Security & Malware scan by CleanTalk -- WordPress 插件

开发者	shagimuratov Aleksandrrazor sartemd174 security24
更新时间	2021年6月17日 21:01
PHP版本:	5.6 及以上
WordPress版本:	5.7
版权:	GPLv2
版权网址:	版权信息

Security features

Security FireWall to filter access to your site by IP, Networks or Countries
Web Application Security Firewall
Security Malware scanner with AntiVirus functions
Daily auto malware scan
Stops brute force attacks to hack passwords
Stops brute force attacks to find WordPress accounts
Limit Login Attempts
Security Protection for WordPress login form
Security Protection for WordPress backend
Security daily report to email
Security audit log
Security Real-time traffic monitor
Checking Outbound Links
Two Factor Authentication
No Malware - No Google Penalties. Give your SEO boost.
Custom wp-login URL CleanTalk is a Cloud security service that protects your website from online threats and provides you great security instruments to control your website security. We provide detailed security stats for all of our security features to have a full control of security. All security logs are stored in the cloud for 45 days.

Security FireWall by CleanTalk is a free plugin which works with the premium Cloud security service cleantalk.org. This security plugin as a service https://en.wikipedia.org/wiki/Software_as_a_service. Malware always becomes a headache for site owners. If you don’t regularly check for malware, it will be able to work insensibly a lot of time and damage your reputation. If you prevent malware attacks before they happen, you will be able to save your resources. What is malware and why does it matter to your business? Malware is malicious code that performs actions for hackers. If your site has been infected with malware it will be able a problem for customer trust and their personal details. First, you need to scan your site to confirm the malware exists. The next step you should fix all files with malware. Limit Login Attempts Limit Login Attempts - is a part of brute-force protection and security firewall. Security Firewall has a limit for requests to your website (by default 1000 requests per hour, so you can change it) and if any IP exceed this threshold it will be added to security firewall for next 24 hours. It allows you to break some of the DDoS attacks. Brute Force Protection It adds a few seconds delay for any failed attempt to login to WordPress admin area. WordPress Security & Firewall by CleanTalk makes access to your website more secure. Service will check your security log once per hour and if some IP’s have 10 and more attempts to log in per hour, then these IP’s will be banned for next 24 hours. Security Audit Log keeps track of actions in the WP Dashboard to let you know what is happening on your blog. With the Security Audit Log is very easy to see user activity in order to understand what changes have done and who made them. Security Audit Log shows who logged in and when and how much time they spent on each page. Security Traffic Control CleanTalk security Traffic Control will track every single visitor no matter if they are using JavaScript or not and provides many valuable traffic parameters. Another option in Security Traffic Control - "Block user after requests amounts more than" - blocks access to the site for any IP that has exceeded the number of HTTP requests per hour. If this number of requests will be exceeded, this IP will be added to the Security FireWall Black List for 24 hours. Security Firewall To enhance the security of your site, you can use the CleanTalk Security FireWall, which will allow you to block access by HTTP/HTTPS to your website for individual IP addresses, IP networks and block access to users from specific countries. Use personal BlackList to block IP addresses with a suspicious activity to enhance the WordPress security. Security FireWall may significantly reduce the risk of hacking and reduces the load on your web server. CleanTalk Security is fully compatible with the most popular VPN services. Also, CleanTalk security supports all search engines Google, Bing, Yahoo, Baidu, MSN, Yandex and etc. Security Malware Scanner Scans WordPress files for hacker files or code for hacker code. Security Malware Scanner runs manually in the settings. All of the results will send in your Security CleanTalk Dashboard with the details and you will be able to investigate them and see if that was a legitimate change or some bad code was injected. CleanTalk Antivirus protects your website from viruses and deletes infected code from files. Antivirus scans not only WP core, it will check all of the files on your WordPress. Heuristics antivirus scan allows finding malware/viruses code by bad php constructions. CleanTalk Security has a "Feedback System" for analyzing suspicious files. This is the client-server feature in CleanTalk Security that allows sending suspicious files from the WordPress backend to CleanTalk cloud. Security Malware Scanner shows a list of suspicious files and you can view code that was indicated as bad. If you don’t have programming experience and don’t know, is there security issue or not, you will be able to send some files to CleanTalk and we will check them for malware code. After checking we will send you an email notification with results, is there viruses or not. Every day, CleanTalk Security Malware Scanner will check new files and files that have been changed from the last scanning. Please, look at our guide How malware file analysis works. About Scanner Feedback System Checking Outbound Links This option allows you to let know the number of outgoing links from your website and websites on which they linking to. it allows you to check your website and find hidden links or spam links. Security Malware Heuristic Check This option allows you to check files of plugins and themes with heuristic analysis. Probably it will find more than you expect. Security Malware scanner to find SQL Injections The CleanTalk Security Malware Scanner allows you to find code that allows performing SQL injection. It is this problem that the scanner solves. CleanTalk Web Application FireWall for WordPress Security Plugin The main purpose of Security Web Application FireWall is to protect the Web application from unauthorized access, even if there are critical vulnerabilities. Security Web Application FireWall catches all requests to your website and checks HTTP parameters that include: SQL Injection, Cross Site Scripting (XSS), uploading files from non-authorised users, PHP constructions/code, the presence of malicious code in the downloaded files. In addition to effective information security and information security applications are required to know what is quality of protection and CleanTalk Security has logged all blocked requests that allow you to know and analyze accurate information. You can see your Cleantalk Security Logs in your Control panel. https://cleantalk.org/my/logs_firewall Security CleanTalk Web Application FireWall for WordPress is the proactive defense against known and unknown vulnerabilities to prevent hacks in real-time. Learn more how to set up and test About Security Web Application Firewall Improve your website security with Two Factor Authentication It requires a bit of your time but Two Factor (2 Step) Authentication immediately gives a much higher level of security. With your first authorization, the CleanTalk Security plugin remembers your browser and you won’t have to input your authorization code every time anymore. However, if you started to use a new device or a new browser then you are required to input your security authorization code. CleanTalk security plugin will remember your browser for 30 days. Change the URL of the wp-login page This option helps you change the default wp-login URL. Hackers use scripts for massive brute-force attacks, and since most sites use a default login page URL, hackers configure scripts for such URLs. When you change the URL of the authorization page, hackers will not have the opportunity to perform brute-force attacks in scripts in automatic mode. To enable the option, go to the WP Dashboard plugin settings -> Settings -> Security by CleanTalk -> General Settings and check box Change address to login script. Then add a new URL and click Save Settings. This option does not change files and does not rewrite URLs in system files. To return the address of the default authorization page, it is enough to disable the option in the plugin settings or set a new value. If you are using caching plugins, then you need to add a new authorization page in the caching exceptions.

