operations.
-* Better visibility of support options.
-
-= 5.6 =
-* Disabled paranoid mode by default.
-* Scan comments for malware-spam.
-
-= 5.5 =
-* Optimised scan for filesize.
-* Added signature reporting in WP CLI.
-* Minor bugfix in database scan.
-
-= 5.4 =
-* Bugfix: Typo in variable name.
-
-= 5.3 =
-* Feature: Malware scan logs for last 30 days.
-* Implemented help section.
-* Included links to T&C and privacy policy.
-* Better first-run experience.
-* Optimized memory usage.
-
-= 5.2 =
-* Linked results to infection details.
-* Implemented notice before navigating away from results.
-
-= 5.1 =
-* Bugfix: Scan breaks if path has non-Latin1 characters.
-* Bugfix: Force a premium checksum update on license activation.
-* Bugfix: File name and path doesn't change in file inspector.
-
-= 5.0 =
-* Bugfix: Definition check times-out.
-* UI updates.
-
-= 4.9 =
-* Fixed a bug that would break results in case of invalid response.
-
-= 4.8 =
-* Added infection details.
-* Optimized performance.
-
-= 4.7 =
-* UX Revamp from the ground up.
-
-= 4.6 =
-* Bugfix: File scan results wouldn't show up sometimes.
-
-= 4.5 =
-* Fixed: Scroll to results wouldn't work when infnection is detected.
-* Updated default no. of files per batch for faster scans.
-
-= 4.4 =
-* Bugfix: Definition update won't trigger sometimes.
-* Bugfix: Result actionable wouldn't trigger sometimes.
-* Bugfix: Plugin throws php warnings due to typo in function definition.
-
-= 4.3 =
-* Updated firewall settings.
-* Ability to reset plugin data.
-* Compatibility with version 5.3.
-
 == Upgrade Notice ==
+
+= 19.4 =
+* Major Bugfix: Fatal error during auto-upgrade.
+* Updated readme.
 
