: str_replace(): Passing null to parameter #2 ($replace) of type array|string is deprecated in
if (!defined('WORDFENCE_VERSION')) { exit; }
/** @var boolean $inEmail */
$diagnostic = new wfDiagnostic;
$plugins = get_plugins();
$activePlugins = array_flip(get_option('active_plugins'));
$activeNetworkPlugins = is_multisite() ? array_flip(wp_get_active_network_plugins()) : array();
$muPlugins = get_mu_plugins();
$themes = wp_get_themes();
$currentTheme = wp_get_theme();
if (!isset($sendingDiagnosticEmail)) {
$sendingDiagnosticEmail = false;
<?php if (!$sendingDiagnosticEmail): ?>
<script type="application/javascript">
document.title = "<?php esc_attr_e('Diagnostics', 'wordfence'); ?>" + " \u2039 " + WFAD.basePageName;
<div id="wf-diagnostics">
<?php if (!$sendingDiagnosticEmail): ?>
<div class="wf-diagnostics-wrapper">
<div class="wf-flex-row">
<div class="wf-flex-row-1">
<?php echo wp_kses(sprintf(__('This page shows information that can be used for troubleshooting conflicts, configuration issues, or compatibility with other plugins, themes, or a host\'s environment. Failing tests are not always a sign of something that you need to fix, but can help the Wordfence team when troubleshooting a problem. (<a href="%s" target="_blank" rel="noopener noreferrer">Learn More <span class="screen-reader-text">opens in new tab</span></a>)', 'wordfence'), wfSupportController::esc_supportURL(wfSupportController::ITEM_DIAGNOSTICS)), array('a' => array('href' => array(), 'target' => array(), 'rel' => array()), 'span' => array('class' => array()))) ?>
<div class="wf-flex-row-0 wf-padding-add-left">
<div id="sendByEmailThanks" class="hidden">
<h3><?php esc_html_e('Thanks for sending your diagnostic page over email', 'wordfence'); ?></h3>
<div id="sendByEmailDiv" class="wf-add-bottom">
<input class="wf-btn wf-btn-primary wf-btn-sm" type="submit" id="exportDiagnostics" value="Export"/>
<input class="wf-btn wf-btn-primary wf-btn-sm" type="submit" id="sendByEmail" value="Send Report by Email"/>
<input class="wf-btn wf-btn-default wf-btn-sm" type="button" id="expandAllDiagnostics" value="Expand All Diagnostics"/>
<div id="sendByEmailForm" class="wf-block wf-active hidden">
<div class="wf-block-header">
<div class="wf-block-header-content">
<div class="wf-block-title">
<strong><?php esc_html_e('Send Report by Email', 'wordfence') ?></strong>
<div class="wf-block-content wf-clearfix">
<ul class="wf-block-list">
<div><?php esc_html_e('Email address:', 'wordfence'); ?></div>
<p><input class="wf-input-text" type="email" id="_email" value="wftest@wordfence.com"/>
<div><?php esc_html_e('Ticket Number/Forum Username:', 'wordfence'); ?></div>
<p><input class="wf-input-text" type="text" id="_ticketnumber" required/></p>
<input class="wf-btn wf-btn-primary" type="button" id="doSendEmail" value="Send"/>
<div class="wf-diagnostics-wrapper">
<?php foreach ($diagnostic->getResults() as $title => $tests):
$key = sanitize_key('wf-diagnostics-' . $title);
foreach ($tests['results'] as $result) {
$infoOnly = isset($result['infoOnly']) && $result['infoOnly'];
if (!$result['test'] && !$infoOnly) {
<th colspan="2"><?php echo esc_html($title) ?></th>
<?php foreach ($tests['results'] as $result): ?>
$infoOnly = isset($result['infoOnly']) && $result['infoOnly'];
<td style="width: 75%; min-width: 300px"><?php echo (is_array($result['label']) && isset($result['label']['raw']) && $result['label']['raw'] ? $result['label']['value'] : wp_kses($result['label'], array(
'a' => array('href' => true),
'span' => array('class' => true)
<div class="wf-result-info"><?php echo (is_array($result['message']) && isset($result['message']['escaped']) ? $result['message']['escaped'] : nl2br(esc_html($result['message']))); ?></div>
<?php elseif ($result['test']): ?>
<div class="wf-result-success"><?php echo (is_array($result['message']) && isset($result['message']['escaped']) ? $result['message']['escaped'] : nl2br(esc_html($result['message']))); ?></div>
<div class="wf-result-error"><?php echo (is_array($result['message']) && isset($result['message']['escaped']) ? $result['message']['escaped'] : nl2br(esc_html($result['message']))); ?></div>
<?php if (isset($result['detail']) && !empty($result['detail'])): ?>
<p><strong><?php esc_html_e('Additional Detail', 'wordfence'); ?></strong><br><?php echo (is_array($result['detail']) && isset($result['detail']['escaped']) ? $result['detail']['escaped'] : nl2br(esc_html($result['detail']))); ?></p>
<div class="wf-block<?php echo (wfPersistenceController::shared()->isActive($key) ? ' wf-active' : '') .