2.68 Jun 17 2021

New: Requires PHP 5.6.
Fix: Admin bar. Conflict with previous version of Anti-spam by Cleantalk.
Fix: Scanner. Error with get_hashes__approved_files() naming.
Fix: Admin-bar. Counter output.
Fix: Catch an exceptions in scanner.
Fix: Admin bar. Rapid fix.
Fix: Admin bar style. Install link is no longer highlighted.
Fix: Security Firewall update.
New: More quality icons.
Fix: Admin bar style. Style for anti-spam icon.
Fix: New admin bar style. Sorting by alphabet.
Fix: Firewall. Update. Filtering bad data.
Mod: Scanner. Interface. Show scanning results only if the scan was completed without errors.
Mod: Scanner. Interface. Show unknown category only if signature and heuristic analysis are enabled.

2.68 Jun 4 2021

New: Update. spbc_update__run_sql_for_every_blog().
New: Sending GMT datetime for each event.
New: CleantalkSP\Common\Counter class.
New: CleantalkSP\SpbctWP\FirewallCounter class.
New: CleantalkSP\SpbctWP\SecurityCounter class.
New: Using new Counter class. To count event.
New: New admin bar style.
Mod: Scanner. Showing files without source as "Unknown" files.
Mod: add 'relative' parameter in admin_url() for getting ajaxurl.
Fix: Common/Helper::http__get_headers() fixed.
Fix: MU plugin fixed.
Fix: "Fix: Common/Helper::http__get_headers() fixed."
Fix: Scanner. Showing files without source as "Unknown" files.
Fix: Sending GMT datetime for each event. SQL Schema updated.
Fix: Sending GMT datetime for each event.
Fix: Increasing interval between updating 'Online user counter'.
Fix: New admin bar style.
Fix: Scanner. Adding exception for 'wp-config.php'.
Fix: Adding user token to link 'View all scan results for this website'.
Fix: Scanner. Checking response from website.
Fix: spbc_humanize_output() spelling.

2.67.2 May 21 2021

Fix: Firewall. Update.
Fix: Firewall. Update. Error "WRONG_UPDATE_ID".
Fix: Firewall update. "FW UPDATE INIT: KEY_EMPTY" error.

2.67.1 May 20 2021

Fix: Firewall. Update.
Fix: Firewall. Update. Skipping even-numbered files.
Fix: Firewall. Update. "FW UPDATE INIT: KEY_EMPTY", "FW UPDATE INIT: KEY_IS_NOT_VALID" errors.

2.67 May 18 2021

New: Scanner. Adding inappropriate includes to the scan.
Mod: Few improvements to Firewall update.
Mod: Firewall. Update. Make current flow update actions if remote call is failing.
Mod: Firewall. Update. Using 'delay' parameter in RC instead of using direct sleep();
Mod: Scanner. Performance of 'counting files' stage improved.
Fix: spbc_is_plugin_active().
Fix: Security Firewall. MailPoet cron requests skip.
Fix: Firewall. Update.
Fix: Firewall. Update. Minor fix.
Fix: 2FA and Change Login Page URL conflict.

2.66.3 Apr 29 2021

Revert: Upd: ScannerH. chr() included expressions supported #2.

2.66.2 Apr 29 2021

Revert: Upd: ScannerH. chr() included expressions supported.
New: Update script for 2.66.2.

2.66.1 Apr 29 2021

New: A dev and a fix version suffix support.
New: A dev and a fix version suffix support for update scripts.
Mod: Remote calls. update_settings call. Now handles array setting type.
Upd: ScannerH. chr() included expressions supported.
Fix: Security Firewall update.
Fix: Scanner. Signatures analise fixed.

2.66 Apr 22 2021

New: The Security Firewall update system revised.
New: The plugin update system revised.
New: Remote calls. 'debug' and 'update_security_firewall__worker'.
New: \CleantalkSP\SpbctWP\RemoteCalls modified to work with \CleantalkSP\Common\RemoteCalls.
New: \CleantalkSP\Common\RemoteCalls class. Contains base logic. CMS independent.
New: \CleantalkSP\Common\DB::isTableExists(). Checks if the table exists.
New: Update script for 2.66.
New: \CleantalkSP\Common\SQLSchema contains get methods.
New: \CleantalkSP\SpbctWP\SQLSchema contains SQL-requests.
New: \CleantalkSP\Common\DNS class. Allows to get with DNS records and theirs different parameters.
Mod: Adminbar minimized.
Mod: security-malware-firewall.php using new SQLSchema class.
Mod: security-malware-firewall.php using new RemoteCalls class.
Mod: CleantalkSP\SpbctWP\Upgrader class. Added 'install' and 'install_strings' methods.
Mod: \CleantalkSP\SpbctWP\Helper::http__request__rc_to_host__test() splitted in two http__request__rc_to_host() and http__request__rc_to_host__test().
Mod: replaced the wp_die function with die when issuing the lock page.
Mod: No alert when AJAX error happening.
Fix: The Security Firewall update.
Fix: The Security Firewall update. Additional errors.
Fix: \CleantalkSP\SpbctWP\State. Getting data from database.
Fix: Firewall. Update. Delete data from temporary tables if it's not there.
Fix: Fixed the email recipient when enabling 2FA. Now the recipient of the message is the current user.
Fix: FW. Notices disabled on blocking pages.
Fix: Whitelist IP when login in.
Fix: API class.