 = 19.3 =
@@ -779 +321 @@
 = 19.0 =
 * Bugfix: Enhanced detection of suspicious empty files in core directories.
-
-= 17.9 =
-* UI: Updated to follow repository guidelines.
-
-= 17.8 =
-* UX: Updated to work with new checksum endpoint.
-
-= 17.7 =
-* Bugfix: Fixed a bug where errors during definition update wouldn't be reported.
-* Bugfix: Fixed a bug where plugin would run out of memory during definition update.
-* Others: Refactored code.
-
-= 17.6 =
-* UI: Improved installation experience.
-* UI: Improved licensing validation.
-* Bugfix: Improved timeout during certain conditions.
-
-= 17.5 =
-* UX: Added animation for operations in progress.
-* Bugfix: Fixed timeout for certain operations.
-
-= 17.4 =
-* Feature: Major UI revamp.
-* Feature: Copy results button generated a well-formatted scan report.
-* Bugfix: Page hack scan would generate incorrect URL format.
-* Bugfix: Scan results would show all clear even when certain scans are skipped.
-
-= 17.3 =
-* Bugfix: Potential false negatives for certain default files.
-* Bugfix: Fixed formating in WP CLI commands.
-* Bugfix: Core files could be whitelisted in the UI without effect.
-
-= 17.2 =
-* Bugfix: File cleanup not working in advanced edition.
-
-= 17.1.2 =
-* Bugfix: Fixed error if checksums could not be fetched.
-
-= 17.1.1 =
-* Bugfix: Fixed error during activating from WP CLI.
-
-= 17.1 =
-* Security: Strongly recommend all users update to version 17.1 immediately.
-* Security: Fixes CSRF and broken access control vulnerabilities.
-
-= 16.9 =
-* Security: Critical security update. Fixes CSRF and broken access control vulnerabilities in AJAX endpoints. All users should update immediately. Credit: Darius Sveikauskas, author oversight.
-
-= 16.8 =
-* Bugfix: Admin Notice not clearing after cleanup.
-
-= 16.7 =
-* Bugfix: More accurate memory handling.
-* Bugfix: Better handling of database exclusions.
-
-= 16.6 =
-* Bugfix: Page hack test would throw an error under certain conditions.
-* Bugfix: Database scan output had an anomaly.
-* Others: Removed donation links.
-
-= 16.5 =
-* Minor: UI Update.
-* Bugfix: Added license link for easy access.
-
-= 16.4 =
-* Bugfix: Fixed database query to scan options.
-
-= 16.3 =
-* Bugfix: Fixed UI not reflecting infection when infection detected in database.
-* Bugfix: Fixed infection detected in database being missed in certain conditions.
-
-= 16.2 =
-* Bugfix: In certain conditions, suspicious files inside WP core directories would not show up on rescan.
-* Bugfux: Not all sessions of the current user were terminated.
-
-= 16.1 =
-* Feature: Add logging for theme deletion and plugin deletion.
-* Compatibility: Works with Multisite Newtwork.
-* Minor: Updated capturing URL of failed logins.
-* Minor: Better logging for checksum fetching failures.
-* Minor: Other UI updates.
-
-= 16.0 =
-* Bugfix: Scanner Page could break on large sites.
-* Minor: Other code refactoring and optimizations.
-
-= 15.9 =
-* Feature: Activation via WP CLI asks for license key so that it doesn't show in the shell history.
-* Feature: Capture IP for events automatically.
-* Bugfix: Metabox not showing sometimes.
-* Minor: Show plugin version when in WP CLI.
-* Minor: UI improvements.
-
-= 15.8 =
-* Feature: Faster Database Scans.
-* Bugfix: Fixed shuffle_salts function.
-* Bugfix: Fixed destroy_sessions function.
-* Minor: Limited event log to 10,000 entries.
-* Minor: More details for upgrade event in event log.
-* Minor: Added serial number to the event log.
-* Minor: Updated screenshots.
-
-= 15.7 =
-* Bugfix: Fixed issues with hidden meta-boxes.
-* Bugfix: Fixed styling / sorting of Event Log.
-
-= 15.6 =
-* Feature: Comprehensive Event Log.
-* Bugfix: Fixed issues with missing meta-boxes.
-
-= 15.5 =
-* Bugfix: Fixed issues with missing PHP function.
-* Bugfix: Session buttons were not working.
-* UX: Updated UX to sit better with branding.
-* UX: Better UX with license management.
-
-= 15.4 =
-* Bugfix: Some paths were not queued for scan.
