Fix: Fixed the removed from wordpress.org detection for plugin, which was broken due to an API change. Changed: Added compatibility messaging for reCAPTCHA when WooCommerce is active. Change: Reworded setting for ignored IPs in the WAF alert email. Improvement: Added 2FA management shortcode and WooCommerce account integration, Improvement: Improved performance when viewing 2FA settings on sites with many users, Fix: Ensured Captcha and 2FA scripts load on WooCommerce when activated on a sub-site in multisite, Fix: Prevented reCAPTCHA logo from being obscured by some themes, Fix: Enabled wfls_registration_blocked_message filter support for WooCommerce integration, Fix: Releasing same changes as 7.8.1, due to wordpress.org error, Improvement: Added more granualar data deletion options to deactivation prompt, Improvement: Allowed accessing diagnostics prior to completing registration, Fix: Prevented installation prompt from displaying when a license key is already installed but the alert email address has been removed, Improvement: Added feedback when login form is submitted with 2FA, Fix: Restored click support on login button when using 2FA with WooCommerce, Fix: Corrected display issue with reCAPTCHA score history graph, Fix: Prevented errors on PHP caused by corrupted login timestamps, Fix: Prevented deprecation notices on PHP 8.2 related to dynamic properties, Change: Updated Wordfence registration workflow, Fix: Prevented scan resume attempts from repeating indefinitely when the initial scan stage fails, Improvement: Added configurable scan resume functionality to prevent scan failures on sites with intermittent connectivity issues, Improvement: Added new scan result for vulnerabilities found in plugins that do not have patched versions available via WordPress.org, Improvement: Implemented stand-alone MMDB reader for IP address lookups to prevent plugin conflicts and support additional PHP versions, Improvement: Added option to disable looking up IP address locations via the Wordfence API, Improvement: Prevented successful logins from resetting brute force counters, Improvement: Included maximum number of days in live traffic option text, Fix: Made timezones consistent on firewall page, Fix: Added Use only IPv4 to start scans option to search, Fix: Prevented deprecation notices on PHP 8.1 when emailing the activity log, Fix: Prevented warning on PHP 8 related to process owner diagnostic, Fix: Prevented PHP Code Sniffer false positive related to T_BAD_CHARACTER, Fix: Removed unsupported beta feed option, Improvement: Hardened 2FA login flow to reduce exposure in cases where an attacker is able to obtain privileged information from the database, Fix: Prevented XSS that would have required admin privileges to exploit (CVE-2022-3144), Improvement: Added option to start scans using only IPv4, Improvement: Added diagnostic for internal IPv6 connectivity to site, Improvement: Added AUTOMATIC_UPDATER_DISABLED diagnostic, Improvement: Updated password strength check, Improvement: Added support for scanning plugin/theme files in when using the WP_CONTENT_DIR/WP_PLUGIN_DIR constants, Improvement: Made DISABLE_WP_CRON diagnostic more clear, Improvement: Added Hostname to Live Traffic message displayed for hostname blocking, Improvement: Improved compatibility with Flywheel hosting, Improvement: Added support for dynamic cookie redaction patterns when logging requests, Fix: Prevented scanned paths from being displayed as skipped in rare cases, Fix: Corrected indexed files count in scan messages, Fix: Prevented overlapping AJAX requests when viewing Live Traffic on slower servers, Fix: Corrected WP_DEBUG_DISPLAY diagnostic, Fix: Prevented extraneous warnings caused by DNS resolution failures, Fix: Corrected display issue with Save/Cancel buttons on All Options page, Fix: Prevented errors caused by WHOIS searches for invalid values, Improvement: Added option to toggle display of last login column on WP Users page, Improvement: Improved autocomplete support for 2FA code on Apple devices, Improvement: Prevented Batcache from caching block pages, Fix: Prevented extraneous scan results when non-existent paths are configured using UPLOADS and related constants, Fix: Corrected issue that prevented reCAPTCHA scores from being recorded, Fix: Prevented invalid JSON setting values from triggering fatal errors, Fix: Made text domains consistent for translation support, Fix: Clarified that allowlisted IP addresses also bypass reCAPTCHA, Improvement: Improved scan support for sites with non-standard directory structures, Improvement: Increased accuracy of executable PHP upload detection, Improvement: Addressed various deprecation notices with PHP 8.1, Improvement: Improved handling of invalidated license keys, Fix: Corrected lost password redirect URL when used with WooCommerce, Fix: Prevented errors when live traffic data exceeds database column length, Fix: Prevented bulk password resets from locking out admins, Fix: Corrected issue that prevented saving country blocking settings in certain cases, Improvement: Removed blocking data update logic in order to reduce timeouts, Improvement: Increased timeout value for API calls in order to reduce timeouts, Improvement: Clarified notification count on Wordfence menu, Improvement: Improved scan compatibility with WooCommerce, Improvement: Added messaging when application passwords