9B534B8686E580E0E01768F00155B461

at path：ROOT / wp-content / plugins / wordfence / lib / wfCrypt.php

run：R W Run

Diff

DIR

2026-02-05 01:05:21

R W Run

audit-log

DIR

2026-02-05 01:05:21

R W Run

dashboard

DIR

2026-02-05 01:05:21

R W Run

rest-api

DIR

2026-02-05 01:05:21

R W Run

Diff.php

5.63 KB

2025-12-21 04:19:00

R W Run

IPTraf.php

1.17 KB

2025-12-21 04:19:00

R W Run

IPTrafList.php

2.98 KB

2025-12-21 04:19:00

R W Run

WFLSPHP52Compatability.php

1.27 KB

2025-12-21 04:19:00

R W Run

compat.php

425 By

2025-12-21 04:19:00

R W Run

diffResult.php

2.81 KB

2025-12-21 04:19:00

R W Run

email_genericAlert.php

1.39 KB

2025-12-21 04:19:00

R W Run

email_newIssues.php

8.82 KB

2025-12-21 04:19:00

R W Run

email_unlockRequest.php

2.34 KB

2025-12-21 04:19:00

R W Run

email_unsubscribeRequest.php

1.05 KB

2025-12-21 04:19:00

R W Run

flags.php

6.62 KB

2025-12-21 04:19:00

R W Run

geoip.mmdb

9.26 MB

2025-12-21 04:19:00

R W Run

live_activity.php

580 By

2025-12-21 04:19:00

R W Run

menu_dashboard.php

28.16 KB

2025-12-21 04:19:00

R W Run

menu_dashboard_options.php

15.37 KB

2025-12-21 04:19:00

R W Run

menu_firewall.php

2.12 KB

2025-12-21 04:19:00

R W Run

menu_firewall_blocking.php

10.25 KB

2025-12-21 04:19:00

R W Run

menu_firewall_blocking_options.php

4.63 KB

2025-12-21 04:19:00

R W Run

menu_firewall_waf.php

19.96 KB

2025-12-21 04:19:00

R W Run

menu_firewall_waf_options.php

11.09 KB

2025-12-21 04:19:00

R W Run

menu_install.php

1.73 KB

2025-12-21 04:19:00

R W Run

menu_options.php

24.7 KB

2025-12-21 04:19:00

R W Run

menu_scanner.php

21.6 KB

2025-12-21 04:19:00

R W Run

menu_scanner_credentials.php

2.77 KB

2025-12-21 04:19:00

R W Run

menu_scanner_options.php

8.41 KB

2025-12-21 04:19:00

R W Run

menu_support.php

17.82 KB

2025-12-21 04:19:00

R W Run

menu_tools.php

1.49 KB

2025-12-21 04:19:00

R W Run

menu_tools_auditlog.php

16.43 KB

2025-12-21 04:19:00

R W Run

menu_tools_diagnostic.php

50.8 KB

2025-12-21 04:19:00

R W Run

menu_tools_importExport.php

1.28 KB

2025-12-21 04:19:00

R W Run

menu_tools_livetraffic.php

39.43 KB

2025-12-21 04:19:00

R W Run

menu_tools_twoFactor.php

19.6 KB

2025-12-21 04:19:00

R W Run

menu_tools_whois.php

4.61 KB

2025-12-21 04:19:00

R W Run

menu_wordfence_central.php

9.66 KB

2025-12-21 04:19:00

R W Run

noc1.key

1.64 KB

2025-12-21 04:19:00

R W Run

sodium_compat_fast.php

185 By

2025-12-21 04:19:00

R W Run

sysinfo.php

1.47 KB

2025-12-21 04:19:00

R W Run

viewFullActivityLog.php

1.47 KB

2025-12-21 04:19:00

R W Run

wf503.php

9.67 KB

2025-12-21 04:19:00

R W Run

wfAPI.php

10.1 KB

2025-12-21 04:19:00

R W Run

wfActivityReport.php

20.55 KB

2025-12-21 04:19:00

R W Run

wfAdminNoticeQueue.php

5.2 KB

2025-12-21 04:19:00

R W Run

wfAlerts.php

8.19 KB

2025-12-21 04:19:00

R W Run

wfAuditLog.php

47.13 KB

2025-12-21 04:19:00