-
-= 15.3 =
-* Feature: Windows / Server / IIS compatible.
-* Bugfix: Malware not reported when using WP CLI.
-* Others: Various other refactorings.
-
-= 15.2 =
-* Bugfix: Redirect Hack Test is more robust.
-* Bugfix: Scanning single file using WP CLI wasn't working.
-* Better documentation for WP CLI usage.
-
-= 15.1 =
-* Bugfix: Database scan breks on strict hosts.
-
-= 15.0 =
-* Major: Scan database using batch processing.
-* Ability to scan slow and large databases.
-* Bugfix: Attempt to validate malware patterns.
-* Bugfix: Checking site redirects throws warning under certain conditions.
-
-= 14.3 =
-* Changed default UI to dark skin.
-* Added file blacklist.
-
-= 14.2 =
-* Updated logging.
-* Made redirect scan optional.
-* Other minor UI updates.
-
-= 14.1 =
-* Updated to exclude database records of a few security plugins.
-
-= 14.0 =
-* Bugfix: Incorrect activations displayed in Malcure Advanced Edition.
-
-= 13.9 =
-* Feature: Consistent UI.
-
-= 13.8 =
-* Feature: Allow clearing logs (Advanced Edition).
-* Bugfix: Reset via WP CLI would fail.
-* Several UI Updates.
-* Several UX Updates.
-* Updated WP CLI Help / Documentation.
-
-= 13.7 =
-* Bugfix: File Inspector doesn't reset when inspecting a new file.
-* Bugfix: Unreadable files are not reported.
-* Bugfix: Infection count is not copied in Advanced Edition.
-
-= 13.6 =
-* Minor Bugfix: Some hosts deny access to certain files.
-* Minor Bugfix: Sometimes WP CLI scan times out.
-* Minor Bugfix: Consolidated file validation calls.
-* Major Update: Retired HTTP based scan via WP CLI.
-
-= 13.5.1 =
-* Minor Bugfix: Audio notifications not working by default.
-
-= 13.5 =
-* Feature: Audio notifications on scan completion.
-* Bugfix: Better locale detection.
-
-= 13.4 =
-* Minor UI Update.
-* Tweak to reduce load on API Server.
-
-= 13.3 =
-* Bugfix: Fully compatible with PHP 8.2.
-* Bugfix: Fixed timeout issues. Our server is slow and we are working to expand our infrastructure and costs.
-* Feature: Verbose details when copying results (Advanced Edition).
-
-= 13.2 =
-* Bugfix: Some ajax actions throw PHP warnings.
-
-= 13.1 =
-* Bugfix: Aggregate Scan-speed and start-time broken on second iteration.
-
-= 13.0 =
-* UX: Mouse-wheel event to update the scan speed slider.
-* UX: Updated the default scan speed to 11.
-* UX: Realistic time remaining on second iteration.
-
-= 12.9 =
-* Bugfix: File incorrectly being reported as a file inside core direrctories.
-
-= 12.8 =
-* Bugfix: Notification doesn't show correct message in some cases.
-
-= 12.7 =
-* Major UX improvements.
-* Feature: Better notification system.
-* Feature: Salt Shuffler.
-
-= 12.6 =
-* Feature: Added ability to save scan-log to a file when used with WP-CLI.
-
-= 12.5 =
-* Bugfix: Fixed formatting of copied results.
-* Bugfix: Fixed js error when trying to repair a file.
-
-= 12.4 =
-* Bugfix: Error thrown when repairing a file.
-* Bugfix: UI not reflecting the updated version of signatures.
-* Bugfix: Better file filtering when website is installed in a custom directory.
-* Bugfix: Better verbosity in WP CLI.
-* Feature: Major revamp in CLI functions.
-* Feature: Major revamp in CLI function documentation.
-
-= 12.3 =
-* Bugfix: Better support for symlinks on some web-hosts.
-* Bugfix: Minor performance optimisations.
-
-= 12.2 =
-* Bugfix: Better support for symlinks.
-* Bugfix: Results do not reset on rescan.
-
-= 12.1 =
-* Bugfix: Emergency Release. Missing function hrtime in PHP 5.6 breaks the plugin.
-
-= 12.0 =
-* Bugfix: Definition updates not available when automating with WP CLI.
-* Feature: Ability to force reset in unattended mode with WP CLI
-* Bugfix: Inconsistency with get_home_path and ABSPATH.
-* Feature: Report timings during scan.
-* Feature: Report when website is installed in a custom directory.
-* Feature: Many UX improvements.
-* Feature: Many code optimisations / refactoring, ability to traverse into softlinks.
-
-= 11.9 =
-* Bugfix: Scan failure reported as suspicious.
