Improvement: Added diagnostic debug button to clear Wordfence Central connection data from the database. Fix: Added a workaround for sites with inaccessible WAF config files when reading php://input. Improvement: Multiple php.ini file in core directory issues are now consolidated into a single issue for clearer scan results. Web Application Firewall stops you from getting hacked by identifying malicious traffic, blocking attackers before they can access your website. Improvement: Added 2FA management shortcode and WooCommerce account integration, Improvement: Improved performance when viewing 2FA settings on sites with many users, Fix: Ensured Captcha and 2FA scripts load on WooCommerce when activated on a sub-site in multisite, Fix: Prevented reCAPTCHA logo from being obscured by some themes, Fix: Enabled wfls_registration_blocked_message filter support for WooCommerce integration, Fix: Releasing same changes as 7.8.1, due to wordpress.org error, Improvement: Added more granualar data deletion options to deactivation prompt, Improvement: Allowed accessing diagnostics prior to completing registration, Fix: Prevented installation prompt from displaying when a license key is already installed but the alert email address has been removed, Improvement: Added feedback when login form is submitted with 2FA, Fix: Restored click support on login button when using 2FA with WooCommerce, Fix: Corrected display issue with reCAPTCHA score history graph, Fix: Prevented errors on PHP caused by corrupted login timestamps, Fix: Prevented deprecation notices on PHP 8.2 related to dynamic properties, Change: Updated Wordfence registration workflow, Fix: Prevented scan resume attempts from repeating indefinitely when the initial scan stage fails, Improvement: Added configurable scan resume functionality to prevent scan failures on sites with intermittent connectivity issues, Improvement: Added new scan result for vulnerabilities found in plugins that do not have patched versions available via WordPress.org, Improvement: Implemented stand-alone MMDB reader for IP address lookups to prevent plugin conflicts and support additional PHP versions, Improvement: Added option to disable looking up IP address locations via the Wordfence API, Improvement: Prevented successful logins from resetting brute force counters, Improvement: Included maximum number of days in live traffic option text, Fix: Made timezones consistent on firewall page, Fix: Added Use only IPv4 to start scans option to search, Fix: Prevented deprecation notices on PHP 8.1 when emailing the activity log, Fix: Prevented warning on PHP 8 related to process owner diagnostic, Fix: Prevented PHP Code Sniffer false positive related to T_BAD_CHARACTER, Fix: Removed unsupported beta feed option, Improvement: Hardened 2FA login flow to reduce exposure in cases where an attacker is able to obtain privileged information from the database, Fix: Prevented XSS that would have required admin privileges to exploit (CVE-2022-3144), Improvement: Added option to start scans using only IPv4, Improvement: Added diagnostic for internal IPv6 connectivity to site, Improvement: Added AUTOMATIC_UPDATER_DISABLED diagnostic, Improvement: Updated password strength check, Improvement: Added support for scanning plugin/theme files in when using the WP_CONTENT_DIR/WP_PLUGIN_DIR constants, Improvement: Made DISABLE_WP_CRON diagnostic more clear, Improvement: Added Hostname to Live Traffic message displayed for hostname blocking, Improvement: Improved compatibility with Flywheel hosting, Improvement: Added support for dynamic cookie redaction patterns when logging requests, Fix: Prevented scanned paths from being displayed as skipped in rare cases, Fix: Corrected indexed files count in scan messages, Fix: Prevented overlapping AJAX requests when viewing Live Traffic on slower servers, Fix: Corrected WP_DEBUG_DISPLAY diagnostic, Fix: Prevented extraneous warnings caused by DNS resolution failures, Fix: Corrected display issue with Save/Cancel buttons on All Options page, Fix: Prevented errors caused by WHOIS searches for invalid values, Improvement: Added option to toggle display of last login column on WP Users page, Improvement: Improved autocomplete support for 2FA code on Apple devices, Improvement: Prevented Batcache from caching block pages, Fix: Prevented extraneous scan results when non-existent paths are configured using UPLOADS and related constants, Fix: Corrected issue that prevented reCAPTCHA scores from being recorded, Fix: Prevented invalid JSON setting values from triggering fatal errors, Fix: Made text domains consistent for translation support, Fix: Clarified that allowlisted IP addresses also bypass reCAPTCHA, Improvement: Improved scan support for sites with non-standard directory structures, Improvement: Increased accuracy of executable PHP upload detection, Improvement: Addressed various deprecation notices with PHP 8.1, Improvement: Improved handling of invalidated license keys, Fix: Corrected lost password redirect URL when used with WooCommerce, Fix: Prevented errors when live traffic data exceeds database column length, Fix: Prevented bulk password resets from locking out admins, Fix: Corrected issue that prevented saving country blocking settings in certain cases, Improvement: Removed blocking data update logic in order to reduce timeouts, Improvement: Increased timeout value for API calls in order to reduce timeouts, Improvement: Clarified notification count on Wordfence menu, Improvement: Improved scan compatibility with WooCommerce, Improvement: Added messaging when application passwords are disabled, Fix: Prevented warnings and errors when constants are