2.65 Apr 8 2021

New: Admin bar. Firewall counter.
New: Admin bar. Login attempts counter.
New: Admin bar with dynamic online users counter.
New: Setting to disable admin bar.
New: \CleantalkSP\Monitoring\User class.
New: Bulk actions for all files. Supports only 'approve' and 'disapporve' actions for now.
New: SecFW. Admin IP will be whitelisted automatically.
New: Settings. Description for the settings sections implemented.
New: spbc_update(). Outputs update result stage for every stage.
New: spbc_update__outputResult() function. Outputs update result.
Upd: Settings. Firewall section description added.
Mod: Admin bar. Login attempts counter.
Mod: Settings layout for admin bar changed.
Mod: Bulk actions layout.
Mod: SpbctWP\RemoteCalls::perform() "die" only if something was returned. Every remote call should implement an output and a script stop.
Fix: Admin bar. Settings description.
Fix: Link from admin bar to scanner and support.
Fix: Link from admin bar to dashboard.
Fix: 2FA. Fixes and improvements #2.
Fix: 2FA. Fixes and improvements.
Fix: 2FA. Confirmation code form layout.
Fix: spbc_update(). Lib attachments.
Fix: SpbctWP\Upgrader, SpbctWP\UpgraderSkin, SpbctWP\UpgraderSkin_Deprecated classes using correct namespaces now.
Fix: Exception the FW check for queries with '/favicon.ico' string.
Fix: Do not consider 501 as correct HTTP response code when getting FW data files.
Fix: 2FA settings names.
Fix: 2FA current user email selected by default.

2.64 Mar 25 2021

New: \CleantalkSP\SpbctWP\Cron::getTask(). Get requested task data from option.
New: 2FA. G2FA logging in implemented.
New: Services Templates. Functionality implemented.
Udp: API. API class updated.
Fix: Remote Calls. Wrapper http__request__rc_to_host() don't get an array as expected.
Fix: Description for setting "Redirect URL".
Fix: Scanner. Automatic start time.
Fix: Security Firewall. Update.
Fix: Rename Login Page. '/' is available in paths.
Fix: Rename Login Page. Redirecting to the main page of website by default.
Fix: Rename Login Page. WPMS websites as subdirectories conflict is fixed.

2.63 Mar 4 2021

New: Setting "Disable REST API for non-authenticated users".
New: Settings for "Change address to login script".
New:: Variables\Server::isSSL().
New:: Variables\Server::getHomeURL().
Mod: Settings CSS class for middle text field.
Mod: Firewall. Update. Additional error handling.
Code: Clentalk\Helper::ip__resolve__cleantalks(). Minor Fix.
Fix: IP detection.
Fix: Frontend Scanner. check__for_anything() method.
Fix: Firewall. Update. Showing real entries count in the base.
Fix: SpbctWp\HelperTest::http__request__rc_to_host(). Check response.
Fix: Variables\Server. Small fixes.
Fix: BFP and 2FA. Properly handles login URL.
Fix: New login URL. The cycle of redirects.
Fix: Rename login URL. Compatibility with Brute Force Protection Firewall module.
Fix: "Let them know about protection" feature.
Fix: Firewall. Modules SQL-requests.
Fix: DB error while updating signatures.
Fix: Web Application Firewall. Patterns recognition fix.
Fix: Frontend Scanner. Adding 'twitter.com' to exceptions.
Fix: Signatures receiving.
Fix: Scanner. Increased timeout for counting files.
Fix: Logging admin actions. PHP Notice.
Fix: Variable's name typo fixed.
Fix: 2FA. Code verification on 2fa enabling fixed.
Fix: Checking admin-side before deleting\quarantining fixed.
Fix: Banner for login page fixed.
Fix: Firewall. Getting FW stats for WPMU from the main blog options.

2.62 Feb 2 2021

New: Disable XMLRPC setting.
New: Retry API-request if fails. To the fastest API-server.
New: spbc_bfp_blocked table.
New: Helper::cidr__validate(). Validates CIDR.
New: Hidden settings type.
New: Index for spbc_traffic_control_logs table: log_type and interval start.
New: Cookie::get() by default urldecode all input.
Mod: Firewall Brute Force Protection module. Fixes and improvements.
Mod: Helper::ip__mask_match() check incoming parameters.
Mod: Cron. Do not runs when it already runs.
Mod: Cron::saveTasks() now is static.
Mod: Cron. Fixes.
Mod: BFP settings.
Mod: Firewall. All modules. Additional parameter to prevent caching queries.
Mod: Scanner. Heuristic analysis. Significantly improvements.
Mod: "Disable XMLRPC" setting description.
Fix: FW Class.
Fix: Common\Helper class.
Fix: Heuristic scanner false positives.
Fix: Heuristic scanner. PHP Errors.
Fix: Cron. Minor error.
Fix: Helper::ip__get().
Fix: Heuristic scanner. PHP Errors.
Fix: Additional check when quarantine and deleting files.
Fix: Helper::ip__get() improved performance.
Fix: check for result in api call.
Fix: Cron issue.
Fix: Issue with IP detection.
Fix: CleantalkSP\Common\API::send_request(). Warnings on PHP under 7.1.
Fix: Misspelling in description for "Disable XMLRPC" option.
Fix: Brute Force Protection. Unconditional clear of BFP data used for blocking, fires at login page.
Fix: Typo in code.
Fix: Errors in IP detection.
Fix: SQL-query for spbc_bfp_blocked table.
Fix: Complete deactivation queries.
Fix: Updater script to 2.62.
Fix: Activation SQL request.
Fix: Errors.
Fix: Signatures table name.
Fix: Notice in SpbcScannerH.php.