-* Bugfix: Core file not reported if suspicious.
-* Bugfix: Mismatching of version.php.
-* Feature: Reset plugin settings via CLI.
-* Feature: Other CLI improvements.
-
-= 11.8 =
-* Feature: Massive speed optimizations.
-* Feature: Switched to more secure hash.
-
-= 11.7 =
-* Bugfix: Invalid suspicious incident count.
-
-= 11.6 =
-* New Feature: Infection Count.
-
-= 11.5 =
-* Bugfix: User not alerted by out of date definitions under certain conditions.
-
-= 11.4 =
-* Bugfix: User not alerted by out of date definitions.
-
-= 11.3 =
-* Better UX with CLI.
-* Output detailed setup information during scan via CLI.
-* Output customer info on license page.
-
-= 11.2 =
-* Bugfix: Definition Update Available notice doesn't get removed after updating definitions.
-* Bugfix: Incorrect reflection of meta_id as post_id in database scan results.
-
-= 11.1 =
-* Enhancement: Report max_execution_time, memory_limit and memory_usage on WP CLI.
-* UX: User-sessions-list takes up huge amount of vertical space on multi-user sites. Shifted it down.
-
-= 11.0 =
-* Bugfix: Visibly display message if site is experience an HTTP error.
-
-= 10.9 =
-* Bugfix: CLI scan dies after the default apache timeout on mod_php.
-* Bugfix: Prioritised core files.
-
-= 10.8 =
-* Bugfix: CLI scan dies after the default apache timeout on mod_php.
-* Bugfix: Fixed an error if PHP DOM extension php-xml is missing.
-
-= 10.7 =
-* Feature: Skin changer to configure UI for long working hours.
-
-= 10.6 =
-* Bugfix: Scan fails to initialize on large databases or huge number of files.
-* Bugfix: CLI fails to clear infection status.
-* Feature: Several other UI updates.
-* Others: Code refactoring.
-
-= 10.5 =
-* Feature: UI updates.
-* Feature: Disabled skipping binary files.
-* Bugfix: Several minor bugfixes.
-
-= 10.4 =
-* Feature: Major UI overhaul.
-* Feature: Added DeepScan™ & SpeedScan.
-* Bugfix: Warning thrown when optimising checksums.
-* Bugfix: Fixed the Copy button copying invalid file format to clipboard.
-* Bugfix: Several scan optimisations.
-
-= 10.3 =
-* Bugfix: Prevent third-party metaboxes from polluting the UI.
-
-= 10.2 =
-* Major Bugfix: Prevent engine stats error / delays from hanging the UI.
-
-= 10.1 =
-* Feature: WP-CLI progressbar shows the file being scanned.
-* Bugfix: WP-CLI colors remain affected if infection is detected.
-* Bugfix: De-duplication of scan when batch size is 1.
-
-= 10.0 =
-* Bugfix: Advanced version throws error when running via WP-CLI
-
-= 9.9 =
-* Bugfix: Cannot activate license from commandline.
-* Bugfix: WP CLI scan timesout in certain conditions.
-* Bugfix: WP CLI scan throws fatal error in certain conditions.
-* Several UI fixes.
-
-= 9.8 =
-* Bugfix: Logs generating PHP warnings.
-
-= 9.7 =
-* Added error control operator to suppress errors if allow_url_fopen is not available.
-
-= 9.6 =
-* Updated readme documentation.
-
-= 9.5 =
-* Minor UI Fixes
-
-= 9.4 =
-* Improvement: License activation shouldn't accept empty key.
-
-= 9.3 =
-* Recommit due to previous commit failure..
-* Branding update.
-* Bugfix: Definition-auto-update broken on WP CLI.
-
-= 9.2 =
-* Branding update.
-* Bugfix: Definition-auto-update broken on WP CLI.
-
-= 9.1 =
-* UI bugfixes.
-
-= 9.0 =
-* Minor bugfixes.
-* Added support button to report plugin issues.
-
-= 8.9 =
-* Minor bugfixes.
-
-= 8.8 =
-* Bugfix: Regression slowing down the scan.
-
-= 8.7 =
-* Option to disable automatic-definition updates.
-* Theme checksums from the API.
-
-= 8.6 =
-* Bugfix: Suspicious files not reported sometimes.
-* Updated first-run experience.
-
-= 8.5 =
-* Minor UI Updates.
-
-= 8.4 =
-* Major Bugfix: severe infections were missed sometimes.
-* Bugfix: Report accurate definition count.
-
-= 8.3 =
-* Several minor bugfixes, optimizations and code refactoring.
-
-= 8.2 =
-* Bugfix: Files in root are ignored sometimes.
-* Bugfix: Scan Only Dir not working.
-
-= 8.1 =
-* Feature: Check rougue redirects
-
-= 8.0 =
-* Added automation routines.
