The folder and file exclusion list will apply to premium plugins and themes as well (i.e., not hosted on wordpress.org).
The default settings were adjusted to prevent a potential memory error or script execution timeout when running on low-cost shared hosting plans.
3.2.8
Fixed a bug where it was not possible to compare two files.
3.2.7
Fixed a potential “stat failed” PHP warning when viewing a report.
3.2.6
Administrators can only move to the quarantine folder a file that was flagged as suspicious by the scanner (props Jonas Benjamin Friedli).
3.2.5
The scanner will display an error if it can’t decode the list of malware signatures.
Updated Prism.js libraries.
Small fixes and adjustments.
3.2.4
Fixed a potential “Function _load_textdomain_just_in_time was called incorrectly” PHP notice that can occurred with WordPress >=6.7.
3.2.3
We have a new API: api.nintechnet.com. Make sure to whitelist this subdomain if you are filtering outgoing connections.
3.2.2
Fixed a bug where MU plugins added to the list of ignored files were still displaying a warning in the report sent by email.
3.2.1
Fixed a potential “Undefined constant NFW_ENGINE_VERSION” fatal error.
Adjusted PHP max_execution_time and memory limit during a scan.
3.2
The “Apply the exclusion list to the file integrity checker” feature from the “Ignore files/folders” option will now apply to WordPress core files as well, not only to the themes and plugins files.
3.1
Fixed a potential “File is not in the ABSPATH or DOCUMENT_ROOT” error message when trying to view a file.
Fixed an issue where it was not possible to activate or deactivate NinjaScanner from WP CLI.
The scanner will attempt to disable the PHP display_errors directive so that notice, warning and error messages won’t show up in the AJAX response.
Small fixes and adjustments.
Minimum PHP Version updated to 7.1.
3.0.12
Fixed a potential “Cannot use object of type WP_Error as array” fatal error.
Updated “Tested up to” to match WordPress 6.2.
3.0.11
Fix compatibility issue with PHP 8.2.
Fix compatibility issue with older PHP version (<7.3).
Updated Prism.js libraries.
Small fixes and adjustments.
3.0.10
On websites running PHP 7.3 or above, NinjaScanner will use the hrtime() function instead of microtime() for its metrics, because it is more reliable as it is not based on the internal system clock.
Fixed an issue where it was not possible to quarantine a file when running NinjaScanner on localhost over TLS because cURL rejected the self-signed certificate.
Fixed a bug with right-to-left (RTL) WordPress sites where the checkboxes below the log were all messed up.
Updated Prism.js libraries.
Small fixes and adjustments.
3.0.9
Fixed a potential PHP “sprintf” fatal error that could occur if there were an error during the scanning process.
Fixed a regex bug when checking for a Linux or Windows absolute path.
Updated Prism.js libraries.
Added more details to the scanner’s log when a scan is cancelled because of an error.
3.0.8
If the PHP ZIP extension, which provides the ZipArchive class, is missing on the server, NinjaScanner will fall back to the built-in PclZip library instead of refusing to run.
When catching a PHP fatal error (E_ERROR), the scanner will write to the log the full path to the file where the error occured.
Small fixes and adjustments.
3.0.7
Fixed an issue during the anti-malware scan where the number of scanned items appeared to be higher than the total of files to be scanned, and returned an “Unknown Error” message.
Fixed an issue where corrupted ZIP files downloaded from wordpress.org were not deleted.
The anti-malware signatures file used during the scan will be temporarily saved to the database and no longer to disk because some antivirus used on Microsoft-IIS are still flagging the file as malware and delete it.
3.0.6
Fixed a potential “Missing Lock File” error that may occur on slow servers.
Added streaming to the wp_remote_get function to lower the amount of memory used during downloads (props Daniel Ruf).
3.0.5
Fixed error introduced in 3.0.3 affecting PHP versions 7.1 and below.
Replaced the “install_plugins” capability with “manage_options”, to allow administrators to run the scanner even if the WordPress built-in “DISALLOW_FILE_MODS” constant is defined.
Fixed a potential “Undefined variable: snapshot” PHP notice.
Better detection of any potential error during the scanner initialization by using a blocking socket.
The temporary file used to saved malware signatures during the scanning process is now base64-encoded to prevent it form being flagged as malware by some hosting companies.
Updated PrismJS to the latest version.
Added missing description to the WP-CLI script (props Daniel Ruf).
Small fixes and adjustments.
3.0.2
Fixed a potential issue where the scan could not start.
3.0.1
Fixed a potential syntax error introduced in v3.0.
The whole scanner engine was rewritten from scratch, so that it can work on very low resource servers.
The scan report can be displayed on multiple pages instead of one only. This can be selected from the “Settings > Advanced Users Settings > Display report” option.
It is possible to select which folders to scan in the blog directory (“Settings > Blog directory”).
HTTP basic authentication is now supported by the WP-CRON fork method.
