* Improvement: Added a MySQL-based configuration and data storage for the WAF to expand the number of hosting environments supported. For more detail, see:
* Improvement: Updated bundled GeoIP database.
* Fix: Fixed several console notices when running via the CLI.
* Improvement: Multiple “php.ini file in core directory” issues are now consolidated into a single issue for clearer scan results.
* Improvement: The AJAX error detection for false positive WAF blocks now better detects and processes the response for presenting the whitelisting prompt.
* Improvement: Added overdue cron detection and highlighting to diagnostics to help identify issues.
* Improvement: Added the necessary directives to exclude backwards compatibility code from creating warnings with phpcs for future compatibility with WP Tide.
* Improvement: Normalized all PHP require/include calls to use full paths for better code quality.
* Change: Removed deprecated high sensitivity scan option since current signatures are more accurate.
* Fix: Fixed the status circle tooltips not showing.
* Fix: IP detection at the WAF level better mirrors the main plugin exactly when using the automatic setting.
* Fix: Fixed a currently-unused code path in email address verification for the strict check.
* Improvement: Improved tagging of the login endpoint for brute force protection.
* Improvement: Added additional information about reCAPTCHA to its setting control.
* Improvement: Added a constant that may be overridden to customize the expiration time of login verification email links.
* Improvement: reCAPTCHA keys are now tested on saving to prevent accidentally inputting a v2 key.
* Improvement: Added a setting to control the reCAPTCHA human/bot threshold.
* Improvement: Added a separate option to trigger removal of Login Security tables and data on deactivation.
* Improvement: Reworked the reCAPTCHA implementation to trigger the token check on login/registration form submission to avoid the token expiring.
* Fix: Widened the reCAPTCHA key fields to allow the full keys to be visible.
* Fix: Fixed encoding of the ellipsis character when reporting malware finds.
* Fix: Disabling the IP blacklist once again correctly clears the block cache.
* Fix: Addressed an issue when outbound UDP connections are blocked where the NTP check could log an error.
* Fix: Fixed the functionality of the button to send 2FA grace period notifications.
* Fix: Fixed a missing icon for some help links when running in standalone mode.
* Improvement: Added support for managing the login security settings to Wordfence Central.
* Improvement: Updated the bundled root CA certificate store.
* Improvement: Added a check and update flow for mod_php hosts with only the PHP5 directive set for the WAF’s extended protection mode.
* Improvement: Added additional values to Diagnostics for debugging time-related issues, the new fatal error handler settings, and updated the PHP version check to reflect the new 5.6.20 requirement of WordPress.
* Change: Changed the autoloader for our copy of sodium_compat to always load after WordPress core does.
* Fix: Fixed the “removed from wordpress.org” detection for plugin, which was broken due to an API change.
* Fix: Fixed the bulk repair function in the scan results when it included core files.
* Improvement: Updated sodium_compat to address an incompatibility that may occur with the pending WordPress 5.2.1 update.
* Improvement: Clarified text around the reCAPTCHA setting to indicate v3 keys must be used.
* Improvement: Added detection for Jetpack and a notice when XML-RPC authentication is disabled.
* Fix: Suppressed error messages on the NTP time check to compensate for hosts with UDP connections disabled.
* Improvement: Two-factor authentication is new and improved, now available on all Premium and Free installations.
* Improvement: Added Google reCAPTCHA v3 support to the login and registration forms.
* Improvement: XML-RPC authentication may now be disabled or forced to require 2FA.
* Improvement: Reduced size of SVG assets.
* Improvement: Clarified text on “Maximum execution time for each scan stage” option.
* Improvement: Added detection for an additional config file that may be created and publicly visible on some hosts.
* Improvement: Improved detection for malformed malware scanning signatures.
* Change: Long-deprecated database tables will be removed.
* Change: Removed old performance logging code that’s no longer used.
* Fix: Addressed a log notice when using the See Recent Traffic feature in Live Traffic.
* Fix: WAF attack data now correctly includes JSON payloads when appropriate.
* Fix: Fixed the text for Live Traffic entries that include a redirection message.
* Fix: Fixed an issue with synchronizing scan issues to Wordfence Central that prevented stale issues from being cleared.
* Improvement: Added additional data breach records to the breached password check.
* Improvement: Added the Accept-Encoding compression header to WAF-related requests for better performance during rule updates.
* Improvement: Updated to the current GeoIP database.
* Improvement: Added additional controls to the Wordfence Central connection page to better reflect the current connection state.
* Change: Updated the text on the option to alert for scan results of a certain severity.
Improvement: Updated vulnerability database integration.
Improvement: Better messaging when a WAF rule update fails to better indicate the cause.
Fix: Removed a double slash that could occur in an image path.
Fix: Adjusted timeouts to improve reliability of WAF rule updates on slower servers.
Fix: Improved connection process with Wordfence Central for better reliability on servers with non-standard paths.
Fix: Switched to autoloader with fastMult enabled on sodum_compat to minimize connection issues.
Improvement: Country names are now shown instead of two letter codes where appropriate.
Improvement: Updated the service whitelist to reflect additions to the Facebook IP ranges.
Improvement: Added alerting for when the WAF is disabled for any reason.
Improvement: Additional alerting and troubleshooting steps for WAF configuration issues.
Change: Live Traffic human/bot status will additionally be based on the browscap record in security-only mode.
Change: Added dismissible prompt to switch Live Traffic to security-only mode.
Fix: The scan issues alerting option is now set correctly for new installations.
Fix: Fixed a transparency issue with flags for Switzerland and Nepal.
Fix: Fixed the malware link image rendering in scan issue emails and switched to always use https.
Fix: WAF-related scheduled tasks are now more resilient to connection timeouts or memory issues.
Fix: Fixed Wordfence Central connection flow within the first time experience.