($hasFailingTest ? ' wf-diagnostic-fail' : '') ?>" data-persistence-key="<?php echo esc_attr($key) ?>">
<div class="wf-block-header">
<div class="wf-block-header-content">
<div class="wf-block-title">
<strong><?php echo esc_html($title) ?></strong>
<span class="wf-text-small"><?php echo esc_html($tests['description']) ?></span>
<div class="wf-block-header-action">
<div class="wf-block-header-action-disclosure" role="checkbox" aria-checked="<?php echo (wfPersistenceController::shared()->isActive($key) ? 'true' : 'false'); ?>" tabindex="0"></div>
<div class="wf-block-content wf-clearfix">
<ul class="wf-block-list">
<?php foreach ($tests['results'] as $key => $result): ?>
$infoOnly = isset($result['infoOnly']) && $result['infoOnly'];
<div style="width: 75%; min-width: 300px;"><?php echo (is_array($result['label']) && isset($result['label']['raw']) && $result['label']['raw'] ? $result['label']['value'] : wp_kses($result['label'], array(
'a' => array('href' => true),
<div class="wf-result-info"><?php echo (is_array($result['message']) && isset($result['message']['escaped']) ? $result['message']['escaped'] : nl2br(esc_html($result['message']))); ?></div>
<?php elseif ($result['test']): ?>
<div class="wf-result-success"><?php echo (is_array($result['message']) && isset($result['message']['escaped']) ? $result['message']['escaped'] : nl2br(esc_html($result['message']))); ?></div>
<div class="wf-result-error"><?php echo (is_array($result['message']) && isset($result['message']['escaped']) ? $result['message']['escaped'] : nl2br(esc_html($result['message']))); ?></div>
<?php if (isset($result['detail']) && !empty($result['detail'])): ?>
<p><a href="#" onclick="jQuery('#wf-diagnostics-detail-<?php echo esc_attr($key); ?>').show(); jQuery(this).hide(); return false;" role="button"><?php esc_html_e('View Additional Detail', 'wordfence'); ?></a></p>
<pre class="wf-pre wf-split-word" id="wf-diagnostics-detail-<?php echo esc_attr($key); ?>" style="max-width: 600px; display: none;"><?php echo (is_array($result['detail']) && isset($result['detail']['escaped']) ? $result['detail']['escaped'] : nl2br(esc_html($result['detail']))); ?></pre>
$howGet = wfConfig::get('howGetIPs', false);
list($currentIP, $currentServerVarForIP) = wfUtils::getIPAndServerVariable();
$howGetHasErrors = $howGet && (! $currentServerVarForIP || $howGet !== $currentServerVarForIP);
<div class="wf-block<?php echo ($howGetHasErrors ? ' wf-diagnostic-fail' : '') . (wfPersistenceController::shared()->isActive('wf-diagnostics-client-ip') ? ' wf-active' : '') ?>" data-persistence-key="<?php echo esc_attr('wf-diagnostics-client-ip') ?>">
<div class="wf-block-header">
<div class="wf-block-header-content">
<div class="wf-block-title">
<strong><?php esc_html_e('IP Detection', 'wordfence') ?></strong>
<span class="wf-text-small"><?php esc_html_e('Methods of detecting a visitor\'s IP address.', 'wordfence') ?></span>
<div class="wf-block-header-action">
<div class="wf-block-header-action-disclosure" role="checkbox" aria-checked="<?php echo (wfPersistenceController::shared()->isActive('wf-diagnostics-client-ip') ? 'true' : 'false'); ?>" tabindex="0"></div>
<div class="wf-block-content wf-clearfix wf-padding-no-left wf-padding-no-right">
<table class="wf-striped-table"<?php echo !empty($inEmail) ? ' border=1' : '' ?>>
<th><?php esc_html_e('IPs', 'wordfence'); ?></th>
<th><?php esc_html_e('Value', 'wordfence'); ?></th>
<th><?php esc_html_e('Used', 'wordfence'); ?></th>
$serverVariables = array(
'REMOTE_ADDR' => 'REMOTE_ADDR',
'HTTP_CF_CONNECTING_IP' => 'CF-Connecting-IP',
'HTTP_X_REAL_IP' => 'X-Real-IP',
'HTTP_X_FORWARDED_FOR' => 'X-Forwarded-For',
foreach (wfUtils::getAllServerVariableIPs() as $variable => $ip): ?>
