You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Improvement: Added list of known malicious usernames to suspicious administrator scan.
Improvement: Added ability for the WAF to determine if a given plugin/theme/core version is installed.
Improvement: Added a feature to export a diagnostics report.
Improvement: Add php_errorlog to the list of downloadable logs in diagnostics.
Improvement: Added a prompt to allow user to download a backup prior to repairing files.
Improvement: Prevent scan from failing when the home URL has changed and the key is no longer valid.
Improvement: Deprecated PHP 5.3, and ended PHP 5.2 support by prevent auto-update from running on older versions.
Fix: Fixed issue where WAF mysqli storage engine cannot find credentials if wflogs/ does not exist.
Fix: Changed capability checked to read WP REST API users endpoint when “Prevent discovery of usernames through …” is enabled.
Fix: Prevented duplicate queries for wordfenceCentralConnected wfconfig value.
Fix: Prevented custom wp-content or other directories from appearing in “skipped paths” scan result, even when scanned.
Fix: Login Attempts dashboard widget “Show more” link is not visible when long usernames and IPs cause wrapping.
Fix: Fix typo in the readme.
Improvement: Updated bundled GeoIP database.
Improvement: Better messaging when selecting restrictive rate limits.
Improvement: Scan result emails now include the count of issues that were found again.
Improvement: Resolved scan issues will now email again if they reoccur.
Improvement: Added the state/province name when applicable to geolocation displays in Live Traffic.
Improvement: New blocking page design to better inform blocked visitors on how to resolve the block.
Improvement: Custom WP_CONTENT_DIR, WP_PLUGIN_DUR, and UPLOADS path constants will now get scanned correctly.
Improvement: Added TLS connection failure detection to brute force reporting and checking and a corresponding backoff period.
Fix: Fixed an issue where a bad cron record could interfere with automatic WAF rule updates.
Fix: Fixed a PHP warning that could occur if a bad response was received while updating an IP list.
Fix: The new user tour and onboarding flow will now work correctly on the 2FA pag