defined based on the value of other constants in wp-config.php, Fix: Corrected redundant escaping that prevented viewing or repairing files in scan results, Launch of Wordfence Care and Wordfence Response, Improvement: Made preliminary changes for compatibility with PHP 8.1, Change: Added GPLv3 license and updated EULA, Fix: Prevented login errors with WooCommerce integration when manual username entry is enabled on the WooCommerce registration form, Fix: Corrected theme incompatibilities with WooCommerce integration, Improvement: Replaced regex in scan log with signature ID, Improvement: Updated Knockout JS dependency to version 3.5.1, Improvement: Removed PHP 8 compatibility notice, Improvement: Added NTP status for Login Security to Diagnostics, Improvement: Updated plugin headers for compatibility with WordPress 5.8, Improvement: Updated Nginx documentation links to HTTPS, Improvement: Updated IP address geolocation database, Improvement: Expanded WAF SQL syntax support, Improvement: Added optional constants to configure WAF database connection, Improvement: Added support for matching punycode domain names, Improvement: Updated Wordfence install count, Improvement: Deprecated support for WordPress versions older than 4.4.0. Click the empty all caches button. Wordfence Security includes an endpoint firewall, malware scanner, robust login security features, live traffic views, and more. Login to your WordPress Admin Panel and navigate to 'Settings -> WP Rocket'. Booking (10) Cache (9 . Improvement: Switched the bundled select2 library to use to prefixed version to work around other plugins including older versions on our pages. Fix: Improved updating of WAF config values to minimize writing to disk. Change: Live Traffic human/bot status will additionally be based on the browscap record in security-only mode. Improvement: Introduced light-weight scan that runs frequently to perform checks that do not use any server resources. Wordfence Central is a powerful and efficient way to manage the security for multiple sites in one place. Change: Removed a no-longer-used API call. Wordfence will not appear on any individual sites menu. A deep set of additional tools round out the most comprehensive WordPress security solution available. Improvement: Local GeoIP database update. Fix: Fixed fatal error on single-sites running WordPress <4.9. Improvement: Resolved scan issues will now email again if they reoccur. Fix: Removed an empty file hash from the old WordPress core file detection. Improvement: Added options to customize which dashboard notifications are shown. Use to love it. For more detail, see: https://www.wordfence.com/help/firewall/mysqli-storage-engine/. Include a detailed description of the problem and screenshots, so . Great software! It will also indicate if there is a known vulnerability. Fix: Fixed an issue where live traffic would stop loading new records if always display expanded records was on. Fix: Included country flags for Kosovo and Curaao. Block common WordPress security threats like fake Googlebots, malicious scans from hackers and botnets. subdomains are now supported for sharing premium licenses. Improvement: If unable to successfully look up the status of an IP claiming to be Googlebot, the hit is now allowed. They also don't show you whether certain plugin modules are adding database bloat. On a small site, the free version offers basic protection, but you won't receive security patches as quickly as paying customers. Improvement: Added support to the WAF for validating URLs for future use in rules. Improvement: Sites can now specify a list of trusted proxies when using X-Forwarded-For for IP resolution. Improvement: Added the ability to sort the blocks table. Designed for every skill level, The WordPress Security Learning Center is dedicated to deepening users understanding of security best practices by providing free access to entry-level articles, in-depth articles, videos, industry survey results, graphics and more. Fix: Switched to autoloader with fastMult enabled on sodum_compat to minimize connection issues. Fix: Removed an old reference to the pre-Wordfence 7.1 lockouts table. Fix: If a premium license is deleted from wordfence.com, the plugin will now automatically downgrade rather than get stuck in an intermediate state. Improvement: Better message for dashboard widget when no failed logins. Fix: Fixed an issue with the dashboard where it could show the last scan failed when one has never ran. Improvement: Provided additional no-caching indicators for caches that erroneously save pages with HTTP error status codes. Fix: Corrected the message shown on Live Traffic when a country blocking bypass URL is used. Improvement: The no-cache constant for database caching is now set for W3TC for plugin updates and scans. Improvement: Improved the WAFs ability to inspect POST bodies. Improvement: Added a time limit to the live activity status so only current messages are shown. Improvement: Enhanced the detection ability of the WAF for SQLi attacks. Fix: The diff viewer now forces wrapping to prevent long lines of text from stretching the layout. Fix: Enqueued fonts used in admin notices on all admin pages. Fix: Added additional error handling to the blocked IP list to avoid outputting notices when another plugin resets the error handler. Improvement: Live traffic and scanning activity now display a paused notice when real-time updates are suspended while in the background. Fix: Fixed an issue that could prevent files beginning with a period from working with the file restore function. Wordfence Care customers receive hands-on support including help with security incidents