Starting from €5.83/mo
* Improvement: Better presentation of Live Traffic data on wide screens
* Improvement: Increased legibility of token fields
* Improvement: Reworked the pagination of the Blocking page for a better UX
* Improvement: Country blocking token field can now expand to show all entries
* Improvement: Performance improvements for the activity log and better pause behavior on window blur/focus
* Improvement: GeoIP database updated
* Change: Removed deprecated Central endpoint
* Fix: Addressed issue where the last activity log entry could repeatedly appear
* Fix: Using the embedded shortcode for the 2FA form now correctly enqueues core JavaScript dependencies
* Fix: Modals with content that overflows on smaller viewports can now be scrolled
* Fix: The changelog link in plugin upgrade scan issues now links correctly
* Fix: Fixed issue with some i18n plugins/themes when a user has no 2FA recovery codes.
* Fix: Toggled options with additional help links now correctly open the link rather than toggling the option.
* Fix: Country Blocking editing fixed when there are multiple pages of block rules.
* Fix: Added better error handling to the initial Vue data load.
* Fix: Handled error when logging in using legacy 2FA with separate prompts enabled.
Improvement: Migrated all deprecated JavaScript libraries in use to a Vue-based infrastructure
Improvement: GeoIP database update
Improvement: Better coverage of aria- accessibility attributes
Improvement: Added translators comments to translatable strings where previously missing
Fix: WordPress 7.0 compatibility fixes
Note: Legacy two factor authentication using SMS-based codes will be discontinued around July 1, 2026. Sites using this functionality should migrate users to the TOTP-based two factor authentication on the Login Security page of the plugin
* Fix: Fixed an issue with `inet_pton` introduced by a recent patch to PHP 8.1+ that could cause a fatal error if a malformed IP address was passed to the call
* Improvement: Updated the bundled geoip database.
* Note: Verified compatibility with WordPress 6.9
* Improvement: Updated the bundled geoip database.
* Improvement: Improved localization support for the various block screens and messages.
* Improvement: Updated the bundled geoip database.
* Improvement: Prioritized Wordfence tables in the diagnostics tool when large numbers of tables exist.
* Improvement: Allow non-US Google crawler IP addresses to pass country blocking.
* Improvement: Enforcement of password strength requirements is now applied on the corresponding REST API endpoints.
* Fix: Fixed detection for first-time logins and overall sending for login alerts when the corresponding settings are enabled.
* Fix: When the WAF is using the mysql storage engine, fixed an issue with exclusion rules for the WAF not running correctly.
* Fix: Reduced per-hit database query load around checking license status for free installations.
* Fix: Optimized data sync with the WAF to better detect when the known server IP address list has changed.
* Improvement: Added password scanning support for WordPress 6.8 and later.
* Improvement: Limited email alerts to 5 per hour by default and added notification when limit has been reached.
* Improvement: Improved URL scanning performance.
* Improvement: Updated GeoIP database.
* Change: Reduced scan result severity for vulnerabilities with high attack complexity or required privileges.
* Change: Added messaging around WAF support when NGINX Unit is detected.
* Change: Added notice and scan result about Wordfence Assistant.
* Change: Adjusted IPv6 connection issue message and appearance.
* Fix: Prevented deprecation notice about calling base64_encode with null parameter.
* Fix: Prevented deprecation message about calling preg_match with null parameter.
* Fix: Corrected license type shown on dashboard when expiring.
* Fix: Prevented disabled getmyuid function from causing fatal error.
* Fix: Prevented disabled get_current_user function from causing fatal error.
* Fix: Prevented notice about _load_textdomain_just_in_time being called incorrectly.
Fix: Compatibility fixes for WordPress 6.8
Improvement: Improved error handling and messaging for some responses from our servers
Improvement: Added messaging when a site may be using the same free license shared among multiple sites because it can cause the sites to use the same scan schedule rather than spreading out the load
Improvement: Updated the readme content and formatting