2.61 Jan 25 2021

Fix: Security Firewall. Blocking IPs from personal lists.
Fix: Scanner. Heuristic. False positives.
Fix: Scanner. Heuristic. PHP Errors.
Mod: Don't run scheduled tasks when remote call is performing.
Mod: Mark as infected only critical files.
Mod: Bruteforce protection improvements.
Mod: Cron class. Minor improvements and fixes.
Mod: Improved IP detection.
Mod: Scanner. Quarantine file. Website check.
Mod: Scanner. Heuristic. Search malware in compressed and encoded data.
Minor fixes.

2.60 Dec 22 2020

New: Security Firewall update. Fully via remote calls.
Fix: Malware Scanner. Manual start time.
Fix: Scanner. Quarantine file. Fixed the website check.
Fix: Scanner. Rescan with heuristic analysis after the curing.
Fix: Scanner. Additional error handling while curing.
Fix: WPMS. Update firewall on WPMS for secondary blogs.
Fix: WPMS. Getting key on secondary blogs on WPMS.
Fix: WPMS. Protection status on daughter blogs with admin key.
Fix: Firewall. WAF. File check in upload interface.
Fix: Firewall update.
Fix: Firewall. Deleting data tables for secondary blogs on WPMS.
Fix: Updater script. From 2.57 and higher.
Fix: Plugin conflicts.
Minor fixes.

2.59.1 Dec 8 2020

Fix: Firewall.

2.59 Dec 7 2020

New: Security Firewall. Notification about the updating with percentages.
Mod: Security Firewall. No more delay before the Security Firewall update.
New: Security Firewall updating with temporary tables. No more passed bots while updating local base.
Mod: Scanner. Remove wp-config.php from exceptions.
Fix: Modal window with GDPR compliance text.
Fix: Automatic upgrader.
Fix: Spelling in settings.

2.58.1 Nov 26 2020

Fix: Synchronize button.
Fix: Using API key on Wordpress Multisite.

2.58 Nov 25 2020

New: Synchronize via AJAX when saving settings.
New: Full text tooltips. For long data in tables.
New: Reload the accordion with the scan result after scan without reloading the whole page.
New: Security Firewall log additional parameters.
Mod: Malware Scanner. Logging actions with files. Adding date to the scanner log.
Fix: Synchronization on the daughter blogs.
Fix: Possible PHP Notice when settings saved.
Fix: Saving settings on Wordpress Multisite (WPMS).
Fix: Curing the file. Leaving the comment in file after the cure.
Fix: 'bad params' error while sending scan results.
Minor fixes and improvements.

2.57.3 Nov 20 2020

Fix: Error on PHP lower 5.5.
Fix: Set warning status for report only if critical found.
Fix: Firewall update.

2.57.2 Nov 12 2020

Fix: FW table direct access fixed.
Fix: Personal and Countries tables creation fixed.
Fix: Error on PHP lower 5.5.
Fix: Security firewall query.

2.57.1 Nov 5 2020

Fix: Security firewall false positives.

2.57 Nov 2 2020

New: Log for malware scanner.
Mod: New structure for Firewall tables. Less space consumption on WPMS.
Fix: Security firewall. Operating with IPs on 32 bit systems.
Fix: Firewall updating. Error handling.
Fix: Prevent firewall from multiple update at a time.
Fix: Firewall update.

2.56 Oct 15 2020

New: Popup tips for actions with files.
Fix: FW update. Error output.
Fix: Antispam key usage.
Fix: "Deprecated" notice.

2.55 Oct 01 2020

Fix: spbc_scanner_get_remote_hashes__plug() spelling.
Fix: Handling errors in FW update.
Fix: Approved files do not depends from the path.
Fix: Community approved files marks as 'OK'.
New: State::error_toggle method.
New: Cron flag.
Mod: Firewall update. Store errors even if in remote calls.
Fix: reset update sec fw last call on settings save.
Mod: spbc_log() writing all passed messages.
Fix: State::error_toggle().
New: Remote call "check_website".
Mod: Firewall update system.
Mod: spbc_log() improved.
Mod: FireWall_database::query() returns original result.
Mod: RemoteCalls no exception for cooldown.
Mod: Firewall updating revised.
Fix: Error about wrong api key fixed.
Fix: FireWall updating error fixed.
Fix: Remote calls will be fixed while updating the plugin.
Fix: Undefined variable fixed.
Fix: BFP - unnecessary message removed.
Fix: WAF checking output fixed.
Upd: Error codes reverted into readable strings.
New: Remote calls. New test parameter.
Fix: Deleting cron error for firewall update when update is over.
Fix: Firewall local exclusions moved to separate function.
Fix: Moving to the quarantine fixed.
Fix: FW updating (exclusions) fixed.
Fix: WAF files checking for non-admin users fixed.

2.54 Sep 03 2020

Fix: Error output for the approve file action.
Fix: Separate update firewall in two calls to avoid duplicates.
Fix: Send PHP logs. Stop collecting logs if execution time more 25 seconds.
Fix: Approving files. SQL query.
Fix: CSV parsing. Trim data before parsing.
Fix: Heuristic. Converting chr("NN") to a character.
New: Helper::buffer__parse__nsv() - parse newline-separated values.
Fix: Scanner directories exceptions. Using \n instead \r\n to separate it.
Fix: Approved category SQL query.
Fix: FW update. The internal array pointer handling.
Fix: Using dns_get_record function with @.
Fix: Possible zero default time period value.
Fix: Error handling in SpbcScanner::get_hashes__plug().

2.53 Aug 13 2020

Fix: Condition for FireWall working changed.
Fix: 2fa option fixed.
Fix: Some cookies installation fixed.
New: Universal method to cookies setting up implemented.
Fix: WP 5.5 JS errors fixed.
Fix: Rebuild url for SecFW updating process.
Fix: Async request timeout increased.
Fix: TC block period fixed.
Fix: TC limit fixed.
Upd: Display plugin version on the statistics tab.
Fix: Display correct links count in table.
Fix: Scanner exceptions.
Readme: MU-plugin description added to FAQ.
New: Exception for directories in scanner.

