Change: Suppressed a script tag on the diagnostics page from being output in the email version. Improvement: Reduced memory usage on scan forking and during the known files scan stage. Fix: Fixed scans failing in subdirectory sites when updating malware signatures. Fix: CSS fixes for activity report email. Because Wordfence is an integral part of the endpoint (your WordPress website), it cant be bypassed. Improvement: Updated Live Traffic with filters and to include blocked requests in the feed. Improvement: The premium key is no longer prompted for during installation if already present from an earlier version. Fix: Fixed CSS positioning issue for dashboard metabox with IPv6. Fix: Fixed the dashboard erroneously showing the payment method as missing for some payment methods. But the most important is the service - I can say that the service I get is 5 starsany issues that we had in the last 3 months we get a very good response in a very good SLAthe overall feeling is the WF team are customer oriented with a very high understanding of the security world and I will highly recommend using the pluginthe UI is very friendly and you get everything you are looking for. Fix: Fixed an issue with synchronizing scan issues to Wordfence Central that prevented stale issues from being cleared. We employ a global 24 hour dedicated incident response team that provides our priority customers with a 1 hour response time for any security incident. Wordfence will not appear on any individual sites menu. Improvement: Added options to customize which dashboard notifications are shown. Fix: Quick scans no longer run daily if automatic scheduled scans are disabled. At this point you may be prompted to login, but any WordPress admin actions that were previously blocked by Wordfence should no longer be rejected. We have the Enable Live Traffic View function. SiteGround will cache your WordPress, even if you don't have the plugin installed. At best, it gives intermittent results (having blocked the country or not). Improvement: Added an unsubscribe link to plugin-generated alerts. If you are not running IPv6, Wordfence will work great on your site too. Improvement: Improved WAF coverage for an Infinite WP authentication bypass vulnerability. Emergency Fix: Updated wpdb::prepare calls using %.6f since it is no longer supported. Fix: Modified the number of login records kept to align better with Live Traffic so theyre trimmed around the same time. Improvement: Added additional WAF support to allow us to more easily address false positives. Fix: Fixed a few options that couldnt be searched for on the all options page. Improvement: Updated the service allowlist to reflect additions to the Facebook IP ranges. Fix: Fixed a PHP notice that could occur when running a scan immediately after removing a plugin. Improvement: Better diagnostics logging for GeoIP conflicts. Improvement: Added the state/province name when applicable to geolocation displays in Live Traffic. Improvement: Malware signature checking has been better optimized to improve overall speed. Improvement: Increased the textarea size for the advanced firewall options to make editing easier. Improvement: Reduced size of some JavaScript for faster loading. At Wordfence, WordPress security isnt a division of our business WordPress security is all we do. The WordPress security plugin provides the best protection available for your website. Fix: Added a couple rare failed login error codes to brute force detection. At the top right, click More . Fix: Fixed broken message in Live Traffic with MySQLi storage engine for blocklisted hits. Improvement: Plugin updates are now only a critical issue if there is a security related fix, and a warning otherwise. Install Wordfence automatically or by uploading the ZIP file. [Premium] Checks to see if your site or IP have been blocklisted for malicious activity, generating spam or other security issue. Now that Wordfence is network activated it will appear on your Network Admin menu. Improvement: Updated the WHOIS lookup for better reliability. Improvement: Scan times for very large sites with huge numbers of files are greatly improved. Improvement: The scan page now displays when beta signatures are enabled since they can produce false positives. Fix: Made the administrator email address admin notice dismissable. Change: Separated the various blocking-related pages out from the Firewall top-level menu into Blocking. WordPress.org Plugin Mirror. Fix: Fixed fatal error when viewing the Login Security settings page from an allowlisted IP. Improvement: Added diagnostic debug button to clear Wordfence Central connection data from the database. Use PHP 8.0. This can happen when you run plugins & modules