-
-= 7.9 =
-* Fixed a bug with capabilities.
-
-= 7.8 =
-* Added timestamp label on clean-scan notice.
-
-= 7.7 =
-* Bugfix: Manually entered search strings are not found (Advanced Version only).
-
-= 7.6 =
-* Bugfix: Fallback to default locale checksums in case checksums are not available.
-
-= 7.5 =
-* UI updates.
-* Better message for clean site status.
-
-= 7.4 =
-* Bugfix: Updated textdomain as per specs "The text domain must match the slug of the plugin".
-
-= 7.3 =
-* Added verbose license status.
-
-= 7.2 =
-* Whitelist module update.
-* Fixed missing asset throwing 404.
-
-= 7.1 =
-* UI improvements plus CSS refactorings.
-
-= 7.0 =
-* UI, Dashboard and branding updates.
-
-= 6.9 =
-* Clean, repair, whitelist, unwhitelist files.
-* Major UI improvements.
-* Real-time display of the file being scanned.
-* Updated styles to match system / browser dark-mode.
-* Major feature launch for Malcure Advanced Edition.
-
-= 6.8 =
-* Bugfix: License is not deactivated on plugin deactivation.
-* Better cleanup on uninstall / deactivation.
-* Better UI indicators for features available only in Advanced Edition.
-* Tested and removed broken functions from CLI which only have full integration in Advanced Edition.
-
-= 6.7 =
-* Fixed a warning on WP CLI.
-* Updated compatibility with version 5.4.1.
-* Admin notice experience update.
-
-= 6.6 =
-* Several performance improvements and minor bugfixes.
-
-= 6.5 =
-* Tweaked checksum validity.
-* Fixed compatibility error with wp_timezone_string on old WP installs.
-
-= 6.4 =
-* Scan-speed optimizations.
-
-= 6.3 =
-* Reuploaded due to svn issue.
-
-= 6.2 =
-* Show user role in user sessions.
-
-= 6.1 =
-* Bugfix: File repair operations throw error in error log if the operation fails.
-* Update: List malware definition / signature version visibly on the CLI as well as web-UI.
-* Several other minor updates.
-
-= 6.0 =
-* Bugfix: Show relevant notices only to relevant user-levels.
-* Bugfix: Signup prompt breaks because of $ instead of jQuery.
-* Bugfix: Title scan doesn't give reliable results.
-
-= 5.9 =
-* Fixes to time format in logs.
-* Bugfix: Dashboard widget shows for all user-roles.
-* Alternative async scan in WP CLI mode.
-
-= 5.8 =
-* Better handling of cleaned up files in scan logs.
-* Multiple UI updates to "Logs" view.
-* Bugfix: Scan status doesn't clear on clean scan.
-
-= 5.7 =
-* Feature: File clean up operations.
-* Better visibility of support options.
-
-= 5.6 =
-* Disabled paranoid mode by default.
-* Scan comments for malware-spam.
-
-= 5.5 =
-* Optimised scan for filesize.
-* Added signature reporting in WP CLI.
-* Minor bugfix in database scan.
-
-= 5.4 =
-* Bugfix: Typo in variable name.
-
-= 5.3 =
-* Feature: Malware scan logs for last 30 days.
-* Implemented help section.
-* Included links to T&C and privacy policy.
-* Better first-run experience.
-* Optimized memory usage.
-
-= 5.2 =
-* Linked results to infection details.
-* Implemented notice before navigating away from results.
-
-= 5.1 =
-* Bugfix: Scan breaks if path has non-Latin1 characters.
-* Bugfix: Force a premium checksum update on license activation.
-* Bugfix: File name and path doesn't change in file inspector.
-
-= 5.0 =
-* Bugfix: Definition check times-out.
-* UI updates.
-
-= 4.9 =
-* Fixed a bug that would break results in case of invalid response.
-
-= 4.8 =
-* Added infection details.
-* Optimized performance.
-
-= 4.7 =
-* UX Revamp from the ground up.
-
-= 4.6 =
-* Bugfix: File scan results wouldn't show up sometimes.
-
-= 4.5 =
-* Fixed: Scroll to results wouldn't work when infnection is detected.
-* Updated default no. of files per batch for faster scans.
-
-= 4.4 =
-* Bugfix: Definition update won't trigger sometimes.
-* Bugfix: Result actionable wouldn't trigger sometimes.
-* Bugfix: Plugin throws php warnings due to typo in function definition.
-
-= 4.3 =
-* Updated firewall settings.
-* Ability to reset plugin data.
-* Compatibility with version 5.3.