are disabled, Fix: Prevented warnings and errors when constants are defined based on the value of other constants in wp-config.php, Fix: Corrected redundant escaping that prevented viewing or repairing files in scan results, Launch of Wordfence Care and Wordfence Response, Improvement: Made preliminary changes for compatibility with PHP 8.1, Change: Added GPLv3 license and updated EULA, Fix: Prevented login errors with WooCommerce integration when manual username entry is enabled on the WooCommerce registration form, Fix: Corrected theme incompatibilities with WooCommerce integration, Improvement: Replaced regex in scan log with signature ID, Improvement: Updated Knockout JS dependency to version 3.5.1, Improvement: Removed PHP 8 compatibility notice, Improvement: Added NTP status for Login Security to Diagnostics, Improvement: Updated plugin headers for compatibility with WordPress 5.8, Improvement: Updated Nginx documentation links to HTTPS, Improvement: Updated IP address geolocation database, Improvement: Expanded WAF SQL syntax support, Improvement: Added optional constants to configure WAF database connection, Improvement: Added support for matching punycode domain names, Improvement: Updated Wordfence install count, Improvement: Deprecated support for WordPress versions older than 4.4.0. There were 9 cron jobs (down from over 29,000!). Fix: Fixed a warning by adjusting a query to remove old-style variable references. Fix: Multiple improvements to automatic updating to avoid broken updates on sites with low resources or slow file systems. You can customize what and how . Change: Removed the wfvt_ cookie as it was no longer necessary. Change: The diagnostics report now includes the scan issues for easier debugging. Continuously scans for malware and phishing URLs including all URLs on the Google Safe Browsing List in all your comments, posts and files that are security threats. WordFence) * Clear your browser's cache. Fix: Enqueued fonts used in admin notices on all admin pages. Improvement: Better error handling when a site is unreachable publicly. Change: Began a phased rollout of moving brute force queries to be https-only. Install Wordfence via the plugin directory or by uploading the ZIP file. References. Fix: Fixed a currently-unused code path in email address verification for the strict check. Fix: The proxy detection check frequency has been reduced and no longer alerts if the server is unreachable. Fix: Links in unlock emails now work for IPv6 and IPv4-mapped-IPv6 addresses. Go through them one by one to secure your site. Change: Long-deprecated database tables will be removed. Improvement: Added warning messages when blocking U.S. Improvement: Running an update now automatically dismisses the corresponding scan issue if present. Change the option to Learning Mode. Improvement: Better layout and display for mobile screen sizes. Fix: Fixed the .htaccess directives used to hide files found by the scanner. Fix: WordPress language files no longer flagged as changed. Fix: Fixed the quick navigation letters in the country picker not scrolling. Fix: Adjusted message when trying to block an IP in the allowlist. Fix: Fixed an issue with an internal data structure to prevent error log entries when using mbstring functions. Improvement: Move Permanently block all temporarily blocked IP addresses button to top of blocked IP list. 1: Partially Remove Wordfence If you're familiar with installing and removing WordPress plugins, then you'll know about the Deactivate->Delete sequence. Fix: Improved bot detection when no user agent is sent. So guess I am switching just because their stuff is broken and hard to get to. Drag down on the . Improvement: Converted the banned URLs input to a textarea. Fix: Added internal throttling to ensure the daily cron does not run too frequently on some hosts. We are fully compatible with both IPv4 and IPv6 whether you run both or only one addressing scheme. Improvement: Two-factor authentication is new and improved, now available on all Premium and Free installations. This plugin can improve your website's design by ensuring that your images look crisp and clear on all devices. Fix: Fixed issue where PHP 8 notice sometimes cannot be dismissed. Fix: Adjusted timeouts to improve reliability of WAF rule updates on slower servers. Fix: Restricted caching of responses from the Wordfence Security Network. Fix: Fixed handling of case-insensitive tables in the Diagnostics table check. Fix: Modified the behavior of the disk space check to avoid a scan warning showing without an issue generated. Visit the Wordfence options page to enter your email address so that you can receive email security alerts. Rounded out by 2FA and a suite of additional features, Wordfence is the most comprehensive WordPress security solution available. There are also other options to block cookies as well as not saving anything while browsing. Quickly clear your cache with this extension without any confirmation dialogs, pop-ups or other annoyances. Improvement: Improved appearance and behavior of option checkboxes. Your cache might need to be "flushed" (or cleared) if you recently: made changes to your site but you do not see those changes on the Internet Fix: Added a check in REST API hooks to avoid defining a constant twice. Improvement: Updated the browscap database. This makes it possible for unauthenticated