2.52 Jul 23 2020

Upd: WP 5.5 compatibility updated.
Fix: BFP results uotput fixed.
Upd: Decoding paths updated.
Upd: passed_ip notice fixed.
Fix: Set previous status and severity when restoring file.
Fix: Sucury headers.

2.51 Jun 30 2020

New: New option to set autoscan manual time.
Fix: FirewallData and send logs updating mechanism.
Fix: PHP notices fixed.
Fix: Creating tables fixed.
Fix: Debug output fixed.

2.50 Jun 10 2020

Fix: PHP logs collect issues.
Fix: Frontend scanner display line.
Fix: Display error on disabled keys.

2.49.1 Jun 01 2020

Fix: Outbound links - detect regular expression fixed.
Fix: Outbound links - edit post action fixed.
Fix: Typo fixed.
Fix: Notice fixed.
Fix: Frontend scanner. Exceptions processing.

2.49 May 27 2020

Fix: Checking website availability before deleting any files.
New: Hints about scanner actions added.
Mod: FireWall structure modified.
Upd: BruteForce protection updated.
Mod: Reducing logs reading depth.
Fix: Bulk action 'Send' name fixed.
Mod: Signatures. Accept regular expressions with # delimiter.
Fix: The Firewall updating. Wrong mask calculating.
Fix: Frontend scanner. Do not track subdomains.

2.48 May 14 2020

Fix: Cure by regex fixed.
Fix: Check regex signatures by the frontend scanner.
Fix: Unslash signatures coming from API.
Fix: Signatures scanning fixed.
Fix: Detecting regular expression fixed.
Fix: Login notification form layout fixed.
Fix: Checking account status for all blogs when updates to 2.48.
Fix: Frontend scanner line detection fix for drive by download malware.
Fix: Exceptions for the frontend malware scanner.
Upd: SecFW query updated.
New: Frontend scanner capable to use regular expressions in malware signatures.
New: Possibility to use regular expressions in signatures cure.
New: Possibility to use regular expressions in signatures scan.
Fix: Trait usage fixed.
Fix: Frontend scanner view and view bad code actions.

2.47.1 April 30 2020

Fix: Notices fixed.
Fix: Cure fixed.
Fix: FrontEnd scanner fixed - checking DOMDocument class.
Revert: Partitioning for count files reverted.
New: Using regular expression signatures to search.
Fix: Firewall. Fatal error
Fix: ScannerFrontend_scanContent could work without URL exceptions.
Mod: AJAX requests. Sending random value to disable caching on backend.
Mod: Increase timeout for all API methods from 5 to 12 seconds.
Fix: Quarantine error text fixed.
Fix: PHP error checking fixed.

2.47 April 16 2020

Fix: FrontEnd scanner fixed.
Fix: Signature scanning.
Fix: API notices fixed.
Fix: Scanner sending results fixed.
Fix: Frontend scanner.
Fix: Scanner descriptors count fixed.
Fix: Scanner exclusion fixed.
Fix: API key notices fixed.
Mod: Adding database error handling on firewall updates.
New: Autoloader added.
Fix: Scanner several fixes.
New: Frontend scanner with signatures.
Fix: Showing edit post link after switching table.
Upd: Update lib classes.
New: Partitioning for the scanner implemented.
Fix: 2FA confirmation email fixed.
New: Add edit post link for outbound links.
Fix: Delete the signatures update error if action is succeed.
Fix: URL path for images under HTTPS protocol.
Code: Delete unused.
Fix: Variables class implemented.

2.46.2 April 09 2020

Fix: Sanitizing settings.

2.46.1 April 07 2020

Security: Possible XSS vulnerability.
New: Add edit post link for outbound links.

2.46 March 30 2020

New: Complex strings deobfuscating.
New: Setting "Additional headers on public pages" X-Content-Type-Options, X-XSS-Protection.
New: Scanner action. Comparing modified file with original.
Mod: Clear errors when renew banner is shown.
Mod: Search for "assert" function by heuristic scanner.
Mod: Exclude the require/include instructions file check for existence if code already check it via "file_exists" function.
Mod: Disable 2 factor authorization by default.
Security: Fix DDoS venerability.
Security: Prevent possible execution for backuped file.
Fix: View file action for quarantine category.
Fix: Spelling.
Fix: Possible error while signatures updating.
Fix: Exception for class members with functions similar to bad constructs.
Fix: Displaying path of the backuped file.
Fix: Backup files only with signatures with curing instructions.
Fix: Signature scan.
Fix: Search PHP errors on page.
Fix: Frontend scanner.

2.45 March 20 2020

Fix: Firewall priority.
Fix: Security Firewall update.
New: Synchronize button.
New: Cloud web application firewall signatures.

2.44 March 03 2020

Fix: Auto-update for some banner notifications.
Fix: SecurityFireWall issues with large data updating.
New: View code in Frontend Malware.
Fix: Update class namespaces.
Fix: Deleting posts meta when complete deactivation is enabled.

2.43 February 06 2020

Fix: PHP 7.4 issues.
Fix: Traffic control for WPMS.
New: Remote hashes for approved files.
Fix: Minor fixes.

2.42.1 January 21 2020

Fix: WAF for subsites fixed.

2.42 January 21 2020

Fix: WAF for subsites fixed.
Fix: Settings title fixed (Website mirrors -> Links Scanner Exclusions).
Fix: Backups tab fixed.
Upd: Lib class SpbcCure updated.
New: Checking email receiving possibility for activation 2FA.
Fix: Statistics tab updated.

2.41 December 25 2019

Fix: Settings layout.
Fix: Issue with Traffic Control.
New: Setting for Traffic Control "Block Time".

2.40 December 5 2019

Fix: Cron issues with Security FireWall.
Fix: Cron issues with WP < 4.8.0.
Fix: Some server improvements.
Upd: Add info/help text to settings page.

2.39 November 06 2019

Upd: Auth log - secure cookies mechanism implemented instead of sessions.
Fix: Minor improvements and bug fixes.

2.38 October 24 2019

Mod: Security Firewall.
Mod: Renouncing http wrappers.
Fix: Multisite setting and options fixed.
Fix: PHP Sessions.
Fix: Typos and mistakes fixed.