<td><?php echo isset($serverVariables[$variable]) ? $serverVariables[$variable] : $variable ?></td>
_e('(not set)', 'wordfence');
} elseif (is_array($ip)) {
$output = array_map('esc_html', $ip);
echo str_replace($currentIP, "<strong>{$currentIP}</strong>", implode(', ', $output));
<?php if ($currentServerVarForIP && $currentServerVarForIP === $variable): ?>
<td class="wf-result-success"><?php esc_html_e('In use', 'wordfence'); ?></td>
<?php elseif ($howGet === $variable): ?>
<td class="wf-result-error"><?php esc_html_e('Configured but not valid', 'wordfence'); ?></td>
<td><?php esc_html_e('Trusted Proxies', 'wordfence'); ?></td>
<td><?php $proxies = wfConfig::get('howGetIPs_trusted_proxies', ''); echo esc_html(implode(', ', explode("\n", empty($proxies) ? __('(not set)', 'wordfence') : $proxies))); ?></td>
<td><?php esc_html_e('Trusted Proxy Preset', 'wordfence'); ?></td>
<td><?php $preset = wfConfig::get('howGetIPs_trusted_proxy_preset'); $presets = wfConfig::getJSON('ipResolutionList', array()); echo esc_html((is_array($presets) && isset($presets[$preset])) ? $presets[$preset]['name'] : __('(not set)', 'wordfence')); ?></td>
<div class="wf-block<?php echo(wfPersistenceController::shared()->isActive('wf-diagnostics-wordpress-constants') ? ' wf-active' : '') ?>" data-persistence-key="<?php echo esc_attr('wf-diagnostics-wordpress-constants') ?>">
<div class="wf-block-header">
<div class="wf-block-header-content">
<div class="wf-block-title">
<strong><?php esc_html_e('WordPress Settings', 'wordfence') ?></strong>
<span class="wf-text-small"><?php esc_html_e('WordPress version and internal settings/constants.', 'wordfence') ?></span>
<div class="wf-block-header-action">
<div class="wf-block-header-action-disclosure" role="checkbox" aria-checked="<?php echo (wfPersistenceController::shared()->isActive('wf-diagnostics-wordpress-constants') ? 'true' : 'false'); ?>" tabindex="0"></div>
<div class="wf-block-content wf-clearfix wf-padding-no-left wf-padding-no-right">
<table class="wf-striped-table"<?php echo !empty($inEmail) ? ' border=1' : '' ?>>
foreach (wfDiagnostic::getWordpressValues() as $settingName => $settingData):
$escapedName = esc_html($settingName);
$escapedDescription = '';
$escapedValue = __('(not set)', 'wordfence');
if (is_array($settingData)) {
$escapedDescription = esc_html($settingData['description']);
if (isset($settingData['value'])) {
$escapedValue = esc_html($settingData['value']);
$escapedDescription = esc_html($settingData);
if (defined($settingName)) {
$escapedValue = esc_html(constant($settingName));
<td><strong><?php echo $escapedName ?></strong></td>
<td><?php echo $escapedDescription ?></td>
<td><?php echo $escapedValue ?></td>
<div class="wf-block<?php echo(wfPersistenceController::shared()->isActive('wf-diagnostics-wordpress-plugins') ? ' wf-active' : '') ?>" data-persistence-key="<?php echo esc_attr('wf-diagnostics-wordpress-plugins') ?>">
<div class="wf-block-header">
<div class="wf-block-header-content">
<div class="wf-block-title">
<strong><?php esc_html_e('WordPress Plugins', 'wordfence') ?></strong>
<span class="wf-text-small"><?php esc_html_e('Status of installed plugins.', 'wordfence') ?></span>
<div class="wf-block-header-action">
<div class="wf-block-header-action-disclosure" role="checkbox" aria-checked="<?php echo (wfPersistenceController::shared()->isActive('wf-diagnostics-wordpress-plugins') ? 'true' : 'false'); ?>" tabindex="0"></div>
<div class="wf-block-content wf-clearfix wf-padding-no-left wf-padding-no-right">
<table class="wf-striped-table"<?php echo !empty($inEmail) ? ' border=1' : '' ?>>
<?php foreach ($plugins as $plugin => $pluginData): ?>
if (preg_match('/^([^\/]+)\//', $plugin, $matches)) {
else if (preg_match('/^([^\/.]+)\.php$/', $plugin, $matches)) {