R W Run

wfBinaryList.php

1.02 KB

2025-12-21 04:19:00

R W Run

wfBrowscap.php

3.9 KB

2025-12-21 04:19:00

R W Run

wfBrowscapCache.php

256.83 KB

2025-12-21 04:19:00

R W Run

wfBulkCountries.php

9.77 KB

2025-12-21 04:19:00

R W Run

wfCache.php

6.02 KB

2025-12-21 04:19:00

R W Run

wfCentralAPI.php

25.8 KB

2025-12-21 04:19:00

R W Run

wfCommonPasswords.php

1.25 KB

2025-12-21 04:19:00

R W Run

wfConfig.php

124.66 KB

2025-12-21 04:19:00

R W Run

wfCrawl.php

6.92 KB

2025-12-21 04:19:00

R W Run

wfCredentialsController.php

10.3 KB

2025-12-21 04:19:00

R W Run

wfCrypt.php

4.05 KB

2025-12-21 04:19:00

R W Run

wfCurlInterceptor.php

1.02 KB

2025-12-21 04:19:00

R W Run

wfDB.php

11.49 KB

2025-12-21 04:19:00

R W Run

wfDashboard.php

8.2 KB

2025-12-21 04:19:00

R W Run

wfDateLocalization.php

352.13 KB

2025-12-21 04:19:00

R W Run

wfDeactivationOption.php

2.13 KB

2025-12-21 04:19:00

R W Run

wfDiagnostic.php

67.03 KB

2025-12-21 04:19:00

R W Run

wfDirectoryIterator.php

1.89 KB

2025-12-21 04:19:00

R W Run

wfFileUtils.php

2.72 KB

2025-12-21 04:19:00

R W Run

wfHelperBin.php

1.97 KB

2025-12-21 04:19:00

R W Run

wfHelperString.php

2.13 KB

2025-12-21 04:19:00

R W Run

wfI18n.php

878 By

2025-12-21 04:19:00

R W Run

wfIPWhitelist.php

1.56 KB

2025-12-21 04:19:00

R W Run

wfImportExportController.php

3.23 KB

2025-12-21 04:19:00

R W Run

wfInaccessibleDirectoryException.php

303 By

2025-12-21 04:19:00

R W Run

wfInvalidPathException.php

266 By

2025-12-21 04:19:00

R W Run

wfIpLocation.php

1.8 KB

2025-12-21 04:19:00

R W Run

wfIpLocator.php

2.7 KB

2025-12-21 04:19:00

R W Run

wfIssues.php

27.93 KB

2025-12-21 04:19:00

R W Run

wfJWT.php

5.33 KB

2025-12-21 04:19:00

R W Run

wfLicense.php

10.95 KB

2025-12-21 04:19:00

R W Run

wfLockedOut.php

9.73 KB

2025-12-21 04:19:00

R W Run

wfLog.php

57.38 KB

2025-12-21 04:19:00

R W Run

wfMD5BloomFilter.php

5.2 KB

2025-12-21 04:19:00

R W Run

wfModuleController.php

754 By

2025-12-21 04:19:00

R W Run

wfNotification.php

6.41 KB

2025-12-21 04:19:00

R W Run

wfOnboardingController.php

9.22 KB

2025-12-21 04:19:00

R W Run

wfPersistenceController.php

819 By

2025-12-21 04:19:00

R W Run

wfRESTAPI.php

377 By

2025-12-21 04:19:00

R W Run

wfScan.php

15.92 KB

2025-12-21 04:19:00

R W Run

wfScanEngine.php

128.95 KB

2025-12-21 04:19:00

R W Run

wfScanEntrypoint.php

1.04 KB

2025-12-21 04:19:00

R W Run

wfScanFile.php

1.01 KB

2025-12-21 04:19:00

R W Run

wfScanFileLink.php

403 By

2025-12-21 04:19:00

R W Run

wfScanFileListItem.php

408 By

2025-12-21 04:19:00

R W Run

wfScanFileProperties.php

1.07 KB

2025-12-21 04:19:00

R W Run

wfScanMonitor.php

4.05 KB

2025-12-21 04:19:00

R W Run

wfScanPath.php

1.77 KB

2025-12-21 04:19:00

R W Run

wfSchema.php

11.93 KB

2025-12-21 04:19:00

R W Run

wfStyle.php

1.21 KB

2025-12-21 04:19:00

R W Run