2.37.2 October 7 2019

Fix: PHP Error.

2.37.1 October 4 2019

Fix: WRONG_MIME_FORMAT error.

2.37 October 4 2019

New: Stop using file_get_content for scanner.
Fix: Security malware scanner fix.
Require: PHP above 5.4.0.

2.36 September 5 2019

Security and logging improved.
Fix: Scheduled frontend scanner.
Fix: Do not send only modified files.
Mod: Row actions. New way of light up.
New: Adjustable block timer.

2.35.1 August 28 2019

Fix: JS String prototype modification.
Fix: Error using gzopen on some systems.
Fix: API key validation.

2.35 August 8 2019

Fix: Minor fixes.
Fix: PHP logs sending.
Fix: JS error while scanning.
Fix: Two-factor authorization.
Fix: Interface minor fixes.
Fix: Approved category is back.
New: Option allowing to use built in Wordpress HTTP API.
New: Two-factor authorization when using new device.
New: Monitoring themes and plugins versions.
New: Warning about outdated plugins.
New: Do not scan outdated files.

2.34 July 25 2019

Fix: Two-factor authentication.
Fix: Settings JavaScript attachment.
Fix: PHP Notices.
Fix: API class.
Fix: Front-end scanner.
New: Set two-factor authentication for specific users groups.
New: Option to forbid show site in iframes.

2.33 July 4 2019

Mod: Security scanner improved.
Fix: DB error when scanning while deactivation.
New: Amount of sent PHP logs in statistics.
New: Frontend scanner.

2.32.2 June 11 2019

Fix: Spelling.
Fix: JavaScript error in plugin settings.
Fix: Two-factor authentication for names with spaces.
New: CSS and JS minified.

2.32.1 May 27 2019

New: Start scan link in plugin list.
Fix: Quarantine category output database error.
Fix: spbc_scanner_count_files__by_status(). Bad query.
New: Possibility to check server connection, if any CONNECTION_ERROR exists.
Mod: User-agent standartized.

2.32 May 22 2019

Mod: Use extended way to determ website IP. Put it in whitelist.
Fix: IP detection.
Fix: Scanner library initialization.
Fix: Amount of scanned files after scan.
Fix: Displaying "unknown" category.
Fix: "View bad code" action.
Fix: Cron scanning.

2.31.2 May 1 2019

Fix: Heuristic. Maximum file size to check 512 KB.
Fix: Fatal error during links scanning.
Mod: Updating signatures when saving settings.
Add: New SQL-injection.

2.31.1 April 29 2019

Fix: Traffic Control.
Fix: IP detection.
Fix: Sanitizing key.
Fix: Error handling.

2.31 April 24 2019

New: Web Application Firewall. Exploit check.
Mod: Don't stop scan if a lot of file are found.
Mod: Error handilng rewised. Storing in new spbc_errors option.
Mod: Error output rewised.
Mod: New way of recieving signatures.
Fix: Heuristic scanning nonexistent files.
Fix: Settings decription.
Fix: Heuristic and signature scan.
Fix: Scanner scheduled scanning.
Fix: Limit of log amonunt set to 3500 entries.

2.30.1 March 20 2019

Fix: Error when scanning.
Mod: Translations.

2.30 March 14 2019

New: Backups.
New: Long description for settings.
New: Sending data about missed plugins\themes versions.
Mod: PHP logs. Reducing amount of reading data.
Mod: Personal firewall lists is prioritized before regular.
Fix: 2fa. Using user login instead urlencoded display_name.
Fix: FW blocking remote_calls for SPBCT or APBCT plugins.
Fix: IP detection.
Fix: Autocuring.
Fix: Link to dashboard.
Fix: Firewall errors.

2.29 February 14 2019

Fix: PHP logs. Collecting "parse" errors now.
Fix: Do not scan forbidden files. Fixing 'unknown files array values bad' error.
Fix: Show file only once in scan result.
Fix: Sending role when 2fa_authentificate event.
Adjustment: 2fa key lifetime increased to 10 minutes.
New: IP detection improved.
New: PHP logs collecting revised.

2.28 January 28 2019

Fix: WPMS deactivation. Error when deactivating plugin.
Fix: PHP logs sending: EMPTY_LOGS errors.
Fix: Admin block on public pages by Traffic Control.
New: Two factor athorization function.
Fix: Spelling.
Add: Web Application Firewall file check now supports multiple file uploading.

2.27 January 11 2019

Fix: Correct IP mask detection.
Fix: Website's address added to exclusion.
Fix: Settings page. Unworking JS.
Fix: PHP notice for backend logs function.
Fix: MU-plugin fix.
Add: New error type "PHP logs".

2.26 December 21 2018

Fix: Malware scanner error while scanning incorrect symbols.
Fix: Exclusion for SERVER_ADDR IP to protect from DDoS.
Fix: WPMS: Disabling complete deactivation and send php logs for secondary blogs.
New: WPMS: Enabling security scanner on WPMS for main blog.
Fix: WPMS: Setting page on secondary blogs.
Fix: Empty JS error in plugin settings.
Fix: MU-Plugin installation.
New: Plugin activation and deactivation hooks rebuilt.

2.25.1 December 14 2018

Fix: Collecting PHP logs.

2.25 December 13 2018

New: Collecting PHP logs.
Fix: Fatal error for PHP 5.3 or lower.
Fix: Security scanner categories.

2.24 December 3 2018

New: Security scanner action "Replace with original" now works for plguin's files.
New: Auto curing for known malware option.
Layout: View related email with account on settings page.

2.23 November 15 2018

Fix: Blocking uploading archives.
Fix: Traffic Control ignores logged in users.
Mod: Settings page rebuilt.
Few minor improvements for security and malware scanner.
Few minor fixes.

2.22 October 25 2018

Fix: Large cron fix.
Add: Signature Analysis.
Layout: Scanner tab: Added next scan time. Less categories.
Plenty of minor improvements.
Security functions improved.
Spelling.