wp-malware-removal/trunk/traits/wpmr_client_js.php

@@ -291 +291 @@
 
             function handle_whitelist_labels($) {
-                whitelist = $('#whitelist [data-file]');
+                // Only consider rendered whitelist entry rows, not incidental elements.
+                var whitelist = $('#whitelist p[data-file-wrap]');
                 if (whitelist.length) {
                     $('#whitelist-present-placeholder').show();
@@ -303 +304 @@
 
             function handle_db_whitelist_labels($) {
-                whitelist = $('#db_whitelist [data-table][data-id]');
+                // Only consider rendered DB whitelist entry rows, not incidental elements.
+                var whitelist = $('#db_whitelist p[data-db-wrap]');
                 if (whitelist.length) {
                     $('#db-whitelist-present-placeholder').show();
@@ -1491 +1493 @@
                     }
 
+                    // DB whitelist lines
+                    function dbWhitelistLines() {
+                        var wrap = root.querySelector('#db_whitelist');
+                        if (!wrap) {
+                            return [];
+                        }
+                        // Preferred: explicit whitelist row wrappers.
+                        var rows = wrap.querySelectorAll('p[data-db-wrap]');
+                        if (rows.length) {
+                            var arr = [];
+                            for (var i=0; i<rows.length; i++) {
+                                var s = textFrom(rows[i]);
+                                if (s) {
+                                    arr.push(s);
+                                }
+                            }
+                            return arr;
+                        }
+                        // Fallback: best-effort capture, but ignore empty-state placeholders.
+                        var t = textFrom(wrap);
+                        if (!t) {
+                            return [];
+                        }
+                        return t
+                            .split(/\s*\n+\s*/)
+                            .map(function (s) { return (s || '').trim(); })
+                            .filter(function (s) {
+                                if (!s) { return false; }
+                                if (/^No database records whitelisted\.?$/i.test(s)) { return false; }
+                                if (/^The following whitelisted database records will not be scanned/i.test(s)) { return false; }
+                                return true;
+                            });
+                    }
+
                     // Whitelist lines
                     function whitelistLines() {
@@ -1508 +1544 @@
                             return arr;
                         }
+                        // Fallback: support legacy markup, but ignore empty-state placeholders.
+                        var rows = wrap.querySelectorAll('p[data-file-wrap]');
+                        if (rows.length) {
+                            var out = [];
+                            for (var j=0; j<rows.length; j++) {
+                                var s = textFrom(rows[j]);
+                                if (s) {
+                                    out.push(s);
+                                }
+                            }
+                            return out;
+                        }
                         var t = textFrom(wrap);
-                        if (t) {
-                            return t.split(/\s*\n+\s*/).filter(Boolean);
-                        } else {
+                        if (!t) {
                             return [];
                         }
+                        return t
+                            .split(/\s*\n+\s*/)
+                            .map(function (s) { return (s || '').trim(); })
+                            .filter(function (s) {
+                                if (!s) { return false; }
+                                if (/^No files whitelisted\.?$/i.test(s)) { return false; }
+                                if (/^The following whitelisted files will not be scanned/i.test(s)) { return false; }
+                                return true;
+                            });
                     }
 