attackers to clear the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Fix: Suppressed warning gzinflate() error in scan logs. Also alerts you to potential security issues when a plugin has been closed or abandoned. Got type: boolean. Fix: Fixed a transparency issue with flags for Switzerland and Nepal. Improvement: Added a check while in learning mode to verify the response is not 404 before whitelising. Fix: When enabled, cookies are now set for the correct roles on previously used devices. . Improvement: Added the Accept-Encoding compression header to WAF-related requests for better performance during rule updates. Use cloud hosting with no CPU limits. Fix: Fixed an issue where the human/bot detection wasnt functioning. Fix: Fixed bug with PCRE versions < 7.0 (repeated subpattern is too long). If you have a heavily trafficked system you may want to disable live traffic which will stop logging to the DB. Fix: Adjusted the behavior of the blocklist toggle for Free users. On this page, we can enable or disable many of the features of the plugin. Fix: Scan issue alert emails no longer incorrectly show high sensitivity was enabled. 3. Improvement: Restructured the WAF configuration storage to be more resilient on hosts with no file locking support. Fix: PHP 8.0 compatibility prevent syntax error when linting files. Improvement: Added a self-check to the scan to detect if it has stalled. 2. Fix: The increased attack rate emails now correctly identify blocklist blocks. Fix: Added better detection to SSL status, particularly for IIS. Change: Initial preparation for GDPR compliance. Improvement: The live traffic Group By options now dynamically show the results in a more useful format depending on the option selected. Fix: Hooked up reverse IP lookup in Live Traffic. Improvement: Upgraded sodium_compat library to 1.13.0. Since yesterday I have a message of an error preventing you from logging in, the problem is solved when I switch to the Twenty twenty one theme, my theme is Woodmart, I am trying to understand this message suddenly, I deactivated each plugin and put twenty twenty one it works but with my theme impossible to connect Highly configurable alerts can be delivered via email, SMS or Slack. Replace wp-cron with a real cron job. Improvement: Clarified text on Maximum execution time for each scan stage option. Change: New installations will now use lowercase table names to avoid issues with some backup plugins and Windows-based sites. Fix: Better wrapping behavior on the reason column in the blocks table. Fix: Fixed auto-enabling of some controls when pasting values. Improvement: Better detection of removal status when uninstalling the WAFs auto-prepend file. Improvement: Better labeling in Live Traffic for 301 and 302 redirects. Improvement: Additional flexibility for allowlist rules. when i make it clear cache it was nothing happened or different. Tap Other apps. In order to exclude the XML Sitemap from caching using W3 Total Cache plugin, here's what you do: Go to Performance > Page Cache. Improvement: Switched the bundled select2 library to use to prefixed version to work around other plugins including older versions on our pages. A real-time view of all traffic including automated bots that often constitute security threats that Javascript analytics packages never show you. Improvement: Added additional contextual help links. Improvement: The IP address of the user activating Wordfence is now used by the breached password check until an admin successfully logs in. Improvement: Added a path for people blocked by the IP blocklist (Premium Feature) to report false positives. Scans core files, themes and plugins against WordPress.org repository versions to check their integrity. Improvement: Performance improvements for the dashboard widget. Improvement: Added support for finding server logs to the Diagnostics page to help with troubleshooting. Fix: Tour popups on options page now scroll into view correctly. Then, check the box for "Cached Images and Files." Change: Updated the text on the option to alert for scan results of a certain severity. Situational awareness is an important part of website security. Fix: Fixed a typo in the htaccess update panel. Sucuri offers two types of scanners, a firewall, a malware removal service, and login protection. Improvement: Added parameter signature to remote scanning for better validation during forking. Web Application Firewall identifies and blocks malicious traffic. Fix: Fixed the dashboard erroneously showing the payment method as missing for some payment methods. Fix: Scheduled update for WAF rules doesnt decrease from 7 days, to 12 hours, when upgrading to a premium account. Improvement: Updated signatures for hash-based malware detection. Change: Permanent blocks now display Permanent rather than Indefinite for the expiration for consistency. Improvement: Multiple php.ini file in core directory issues are now consolidated into a single issue for clearer scan results. Choose whether you want to block or throttle users and robots who break your WordPress security rules. Improvement: Added a Wordfence Application Firewall code block for the lsapi variant of LiteSpeed. Improvement: Hardening for sites on servers with insecure configuration, which should not be enabled on publicly accessible servers. Improvement: Prevent Wordfence from loading under