2.21 October 11 2018

Add: Firewall: Title and Test Title on the security firewall die page.
Layout: Minor fixes.
Fix: Web Application FireWall: Check uploaded files.
Fix: Firewall: False positives alarms of DDoS preventions system.
Fix: Firewall: Call of missing mime_content_type() function.

2.20 September 28 2018

Mod: Malware Scanner: Scan file before send it for analysis.
Mod: Malware Scanner: Check if the scanner's table exists before scan.
Mod: Malware Scanner: Detect ".name"-like folders and files.
Mod: Settings: Showing triggered pattern for WAF. (Only for the file upload check)
Mod: Notification about blocked file added to upload.php page.
Security functions improved.
Minor fixes.

2.19 September 13 2018

Fix: Security FireWall update Improved.
Mod: Auto update function improved.
Minor fixes.

2.18.1 August 31 2018

Fix: Closing auto-update banner.
Fix: Vaultpress bad code detection.

2.18 August 30 2018

Fix: Infinite scanner work on PHP 7.
Fix: Link to auto-update function description.
Fix: Blocking the error message on Authorization page.
Fix: Security FireWall update.
Fix: Default setting "XSS check" in Web Application FireWall.
Fix: Malware Scanner: reduced false positives.
Fix: Complete deactivation option.
Mod: Detection of FireWall false positives connected with CDN cache.

2.17 August 22 2018

Fix: "Replace with original file" now deletes entry in log.
Mod: Added hints to some table columns.
Mod: New Outbound links scanner.
Mod: More efficient notification at login page.
Mod: More detailed log in Security Firewall.
Minor error fixes.

2.16 August 8 2018

Fix: Blocking images from loading.
Fix: Modal window for "View bad code" action.
Fix: PHP warning on login page.
Mod: Disabling Traffic Control for logged in users.
Mod: Remove 'Send for analysis' action from Approved category.
Mod: Execution order raised.

2.15.1 July 27 2018

Fix: Web Application Firewall: False positives.

2.15 July 26 2018

Add: Must-Use plugin. Installation. Deinstallation.
Add: Web Application Firewall.
Add: XSS-atack detection module for WAF.
Add: SQL-injections detection module for WAF.
Add: Uploaded file checker module for WAF.
Add: Reason of blocking on the block page.
Improvement: Heuristic analysis + errors fix.
Improvement: Firewall immediate update for remote calls.
Fix: Issue with short php tags "<?".
Fix: Security issues.
Fix: Firewall update log functions.

2.14.1 July 17 2018

IP detection fixed and improved.

2.14 July 9 2018

Mod: Using plugins and themes hashes (better detection).
Mod: "Compromised" category is renamed to "Modified".
Mod: Heuristic is switched on by default.
Fix: Spelling.
Fix: Cloud Flare IP detection.

2.13 June 28 2018

Added: Approved category.
Added: Async Security Firewall update.
Fix: WPMS: Empty Traffic Control log.
Fix: IPv6 normalization in x-forwarded-for and x-real-ip headers.
Plenty of minor fixes.

2.12 June 4 2018

Add: Malware Scanner: Quarantine function.
Add: Malware Scanner: Action's warnings.
Add: Links Scanner: Cloud integration.
Minor bug fixes.

2.11 May 28 2018

Fix: Scanner: Dir exceptions.
Fix: Scanner: File actions.
Fix: Scanner: Layout.
Mod: Scanner: Mandatory check for files.
Add: GDPR compliance.

2.10.1 May 17 2018

Fix: Error for old PHP versions.

2.10 May 16 2018

New: Links scanner checks links for spam activity.
New: Resigned settings tabs.
Fix: Scanner memory usage significantly decreased.
Fix: Update system.
Minor fixes.

2.9 April 24 2018

Mod: SQL-injection search.
Fix: IP detection. PHP Warning.
Fix: Empty username in security log.
Fix: Possible SSL error.

2.8.3 April 6 2018

Fix: IP detection and PHP Warnings.

2.8.2 April 6 2018

Fix: Bad IP addresses in security log.

2.8.1 April 5 2018

Fix: For servers without Apache.
Fix: Links scanner. Scanning always will be performed completely.

2.8 April 4 2018

Fix: Spelling and layout.
Fix: False allow_url_fopen error.
Modification: IPv6 Support.
Modification: Trusted networks support.
Modification: Links scanner accelerated.
Minor error fixes.

2.7 March 22 2018

Fix: Few PHP Notices.
Fix: Spelling and layout.
Fix: Decreased amount of false positives in Malware Scanner. Security scanner improved.
Fix: WPMS - errors messages in settings on secondary website.
Minor error fixes.

2.6.2 March 12 2018

Fix: Cron loop.

2.6.1 March 8 2018

Fix: PHP Notices.

2.6 March 7 2018

New: Autoupdate functionality.
New: Advanced error reporting system.
Scanner: Scanning with allow_url_fopen disabled.
Scanner: Precision improved.
Scanner: Complete scanning in background mode.
FireWall: Improved IP detection.
Improvings: Security and reliability.
Minor fixes.

2.5 February 19 2018

New: Heuristic scan.
New: Plugins and themes scan.
Scanning quality improved.
Layout fixes and improvements.
Minor fixes.

2.4 February 6 2018

Minor fixes.
Outbound links scanner.
Security scanner improvements.

2.3 January 16 2018

Fix: Spelling.
Fix: Decreased CPU load for some cases.
Fix: Security scanner status.
Interface: Showing more info on Traffic Control tab, added links to control IP-addresses.

2.2.1 December 26 2017

Fix: Security FireWall IP detection improved.

2.2 December 20 2017

Improvements: Security scanner.
Fix: Issue with periodically scan.
Minor error fixes.

2.1 December 13 2017

Errors detection improved.
Security functions improved.
Cron updated.
Minor error fixes.

2.0.1 December 5 2017

Minor error fixes.
Layout fixes.
Improved security scanner logic.

2.0 December 4 2017

Added Malware Scanner.
Error fixes.
Improved update logic.