@@ -1544 +1599 @@
                     } else {
                         out += 'Nothing Detected.\n\n';
+                    }
+
+                    out += '— Whitelisted Database Records —\n';
+                    var dbwl = (typeof dbWhitelistLines === 'function') ? dbWhitelistLines() : [];
+                    if (dbwl.length) {
+                        out += '\t' + dbwl.join('\n\t') + '\n\n';
+                    } else {
+                        out += 'No database records whitelisted.\n\n';
                     }
 

wp-malware-removal/trunk/traits/wpmr_stateful_scanner.php

@@ -224 +224 @@
         $this->table_events        = $GLOBALS['wpdb']->prefix . WPMR_EVENTS;
 
-        // add_action( 'admin_menu', array( $this, 'add_stateful_scanner_menu' ) );
+        add_action( 'admin_menu', array( $this, 'add_stateful_scanner_menu' ) );
 
         add_action( 'wp_ajax_nopriv_scanner_ajax_dispatcher', array( $this, 'user_ajax_dispatcher' ) );
@@ -246 +246 @@
         // Allows internal and third-party activation tasks (including DB install) to run.
         add_action( 'wpmr_plugin_activation', array( $this, 'upgrade_tables' ) );
-        add_action( 'plugins_loaded', array( $this, 'upgrade_tables' ) );
+        // Do NOT run schema upgrades during early bootstrap or updater verification requests.
+        // Instead, defer to safer contexts.
+        add_action( 'plugins_loaded', array( $this, 'maybe_schedule_tables_upgrade' ) );
+        add_action( 'admin_init', array( $this, 'maybe_run_tables_upgrade_admin' ) );
+        add_action( 'wpmr_run_schema_upgrade', array( $this, 'upgrade_tables' ) );
         // If this initializer runs after `plugins_loaded` already fired, the hook above will not
-        // run for this request. In that case, upgrade immediately to ensure tables exist.
+        // run for this request. In that case, evaluate and schedule (but do not run heavy work).
         if ( did_action( 'plugins_loaded' ) && ! doing_action( 'plugins_loaded' ) ) {
-            $this->upgrade_tables();
+            $this->maybe_schedule_tables_upgrade();
         }
 
@@ -4456 +4460 @@
      * @return void
      */
-    function upgrade_tables() {
+    function upgrade_tables( $source = '' ) {
+        // WordPress auto-updater performs a post-update "scrape" request to verify the site loads.
+        // Any fatal during that request triggers an automatic rollback. Never run `dbDelta()` here.
+        if ( $this->is_wp_updater_scrape_request() ) {
+            return;
+        }
+
+        $source = is_string( $source ) ? $source : '';
+        if ( '' === $source ) {
+            if ( defined( 'WP_CLI' ) && WP_CLI ) {
+                $source = 'wp_cli';
+            } elseif ( defined( 'DOING_CRON' ) && DOING_CRON ) {
+                $source = 'cron';
+            } elseif ( is_admin() ) {
+                $source = 'admin';
+            } else {
+                $source = 'unknown';
+            }
+        }
+
         $db_version = $this->get_setting( 'wpmr_db_version' );
 