and a yearly security audit. Tap Storage. Fix: The scan issues alerting option is now set correctly for new installations. Improvement: Live Traffic now only shows verified Googlebot under Google Crawler filter for new visits. Block entire malicious networks. Improvement: Update URLs in Wordfence for documentation about LiteSpeed and lockouts. Navigate to Wordfence > Tools > Import/Export Options and click Export. Fix: Fixed bug with specific Advanced Blocking user-agent patterns causing 500 errors. Fix: Removed the disallow file mods for admins created outside of WordPress. Navigate to your WordPress directory. Powerful templates make configuring Wordfence a breeze. Fix: Added a workaround to Live Traffic human/bot detection to compensate for other scripts that modify our event handlers. Fix: Fixed fatal error in the event wflogs is not writable. Thanks Jason Woods. Now when you activate Wordfence again it will create the needed custom database tables. Fix: Fixed an IPv6 detection issue with one form of IPv6 address. Fix: Improved IP detection in the WAF when using an IP detection method that can have multiple values. mainwp/mainwp-child Skip to contentToggle navigation Sign up Product Actions Automate any workflow Packages Host and manage packages Security Improvement: Prevent scan from failing when the home URL has changed and the key is no longer valid. Wordfence Security is extremely fast and uses techniques like caching its own configuration data to avoid database lookups and blocking malicious attacks that would slow down your site. Fix: Fixed a sequencing problem when adding detection for bot/human that led to it being called on every request. Fix: Addressed a problem where the scan exclusions list was not checked correctly in some situations. Thanks Kacper Szurek. Improvement: Added browser-based malware signatures for .js, .html files in the malware scan. Improvement: A text version of scan results is now included in the activity log email. Improvement: Added Kosovo to country blocking. Fix: Adjusted the changelog link in the scan results email to work for the new wordpress.org repository. Unlike cloud alternatives does not break encryption, cannot be bypassed and cannot leak data. Fix: Fixed a few links that didnt open the correct configuration pages. Why does this help? Improvement: Added a help link to the mode display when a host disabling Live Traffic is active. Garbage. Improvement: Improved time zone handling for the WAFs learning mode. Improvement: Increased logging in debug mode for plugin updates to help resolve issues. Wordfence Response customers get 24/7/365 support from our incident response team, with a 1 hour response time, and a maximum of 24 hours to resolve a security issue. Fix: Added an option to allow automatic updates to function on Litespeed servers that have the global noabort set rather than site-local. Efficiently assess the security status of all your websites in one view. Fix: All external URLs in the tour are now https. Change: IPs blocked via live traffic now use the configurable how long is an IP blocked setting to match previous behavior. Minor update: As a helpful user on redditpointed out, it's unclear in the post above if we're also removing the 'basic' cache. Fix: Fixed the functionality of the button to send 2FA grace period notifications. Improvement: Added an unsubscribe link to plugin-generated alerts. Fix: PHP deprecation notices no longer suppress those of old OpenSSL or WordPress. Improvement: Remove legacy admin functions no longer used within the UI. Change: Long-deprecated database tables will be removed. From the Wordfence Dashboard click on Manage WAF. Fix: Updated JS hashing library to compensate for a variable name collision that could occur. Wordfence Security is able to repair core files, themes and plugins on sites where security is already compromised. Rate limit or block WordPress security threats like aggressive crawlers, scrapers and bots doing security scans for vulnerabilities in your site. WordPress is the most popular website platform, which means that, sadly, it is also the most hacked platform. Wordfence verifies your website source code integrity against the official WordPress repository and shows you the changes. Dynamic Caching is a full-page caching mechanism powered by NGINX. Firewall rules and login rules apply to the WHOLE system. But the most important is the service - I can say that the service I get is 5 starsany issues that we had in the last 3 months we get a very good response in a very good SLAthe overall feeling is the WF team are customer oriented with a very high understanding of the security world and I will highly recommend using the pluginthe UI is very friendly and you get everything you are looking for. Scan Options Select which aspects of your site the scan should investigate, adjust scan performance and configure advanced options. Improvement: Updated to the current GeoIP database. Fix: Fixed tour popup positioning on multisite. Was the absolute best security plugin for WordPress but the new license system just shows that the company is going in a very wrong direction. Fix: Fixed potential bug with stored data not found after a fork. We have the Enable Live Traffic View function. It also scans for known malicious URLs and known patterns of infections. This can happen when you run plugins & modules that collect lots of data (Wordfence, SEO plugins, etc). Fix: Suppressed error messages on the NTP time check to compensate for hosts with UDP connections disabled. Improvement: Additional alerting and troubleshooting steps for WAF configuration issues. Improvement: Prevent Wordfence from loading under