WordPress.org
Get WordPress

Plugin Directory

Changeset 3431345


Ignore:
Timestamp:
01/02/2026 11:25:00 PM (3 months ago)
Author:
butterflymedia
Message:

Obfuscated Script Cleaner now properly detects and removes Trojan:HTML/Redirector.SSF!MTB malware

Location:
wp-guardian/trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • wp-guardian/trunk/modules/obfuscated-script-cleaner.php

    r3428251 r3431345  
    8282        // Safety net: scripts before DOCTYPE (invalid HTML)
    8383        '#^\s*<script[^>]*>.*?</script>\s*(?=<!doctype)#is',
     84
     85        // Obfuscated malware patterns (matching real-time filter)
     86        '#<script[^>]*>.*?(_0x[a-f0-9]{3,}|urshort\.live|atob|eval).*?</script>#is',
     87       
     88        // Hex-encoded urshort.live URLs (matches \x68\x74\x74... patterns)
     89        '#<script[^>]*>.*?\\\\x[0-9a-f]{2}.*?urshort.*?</script>#is',
     90       
     91        // Additional obfuscation patterns
     92        '#<script[^>]*>.*?String\.fromCharCode.*?</script>#is',
     93        '#<script[^>]*>.*?unescape\(.*?</script>#is',
     94        '#<script[^>]*>.*?decodeURIComponent.*?</script>#is',
    8495    ];
    8596

  • wp-guardian/trunk/readme.txt

    r3428251 r3431345  
    77Requires PHP: 7.0
    88Requires CP: 2.0
    9 Stable tag: 1.8.0
     9Stable tag: 1.8.1
    1010License: GPLv3 or later
    1111License URI: https://www.gnu.org/licenses/gpl-3.0.html
     
    4343
    4444== Changelog ==
     45
     46= 1.8.1 =
     47* Fix: Obfuscated Script Cleaner now properly detects and removes Trojan:HTML/Redirector.SSF!MTB malware
     48* Enhanced malware detection patterns to match real-time filter capabilities
     49* Add detection for hex-encoded obfuscated scripts and additional obfuscation techniques (String.fromCharCode, unescape, decodeURIComponent)
     50* Obfuscated Script Cleaner now detects _0x obfuscation patterns, atob/eval functions, and urshort.live redirect domains
    4551
    4652= 1.8.0 =

  • wp-guardian/trunk/wp-guardian.php

    r3428251 r3431345  
    44 * Plugin URI: https://getbutterfly.com/wordpress-plugins/wp-guardian/
    55 * Description: An easy way to harden your website's security effectively.
    6  * Version: 1.8.0
     6 * Version: 1.8.1
    77 * Author: Ciprian Popescu
    88 * Author URI: https://getbutterfly.com/
     
    1212 *
    1313 * WP Guardian
    14  * Copyright (C) 2024-2025 Ciprian Popescu (getbutterfly@gmail.com)
     14 * Copyright (C) 2024-2026 Ciprian Popescu (getbutterfly@gmail.com)
    1515 * Copyright (C) 2016-2017 James Cooper (@jfcby)
    1616 *
     
    3333}
    3434
    35 define( 'DTJWPG_VERSION', '1.8.0' );
     35define( 'DTJWPG_VERSION', '1.8.1' );
    3636define( 'DTJWPG_URL', __FILE__ );
    3737define( 'DTJWPG_BASENAME', plugin_basename( DTJWPG_URL ) );
Note: See TracChangeset for help on using the changeset viewer.