wfSupportController.php

24.18 KB

2025-12-21 04:19:00

R W Run

wfUnlockMsg.php

1.14 KB

2025-12-21 04:19:00

R W Run

wfUpdateCheck.php

27.23 KB

2025-12-21 04:19:00

R W Run

wfUtils.php

128.73 KB

2025-12-21 04:19:00

R W Run

wfVersionCheckController.php

19.27 KB

2025-12-21 04:19:00

R W Run

wfVersionSupport.php

535 By

2025-12-21 04:19:00

R W Run

wfView.php

2.22 KB

2025-12-21 04:19:00

R W Run

wfViewResult.php

1.42 KB

2025-12-21 04:19:00

R W Run

wfWebsite.php

1.75 KB

2025-12-21 04:19:00

R W Run

wordfenceClass.php

437.99 KB

2025-12-21 04:19:00

R W Run

wordfenceConstants.php

3.56 KB

2025-12-21 04:19:00

R W Run

wordfenceHash.php

42.7 KB

2025-12-21 04:19:00

R W Run

wordfenceScanner.php

28.09 KB

2025-12-21 04:19:00

R W Run

wordfenceURLHoover.php

18.35 KB

2025-12-21 04:19:00

R W Run

error_log

📄wfCrypt.php

<?php
class wfCrypt {
	private static function getPubKey(){
		#Command to generate our keypair was: openssl req -x509 -newkey rsa:2048 -keyout mycert.key -out mycert.pem -nodes -subj "/C=US/ST=Washington/L=Seattle/O=Wordfence/OU=IT/CN=wordfence.com" -days 7300
		#This is a 2048 bit key using SHA256 with RSA. 
		$key = <<<ENDKEY
-----BEGIN CERTIFICATE-----
MIIDrTCCApWgAwIBAgIJAIg6Va5tcvwyMA0GCSqGSIb3DQEBCwUAMG0xCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRIw
EAYDVQQKDAlXb3JkZmVuY2UxCzAJBgNVBAsMAklUMRYwFAYDVQQDDA13b3JkZmVu
Y2UuY29tMB4XDTE1MDMxMjA1NTIzMFoXDTM1MDMwNzA1NTIzMFowbTELMAkGA1UE
BhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEjAQ
BgNVBAoMCVdvcmRmZW5jZTELMAkGA1UECwwCSVQxFjAUBgNVBAMMDXdvcmRmZW5j
ZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/9Ogj1PIQsuZu
dTUNWlG0zaDNWpeY1ZiB/6oBS/YXkGFuG8R/nZ/kYsRmBm6yRp/3jC/HiPjg+7Zc
bA/CKoHdUlNjFZ+10DmS369wVX+c0oV9f720b/a0xN0qeKxJTiN2NsAl5szYv2CQ
Bvzjeb5VfKgrfV9tgYr38swudxvexponYaK0OlDL3u/Xca4SLRKmB+ZYCcZJttoG
SNFsQMlLHWWmM0FJH9qZ3x8MtRM5KsNEWO+/op511Rr36ZnLJdzUnETsaxHKwuCv
0+D9b0mwk8K/c67l63v4+zywXNkdYIslgo7Aeeyb6t0lyyfruXutEyMinmApACT2
sDMAbYk7AgMBAAGjUDBOMB0GA1UdDgQWBBTstr/AoPQyLLIt4/peFSjj0FFXHzAf
BgNVHSMEGDAWgBTstr/AoPQyLLIt4/peFSjj0FFXHzAMBgNVHRMEBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4IBAQA9HsK+XdZh2MGP2SDdggA+MxkNBCCFBtcsmQrpiLUW
67xt59FPRMwTgSA9Lt8uqcWaXoHXiaTnXTRtN/BKZR0F71HQfiV6zy511blIRlk2
nV+vYzwLUENCZ31hQEZsY+uYqBSTiHecUKohn8A9pOOEpis2YEn2zVo4cobdyGa1
zCnaAN99KT8s9lOO0UW0J52qZhvv4y8YhELtrXKBsFatGEsVIM0NFI+ZDsNpMnSQ
cmUtLiIJtk5hxNbOaIz2vzbOkbzJ3ehzODJ1X5rya7X0v2akLLhwP9jqz5ua6ttP
duLv4Q6v3LY6pwDoyKQMDqNNxVjaFmx5HyFWRPofpu/T
-----END CERTIFICATE-----
ENDKEY;
		return $key;
	}
	public static function makeSymHexKey($length){
		return bin2hex(wfWAFUtils::random_bytes($length / 2));
	}
	public static function pubCrypt($symKey){ //encrypts a symmetric key and returns it base64
		openssl_public_encrypt($symKey, $encSymKey, self::getPubKey(), OPENSSL_PKCS1_OAEP_PADDING); //The default OPENSSL_PKCS1_PADDING is deprecated.
		return base64_encode($encSymKey);
	}
	
