Security & Malware scan by CleanTalk

Descripción

Características de seguridad

  • Security FireWall to filter access to your site by IP, Networks or Countries
  • Web Application Security Firewall
  • Escáner de malware de seguridad con funciones antivirus
  • Daily auto malware scan
  • Detiene los ataques de fuerza bruta para hackear contraseñas (similar a Fail2ban)
  • Detiene ataques de fuerza bruta para encontrar cuentas de WordPress (como Fail2ban)
  • Limitar intentos de inicio de sesión
  • Security Protection for WordPress login form
  • Security Protection for WordPress backend
  • Informe diario de seguridad al correo electrónico
  • Security audit log
  • Security Real-time traffic monitor
  • Comprobando enlaces salientes
  • Two Factor Authentication
  • Sin malware, sin penalizaciones de Google. Obtén un impulso para tu SEO.
  • Custom wp-login URL
  • Notifications of administrator users authorizations to your website
  • Backend PHP logs
  • Hide Login Default Login Page

CleanTalk is a Cloud security service that protects your website from online threats and provides you great security instruments to control your website security. We provide detailed security stats for all of our security features to have a full control of security. All security logs are stored in the cloud for 45 days.

Security FireWall by CleanTalk is a free plugin which works with the premium Cloud security service cleantalk.org. This security plugin as a service https://en.wikipedia.org/wiki/Software_as_a_service.

El malware siempre se convierte en un dolor de cabeza para los propietarios de sitios. Si no compruebas periódicamente si hay malware, podrá funcionar de forma insensible durante mucho tiempo y dañar tu reputación. Si previenes los ataques de malware antes de que ocurran, podrás ahorrar recursos.

What is malware and why does it matter to your business? Malware is malicious code that performs actions for hackers. If your site has been infected with malware it will be able a problem for customer trust and their personal details. First, you need to scan your site to confirm the malware exists. The next step you should fix all files with malware.

Limit Login Attempts

Limitar intentos de inicio de sesión – es parte de la protección contra ataques de fuerza bruta y el cortafuegos de seguridad.

Security Firewall has a limit for requests to your website (by default 1000 requests per hour, so you can change it) and if any IP exceed this threshold it will be added to security firewall for next 24 hours. It allows you to break some of the DDoS attacks.

Brute Force Protection

It adds a few seconds delay for any failed attempt to login to WordPress admin area. WordPress Security & Firewall by CleanTalk makes access to your website more secure. Service will check your security log once per hour and if some IP’s have 10 and more attempts to log in per hour, then these IP’s will be banned for next 24 hours.

Security Audit Log keeps track of actions in the WP Dashboard to let you know what is happening on your blog.
With the Security Audit Log is very easy to see user activity in order to understand what changes have done and who made them.
Security Audit Log shows who logged in and when and how much time they spent on each page.

Security Traffic Control

CleanTalk security Traffic Control will track every single visitor no matter if they are using JavaScript or not and provides many valuable traffic parameters.

Another option in Security Traffic Control – «Block user after requests amounts more than» – blocks access to the site for any IP that has exceeded the number of HTTP requests per hour. If this number of requests will be exceeded, this IP will be added to the Security FireWall Black List for 24 hours.

Security Firewall

To enhance the security of your site, you can use the CleanTalk Security FireWall, which will allow you to block access by HTTP/HTTPS to your website for individual IP addresses, IP networks and block access to users from specific countries. Use personal BlackList to block IP addresses with a suspicious activity to enhance the WordPress security.

Security FireWall may significantly reduce the risk of hacking and reduces the load on your web server.

Seguridad de CleanTalk es completamente compatible con los servicios VPN más populares. Además, la seguridad de CleanTalk es compatible con todos los motores de búsqueda, como Google, Bing, Yahoo, Baidu, MSN, Yandex, entre otros.

Security Malware Scanner

Analiza los archivos de WordPress en busca de archivos o código pirata.

Security Malware Scanner runs manually in the settings. All of the results will send in your Security CleanTalk Dashboard with the details and you will be able to investigate them and see if that was a legitimate change or some bad code was injected.

CleanTalk Antivirus protects your website from viruses and deletes infected code from files. Antivirus scans not only WP core, it will check all of the files on your WordPress. Heuristics antivirus scan allows finding malware/viruses code by bad php constructions.

CleanTalk Security has a «Feedback System» for analyzing suspicious files. This is the client-server feature in CleanTalk Security that allows sending suspicious files from the WordPress backend to CleanTalk cloud.

Security Malware Scanner shows a list of suspicious files and you can view code that was indicated as bad. If you don’t have programming experience and don’t know, is there security issue or not, you will be able to send some files to CleanTalk and we will check them for malware code. After checking we will send you an email notification with results, is there viruses or not.

Every day, CleanTalk Security Malware Scanner will check new files and files that have been changed from the last scanning.

Please, look at our guide How malware file analysis works.
About Scanner Feedback System

Comprobación heurística de malware de seguridad

This option allows you to check files of plugins and themes with heuristic analysis. Probably it will find more than you expect.

Escáner de malware de seguridad para detectar inyecciones SQL

The CleanTalk Security Malware Scanner allows you to find code that allows performing SQL injection. It is this problem that the scanner solves.

CleanTalk Web Application FireWall for WordPress Security Plugin

The main purpose of Security Web Application FireWall is to protect the Web application from unauthorized access, even if there are critical vulnerabilities.

Security Web Application FireWall catches all requests to your website and checks HTTP parameters that include: SQL Injection, Cross Site Scripting (XSS), uploading files from non-authorised users, PHP constructions/code, the presence of malicious code in the downloaded files.

Además de una seguridad de la información efectiva y de las aplicaciones de seguridad de la información, es necesario conocer la calidad de la protección. Seguridad de CleanTalk registra todas las solicitudes bloqueadas, lo que te permite conocer y analizar información precisa. Puedes ver los registros de seguridad de CleanTalk en tu panel de control. https://cleantalk.org/my/logs_firewall

El Cortafuegos de Aplicaciones Web Seguridad de CleanTalk para WordPress es la defensa proactiva contra vulnerabilidades conocidas y desconocidas para prevenir ataques en tiempo real.

Learn more how to set up and test
About Security Web Application Firewall

Improve your website security with Two Factor Authentication

It requires a bit of your time but Two Factor (2 Step) Authentication immediately gives a much higher level of security.

With your first authorization, the CleanTalk Security plugin remembers your browser and you won’t have to input your authorization code every time anymore. However, if you started to use a new device or a new browser then you are required to input your security authorization code. CleanTalk security plugin will remember your browser for 30 days.

Cambiar la URL de la página wp-login

This option helps you change the default wp-login URL. Hackers use scripts for massive brute-force attacks, and since most sites use a default login page URL, hackers configure scripts for such URLs. When you change the URL of the authorization page, hackers will not have the opportunity to perform brute-force attacks in scripts in automatic mode.

To enable the option, go to the WP Dashboard plugin settings -> Settings -> Security by CleanTalk -> General Settings and check box Change address to login script. Then add a new URL and click Save Settings.
This option does not change files and does not rewrite URLs in system files. To return the address of the default authorization page, it is enough to disable the option in the plugin settings or set a new value.