that collect lots of data (Wordfence, SEO plugins, etc). The following people have contributed to this plugin. Dynamic Caching is a full-page caching mechanism powered by NGINX. Fix: Better text wrapping in the top failed logins widget. Improvement: Scan result emails now include the count of issues that were found again. Change: Statistics that do not depend on the WAF for their data now display when it is in learning mode. Yes. Improvement: Updated the bundled browscap database. Fix: Added detection for and fixed a very large pcre.backtrack_limit setting that could cause scans to fail, when modified by other plugins. Fix: REST API hits now correctly follow the Dont log signed-in users with publishing access option. Improvement: Added support for filtering the blocks list. Clear Your Cache in WP-CLI Log in to SSH or cPanel Terminal. Improvement: Enhanced the detection ability of the WAF for SQLi attacks. Improvement: Added a path for people blocked by the IP blocklist (Premium Feature) to report false positives. Once you install Wordfence, you will configure a list of email addresses where security alerts will be sent. Real-time blocking of known attackers. Improvement: Added dates to each release in the changelog. Wordfence Scan leverages the same proprietary feed, alerting you quickly about security issues or if your site is compromised. Fix: Fixed bug with Windows users unable to save Firewall config. Fix: Addressed a problem where the scan exclusions list was not checked correctly in some situations. Change: The minimum Lock out after how many login failures is now 2. This plugin also adds a button to the WP Admin Bar to make it really easy to clear the WordPress cache manually. Final Thoughts Fix: Error log download links now work on Windows servers. Fix: Fixed a URL in alert emails that did not correctly detect when sent from a multisite installation. Improvement: Reduced memory usage by up to 90% when scanning comments. Still do, but i cant get the damn code the require now. Fix: Fixed bug when multiple authors have published posts, /?author=N scans show an author archive page. Make sure that the second wp-affiliate cookie is recorded in the browser. Improvement: Added dedicated messaging for leftover WordPress core files that were not fully removed during upgrade. Fix: Fixed a typo in the scan summary text. Improvement: Added option to disable ajaxwatcher (for allowlisting only for Admins) on the front end. For mission-critical sites, check out Wordfence Response. Fix: Addressed an issue with multisite installations where they would execute the upgrade handler for each subsite. Caching is provided by Falcon Engine, a product developed by Mark and the Wordfence team. The Live Traffic view gives you real-time visibility into traffic and hack attempts on your website. Go through them one by one to secure your site. Fix: Fixed issues with scan in WordPress 4.6 beta. Improvement: XML-RPC authentication may now be disabled or forced to require 2FA. Maybe it was caching but when i maked it to clear it's not . With no false positives, a spectacular scanner, and malware cleaning within minutes, MalCare is the best alternative to WordFence plugin that's faster. Clear your cache and browsing data with a single click of a button. 2. Improvement: Better block counting for advanced comment filtering. Improvement: Updated site cleaning callout with 1-year guarantee. Fix: Made the description in the summary email for blocks resulting from the blocklist more descriptive. Enhancement: Added Wordfence Dashboard for quick overview of security activity. Another popular security plugin in the WordPress ecosystem is Sucuri. Quickly clear your cache with this extension without any confirmation dialogs, pop-ups or other annoyances. Improvement: Added TLS connection failure detection to brute force reporting and checking and a corresponding backoff period. 9. . Improvement: Malware scan results have been modified to include both a public identifier and description. Improvement: Added a MySQL-based configuration and data storage for the WAF to expand the number of hosting environments supported. Change: First phase for removing the Falcon cache in place, which will add a notice of its pending removal. Use Cloudflare to reduce CPU usage. Fix: Better detection for when to use secure cookies. Fix: Fixed the functionality of the button to send 2FA grace period notifications. In WP Fastest Cache the quickest way to clear the WP cache is using the button in the Admin Bar. Improvement: Better message for dashboard widget when no failed logins. Install Redis or memcached with OPcache. Fix: Now using 503 response code in the page displayed when an IP is locked out. when i make it clear