	/**
	 * Returns the payload symmetrically encrypted and signed by the noc1 public key. The payload is converted to JSON, 
	 * encrypted using a randomly-generated symmetric key, and then hashed and signed with the noc1 public key.
	 * 
	 * This is NOT cryptographically secure for verifying that this server sent or was aware of the context of the 
	 * message, rather it is intended to be used in tandem with verification via another method (e.g., a call that 
	 * validates due to the site URL matching the license key or noc1 does a call itself to the server to retrieve the 
	 * encrypted payload). It is solely a means to provide data to noc1 that only it can read.
	 * 
	 * @param array $payload
	 * @return array The encrypted and signed payload in the form array('message' => <encrypted message in hex>, 'signature' => <signature in hex>).
	 */
	public static function noc1_encrypt($payload) {
		$payloadJSON = json_encode($payload);
		
		$keyData = file_get_contents(dirname(__FILE__) . '/noc1.key');
		$key = @openssl_get_publickey($keyData);
		if ($key !== false) {
			$symmetricKey = wfWAFUtils::random_bytes(32);
			$iv = wfWAFUtils::random_bytes(16);
			$encrypted = @openssl_encrypt($payloadJSON, 'aes-256-cbc', $symmetricKey, OPENSSL_RAW_DATA, $iv);
			if ($encrypted !== false) {
				$success = openssl_public_encrypt($symmetricKey, $symmetricKeyEncrypted, $key, OPENSSL_PKCS1_OAEP_PADDING);
				if ($success) {
					$message = $iv . $symmetricKeyEncrypted . $encrypted;
					$signatureRaw = hash('sha256', $message, true);
					$success = openssl_public_encrypt($signatureRaw, $signature, $key, OPENSSL_PKCS1_OAEP_PADDING);
					if ($success) {
						$package = array('message' => bin2hex($message), 'signature' => bin2hex($signature));
						return $package;
					}
				}
			}
		}
		return array();
	}
	
	/**
	 * Returns a SHA256 HMAC for $payload using the local long key.
	 * 
	 * @param $payload
	 * @return false|string
	 */
	public static function local_sign($payload) {
		return hash_hmac('sha256', $payload, wfConfig::get('longEncKey'));
	}
}