<strong><?php echo esc_html($pluginData['Name']); ?> (<?php echo esc_html($slug); ?>)</strong>
<?php if (!empty($pluginData['Version'])): ?>
- <?php echo esc_html(sprintf(__('Version %s', 'wordfence'), $pluginData['Version'])); ?>
<?php if (array_key_exists(trailingslashit(WP_PLUGIN_DIR) . $plugin, $activeNetworkPlugins)): ?>
<td class="wf-result-success"><?php esc_html_e('Network Activated', 'wordfence'); ?></td>
<?php elseif (array_key_exists($plugin, $activePlugins)): ?>
<td class="wf-result-success"><?php esc_html_e('Active', 'wordfence'); ?></td>
<td class="wf-result-inactive"><?php esc_html_e('Inactive', 'wordfence'); ?></td>
<div class="wf-block<?php echo(wfPersistenceController::shared()->isActive('wf-diagnostics-mu-wordpress-plugins') ? ' wf-active' : '') ?>" data-persistence-key="<?php echo esc_attr('wf-diagnostics-mu-wordpress-plugins') ?>">
<div class="wf-block-header">
<div class="wf-block-header-content">
<div class="wf-block-title">
<strong><?php esc_html_e('Must-Use WordPress Plugins', 'wordfence') ?></strong>
<span class="wf-text-small"><?php esc_html_e('WordPress "mu-plugins" that are always active, including those provided by hosts.', 'wordfence') ?></span>
<div class="wf-block-header-action">
<div class="wf-block-header-action-disclosure" role="checkbox" aria-checked="<?php echo (wfPersistenceController::shared()->isActive('wf-diagnostics-mu-wordpress-plugins') ? 'true' : 'false'); ?>" tabindex="0"></div>
<div class="wf-block-content wf-clearfix wf-padding-no-left wf-padding-no-right">
<table class="wf-striped-table"<?php echo !empty($inEmail) ? ' border=1' : '' ?>>
<?php if (!empty($muPlugins)): ?>
<?php foreach ($muPlugins as $plugin => $pluginData): ?>
if (preg_match('/^([^\/]+)\//', $plugin, $matches)) {
else if (preg_match('/^([^\/.]+)\.php$/', $plugin, $matches)) {
<strong><?php echo esc_html($pluginData['Name']) ?> (<?php echo esc_html($slug); ?>)</strong>
<?php if (!empty($pluginData['Version'])): ?>
- <?php echo esc_html(sprintf(/* translators: Plugin version. */ __('Version %s', 'wordfence'), $pluginData['Version'])); ?>
<td class="wf-result-success"><?php esc_html_e('Active', 'wordfence'); ?></td>
<td><?php esc_html_e('No MU-Plugins', 'wordfence'); ?></td>
<div class="wf-block<?php echo(wfPersistenceController::shared()->isActive('wf-diagnostics-dropin-wordpress-plugins') ? ' wf-active' : '') ?>" data-persistence-key="<?php echo esc_attr('wf-diagnostics-dropin-wordpress-plugins') ?>">
<div class="wf-block-header">
<div class="wf-block-header-content">
<div class="wf-block-title">
<strong><?php esc_html_e('Drop-In WordPress Plugins', 'wordfence') ?></strong>
<span class="wf-text-small"><?php esc_html_e('WordPress "drop-in" plugins that are active.', 'wordfence') ?></span>
<div class="wf-block-header-action">
<div class="wf-block-header-action-disclosure" role="checkbox" aria-checked="<?php echo (wfPersistenceController::shared()->isActive('wf-diagnostics-dropin-wordpress-plugins') ? 'true' : 'false'); ?>" tabindex="0"></div>
<div class="wf-block-content wf-clearfix wf-padding-no-left wf-padding-no-right">
<table class="wf-striped-table"<?php echo !empty($inEmail) ? ' border=1' : '' ?>>
//Taken from plugin.php and modified to always show multisite drop-ins
'advanced-cache.php' => array( __( 'Advanced caching plugin', 'wordfence' ), 'WP_CACHE' ), // WP_CACHE
'db.php' => array( __( 'Custom database class', 'wordfence' ), true ), // auto on load
'db-error.php' => array( __( 'Custom database error message', 'wordfence' ), true ), // auto on error
'install.php' => array( __( 'Custom installation script', 'wordfence' ), true ), // auto on installation
'maintenance.php' => array( __( 'Custom maintenance message', 'wordfence' ), true ), // auto on maintenance