If you are using caching plugins, then you need to add a new authorization page in the caching exceptions.

¿Puedo usar CleanTalk Security y Wordfence juntos?

Claro, puedes utilizar CleanTalk Security y Wordfence. Muy a menudo, nuestros clientes nos preguntan si habrá algún conflicto entre CleanTalk y Wordfence. Hemos probado CleanTalk Security y Wordfence trabajando juntos, y funcionan sin ningún conflicto.

Email Notifications when administrators are logged in

We added this option to our security plugin. Now you can receive notifications if you want to know about an unauthorized entrance to your WP Dashboard.

Notification will be sent only when a user was able to authorize entering login and password. If you are logged into the admin panel from the saved session, then the alert won’t be sent.

You can enable the option “Receive notifications for admin authorizations in your CleanTalk Dashboard. Choose “Site Security” in the “Services” menu, then click “Settings”.

Can CleanTalk Security protect from DDoS?

Security FireWall can mitigate HTTP/HTTPS DDoS attacks. When an intruder makes GET requests to attack your website, Security FireWall blocks all requests from bad IP addresses. If your website under DDoS attack you will be able to add IPs to your personal BlackList to block all Post and GET requests.

`Send additional HTTP headers` option

There are several additional http-headers which added to the every http-requests by the plugin if this option is enabled:
– «X-Content-Type-Options» improves the security of your site (and your users) against some types of drive-by-downloads.
– «X-XSS-Protection» header improves the security of your site against some types of XSS (cross-site scripting) attacks.
– «Strict-Transport-Security» response header (often abbreviated as HSTS) informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS.
– «Referrer-Policy» make the Referer http-header transferring more strictly.

File System Watcher feature

File system Watcher monitors changes in the file system. This allows to quickly respond to a site infection by tracking which files were affected. The Watcher makes file system snapshots as often as one hour and show difference up to seven days time frame.

Capturas

  • Firewall log tab. The log includes detailed info about each of visitor that reached the site and his firewall check status. Also show Traffic Control activity for the user.
  • Security Log tab. The log includes list of Brute force attacks or failed logins and list of successful logins for up to 45 days. The plugin keeps the log on CleanTalk servers to make the log not accessible for hackers.
  • General settings tab. Here you can manage all the plugin settings.
  • General settings - authentication and log in. Here you can manage Brute-Force protection, 2FA auth and change login URL.
  • General settings - firewall. Here you can manage Firewall modules and Traffic Control settings.
  • General settings - scanner. Here you can manage automatic scanner start, types of checks, directories exclusions for scanner and enable important files monitoring.
  • General settings - admin bar. Here you can set behavior of admin bar module.
  • Barra de administración. Cómo se ve el módulo de la barra de administración.
  • General settings - trusted text. Here you can manage your affiliate links and trusted text shown for visitors.
  • Texto confiable. Cómo se ve el texto confiable.
  • Malware scanner tab. Here you can scan all WordPress files for malicious and suspicious code and see the result.
  • Resultados del escáner de malware - Críticos. Hay una lista de archivos que contienen código peligroso o firmas de malware.
  • Resultados del escáner de malware - Sospechosos. Hay una lista de archivos que contienen código sospechoso.
  • Resultados del escáner de malware - Aprobados. Hay una lista de archivos que fueron aprobados por el usuario, el análisis en la nube o el equipo de CleanTalk.
  • Resultados del escáner de malware - registro de análisis. Hay una lista de los archivos que se enviaron para el análisis del escáner de malware en la nube y su estado.
  • Resultados del escáner de malware - desconocidos. Hay una lista de archivos que no contienen malware, pero no forman parte del núcleo de WordPress ni de los plugins/temas.
  • Resultados del escáner de malware - Curados. Hay una lista de archivos que han sido curados automáticamente.
  • Malware scanner results - frontend malware. There is a list of frontend pages that contains malicious HTML/JavaScript code.
  • Resultados del escáner de malware - Permisos inseguros. Hay una lista de archivos a los que un hacker podría acceder debido a la configuración de permisos inseguros.
  • Malware scanner results - file monitoring. There is a list of important files and their snapshots. You can use this to know if they were changed.
  • Malware scanner results - snapshot. How the important file snapshot looks.
  • Resultados del escáner de malware - Informe PFD. Aspecto del informe en PDF de los resultados del escáner.
  • Interfaz de copias de seguridad. Aspecto de la interfaz de copias de seguridad.
  • Summary tab. The general info about the plugin state.
  • Interfaz de plantillas. Utilizando esta interfaz, puedes aplicar la configuración de otro sitio de tu cuenta CleanTalk o de una plantilla guardada anteriormente.
  • Ejemplo de página de bloqueo - Cortafuegos. Si la dirección IP del visitante está en una lista de redes peligrosas o está en la lista negra personal, verá esta pantalla.
  • Ejemplo de página de bloqueo - XSS. Si el visitante intenta implementar XSS, verá esta pantalla.
  • Ejemplo de página de bloqueo - SQL. Si el visitante intenta realizar una inyección SQL, verá esta pantalla.
  • Ejemplo de página de bloqueo - Ataque de fuerza bruta. Si el visitante intenta usar credenciales incorrectas varias veces, verá esta pantalla.
  • Ejemplo de página de bloqueo - Control de tráfico. Si el visitante ha solicitado páginas del sitio con demasiada frecuencia, verá esta pantalla.
  • File System Watcher tab. File System Watcher interface.

FAQ

¿Por qué me atacan?

Hackers want to get access to your website and use it to get backlinks from your site to improve their site’s PageRank or redirect your visitors to malicious sites or use your website to send spam and viruses or other attacks.These attacks can damage your reputation with readers and commentators if you fail to tackle it. It is not uncommon for some WordPress websites to receive hundreds or even thousands of attacks every week. However, by using the Security CleanTalk plugin, all attacks will be stopped on your WordPress website.

How to install the plugin?

Installing the plugin is very simple and does not require much time or special knowledge.

Instalación manual

  1. Descarga la última versión en el disco duro de tu ordenador,

https://downloads.wordpress.org/plugin/security-malware-firewall.zip

  1. Go to your WordPress Dashboard->Plugins->Add New->Upload CleanTalk zip file.

  2. Click Install Now and Activate.

  3. After activated, go to plugin settings. Then you will need to create an API key, this is done automatically for you. Just click on «Get access key automatically»

Installation completed successfully.

Instalación desde el directorio de wordpress.org

  1. Navigate to Plugins Menu option in your WordPress administration panel and click the button «Add New».

  2. Type CleanTalk in the Search box, and click Search plugins.

  3. When the results are displayed, click Install Now.

  4. Select Install Now.

  5. Then choose to Activate the plugin.

  6. After activated, go to plugin settings. Then you will need to create an API key, this is done automatically for you. Just click on «Get access key automatically»

Installation completed successfully.

¿Cómo probar el servicio de seguridad?

Please use the wrong username or password to log-in to your WP admin panel to see how the Security Plugin works. Then you may log-in with your correct account name and see the logs for the last actions in the settings or our plugin. Also, Audit Log will display the last visited URL’s of the current user.

Is the plugin compatible with WordPress MultiUser (WPMU or WordPress network)?