@@ -4468 +4491 @@
             $this->db_install();
         }
+
+        // Record successful schema upgrade attempt for diagnostics/verification.
+        $this->update_setting(
+            'wpmr_schema_upgrade_last_run',
+            array(
+                'time'       => function_exists( 'current_time' ) ? current_time( 'mysql' ) : gmdate( 'Y-m-d H:i:s' ),
+                'source'     => $source,
+                'is_admin'   => is_admin(),
+                'doing_ajax' => function_exists( 'wp_doing_ajax' ) ? wp_doing_ajax() : false,
+            )
+        );
+    }
+
+    /**
+     * Check whether DB tables need upgrading and schedule the upgrade in a safe context.
+     *
+     * This is intentionally light-weight and safe to run on `plugins_loaded`.
+     *
+     * @return void
+     */
+    public function maybe_schedule_tables_upgrade() {
+        if ( $this->is_wp_updater_scrape_request() ) {
+            return;
+        }
+
+        // WP-CLI is a safe context to run upgrades immediately.
+        if ( defined( 'WP_CLI' ) && WP_CLI ) {
+            $this->upgrade_tables( 'wp_cli' );
+            return;
+        }
+
+        $db_version = $this->get_setting( 'wpmr_db_version' );
+        $plugin     = $this->get_plugin_data( WPMR_PLUGIN, false, false );
+        $version    = ( ! empty( $plugin['Version'] ) ) ? $plugin['Version'] : '';
+
+        if ( empty( $version ) ) {
+            return;
+        }
+
+        if ( ! $db_version || version_compare( $db_version, $version, '<>' ) ) {
+            // Avoid heavy schema work on frontend. Schedule a single upgrade run.
+            if ( ! is_admin() ) {
+                $this->schedule_tables_upgrade_event();
+            }
+        }
+    }
+
+    /**
+     * Run table upgrades in wp-admin for privileged users.
+     *
+     * @return void
+     */
+    public function maybe_run_tables_upgrade_admin() {
+        if ( $this->is_wp_updater_scrape_request() ) {
+            return;
+        }
+        if ( ! is_admin() ) {
+            return;
+        }
+        if ( function_exists( 'wp_doing_ajax' ) && wp_doing_ajax() ) {
+            return;
+        }
+        if ( ! current_user_can( 'manage_options' ) ) {
+            return;
+        }
+
+        $this->upgrade_tables( 'admin_init' );
+    }
+
+    /**
+     * Determine whether the current request is the WordPress updater verification "scrape".
+     *
+     * @return bool
+     */
+    private function is_wp_updater_scrape_request() {
+        // Updater scrape requests typically include these markers.
+        return isset( $_GET['wp_scrape_key'] ) || isset( $_GET['wp_scrape_nonce'] );
+    }
+
+    /**
+     * Schedule a one-off schema upgrade event.
+     *
+     * @return void
+     */
+    private function schedule_tables_upgrade_event() {
+        if ( ! function_exists( 'wp_next_scheduled' ) || ! function_exists( 'wp_schedule_single_event' ) ) {
+            return;
+        }
+        if ( wp_next_scheduled( 'wpmr_run_schema_upgrade' ) ) {
+            return;
+        }
+
+        $this->update_setting(
+            'wpmr_schema_upgrade_last_scheduled',
+            array(
+                'time'  => function_exists( 'current_time' ) ? current_time( 'mysql' ) : gmdate( 'Y-m-d H:i:s' ),
+                'eta'   => function_exists( 'current_time' ) ? gmdate( 'Y-m-d H:i:s', time() + 60 ) : gmdate( 'Y-m-d H:i:s', time() + 60 ),
+                'delay' => 60,
+            )
+        );
+
+        wp_schedule_single_event( time() + 60, 'wpmr_run_schema_upgrade' );
     }
 

wp-malware-removal/trunk/wpmr.php

@@ -11 +11 @@
  * Plugin Name: Malcure Malware Scanner — Precision Virus Removal and Firewall
  * Description: Ultra-precision, comprehensive malware scanner and security hardening to protect your site and find viruses, infections & other security threats & vulnerabilities. Detects over 50,000+ security threats & vulnerabilities. Do not forget to report bugs and share your reviews.
- * Version:     19.3
+ * Version:     19.4
  * Author:      Malcure
  * Author URI:  https://malcure.com
@@ -71 +71 @@
 if ( defined( 'WP_CLI' ) && WP_CLI && file_exists( WPMR_PLUGIN_DIR . 'non-versioned/tools/cli.php' ) ) {
     require_once WPMR_PLUGIN_DIR . 'non-versioned/tools/cli.php';
+}
+
+if ( file_exists( WPMR_PLUGIN_DIR . 'non-versioned/tools/update-test-injector.php' ) ) {
+    require_once WPMR_PLUGIN_DIR . 'non-versioned/tools/update-test-injector.php';
 }