garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adds DFs

Browse Source
This commit is contained in:
erwanlr
2019-03-30 07:20:14 +00:00
parent 1baa3e23b2
commit 07b3826806
509 changed files with 82506 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

285
spec/fixtures/dynamic_finders/plugin_version/defender-security/change_log/changelog.txt vendored Normal file
View File

@@ -0,0 +1,285 @@
Plugin Name: WP Defender
Author: Hoang Ngo, Aaron Edwards
Tested up to: 4.7.4
Change Log:
2.1.1.1 - 2019-20-03
----------------------------------------------------------------------
- Fix: Two-Factor Authentication QR code not being displayed on new device registration.
2.1.1 - 2019-18-02
----------------------------------------------------------------------
- Fix: Prevent Information Disclosure corrupts htaccess code
2.1 - 2019-18-02
----------------------------------------------------------------------
- New: Geo-based IP blocking. Completely block incoming traffic from specific countries to gain full control over who can and cant access your site.
- New: Upgraded design components and improved user experience across the board.
- Fix: Corrupt .htaccess rules generated by Defender werent able to be re-applied when adding them a second time.
- Fix: Users can no longer get past login masking when using double slashes.
- Fix: Javascript errors prevented adding recipients to notifications and editing templates.
- Fix: Blacklist monitoring could not be enabled on some sites.
- Fix: Parse error on installations running PHP 5.3.
- Improvement: Removed activation redirection and tooltips on first activation.
- Other minor enhancements and fixes
2.0 - 2018-04-09
----------------------------------------------------------------------
- New: added tweak “Disable XML-RPC”
- Improvement: Two factor authentication can now be force enabled by role.
- Improvement: Masking URL description.
- Fix: Compatibility with Appointments+ login when Mask Login is enabled.
- Fix: /login/ will be blocked instead of redirecting to right login URL
- Fix: new site registration email login URL will now show right Login URL instead of the original one when Mask URL is enabled.
- Fix: Accessibility issue when activating 2FA.
- Changes: Show Admin Pointer on initial Defender activation, and removing the redirect behavior.
- Other minor enhancements and fixes
1.9.1 - 2018-09-07
----------------------------------------------------------------------
- Fix: Mask Login Area description text is misleading
- Fix: wp-admin link of sub-sites in networks link to wrong admin URL
- Fix: Prevent Information Disclosure & Prevent PHP Execution show false error message when first applied
- Fix: Dashboard reporting section mis-alignment
- Other minor enhancements and fixes
1.9 - 2018-24-05
----------------------------------------------------------------------
- New: Ability to edit default two-factor authentication email notifications
- New: Added Privacy Policy in privacy guideline page
- Improvements for lockout logs interface
- Improvement: Smarter report default time.
- Fix: Defender auto redirect issue when bulk activating plugins
- Fix: saving 404 redirect URL issue
- Fix: Some layouts are shifted on mobile devices
- Other minor enhancements and fixes
1.8 - 2018-10-04
----------------------------------------------------------------------
- New: Hide the default WordPress login URLs with the new Mask Login Area feature, giving you enhanced protection from hackers and bots.
- New: Ability to force two-factor authentication for all users.
- Fix: Fixed a bug where file scanning would detect wp-config.php as suspicious.
- Fix: Fixed an issue where the lockout pages could be cached by external cache engines.
1.7.5 - 2018-07-02
----------------------------------------------------------------------
- Fix: Report status missing in Hub Security tab
- Fix: Some themes/plugins shown as a vulnerability but no info available
- Other minor enhancements and fixes
1.7.4.1 - 2017-4-12
----------------------------------------------------------------------
- Added: Endpoint API so HUB can work with Defender natively through WPMU DEV Dashboard plugin
1.7.4 - 2017-20-11
----------------------------------------------------------------------
- Fix: Conflict with Jetpack where Defender 2FA module would not detect if Jetpack 2FA was disabled.
- Fix: Visitor would get a 404 lockout if landing on a page with many dead links.
- Improvement: When an user is deleted, audit logging now display the user's login instead of only UID.
- Other minor enhancements/fixes
1.7.3 - 2017-14-10
----------------------------------------------------------------------
- Fix: Two-factor authentication can be bypassed by user with no role.
- Improvement: Enhanced two-factor authentication protection across multisites.
1.7.2 - 2017-09-10
----------------------------------------------------------------------
- Improvement: Improvement: IPv6 support for both whitelisting and blacklisting, requires IPv6 support on the server.
- Improvement: Better UI/UX for Two-factor authentication.
- Fix: Security tweak "Prevent PHP Execution" and "Protect Information" now support Apache 2.4 htaccess rules.
- Other minor enhancements/fixes
1.7.1 - 2017-25-09
----------------------------------------------------------------------
- Improvement: Audit logging logs will be stored up to 1 year, query range can be set up to 3 months
- Improvement: Option to set a cooldown period for lockout notifications.
- Added: widget for 2 factors authentication
- Fix: Defender does not detect the right IP when CloudFlare is being used
- Fix: Conflict with TM Photo Gallery Plugin
- Other minor enhancements/fixes
1.7 - 2017-15-08
----------------------------------------------------------------------
- New: Now you can enable 2 factors authentication with Defender and Google Authenticator app, support for iOS and Android
- New: We can define how long the "Remember me" can take affect, via a new Security Tweak, called "Manage Login Duration"
- Improvement: IP Lockout logs now have separate tables, better for performance.
- Fix: Ignore a file in Scanning section sometimes coming back after couple of scans.
- Other minor enhancements/fixes
1.6.2 - 2017-05-07
----------------------------------------------------------------------
- New: CSV export for Audit Logging.
- Improvement: Email reports now have unsubscribe link, and link to Reports where email reports can be turned off.
- Fix: Typo in Audit email.
- Other minor enhancements/fixes
1.6.1 - 2017-21-06
----------------------------------------------------------------------
- Improvement: Improved IP Lockout performance.
- Fix: Audit logging detects wrong WordPress version when upgrade
- Fix: "Update old security keys" doesn't move to resolved list after processed
- Fix: When emptying IP Lockout logs cause timeout error.
- Fix: Typos in some places
- Other minor enhancements/fixes
1.6 - 2017-05-06
----------------------------------------------------------------------
- Improvement: Allow users to select and apply rules to other server type in Prevent PHP Execution and Prevent Information Disclosure.
- Fix: Sometimes HUB status doesn't sync with WordPress site.
- Other minor enhancements/fixes
1.5 - 2017-17-05
----------------------------------------------------------------------
- New: You can now add exceptions for specific PHP files in the PHP Execution Security Tweak.
- Improvement: Filtering all log types now uses URLs instead of ajax only, meaning you can link to a filtered log easily.
- Improvement: Various user experience updates across the plugin interface to make using Defender even easier.
- Fix: Lockout Logs now display from newest to oldest.
- Fix: Lockout Logs pagination now works correctly.
- Fix: Inconsistencies in the IP Lockouts stats across the plugin.
- Fix: Sending Audit Logging reports to multiple recipients would address all recipients as the first user's name.
- Fix: Grammar and typos in some modals and error messages.
- Fix: If Defender finds a vulnerability in WordPress's core, the text would indicate running an update would fix the issue though no update was actually available yet.
1.4.2 - 2017-03-05
----------------------------------------------------------------------
- Improvement: The plugin interface will now stretch to utilize extra screen space on larger screens.
- Fix: Audit Logging was getting its days mixed up in the summary area. Youll now see the correct day of the week.
- Fix: We squashed a bug that was causing files scans to sometimes report false positive files after WordPress core upgrades.
- Fix: A conflict with Jetpack was causing scans to stall, which we have now fixed up.
- Fix: In some cases File Scanning reports wouldn't actually stop sending if you disabled them. It now obeys commands.
- Fix: Google's bot was being blocked by IP Lockouts but now it's free to crawl and index as it pleases.
- Fix: We removed redundant “cancel” buttons on settings pages. You probably wont even notice!
- Fix: Weve added live stats so now theres no need to wait around in anticipation while running files scan actions.
- Fix: Stats werent displaying the right numbers after actioning security tweaks, but its all good now.
- Fix: Pagination on the Audit Logging logs page now works like you would expect it to.
- Fix: Files detected in File Scanning now have metrics with their file sizes.
- Fix: Weve fixed styling issues with toggles.
- Fix: We removed the” Resolve bulk update” option from File Scanning. It wasnt really a valid action.
- Fix: Incomplete icons in the Dashboard reports area have been updated.
- Fix: Weve removed redirection from the dashboard to the File Scanning page are after preforming a file scan so now you shouldnt feel lost.
- Fix: Lots of other small stuff, like minor cosmetic and grammar fixes.
1.4.1 - 2017-21-04
----------------------------------------------------------------------
Fixed: Compatibility issue with Getting Started Wizard
Fixed: Scanning was sometimes slow or getting stuck
1.4 - 2017-18-04
----------------------------------------------------------------------
- New: Meet the brand new Defender! This release focuses on making security for WordPress a better place. Weve given the UI a refresh and updated the UX, so configuring your security settings is a walk in the park.
- Fixed: A ton of bug fixes & improvements. Yep, vague description! But why bore you with the small stuff when you could be spending time bolstering your sites security?
1.3 - 2017-13-03
----------------------------------------------------------------------
- Added: Endpoint API so HUB can work with Defender natively through WPMU DEV Dashboard plugin
- Other minor enhancements/fixes
1.2 - 2017-27-02
----------------------------------------------------------------------
- Added: New Hardening Rule (PHP version)
- Improvement: Audit Logging now allows date range selection.
- Improvement: IP Lockouts now allow IP ranges in whitelist/blacklist.
- Improvement: IP Lockouts now can import/export whitelist/backlist.
- Fixed: IP Lockouts email notification text on permanent IP ban.
1.1.4.1 - 2016-31-10
----------------------------------------------------------------------
- Fixed: Fatal error when PHP extension sockets is not enabled
1.1.4 - 2016-31-10
----------------------------------------------------------------------
- Improvement: Audit logging now detects file changes in WordPress core.
- Fixed: Updating via WordPress core now syncs better with the Hub.
- Fixed: Some compatibility fixes for PHP 5.2.
1.1.3 - 2016-20-09
----------------------------------------------------------------------
- Improvement: Audit Logging now ajax based.
- Fixed: minor bug fixes & some UI/UX improvements
1.1.2 - 2016-24-08
----------------------------------------------------------------------
- Improvement: Switched the User dropdown in Audit Logging to load results via AJAX to increase initial load performance.
- Improvement: Scan results now pre-load information so that you can action fixes faster.
- Fixed: Removed cronjob events from being tracked in Audit Logging.
- Fixed: The Audit Logging filter box now stays visible if no results are returned.
- Fixed: Other small bug fixes and improvements.
1.1.1 - 2016-08-08
----------------------------------------------------------------------
- Added: A warning indicator in WP Admin sidebar to let you know how many security issues are outstanding.
- Added: The ability to choose to only receive email reports when there are issues with your website.
- Fixed: Minor bug fixes & improvements
1.1 - 2016-25-07
----------------------------------------------------------------------
- New feature: Audit logging
- New plugin icon
- Vulnerability plugins/theme scan result can be ignored
- Some other minor enhancements/fixes
1.0.8 - 2016-20-05
----------------------------------------------------------------------
- Improve Core Integrity Scan.
- Improve caching method
1.0.7 - 2016-17-05
----------------------------------------------------------------------
- Improved: Scan schedule.
- Fix: issue with W3 Total Cache Object Cache
1.0.6 - 2016-13-05
----------------------------------------------------------------------
- Fix: Defender data doesn't sync with HUB correctly
- Fix: Email report doesn't send properly
- Some other minor enhancements/fixes
1.0.5 - 2016-28-04
----------------------------------------------------------------------
- Added: Option to choose reminder period for Hardener rule "Update old security keys"
- Improved: Compatibility with Windows server
- Improved: Optimized resource usage when scanning
- Fix: issue with memcached
- Other minor enhancements/fixes
1.0.4 - 2016-06-04
----------------------------------------------------------------------
- Improve scan engine, reduce false positives
- Improve uninstallation method
- Add the ability to ignore hardener rules.
- Improve the performance impact on the site.
- Fix scans sticking at 100% in some cases
- Fix compatibility issues with IIS
- Some other minor enhancements/fixes
1.0.3 - 2016-22-03
----------------------------------------------------------------------
- Optimize scanning
- Preventing performance issue with some hosts
- Fix false blacklist detection in local environment
- Some other minor enhancements/fixes
1.0.2 - 2016-15-03
----------------------------------------------------------------------
- Applied ajax inline updates for plugins/themes
- One click Prevent PHP execution
- One click Prevent Information Disclosure
- Add detail page for core integrity issue, and automate resolution
- Fix scan stability with limited memory
- Some other minor enhancements/fixes
1.0.1 - 2016-03-03
----------------------------------------------------------------------
- Scanning can auto detect if user is active on scanning page to work based on ajax, or leave to enable background scan
- Improve condition checking for Prevent Information Disclosure module
- Improve condition checking for Prevent PHP execution module
1.0 - 2016-01-03
----------------------------------------------------------------------
- First release