Yes, the plugin is compatible with WordPress MultiUser.

How to control security activities on your website?

Ve a tu cuenta CleanTalk->Iniciar sesión. Utiliza filtros para ordenar datos para análisis.

Los registros de seguridad le permiten recibir y conservar información durante 45 días. Tienes las siguientes posibilidades:
1. Período de tiempo para todos los registros que deseas ver.

  1. Website for which you want to see security records. Leave the field empty to see security records for all websites.

  2. Elige un evento que quieras ver:

    • Authorization Login — all successful logins to your website.
    • Autorización de cierre de sesión — todas las sesiones cerradas.
    • Authorization Invalid username — login attempts with not existing username.
    • Authorization Auth failed — wrong password login attempts.
    • Audit View — records of actions and events of users in your website backend.
  3. Búsqueda de registros por dirección IP.

  4. Búsqueda de registros por país.

Hay fecha y hora de los eventos para cada registro, nombre de usuario que realizó una acción y su dirección IP (país). Cómo utilizar el registro de seguridad https://cleantalk.org/help/Security-Log

Is it possible to set custom email for notification?

Sí, es posible. Ve a tu cuenta CleanTalk->Cambiar correo electrónico https://cleantalk.org/my/change-email

¿Por qué necesitas una clave de acceso?

Access Key allows you to keep statistics up to 45 days in the cloud and different additional settings and has more possibilities to sort the data and analyses. Our plugin evolves to Cloud Technology and all its logs are transferred to Cloud. Cloud Service takes data processing and data storage and allows to reduce your webserver load.

How to use Security Log

  • First go to your Security Dashboard. Choose «Site Security» in the «Services» menu.
    • Then go to your Security Log.

Tienes las siguientes posibilidades:

  • Período de tiempo para todos los registros que desea ver.
  • Website for which you want to see security records. Leave the field empty to see security records for all websites.

Elige un evento que quieras ver:

  • Authorization Login — all successful logins to your website.
  • Autorización de cierre de sesión — todas las sesiones cerradas.
  • Authorization Invalid username — login attempts with not existing username.
  • Authorization Auth failed — wrong password login attempts.

Audit View — records of actions and events of users in your website backend.

  • Búsqueda de registros por dirección IP.
  • Búsqueda de registros por nombre de usuario.
  • Búsqueda de registros por país.

Lista de registros. Cada registro tiene las siguientes columnas:

  • Fecha — fecha en la que se produjo el suceso.
  • Registro de usuarios — quién ha realizado las acciones.
  • Evento — lo que ha hecho.
  • Status — was he Passed or Banned.
  • IP — su dirección IP.
  • País — a qué país pertenece esa IP.
  • Detalles — algunos detalles si están disponibles.

Por favor, lee más
https://cleantalk.org/help/Security-Log

If you wish to block some countries from visiting your website, please, use this instruction: https://cleantalk.org/help/Security-Firewall

How to use Security Firewall

First go to your Security Dashboard. Choose «Site Security» in the «Services» menu. Then press the line «Black&White Lists» under the name of your website.

You can add records of different types to your black list or white list:

  • Direcciones IP (Por ejemplo 10.150.20.250, 10.10.10.10)
  • Subredes (Por ejemplo 10.150.20.250/24, 10.10.10.10/8)
  • Countries. Click the line «Add a country» to blacklist or whitelist all IP-addresses of the chosen countries.

The records can be added one by one or all at once using separators: comma, semicolon, space, tab or new line. After filling the field press the button «Whitelist» or «Blacklist». All added records will be displayed in your list below. Please note, all changes will be applied in 5-10 minutes.

Por favor, lee las instrucciones completas aquí
https://cleantalk.org/help/Security-Firewall

How to test Security Firewall?

  1. Abre otro navegador o entra en el modo incógnito.
  2. Type address YOUR_WEBSITE/?security_test_ip=ANY_IP_FROM_BLACK_LIST
    2.1 Address 10.10.10.10 is local address and it’s in blacklist constantly. So address YOUR_WEBSITE/?security_test_ip=10.10.10.10 will works everytime.
  3. Asegúrate de haber visto la página con el mensaje de bloqueo.
  4. FireWall works properly, if it is not, see item 4 of the list.

¿Cómo funciona el escáner de malware?

Malware scanner will check and compare with the original WP files and show you what files were changed, deleted or added. Malware scanner could be used to find an added code in WP files. On your Malware Security Log page, you will see the list of all scans that were performed for your website. The CleanTalk Cloud saves the list of the found files for you to know where to look them for.

¿Cómo iniciar el escáner de malware?

At the moment malware scanner may be started one time per day and manually.
To start malware scanner go to the WordPress Admin Page —> Settings —> Security by CleanTalk —> «Malware Scanner» tab —> Perform Scan.
Give the Malware Scanner some time to check all necessary files on your website.

¿Es gratis o de pago?

The plugin is free. But the plugin uses CleanTalk cloud security service. You have to register an account and then you will receive a free trial to test. When the trial (on CleanTalk account) is finished, you can renew the subscription for 1 year or deactivate the Security by CleanTalk plugin.
If you haven’t got access key, the plugin will work and you will have logs only on the plugin settings page for last 20 requests.

¿Qué sucede una vez finalizado el período de prueba?

The plugin will fully perform its functions after the end of the trial period and will protect your website from brute force attacks and will keep Action Log in your WP Dashboard, but the number of entries in the log will be limited to the last 20 entries/24 hours. Also, you will receive a short daily security report to your email.

Premium version allows to storage all logs for 45 days in the CleanTalk Dashboard for further analysis.

Seguridad de fuerza bruta para WordPress

El ataque de fuerza bruta es una búsqueda exhaustiva de contraseñas para obtener acceso completo a una cuenta de administrador. Las contraseñas no son la parte difícil para los piratas informáticos, teniendo en cuenta la cantidad de variantes de contraseñas enviadas por segundo y la gran cantidad de direcciones IP.

Brute force attack is one of the most security issues as an intruder gets full access to your website and can change your code. Consequences of these break-ins might be grievous, your website could be added to the [botnet] and it could participate in attacks to other websites, it could be used to keep hidden links or automatic redirection to a suspicious website. Consequences for your website reputation might be very grievous.

Why is the CleanTalk Security Plugin Added to the Must Use Section?

This is required for the Security FireWall to function properly. Plugins that are placed in this section are being launched first, so it is very important that the Security FireWall is launched before any plugins and hooks. Thus, hacker requests will be stopped before they can get access to any site code.

Reseñas

8 de marzo de 2024 1 respuesta
CleanTalk support staff always are quick with responses and with their actions. Because my problems are multilayered in nature I need as much help as I can get. So it is important to get the constant feedback that Serge, Dmitry and their team provides
7 de marzo de 2024 1 respuesta
I am forever grateful to the creators of this plugin! Especially Tech. support. I recommend to all! The protection is real.
19 de febrero de 2024 1 respuesta
I had a big problem for months with code getting injected into my website was driving me crazy using the highest rated plugin, i had to fix this so tried the clean talk plugin and ℹ couldn’t believe but it cleaned it stopped it full time! it found strange file so i talked support the issue was fixed instantly absolutely brilliant support! I have to say you saved me a wordpress reinstall!! 12 out of 10 guys 👍
19 de febrero de 2024 1 respuesta
Love this plugin. CleanTalk has done it again. Originally started with the Anti Spam which is remarkable and when they came out with Security and Malware gave it a try and soon switched all of my sites to it.
17 de febrero de 2024 1 respuesta
Very happy with the timely response by the agent. I feel better knowing there's someone at the other end even on weekends. Great protection and stats.
15 de febrero de 2024 1 respuesta
Наверно, лучшая защита сайтов, так как другой не пользовался, но меня полностью устраивает. Техподдержка тоже на высоком уровне. Probably the best site protection, since I haven't used another one, but it suits me completely. Technical support is also at a high level.
Leer todas las 300 reseñas

Colaboradores y desarrolladores

«Security & Malware scan by CleanTalk» es un software de código abierto. Las siguientes personas han colaborado con este plugin.

Colaboradores

«Security & Malware scan by CleanTalk» está traducido en 4 idiomas. Gracias a los traductores por sus contribuciones.

Traduce «Security & Malware scan by CleanTalk» a tu idioma.

¿Interesado en el desarrollo?

Revisa el código , echa un vistazo al repositorio SVN o suscríbete al registro de desarrollo por RSS.

Registro de cambios

2.130 Mar 12 2024

  • Mod. UploadChecker. Now user can proceed the module installation even if got warning from the UploadChecker.
  • Mod. Outbound links accordion. Layout refactored.
  • Mod. Vulnerability Alarm. Run request to research.cleantalk.org after any plugin installation.
  • Fix. Scanner. Heuristic scan by mathematics module fixed.
  • Fix. Code. Common lib cleantalk/spbct-heuristic-analyser updated.
  • Fix. Scanner. Auto scan scheduling fixed.
  • Fix. Frontend scanner. Sending logs. Bad encoding cases handled. Log record keys number fixed.

2.129 Feb 26 2024

  • Upd. Scanner accordions. Text and HTML updated.
  • Upd. Vulnerability alarm. Added check to install and update process.
  • Upd. FSWatcher. Refactoring settings, add file view, fix dates format.
  • Upd. Heuristic. Removed checking inline js.
  • Fix. Vulnerability alarm. Unexpected type of plugin data handled.
  • Fix. HTTP. Request. Fixed socket error handling.
  • Upd. Debug call. Added las scan result. Connection check skipped if no get param «do_test_connection» added.
  • Fix. Cron. Scanner background. Transaction parsed. Cron «scanner_launch» update implemented instead of adding new.
  • Upd. SecFW. Added ipv6 count to summary.
  • Fix. Settings. 2FA option fixed.
  • Fix. CDNheaders. Check type of stored serialized value before unserialize.
  • Fix. Get CMS hashes. Preventing errors of other actions for hook «plugins_api».
  • Upd. Heuristic. Skipping svg in long line check.
  • Fix. Vulnerability alarm. Checking installed plugins fixed.
  • Fix. Schema. Redundant columns analysis_status and analysis_comment removed.
  • Fix. FS Watcher. FS Watcher description fixed.
  • Fix. Scanner. Default service data State fixed.
  • Fix. Vulnerability alarm. Skip saving apps info without versions.
  • Fix. Scanner. Frontend malware accordion fixed.
  • Fix. CDNHeadersChecker. Run 1m cron instead of immediate run on settings save.

2.128.1 Feb 21 2024

  • Fix. Test connection. Do not check response code on testing connection.
  • Fix. Common. Redundant expression removed.

2.128 Feb 12 2024

  • New. Calling cloud user_data_update during dismissing review notice.
  • New. System plugins. Vulnerability alarms implemented.
  • Fix. Settings. Show stored IPs count in the summary block.
  • Upd. SecFW. Switch to direct update if updating is freezing.
  • Upd. Scan. Auto send suspicious files.

2.127 Jan 29 2024

  • New. File System Journal feature implemented.
  • New. CodeStyle. Use new hasPHPOpenTags() to skip files with no actual PHP code.
  • Fix. Settings. Changed the period in the message
  • Fix. Auth. Change text.
  • Fix. Settings. Refactoring settings page
  • Fix. Scanner file send. Fix processing statuses if user has files that were send for analysis on old scanner versions.
  • Fix. 2FA. Show role Subscriber, correction of user data verification
  • Fix. Settings. Getting API key errors display.
  • Fix. FS Watcher. Selecting snapshots fixed.
  • Fix. Settings. ListTable unused attribute data-before removed.
  • Fix. Scanner. Suspicious items display fixed.

2.126.1 Jan 24 2024

  • Fix. UploadChecker good result now skipped from logging.
  • Fix. Common. Database tables prefix usage implemented.

2.126 Jan 16 2024

  • New. Firewall update. All queue stages is logged now.
  • New. Scanner results. Now all the heuristic fired files being suspicious instead of critical.
  • New. Scanner. Sends suspicious files to cloud report.
  • New. Feature. CDN headers self check implemented.
  • New. UploadChecker. Checking archive in media uploader.
  • Mod. Code. UploadChecker.php extracted from WAF module.
  • Mod. Settings. Remove button «Delete» from Approved files accordion.
  • Mod. SQL. IP networks separated to v4/v6 tables to reduce database size.
  • Fix. Settings. Changed the period in the message.
  • Fix. Accordions. Red dot status fixed.
  • Fix. Code. mergeWithSavingNumericKeysRecursive() fixed.
  • Fix. Code. File sending. Fix DTO and results merging.
  • Fix. Code. SQL request for pages selector.
  • Fix. Lib. Localization global style.
  • Fix. Lib. Change headers logic for adaptive tales.

2.125 Dec 18 2023

  • New. Activator class implemented.
  • New. Deactivator class implemented.
  • Upd. Heuristic. Add math module.
  • Upd. Code. Common lib (heuristic) updated.
  • Fix. Scanner. Undefined data key fixed.
  • Fix. Scan. Added check for signatures count.
  • Fix. Settings. Getting Access Key message fixed.
  • Fix. SecFW. FW results priority fixed.
  • Fix. PHP 8.2 deprecated notice fixed (creation of dynamic property ::cookie_domain)
  • Fix. PHP 8.2 deprecated notice fixed (creation of dynamic property ::data__set_cookies)

2.124 Dec 05 2023

  • Fix. Table cells popup of hidden long text – CSS fixed.
  • Actualizado. Control de trafico. Lógica TC actualizada.
  • Fix. FireWall. Statuses of the triggered networks displayed.
  • Actualizado. Escáner. Botón de curado manual implementado.

2.123 Nov 20 2023

  • Fix. Scanner. Files deletion. Comparison of site responses before and after actions added.
  • Fix. Heuristic. Command shell detection. Regex fixed.
  • Fix. Heuristic. Mathematics module fixed.
  • Fix. RenameLoginPage. Skip login renaming process for password-protected pages.
  • Fix. Integrations. Add Password-protected compatibility.
  • Fix. WafBlocker. Compatible with php8.
  • New. Scanner. Analysis bulk actions: deleting implemented.
  • Fix. Scan. Excluded invalid index.
  • Fix. Scan. Added retry for unstable connection.
  • Fix. SecFW. FireWall priority fixed.
  • Fix. Settings. Enqueue scanner-plugin.js script fixed.
  • Fix. Scan. Increasing amount dynamically.
  • Fix. Auth. Removed conflict with password protected pages.
  • Fix. Scan. Handling empty signature_found.
  • Upd. Settings. Additional headers IP getting option updated.
  • Mod. WAF blocker. New reason code «-10». New description for blocking page.

2.122 Nov 08 2023

  • New. Scan. Hashes blacklists.
  • New. FireWall. New module added: WAF Blocker.
  • Update. Scan. Keep surroundings code of FMS weak in db.
  • Fix. SecFW. Updated the launch rule on wpms.
  • Fix. RenameLoginPage. Skip login renaming process for password-protected pages.
  • Fix. RenameLoginPage. Skip login renaming process for password-protected pages.
  • Fix. Heuristic. Command shell detection. Regex fixed.

2.121 Oct 25 2023

  • Actualizado. Común. Obtener ip de recurso por opción.
  • Actualizado. Escáner. Oculta el listado de copias de seguridad y directorios de cuarentena.
  • Update. Scanner. Added check line length and mark of unreadable.
  • Update. Scanner. Shell commands detection updated.
  • Fix. Notice. Show review banner only administrator.
  • Fix. Helpers. Data. Ignore unlink warnings.
  • Fix. Scanner. Delete row from analysis log.
  • Fix. Settings. Additional exclusions ruleset fixes.

2.120 Oct 09 2023

  • Nuevo. Escáner. Envío automático de archivos críticos.
  • Nuevo. Escáner. Se implementó la detección de comandos de shell en comillas invertidas.
  • Nuevo. Escáner. Permitir enviar archivos desconocidos para su análisis.
  • New. General. New readme and screenshots.
  • Actualización. Signo del navegador. Lógica de creación de señales actualizada y recuento de dispositivos recordados.
  • Actualizado. Escáner. Los archivos PELIGRO se han trasladado al acordeón SOSPECHOSO.
  • Actualizado. Escáner. Mejorar la vista del código sospechoso.
  • Fix. Scanner. Request an audit button fixed.
  • Fix. Scanner. Analysis log fixed.

2.119 Sep 25 2023

  • Fix. Scan. Improve directory filter.
  • New. Admin. Dashboard widget implemented.
  • Fix. Settings. Description about additional headers has been updated.
  • Mod. Heuristic package update. System function shell_exec() now gains «critical» severity.
  • Fix. FireWall. BruteForce protection fixed.
  • Fix. Scanner. Ot extensions support added.
  • Fix. Scanner results. Approved category updated.
  • Fix. System function shell_exec() now gains «critical» severity.
  • Fix. AMP integration
  • Fix. Security log. Security logs description fixed.
  • Fix. Scanner. Disapproving files fixed.
  • Fix. Scanner. Remove disapproving button for approved by CT.

2.118 Sep 11 2023

  • Upd: Scan. Added .ott files for scanning.
  • Fixed spbc_scanner__get_cure_log_data()
  • New. Settings. Drop state data to defaults and remove all the cron tasks on empty key entered.
  • Fix. Extended search for malware with SQL quotes («).
  • Fix. From heuristic package. Entropy fix.
  • Fix to found superglobals in the code without semicolones
  • Empty key actions
  • Fixed Security Audit Banner, added this to Suspicious
  • Update. Firewall. Table save last 20 rows after send logs, instead of delete all.
  • Fix. Scanner. Unknown section fixed.

2.117 Aug 28 2023

  • New: Settings. Add ability to change admin email.
  • New: Heuristics. Detect super variables in the system commands.
  • New: Show different types of weakspots in severity order.
  • Upd: Scan. Find and show all malwares in Frontend Malware accordion.
  • Upd: Security. Improve security logs view.
  • Upd: Scan. Unset approved by ct status if no hash in list.
  • Upd: Scan. Added .otc files for scanning.

2.116 Aug 14 2023

  • New: WL. Added constants for custom description and FAQ link.
  • Fix: FW. Delete all lines after send fw logs.
  • Fix: WL. Support link in errors.
  • Fix: WL. Email 2FA fixed.
  • Fix: WL. Fixed block pages.
  • Fix: WL. There is no Templates if WL is active.

2.115 July 31 2023

  • New: Firewall. Protect login from brute force even if expired key.
  • New: Scanner. Added extensions to find malware.
  • Fix: Whitelabel. Added rules for check brand info.
  • Fix: Front Scanner. Fixed modal view suspicious code for drive by download malware.
  • Fix: General. Check response code on file delete.
  • Fix: Scanner. Bulk actions fixed and improved.
  • Fix: Scanner. Entropy analyse – Index invalid or out of range.
  • Ref: General. WP 6.3 compatibility. Fixed version checking before scanner run.
  • Ref: Rename login URl. For new instances default new login page rename.
  • Ref: Scanner. Accordeon fields custom length.

2.114 July 17 2023

  • New: Scanner. Added pop up with info how to fix file listening and unsafe permissions.
  • New: SecFW. Manage Firewall as option and refactored clear scanner logs button for admin access.
  • New: User can disable email notification on change login url.
  • Ref: General. HTTP lib refactoring.
  • Ref: Settings. Added spbc__get_exists_directories().
  • Fix: Scan. Fixed count outbound links.

2.113 July 03 2023

  • Ref: Update. Scanner. Remove green dot and fix typo.
  • Ref: Update. Scanner. Added bulk actions for frontend malware and fix tabs view.
  • New: Implemented a file recovery mechanism.
  • Ref: Refactoring spbc_settings__field__draw().
  • Fix: Scanner. Shuffle salts suggestion after curing fixed.
  • Ref: Update. Scan. Removed duplicate of status in quarantine tab.
  • New: Scanner. Entropy analysis added.

2.112 June 19 2023

  • New: Scanner. Heuristic and signatures scanner libraries implemented.
  • Fix: Code. Auto Tests fixed.
  • Fix: Code. Auto Tests fixed.
  • Fix: Code. Travis config fixed.
  • Ref: Refactoring spbc_field_scanner__prepare_data__files().
  • Fix: Common. Checking ajax requests improved.
  • Fix: Common. Checking ajax requests fixed.
  • New: Code. Release notice automation added.
  • New: Cure Log – Cure action implemented
  • New: Important Files Monitoring.
  • Fix: Dashboard. Replaced wp_timezone_string to spbc_wp_timezone_string.

2.111 June 5 2023

  • New: PDF report. Cure log support.
  • Fix: Fixed trial banner.
  • Fix: Scanner PDF report. PHP 8+ compatibility.
  • New: Cure log implementation. Cure log PDF updates.
  • Mod: Added new Security license status.
  • Fix: Code. Code style fixed.
  • Fix: Settings. Firewall tab moved to the first spot.
  • Fix: Traffic control. Do not log TC records if user is skipped by a role.
  • Fix: Cookies. Unset spbc_is_logged_in cookie on logout hook.
  • Fix: Security logs. Do not send already sent logs on events.
  • Fix: File deletion. Cancel if file is required in PHP ini.
  • Mod: Frontend approved pages.
  • Fix: File replacement with original fix.
  • Mod: Analysis. Handled files can be deleted from analysis log.

2.110 May 22 2023

  • Fix: Scanner. Making verdict fixed.
  • Mod: Improved security log
  • Fix: MscanFilesDTO. Make weak_spots signs unique.
  • Fix: Scanner. Approved files will be check again if they were modified.
  • Fix: Settings. List unknown files is active for the new installations.
  • Fix: Trial expired. Remove forbidden error message in dashboard if trial expired.
  • Fix: File analysis. Approved files shown as approved in abnalysis log.
  • New: Firewall. Ipv6 handler implemented.
  • Ref: Settings. spbc_seconds_to_human_time refactored and docs added.
  • New: Remote calls. update_pscan_statuses

2.109.1 May 15 2023

  • Fix. Scanner. Heuristic logic fixed.

2.109 May 11 2023

  • Fix. Scanner. Improved heuristic.
  • Fix. Code. Created checkingSpecialDecryptedToken().
  • Fix. Code. Created FunctionsDecryptorService.
  • Fix. Scanner. Modified SQL for SUSPICIOUS results.
  • Fix. Firewall. Skip records with foud status 99.
  • Update. Whitelabel. Replace brand data to spbc->data.
  • Update. Scan. Add frontend malware send method to scanner queue.
  • Fix. White label. Some custom brand entries fixed.
  • Fix. WL mode. Affiliate section settings disable if the WL mode is active.

2.108.1 Apr 27 2023

Fix-release. Fixed error during tries to resend approved files.

  • Fix. Pscan. Now sends files correctly in case if file approved_by_ct.

2.108 Apr 24 2023

Cloud Malware Scanner (CMwS) implemented. Now suspicious files that sent for analysis will be checked via Cloud logic.

  • New. Cloud Malware Scanner (CMwS) implemented.
  • Fix. Firewall logs. IPv6 records now adds correct to the local database on feedback.

2.107 Apr 10 2023

Ready to apply settings template from CleanTalk dashboard, uploading files WAF check improved and heuristic scanner fix for Windows systems.

  • New. Settings. Plugin is ready to set a preset plugin settings template from the CleanTalk dashboard.
  • Mod. WAF. Uploading files. Check files with signature analysis in addition to heuristic analysis.
  • Fix. Scanner. Heuristic analysis. Files counting now works correctly on Windows systems.

2.106.1 Mar 30 2023

Fix release. Traffic control and Brute-Force protection now work and correct handle with IPV6 addresses.

  • Fix. TC & BFP database handling fixed.

2.106 Mar 27 2023

Tested with WordPress up to: 6.2, traffic control timing options updated and some minor fixes applied.

  • Mod. Tested WordPress up to: 6.2.
  • Mod. Traffic control. Changed time selector options.
  • Fix. Do not glue spbc dialog rows on bad code/file content preview.
  • Fix. WAF. Upload checker details area fixed.
  • Fix. Reduce firewall priority calculation cycle.
  • Fix. HTTP lib. WP 6.2+ supporting implemented.
  • Fix. Do not skip files analysis if aggregated size is overlimited.
  • Fix. Do not show suspicious files if they have been sent for analysis.
  • Fix. Heuristic. Unsetting verdict removed.

2.105 Mar 14 2023

Traffic control IP table fixed, JS files now scans via scanner, service post meta hiding, fix of timezone appearances and some other minor improvements.

  • Mod. Post meta. Hide post meta fields to prevent their display.
  • Mod. Scanner. Add js files to scan.
  • Fix. Lot of changes in timezones layout.
  • Fix. BFP. Remove outdated BFP code.
  • Fix. Traffic control. Cleaning TC table fixed.
  • Fix. Scanner. FilesystemIterator return .. and . begins with php8.2
  • Fix. Suspicious files now appears correct.

2.104 Feb 28 2023

Improved code style, fixed some bugs, added new functionality.

  • Fix: Heuristic. Variables execution fixed.
  • Fix: Scanner. Slicing tokens fixed.
  • New: Added SPBCT_ALLOW_CURL_SINGLE for frontend analysis.
  • Mod: Sending logs. Files curing result now sends to the cloud correctly.
  • Fix: Do not clear cured files array.
  • Mod: Banner on trial end. Banner is not dismissible on the SPBC settings pages.
  • Fix: Scanner. Added handler for errors caused third-party plugins.
  • Fix: 2FA. Corrected work to find the user account.
  • Fix: Scan. Commented decodeData method in heuristic class, because it’s unstable.
  • Fix: Firewall. Extend Helper\IP logic for x_real_ip, for handle ipv6 if there is ipv4 with stubs.

2.103 Feb 13 2023

Improved code style, fixed some bugs, added new functionality

  • Fix: Heuristic. De-obfuscated strings concatenation fixed.
  • Fix: TC. Traffic control checking logic simplified.
  • Fix: Check php_uname or PHP_OS is available. Prevent fatal error and do not allow start scanner if so.
  • Ref: All is_windows checks moved to SpbctWp/State.
  • Fix: Apply changes to parent method except WP specific.
  • Upd: Firewall. Rename firewall block status.
  • Upd: Firewall. Added column «requests per n minutes».
  • New: Scanner. Able to get a pdf version of scan log.
  • Mod: Added clearing of custom message from unallowed tags.
  • Fix: Fixed event_runtime.
  • Fix: Scanner. Scanner tab content layout fixed.
  • Fix: Scanner. Refresh scan info after scanning.

2.102 Jan 30 2023

Improved code style, fixed some bugs, added new functionality

  • Mod: Improved scan log.
  • Mod: Improved the mechanism for adding signatures to the database.
  • Fix: Scanner. Fixed final scan log array offset warning.
  • Fix: Collecting themes via themes_api instead of plugins_api.
  • Fix: Try to get firewall files hashes agagin before throw an error.
  • Fix: Scanner. Exclude approved files from send.
  • Fix: FW update. Now does not ignore networks with different statuses
  • Fix: Generate backups tab and link anyway.

2.101 Jan 16 2023

Improved code style, fixed some bugs, added new functionality

  • New: Logging of scanning stages
  • New: Settings. Brute force protection settings added.
  • New: Malware Scanner. Warn user on settings and admin bar if critical files or frontend malware found.
  • New: Malware Scanner. Warn user on settings and admin bar if critical files or frontend malware found.
  • Mod: Mscanner. Custom period autostart.
  • Mod: Red dot for malware scanner files list and admin bar
  • Mod: Log layout refactored.
  • Upd: Scanner. Added functionality of description for frontend results.
  • Upd: Settings. FW logs tab updated.
  • Ref: Log layout refactoring
  • Ref: Settings hints refactoring
  • Ref: «users online» name refactored to admins online
  • Fix: Scanner. Compelled refactoring from «Error Control Operators» to try-catch.
  • Fix: Admins online bar counter now count admin users only.
  • Fix: Autocure end condition fix.
  • Fix: Reverted previous fix, autocure result data moved to another condition.
  • Fix: Settings. Admin bar – extra attention marks removed.
  • Fix: Settings. Firewall tab – description updated.
  • Fix: Settings. Typo fixed.
  • Fix. Errors. Correction for resending to analysis error.
  • Fix. Query. WPMS stat.
  • Fix. Frontend query change.
  • Fix. SecFW. New statuses 99 implemented.
  • Fix. Code. Code style fixed.
  • Fix. Files listing. Display accessible files fixed.
  • Fix. Heuristic. Scanning process modified.

2.100 Dec 12 2022

Improved code style, fixed some bugs, added new functionality

  • New: Trusted text and affiliate settings.
  • New: Remote calls. Private records handler.
  • New: TC. New option added – exclude authorized user.
  • Mod: Frontend scanner. Getting content for scanning is asynchronous now.
  • Mod: Frontend scanner. Scan amount increased to 20.
  • Mod: Analysis log. Date format changed.
  • Mod: SFW. Checking hashes of uploaded files
  • Mod: Added anchors to navigate through the settings sections.
  • Fix: Variables. Cookies secure flag fixed.
  • Fix: Fixed Unsafe Permissions description
  • Fix: Login page. Warnings custom login url on php 8.
  • Fix: Zapier works with 2FA
  • Mod: Added a description to the analysis results

2.99 Nov 28 2022

Improved code style, fixed some bugs, added new functionality

  • Fix: WAF logs. Single quote escape during SQL write on WAF logs write.
  • Fix: WAF logs. Single quote escape enchance.
  • Ref: spbc_get_modules_by_type() – fixed getting Name
  • Ref: get_modules_hashes()
  • Mod: Admin page. Url is changed when switch tab, and added hotkey Ctrl+F5 for reload current tab.
  • Fix: HTTP lib. Response::runCallbacks method fixed.
  • Mod: Update. Frontend. Urls in text message render to links.

2.98 Nov 14 2022

Improved code style, fixed some bugs, added new functionality

  • Mod: the confirmation code length is 8 digits
  • Ref: Updated description for option SEND PHP LOG
  • Ref: Removed unused issueHandlers from psalm.xml
  • Ref: spbc_PHP_logs__detect_EOL_type()
  • Ref: Updated Website total files description
  • Ref: Removed HOST checking in spbc_scanner_page_view()
  • Fix: Frontend. Tooltip hide when mouseover
  • Fix: ScannerQueue. Class usage fixed.
  • Mod: Added description for file scan results

2.97 Oct 28 2022

Improved code style, fixed some bugs, added new functionality

  • Mod: Frontend scanner – exclude unmodified pages
  • Test: Compatibility tested up to WP 6.1
  • New: MScanFilesDTO class implemented.
  • Fix: Now correctly transfer number of core files and total count of files.
  • Fix: Scanner. Now run autocure even if has results of previous heuristic scan.
  • Fix: Surface scanner. Prevent type error if directory permission is restricted due surface scanning.
  • Fix: spbc_resend_failed_files_for_analysis. Text fixes.

2.96 Oct 17 2022

Improved code style, fixed some bugs, added new functionality

  • Fix: Improved code style, fixed some bugs
  • Fix. Use wp_send_json() instead die(json_encode(…))
  • Mod: Added bulk action for Deleting into Analysis log
  • Mod: Unsafe Permissions – Checking permission to access important files and folders
  • Fix: spbc_resend_failed_files_for_analysis()
  • Fix: RC. Update settings remote call fixed
  • Fix: Fixed SQL for critical files
  • Fix: Fixed key_changed after getting template

2.95 Oct 03 2022

Improved functionality of the tab with files sent for analysis, removed the ability to send unknown files for analysis, fixed some bugs.

  • Fix. spbc_scanner_page_view()
  • Fix. Frontend scan. WordPress postmeta table now selects correctly.
  • Fix. Scanner log bulk actions.
  • Fix. Critical files log.
  • Fix. spbc_scanner_file_check_analysis_status.
  • Fix. spbc_scanner_file_send_for_analysis__bulk.
  • Mod. Scanner actions. View «bad» code buttons renamed.
  • Mod: Removed the ability to send unknown files for analysis
  • Mod: Improved functionality of the tab with files sent for analysis

2.94 Sep 15 2022

Fixed some bugs, improved performance, improved scanner operation.

  • New. Frontend scanner. Approving malware implemented.
  • Fix: Changed captures on banners
  • Fix: List table. Actions separator displaying fixed.
  • Fix. spbc_firewall__check(). If module poppyz is active, force new WP
  • Ref: PSR-12 Standarts
  • Fix: Fixed the incompatibility of the banner system between antispam
  • Fix: Fixed the data that the function spbc_get_source_info_of returns
  • Fix: Fixed spbc_get_source_info_of return data
  • Fix: Fixed frontend_analysis method
  • Fix: Fixed Frontend->getPagesUri
  • Fix: Fixed Frontend::countUncheckedPages
  • Fix. Settings template. Reset setting fixed.

2.93 Sep 05 2022

Complete deactivation fixed, Frontend scanner improved, WPMS issues fixed and some minor issues fixed.

  • New: Backups. Delete when complete deactivation.
  • New. Frontend scanner. Re-scan the page during view bad code.
  • Fix: Scanner. Heuristic. Add a detected_at for heuristically spotted attachments.
  • Fix: Firewall. WPMS. Update on child blogs. Remote calls using its own blog URL.
  • Fix: Firewall. WPMS. Update on child blogs. ‘fw_stats’ option loads for each blog separately.
  • Fix: Scan logs. Hide last scan log on a new scan process.
  • Fix: Removed fw__append_standard_message and server_response_combine
  • Fix: Scanner. Sending results fixed.
  • Fix. Settings template. Reset setting fixed.

2.92 Aug 15 2022

SecFW updating fixed, scanner cure fixed and some minor issues fixed.

  • Mod: HTTP lib. Prepare URLs array in the setURL() method.
  • Mod: Security Firewall. Update. Download 20 files by one queue execution.
  • Upd: Common. Additional security headers added.
  • Fix. Scanner. Cure backups fixed.
  • Mod: Exclude files approved by the user from verification
  • Fix. Settings template. Reset setting fixed.

2.91.1 Jul 27 2022

Missed commits implemented. Minor issues fixed.

  • New: FW Update. Make dependence for retries related to files count.
  • Fix. API request. Do not retry request if error contain CleanTalk prepared server error.
  • Fix: Heuristic. Use files paths without root due scan.
  • Fix: Queue. Unset error in stage if stage has been retried successfully.
  • Fix: Error output. Fix wrong variable name.
  • Fix: SpbctWP\Scanner\ScannerQueue::controllerBackground(). Use correct transaction name.
  • Fix: Scanner. The file ‘Detected at’ property is set for every file.
  • Fix: Common\Sanitize cast integer filter to integer return type.

2.91 Jul 26 2022

Last scan logs now displaying always, a brand new feedback banner added , sending files for analysis interface improved, code quality improved and some minor issues fixed.

  • New. Scanner last result log now always visible in the scanner tab.
  • New. Sending files for analysis mechanism now works without page reloading.
  • New. Admin dashboard feedback banner.
  • Fix: Settings. Scanner tab. Notice layout fix.
  • Fix: spbc_resend_failed_files_for_analysis. Return if no files were sent to analysis.
  • Fix: API. Correct comparison of the option of api servers provided in retryRequestToFastestServers()
  • Fix: FW. Block pages styles fixed.
  • Fix. Custom login. Fix redirect while logout.
  • Fix: Quarantine and de-quarantine. Notice fixed.
  • Fix: Send for analysis. Notice fixed.
  • Fix: API. Logic in retrying request to the fastest API-server.
  • Fix: Constants. Links logs table name fixed.
  • Fix: Settings. Firewall tab. TC link now works correct.
  • Fix: 2FA. Do not clean security logs on the general login form submitting if 2FA is enabled.
  • Fix: 2FA. Now always sends 6 digits codes.
  • Imp: 2FA. Google 2FA description improved.

2.90 Jul 11 2022

Scan process duration displaying, admin banners updated, code quality improved and some minor issues fixed.

  • New. Scanner. Scan duration implemented.
  • Fix. Rewrite login-url. Does not create new WP_Rewrite if no custom login form is set in the plugin settings.
  • Fix. Scanner table actions messages. Improved messages style and logic.
  • Fix. TablesAnalyzer.php. Now reset to initial blog ID on WPMS.
  • Fix. SPBC_TBL_SCAN_FILES. Now uses base_prefix instead of prefix to prevent handling of unavailable blog scan result data on WPMS.
  • Refactoring Admin Banners
  • Fix. Admin banner. Security attention mark fixed.
  • Fix. Scanner results. Remove undeleted separator after sending files for analysis.
  • Fix. Scanner. Transferring stages names to the JS script fixed.
  • Fif. Settings. Description fixed – hyperlinks protocol changed.
  • Fix. Scanner. Signatures updating fixed.
  • Fix. SecFW. Sending logs fixed.
  • Fix. Scanner. Frontend scanning fixed.
  • Fix. Scanner. Some scan stages fixed – signatures scan, heuristic scan, auto cure – fixed.
  • Fix. Scanner. Scanned files count fixed.
  • Fix. HTTP. Prevent caching during website answer code checking.

2.89 Jun 27 2022

Additional data to the scanner’s report added, available remote posting of api key, code quality improved and some minor issues fixed.

  • New. Post api key remote call implemented.
  • New. API key length extended to 30 symbols.
  • New. Scanner. Additional data was added to the scanner report.
  • New. Waf new params
  • Fix. ScannerQueue.php. Now clear state->modules before new check.
  • Fix. Heuristic. Getting inline HTML for checking implemented.
  • Fix. Heuristic. Tokens max position fixed.
  • Fixed spbc->notice_show
  • Fix. Scanner. Sending results fixed.

2.88 Jun 14 2022

SecFW updating fixed and some minor issues fixed.

  • Fix. – spbc-scanner.php – ListTable.php Add application/json header for every die($output) to.
  • Fix. Firewall. Custom message will be wrapped on div tags instead of h2.
  • Fix: Fixed colspan attribute in table row on plugin settings page
  • Fix. IP.php. Private networks check fix.
  • Mod: Surface.php – resave full_hash if different
  • Fix. SecFW. Updating process fixed.
  • Fix. HTTP lib. No cache pattern fixed.
  • Fix. RemoteCalls. No cache parameter added.
  • Fix. HTTP lib. Useragent for WP HTTP API requests fixed.
  • Fix. Scanner. Heuristic. Includes. Empty include body.
  • Fix. TablesAnalyzer.php. Remove incorrect table prefix for searched DB schema.
  • Fix. TablesAnalyzer.php. Add collation search results check.
  • Fix: Scanner. Preventing files actions during scanning.
  • Fix. TablesAnalyzer.php. Rename possible collision with table names due collation check.

2.87.1 Jun 2 2022

  • Fix. – spbc-admin.php – spbc-backups.php – spbc-scanner.php Add application/json header for every die($output) to.
  • Fix. spbc-scanner.php-> spbc_scanner_file_send. Fix ‘unknown field checked’ while send for analysis.
  • Fix. ScannerQueue.php->controllerFront. Add application/json header to the output of stage result.

2.87 May 30 2022

  • Fix. API::method_service_get() and its result processing.
  • Fix. From test. Scanner. Heuristic. Strings. Chars conversion.
  • Fix. From test. Scanner. Heuristic. Includes.
  • Fix. From test. Updater to 2.86.1.
  • Fix. From test. Resend file for analysis only for the main site.
  • Fix. get_cms_hashes(). Delete ex-core files if there is a same undeleted CORE hashes received from remote file.
  • Fix. Updater. Add settings for custom block message to the firewall blocking screens.
  • Fix: convertSchemaToStandard() fixed
  • Fix: perform() fixed
  • Fix: State->error_add() fixed
  • Fix: getDataFromRemoteGZ() fixed
  • Fix: important_files_listing() fixed
  • Fix: spbc_settings__register() fixed
  • Fix: spbc_field_scanner__files_listing__get_data() fixed
  • Fix: spbc_field_scanner__files_listing__get_total() fixed
  • Fix. Move spbc_resend_failed_files_for_analysis() from notice_paid_till processing logic.
  • Fix. Scanner. Actions. View bad code from file.
  • Fix. Scanner. Heuristic. Speed up.
  • Fix. spbc_resend_failed_files_for_analysis. Variable name fix.
  • Fix. SQLSchema.php Changes reverted. If there is no «checked» column the updater can’t seek changes. Debug. UpdaterScripts.php. Debug removed.
  • Fix. get_modules_hashes(). SQL error fix.
  • Fix. Frontend.php->check(). Moved frontend scanner object creation to prevent collisions.
  • Fix. FrontendScan.php. Type of check added.
  • Fix. Switch heuristic analysis to 0 for 2.86 version.
  • Fix. HTTP. Request. Process unexpected errors.
  • Fix. Settings. Error output.
  • Fix. API::method_service_get() and its result processing #3.
  • Fix. API::method_service_get() and its result processing #2.
  • New. Firewall. Add custom block message to the blocking screens.
  • New. RemoteCalls. perform_service_get().
  • New. Add error type ‘service_customize’.
  • New. Implementation of API::method_service_get(): – in synchronize function; – in cron.
  • New. API::method_service_get() and its result processing.
  • New. Settings: – fw__custom_message; – fw__append_standard_message.
  • New. Add extra package logic.
  • New: Cherry pick from settings/extra-package.sr.
  • New: Settings. Collect PHP log description changed. It depends from ‘extra_package’ flag.
  • New. UpdaterScripts.php. Update to 2_87_0 – delete «checked» row. New. SQLSchema.php. Removed checked row from schema. Debug. Version updated temporarily.
  • New. Methods in Scanner\Heuristic\Tokens: – convertOffset; – reindex; – getTokenFromPosition; – glueAllTokens; – getIterationTokens.
  • New. Implementation of Scanner\Heuristic\TokenGroups.
  • New. Scanner\Heuristic\Token implementation of \Iterator, \ArrayAccess, \Countable interfaces.
  • New. Scanner\Heuristic\DataStructures\Token. Represents instance of token.
  • New. Scanner\Heuristic\TokenGroups. Class with static properties. This class gather all types of token we are using to parse, analyze and deobfuscate the code.
  • New. DataStructure\SplFixedArray::append().
  • New. spbc_check_files_sent_and_received(). Add check on timestamp if already sent in last …