'object-cache.php' => array( __( 'External object cache', 'wordfence' ), true ), // auto on load
'php-error.php' => array( __( 'Custom PHP error message', 'wordfence' ), true ), // auto on error
'fatal-error-handler.php'=> array( __( 'Custom PHP fatal error handler', 'wordfence' ), true ), // auto on error
$dropins['sunrise.php' ] = array( __( 'Executed before Multisite is loaded', 'wordfence' ), is_multisite() && 'SUNRISE' ); // SUNRISE
$dropins['blog-deleted.php' ] = array( __( 'Custom site deleted message', 'wordfence' ), is_multisite() ); // auto on deleted blog
$dropins['blog-inactive.php' ] = array( __( 'Custom site inactive message', 'wordfence' ), is_multisite() ); // auto on inactive blog
$dropins['blog-suspended.php'] = array( __( 'Custom site suspended message', 'wordfence' ), is_multisite() ); // auto on archived or spammed blog
<?php foreach ($dropins as $file => $data): ?>
$active = file_exists(WP_CONTENT_DIR . DIRECTORY_SEPARATOR . $file) && is_readable(WP_CONTENT_DIR . DIRECTORY_SEPARATOR . $file) && $data[1];
<strong><?php echo esc_html($data[0]) ?> (<?php echo esc_html($file); ?>)</strong>
<td class="wf-result-success"><?php esc_html_e('Active', 'wordfence'); ?></td>
<td class="wf-result-inactive"><?php esc_html_e('Inactive', 'wordfence'); ?></td>
<div class="wf-block<?php echo(wfPersistenceController::shared()->isActive('wf-diagnostics-wordpress-themes') ? ' wf-active' : '') ?>" data-persistence-key="<?php echo esc_attr('wf-diagnostics-wordpress-themes') ?>">
<div class="wf-block-header">
<div class="wf-block-header-content">
<div class="wf-block-title">
<strong><?php esc_html_e('Themes', 'wordfence') ?></strong>
<span class="wf-text-small"><?php esc_html_e('Status of installed themes.', 'wordfence') ?></span>
<div class="wf-block-header-action">
<div class="wf-block-header-action-disclosure" role="checkbox" aria-checked="<?php echo (wfPersistenceController::shared()->isActive('wf-diagnostics-wordpress-themes') ? 'true' : 'false'); ?>" tabindex="0"></div>
<div class="wf-block-content wf-clearfix wf-padding-no-left wf-padding-no-right">
<table class="wf-striped-table"<?php echo !empty($inEmail) ? ' border=1' : '' ?>>
<?php if (!empty($themes)): ?>
<?php foreach ($themes as $theme => $themeData): ?>
if (preg_match('/^([^\/]+)\//', $theme, $matches)) {
else if (preg_match('/^([^\/.]+)\.php$/', $theme, $matches)) {
<strong><?php echo esc_html($themeData['Name']) ?> (<?php echo esc_html($slug); ?>)</strong>
<?php if (!empty($themeData['Version'])): ?>
- <?php echo esc_html(sprintf(/* translators: Theme version. */ __('Version %s', 'wordfence'), $themeData['Version'])); ?>
<?php if ($currentTheme instanceof WP_Theme && $theme === $currentTheme->get_stylesheet()): ?>
<td class="wf-result-success"><?php esc_html_e('Active', 'wordfence'); ?></td>
<td class="wf-result-inactive"><?php esc_html_e('Inactive', 'wordfence'); ?></td>
<td><?php esc_html_e('No Themes', 'wordfence'); ?></td>
<div class="wf-block<?php echo(wfPersistenceController::shared()->isActive('wf-diagnostics-wordpress-cron-jobs') ? ' wf-active' : '') ?>" data-persistence-key="<?php echo esc_attr('wf-diagnostics-wordpress-cron-jobs') ?>">
<div class="wf-block-header">
<div class="wf-block-header-content">
<div class="wf-block-title">
<strong><?php esc_html_e('Cron Jobs', 'wordfence') ?></strong>
<span class="wf-text-small"><?php esc_html_e('List of WordPress cron jobs scheduled by WordPress, plugins, or themes.', 'wordfence') ?></span>
<div class="wf-block-header-action">
<div class="wf-block-header-action-disclosure" role="checkbox" aria-checked="<?php echo (wfPersistenceController::shared()->isActive('wf-diagnostics-wordpress-cron-jobs') ? 'true' : 'false'); ?>" tabindex="0"></div>
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