cache it was nothing happened or different. Fix: Fixed attack data sync for hosts that cannot use wp-cron. Fix: Hooked up multibyte string functions to binary safe equivalents. Improvement: Added an All Options page to enable developers and others to more rapidly configure Wordfence. Improvement: Add note to options page that login security is necessary for 2FA to work. Improvement: Added additional XSS detection capabilities. Check the boxes for the temporary cache files you want deleted, then click "Remove Files." When you're prompted to confirm, select "Continue" and your cache will be cleared. Fix: Added locking to the automatic update process to ensure non-standard crons dont break Wordfence. Change: Live Traffic human/bot status will additionally be based on the browscap record in security-only mode. Yes. Fix: Fixed the bulk repair function in the scan results when it included core files. Fix: Live traffic entries with long user agents no longer cause the table to stretch. Tap Other apps. Improvement: Added our own prefixed version of jQuery.DataTables to avoid conflicts with other plugins. Fix: Fixed a typo in the htaccess update panel. Fix: Fixed an issue where plugins that use non-standard version formatting could end up with a inaccurate vulnerability status. Change: Updated support link on scan page. Change: Changed styling on unselected checkboxes. Improvement: Improved the performance of our config table status check. Wordfence takes this approach. Improvement: Added a constant that may be overridden to customize the expiration time of login verification email links. We offer a Premium API key that gives you real-time updates to the Threat Defense Feed which includes a real-time IP blocklist, firewall rules, and malware signatures. Improvement: Significant performance improvement for determining the connecting IP. Fix: Removed an older behavior with live traffic buttons that could allow them to open in a new tab and show nothing. Improvement: Added alerting for when the WAF is disabled for any reason. Fix: Adjusted the changelog link in the scan results email to work for the new wordpress.org repository. [Premium] Real-time IP Blocklist blocks all requests from the most malicious IPs, protecting your site while reducing load. Scroll to the bottom of the menu and click on "Settings." Select "Privacy, search, and services." Fix: Fixed deadlock when NFS is used for WAF file storage, in wfWAFAttackDataStorageFileEngine::addRow(). Upgrading to WordFence Premium for $99-$950/year will give you access to real-time IP blocklist and country blocking features, stopping all requests from . Fix: Addressed a plugin conflict with the composer autoloader. Fix: Fixed issue with IPv6 mapped IPv4 addresses not being treated as IPv4. Improvement: Added progressive loading of addresses on the blocked IP list. Go to the top of the " Diagnostics " tab on the Wordfence " Tools " page. Change: Description updated on the Live Traffic page. Improvement: Prepared code for upcoming scan improvement which will greatly increase scan performance by optimizing malware signatures. Fix: Fixed memory calculation when using PHPs supported shorthand syntax. Fix: Add the user the web server (or PHP) is currently running as to Diagnostics page. Fix: Improved updating of WAF config values to minimize writing to disk. Fix: Added better detection to SSL status, particularly for IIS. Go to the Scan menu and start your first scan. Fix: Notify users if suPHP_ConfigPath is in their WAF setup, and prompt to update Extended Protection. The "Delete Cache" button. Fix: Added throttling to sync the WAF attack data. Fix: Fixed the quick navigation letters in the country picker not scrolling. Fix: An empty ignored IP list for WAF alerts no longer creates a PHP notice. Fix: Login credentials passed as arrays no longer trigger a PHP notice from our filters. Option 1 - via the Admin Bar. Fix: Fixed warning that could be logged when following an unlock email link. Fix: Adjusted timeouts to improve reliability of WAF rule updates on slower servers. Improvement: Added additional information about reCAPTCHA to its setting control. Fix: The scan issues alerting option is now set correctly for new installations. Includes advanced IP and Domain WHOIS to report malicious IPs or networks and block entire networks using the firewall. Drag down on the . Change: Reworded setting for ignored IPs in the WAF alert email. Improvement: Upgraded sodium_compat library to 1.13.0. Wordfence Central is a powerful and efficient way to manage the security for multiple sites in one place. Web Application Firewall stops you from getting hacked by identifying malicious traffic, blocking attackers before they can access your website.