1.29.1 November 27 2017

Error fix.

1.29 November 23 2017

Security improvements.
Error fixes.

1.28 November 8 2017

Security firewall fixes.

1.27 November 3 2017

Improved security logs displaying.
Fixed issue with DB errors.
Many other small fixes and improvements.

1.26 October 16 2017

Fixed issue with high CPU load.
Some small fixes for WPMS.
Security functionality improved.

1.25 October 2 2017

Recognizing real IP when using Cloudflare CDN.
Admin notices and displaying fixes for WPMS.
Minor fixes.

1.24 September 20 2017

Fix for Security Firewall under Worpdress Multisite with inherited access key.
Traffic Control log is now been updated automatically.
Minor fixes.

1.23 September 15 2017

Security Firewall updated.
Fixed an issue with FireWall whitelist.
Fixes for WPMS.

1.22 August 31 2017

Major fix for Wordpress Miltisite functionality.
Improved security functionality.
Minor fixes.

1.21.1 August 24 2017

Last actions to view 20.

1.21 August 24 2017

Added "Set cookies" setting.
Added Traffic Control feature.
Optimization.
Fixes for the cron jobs.

1.20.2 July 7 2017

Fix the daily report sending function.

1.20.1 July 5 2017

Minor fixes.

1.20 July 3 2017

Fixes for cron system.
Some small fixes.
Stability and security were improved.

1.19 June 15 2017

Added the secured tasks running system (cron) instead of using wp_cron.

1.18 June 7 2017

Security settings have been redesigned.

1.17 May 24 2017

Improved security functions.
Sending protected URL and other info to the cloud.

1.16 May 16 2017

Small security fixes.
Blocking page cache issues fix.

1.15 April 24 2017

Small security fixes.
Translation fix.

1.14 April 13 2017

Major fix for Security FireWall.
Translation fix.
Changes for settings screen (Support button added).
Improved performance.

1.13 April 5 2017

Fix for 'Let them know about security protection' option.
Minor fixes to improve security logic.
Added 'Complete deactivation' option.

1.12 March 30 2017

Major fix for security firewall.
Small fixes for settings page.
Fixed WPDB Warnings for new users.
'Complete deactivation' option was added.

1.11.1 March 24 2017

Fixed issue with database prefix.
Small fixes to improve security logic.

1.11 March 23 2017

Security has been improved. Added email notifications to account owner about superuser login to WordPress backend.
Brute force protection logic has been updated.

1.10.1 March 17 2017

Fixed issue with exit() statement.

1.10 March 17 2017

Improved anti brute force protection. An anti brute force notice has been added on sign in form.
Fixed logic to process remote calls.
Small fixes to improve security logic.

1.9.6 March 14 2017

Fixed anti brute force logic to avoid issue with emails scanning.
Small fixes to improve security logic.

1.9.5 March 7 2017

Database fix (support DB prefix with digits).
Fix for admin notices.
Small fixes to improve security logic.

1.9.4 March 2 2017

Small fixes (WPMS settings logic, FireWall).
Added option for notification on login page.
Small fixes to improve security logic.

1.9.3 February 28 2017

Packets SQL requests for FireWall updates.
Small fixes (User token gaining)
Notification changes

1.9.2 February 16 2017

Bug fixes.
Automatic FireWall update time increased to 1 day.

1.9.1 February 8 2017

Minor bug fixes.

1.9 January 26 2017

Added new feature Security FireWall.
Common optimization.
Minor bug fixes.

1.8.2 January 16 2017

Cron hooks fix

1.8.1 December 29 2016

Translation fix

1.8 December 23 2016

Fixes for settings page.
Showing last logs sending time in settings.

1.7.2 December 19 2016

Fixed issue with logging for brute-force attacks.

1.7.1 December 13 2016

Fix for translation system.
Added Russian language support.
Minor fixes.

1.7 December 12 2016

Added support for WPMS.
Personal log possibility for each website.
Translation system attached.
Varnish extension compatibility.

1.6.1 November 29 2016

Fixed error for some PHP versions.

1.6 November 29 2016

Cloud service API key.
Cloud service dashboard.
Logs are stored in Cloud.
Protection status.
Code optimization.

1.5.2 November 16 2016

Fixed conflict with CleanTalk Anti-spam plugin.

1.5.1 November 14 2016

Fixed and improve log.
Fixed database error.
Changed update logic.

1.5 November 13 2016

Logging viewed admin's page.
Counting viewed time.

1.4.3 November 2 2016

Fixed issue with Security report. On some hostings the report couldn't be send by WP Cron because of PHP Fatal error with spbc_report_country_part().

1.4.2 October 20 2016

Improved the Security log. The new version includes brute force attacks to find WordPress accounts.
Applied changes to localize the plugin via Translating WordPress.org.
Minor backend fixes.

1.3.1 September 29 2016

Fixed issue with PHP 5.2 and Security reports.
Fixed issue with WordPress notice after plugin activation.

1.3 September 20 2016

Added a log of last 20 events (login, logout, auth failed and etc.) in WordPress backend to the plugin settings.
Added WP cron call for every auth_failed event. This fix has been made to avoid issue with missed Daily security reports on low visited web sites.

1.2.3 September 14 2016

Added a country name in the Daily report for each IP address in the list of Brute-Force attacks.
Minor changes with WP Cron integration.

1.2.1 September 5 2016

Fixed issue with Daily security report. Previous version (1.2) didn't send the report.

1.2 September 2 2016

Added Daily security report. The report includes list of Brute-force attacks or failed logins and list of successful logins.

1.1.1 August 29 2016

Removed some statement to debug the plugin.

1.1 August 29 2016

Added 10 seconds delay for a failed attempt if more then 5 failed attempts have been made for past 1 hour.

1.0.1 August 24 2016

Minor fix.

1.0 August 19 2016

First release with anti brute force hacks protection.

Security & Malware scan by CleanTalk

标签

下载

详情介绍:

屏幕截图:

升级注意事项:

更新日志: