configs->set_value('aiowps_fcds_change_detected', FALSE);
$aio_wp_security->configs->save_config();
//Display the last scan results
$this->display_last_scan_results();
}
if (isset($_POST['aiowps_view_last_fcd_results']))
{
//Display the last scan results
if (!$this->display_last_scan_results()){
$this->show_msg_updated(__('There have been no file changes since the last scan.', 'all-in-one-wp-security-and-firewall'));
}
}
if (isset($_POST['aiowps_manual_fcd_scan']))
{
$nonce=$_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-fcd-manual-scan-nonce'))
{
$aio_wp_security->debug_logger->log_debug("Nonce check failed for manual file change detection scan operation!",4);
die(__('Nonce check failed for manual file change detection scan operation!','all-in-one-wp-security-and-firewall'));
}
$result = $aio_wp_security->scan_obj->execute_file_change_detection_scan();
//If this is first scan display special message
if ($result['initial_scan'] == 1)
{
$this->show_msg_updated(__('The plugin has detected that this is your first file change detection scan. The file details from this scan will be used to detect file changes for future scans!','all-in-one-wp-security-and-firewall'));
}else if(!$aio_wp_security->configs->get_value('aiowps_fcds_change_detected')){
$this->show_msg_updated(__('Scan Complete - There were no file changes detected!', 'all-in-one-wp-security-and-firewall'));
}
}
if(isset($_POST['aiowps_schedule_fcd_scan']))//Do form submission tasks
{
$error = '';
$reset_scan_data = FALSE;
$file_types = '';
$files = '';
$nonce=$_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-scheduled-fcd-scan-nonce'))
{
$aio_wp_security->debug_logger->log_debug("Nonce check failed for file change detection scan options save!",4);
die("Nonce check failed for file change detection scan options save!");
}
$fcd_scan_frequency = sanitize_text_field($_POST['aiowps_fcd_scan_frequency']);
if(!is_numeric($fcd_scan_frequency))
{
$error .= ' '.__('You entered a non numeric value for the "backup time interval" field. It has been set to the default value.','all-in-one-wp-security-and-firewall');
$fcd_scan_frequency = '4';//Set it to the default value for this field
}
if (!empty($_POST['aiowps_fcd_exclude_filetypes']))
{
$file_types = trim($_POST['aiowps_fcd_exclude_filetypes']);
//$file_types_array = preg_split( '/\r\n|\r|\n/', $file_types );
//Get the currently saved config value and check if this has changed. If so do another scan to reset the scan data so it omits these filetypes
if ($file_types != $aio_wp_security->configs->get_value('aiowps_fcd_exclude_filetypes'))
{
$reset_scan_data = TRUE;
}
}
if (!empty($_POST['aiowps_fcd_exclude_files']))
{
$files = trim($_POST['aiowps_fcd_exclude_files']);
//Get the currently saved config value and check if this has changed. If so do another scan to reset the scan data so it omits these files/dirs
if ($files != $aio_wp_security->configs->get_value('aiowps_fcd_exclude_files'))
{
$reset_scan_data = TRUE;
}
}
$email_address = sanitize_email($_POST['aiowps_fcd_scan_email_address']);
if(!is_email($email_address))
{
$error .= '
'.__('You have entered an incorrect email address format. It has been set to your WordPress admin email as default.','all-in-one-wp-security-and-firewall').'
';
$email_address = get_bloginfo('admin_email'); //Set the default value to the blog admin email
}
if($error)
{
$this->show_msg_error(__('Attention!','all-in-one-wp-security-and-firewall').$error);
}
//Save all the form values to the options
$aio_wp_security->configs->set_value('aiowps_enable_automated_fcd_scan',isset($_POST["aiowps_enable_automated_fcd_scan"])?'1':'');
$aio_wp_security->configs->set_value('aiowps_fcd_scan_frequency',absint($fcd_scan_frequency));
$aio_wp_security->configs->set_value('aiowps_fcd_scan_interval',$_POST["aiowps_fcd_scan_interval"]);
$aio_wp_security->configs->set_value('aiowps_fcd_exclude_filetypes',$file_types);
$aio_wp_security->configs->set_value('aiowps_fcd_exclude_files',$files);
$aio_wp_security->configs->set_value('aiowps_send_fcd_scan_email',isset($_POST["aiowps_send_fcd_scan_email"])?'1':'');
$aio_wp_security->configs->set_value('aiowps_fcd_scan_email_address',$email_address);
$aio_wp_security->configs->save_config();
//Recalculate points after the feature status/options have been altered
$aiowps_feature_mgr->check_feature_status_and_recalculate_points();
$this->show_msg_settings_updated();
//Let's check if backup interval was set to less than 24 hours
if (isset($_POST["aiowps_enable_automated_fcd_scan"]) && ($fcd_scan_frequency < 24) && $_POST["aiowps_fcd_scan_interval"]==0)
{
$alert_user_msg = 'ATTENTION: You have configured your file change detection scan to occur at least once daily. For most websites we recommended that you choose a less frequent
schedule such as once every few days, once a week or once a month. Choosing a less frequent schedule will also help reduce your server load.';
$this->show_msg_updated(__($alert_user_msg, 'all-in-one-wp-security-and-firewall'));
}
if($reset_scan_data)
{
//Clear old scan row and ask user to perform a fresh scan to reset the data
$aiowps_global_meta_tbl_name = AIOWPSEC_TBL_GLOBAL_META_DATA;
$where = array('meta_key1' => 'file_change_detection', 'meta_value1' => 'file_scan_data');
$wpdb->delete( $aiowps_global_meta_tbl_name, $where);
$result = $aio_wp_security->scan_obj->execute_file_change_detection_scan();
$new_scan_alert = __('NEW SCAN COMPLETED: The plugin has detected that you have made changes to the "File Types To Ignore" or "Files To Ignore" fields.
In order to ensure that future scan results are accurate, the old scan data has been refreshed.', 'all-in-one-wp-security-and-firewall');
$this->show_msg_updated($new_scan_alert);
}
}
//Display an alert warning message if a file change was detected
if ($aio_wp_security->configs->get_value('aiowps_fcds_change_detected'))
{
$error_msg = __('All In One WP Security & Firewall has detected that there was a change in your host\'s files.', 'all-in-one-wp-security-and-firewall');
$button = '';
$error_msg .= $button;
$this->show_msg_error($error_msg);
}
?>
'.__('If given an opportunity hackers can insert their code or files into your system which they can then use to carry out malicious acts on your site.', 'all-in-one-wp-security-and-firewall').
' '.__('Being informed of any changes in your files can be a good way to quickly prevent a hacker from causing damage to your website.', 'all-in-one-wp-security-and-firewall').
' '.__('In general, WordPress core and plugin files and file types such as ".php" or ".js" should not change often and when they do, it is important that you are made aware when a change occurs and which file was affected.', 'all-in-one-wp-security-and-firewall').
' '.__('The "File Change Detection Feature" will notify you of any file change which occurs on your system, including the addition and deletion of files by performing a regular automated or manual scan of your system\'s files.', 'all-in-one-wp-security-and-firewall').
' '.__('This feature also allows you to exclude certain files or folders from the scan in cases where you know that they change often as part of their normal operation. (For example log files and certain caching plugin files may change often and hence you may choose to exclude such files from the file change detection scan)', 'all-in-one-wp-security-and-firewall').'';
?>
'.__('What is Malware?', 'all-in-one-wp-security-and-firewall').'';
echo '
'.__('The word Malware stands for Malicious Software. It can consist of things like trojan horses, adware, worms, spyware and any other undesirable code which a hacker will try to inject into your website.', 'all-in-one-wp-security-and-firewall').'
'.
'
'.__('Often when malware code has been inserted into your site you will normally not notice anything out of the ordinary based on appearances, but it can have a dramatic effect on your site\'s search ranking.', 'all-in-one-wp-security-and-firewall').'
'.
'
'.__('This is because the bots and spiders from search engines such as Google have the capability to detect malware when they are indexing the pages on your site, and consequently they can blacklist your website which will in turn affect your search rankings.', 'all-in-one-wp-security-and-firewall').'
'.__('Scanning For Malware', 'all-in-one-wp-security-and-firewall').'
';
echo '
'.__('Due to the constantly changing and complex nature of Malware, scanning for such things using a standalone plugin will not work reliably. This is something best done via an external scan of your site regularly.', 'all-in-one-wp-security-and-firewall').'
'.
'
'.__('This is why we have created an easy-to-use scanning service which is hosted off our own server which will scan your site for malware once every day and notify you if it finds anything.', 'all-in-one-wp-security-and-firewall').'
';
echo '
'.__('When you sign up for this service you will get the following:', 'all-in-one-wp-security-and-firewall').'
';
echo '
'.__('Automatic Daily Scan of 1 Website','all-in-one-wp-security-and-firewall').'
'.sprintf(__('To learn more please %s.', 'all-in-one-wp-security-and-firewall'), $site_scanners_link).'
';
?>
';
echo '
'.__('This feature performs a basic database scan which will look for any common suspicious-looking strings and javascript and html code in some of the Wordpress core tables.', 'all-in-one-wp-security-and-firewall');
echo '';
echo '
';
echo '
This feature can give you false positive result. We have temporarily deactivated this feature to make sure you don\'t lose some data on a false positive. We will re-introduced this feature after we rework it.
';
echo '
';
return;//This feature is temporarily deactivated while we re-work the interface
global $wpdb, $aio_wp_security;
$perform_db_scan = false;
if (isset($_POST['aiowps_manual_db_scan']))
{
$nonce=$_REQUEST['_wpnonce'];
if (!wp_verify_nonce($nonce, 'aiowpsec-manual-db-scan-nonce'))
{
$aio_wp_security->debug_logger->log_debug("Nonce check failed for manual db scan operation!",4);
die(__('Nonce check failed for manual db scan operation!','all-in-one-wp-security-and-firewall'));
}
$perform_db_scan = true;
}
?>
Malware Scan';
echo '
'.__('This feature will perform a basic database scan which will look for any common suspicious-looking strings and javascript and html code in some of the Wordpress core tables.', 'all-in-one-wp-security-and-firewall').
' '.__('If the scan finds anything it will list all "potentially" malicious results but it is up to you to verify whether a result is a genuine example of a hacking attack or a false positive.', 'all-in-one-wp-security-and-firewall').
' '.__('As well as scanning for generic strings commonly used in malicious cases, this feature will also scan for some of the known "pharma" hack entries and if it finds any it will automatically delete them.', 'all-in-one-wp-security-and-firewall').
' '.__('The WordPress core tables scanned by this feature include: posts, postmeta, comments, links, users, usermeta, and options tables.', 'all-in-one-wp-security-and-firewall').'
'.__('The plugin has detected that there are some potentially suspicious entries in your database.', 'all-in-one-wp-security-and-firewall').'
';
// $error_msg .= '
'.__('Please verify the results listed below to confirm whether the entries detected are genuinely suspicious or if they are false positives.', 'all-in-one-wp-security-and-firewall').'
';
// $this->show_msg_error($error_msg);
// }else{
// $this->show_msg_updated(__('The basic database scan was completed and no suspicious entries were detected.', 'all-in-one-wp-security-and-firewall'));
// }
}
}
/*
* Outputs the last scan results in a postbox
*/
function display_last_scan_results()
{
$scan_results_unserialized = AIOWPSecurity_Scan::get_file_change_data();
if (!$scan_results_unserialized)
{
return FALSE;
}
?>
'.__('The following files were added to your host.', 'all-in-one-wp-security-and-firewall').'