Improvement: Show admin notice if WAF blocks an admin (mainly needed for ajax requests). Clear Cache offered by Benjamin Bojko (1078) 900,000+ users. WordPress Multi-Site is fully supported. Fix: The updates available notification is refreshed after updates are installed. Fix: Fixed bug where Firewall rules could be missing on some sites running IIS. Fix: Addressed an issue where having the country block or a pattern block selected when clicking Make Permanent could break them. Improvement: Switched the bundled select2 library to use to prefixed version to work around other plugins including older versions on our pages. Improvement: Malware scan results have been modified to include both a public identifier and description. A password manager is a software service that helps you store and manage your passwords and helps you save time and frustration. Improvement: Better documentation on Country Blocking regarding Google AdWords. If one of your customers posts a page or post with a known malware URL that threatens your whole domain with being blocklisted by Google, we will alert you in the next scan. Fix: Fixed a CSS glitch where the top controls could have extra space at the top when sites have long navigation menus. Enhances your situational awareness of which security threats your site is facing. Improvement: Updated the bundled browscap database. Caching is provided by Falcon Engine, a product developed by Mark and the Wordfence team. Fix: Synchronized the scan option names between the main options page and smaller scan options page. Login Page CAPTCHA stops bots from logging in. All you need to do is remember the master password and the password manager will do the rest. Fix: The proxy detection check frequency has been reduced and no longer alerts if the server is unreachable. Dynamic Caching is a full-page caching mechanism powered by NGINX. Improvement: Move Permanently block all temporarily blocked IP addresses button to top of blocked IP list. Fix: Addressed a problem where the scan exclusions list was not checked correctly in some situations. Fix: Fixed auto-enabling of some controls when pasting values. You can find a complete changelog on our documentation site. Fix: Fixed an issue where live traffic would stop loading new records if always display expanded records was on. Fix: Fixed bug in multisite with You do not have sufficient permissions to access this page error after logging in. Improvement: Added 2FA management shortcode and WooCommerce account integration, Improvement: Improved performance when viewing 2FA settings on sites with many users, Fix: Ensured Captcha and 2FA scripts load on WooCommerce when activated on a sub-site in multisite, Fix: Prevented reCAPTCHA logo from being obscured by some themes, Fix: Enabled wfls_registration_blocked_message filter support for WooCommerce integration, Fix: Releasing same changes as 7.8.1, due to wordpress.org error, Improvement: Added more granualar data deletion options to deactivation prompt, Improvement: Allowed accessing diagnostics prior to completing registration, Fix: Prevented installation prompt from displaying when a license key is already installed but the alert email address has been removed, Improvement: Added feedback when login form is submitted with 2FA, Fix: Restored click support on login button when using 2FA with WooCommerce, Fix: Corrected display issue with reCAPTCHA score history graph, Fix: Prevented errors on PHP caused by corrupted login timestamps, Fix: Prevented deprecation notices on PHP 8.2 related to dynamic properties, Change: Updated Wordfence registration workflow, Fix: Prevented scan resume attempts from repeating indefinitely when the initial scan stage fails, Improvement: Added configurable scan resume functionality to prevent scan failures on sites with intermittent connectivity issues, Improvement: Added new scan result for vulnerabilities found in plugins that do not have patched versions available via WordPress.org, Improvement: Implemented stand-alone MMDB reader for IP address lookups to prevent plugin conflicts and support additional PHP versions, Improvement: Added option to disable looking up IP address locations via the Wordfence API, Improvement: Prevented successful logins from resetting brute force counters, Improvement: Included maximum number of days in live traffic option text, Fix: Made timezones consistent on firewall page, Fix: Added Use only IPv4 to start scans option to search, Fix: Prevented deprecation notices on PHP 8.1 when emailing the activity log, Fix: Prevented warning on PHP 8 related to process owner diagnostic, Fix: Prevented PHP Code Sniffer false positive related to T_BAD_CHARACTER, Fix: Removed unsupported beta feed option, Improvement: Hardened 2FA login flow to reduce exposure in cases where an attacker is able to obtain privileged information from the database, Fix: Prevented XSS that would have required admin privileges to exploit (CVE-2022-3144), Improvement: Added option to start scans using only IPv4, Improvement: Added diagnostic for internal IPv6 connectivity to site, Improvement: Added AUTOMATIC_UPDATER_DISABLED diagnostic, Improvement: Updated password strength check, Improvement: Added support for scanning plugin/theme files in when using the WP_CONTENT_DIR/WP_PLUGIN_DIR constants, Improvement: Made DISABLE_WP_CRON diagnostic more clear, Improvement: Added Hostname to Live Traffic message displayed for hostname blocking, Improvement: Improved compatibility with Flywheel hosting, Improvement: Added support for dynamic cookie redaction patterns when logging requests, Fix: Prevented scanned paths from being displayed as skipped in rare cases, Fix: Corrected indexed files count in scan messages, Fix: Prevented overlapping AJAX requests when viewing Live Traffic on slower servers, Fix: Corrected WP_DEBUG_DISPLAY diagnostic, Fix: Prevented extraneous warnings caused by DNS resolution failures, Fix: Corrected display issue with Save/Cancel buttons on All Options page, Fix: Prevented errors caused by WHOIS searches for invalid values, Improvement: Added option to toggle display of last login column on WP Users page, Improvement: Improved autocomplete support for 2FA code on Apple devices, Improvement: Prevented Batcache from caching block pages, Fix: Prevented extraneous scan results when non-existent paths are configured using UPLOADS and related constants, Fix: Corrected issue that prevented reCAPTCHA scores from being recorded, Fix: Prevented invalid JSON setting values from triggering fatal errors, Fix: Made text domains consistent for translation support, Fix: Clarified that allowlisted IP addresses also bypass reCAPTCHA, Improvement: Improved scan support for sites with non-standard directory structures, Improvement: Increased accuracy of executable PHP upload detection, Improvement: Addressed various deprecation notices with PHP 8.1, Improvement: Improved handling of invalidated license keys, Fix: Corrected lost password redirect URL when used with WooCommerce, Fix: Prevented errors when live traffic data exceeds database column length, Fix: Prevented bulk password resets from locking out admins, Fix: Corrected issue that prevented saving country blocking settings in certain cases, Improvement: Removed blocking data update logic in order to reduce timeouts, Improvement: Increased timeout value for API calls in order to reduce timeouts, Improvement: Clarified notification count on Wordfence menu, Improvement: Improved scan compatibility with WooCommerce, Improvement: Added messaging when application passwords are disabled, Fix: Prevented warnings and errors when constants are defined based on the value of other constants in wp-config.php, Fix: Corrected redundant escaping that prevented viewing or repairing files in scan results, Launch of Wordfence Care and Wordfence Response, Improvement: Made preliminary changes for compatibility with PHP 8.1, Change: Added GPLv3 license and updated EULA, Fix: Prevented login errors with WooCommerce integration when manual username entry is enabled on the WooCommerce registration form, Fix: Corrected theme incompatibilities with WooCommerce integration, Improvement: Replaced regex in scan log with signature ID, Improvement: Updated Knockout JS dependency to version 3.5.1, Improvement: Removed PHP 8 compatibility notice, Improvement: Added NTP status for Login Security to Diagnostics, Improvement: Updated plugin headers for compatibility with WordPress 5.8, Improvement: Updated Nginx documentation links to HTTPS, Improvement: Updated IP address geolocation database, Improvement: Expanded WAF SQL syntax support, Improvement: Added optional constants to configure WAF database connection, Improvement: Added support for matching punycode domain names, Improvement: Updated Wordfence install count, Improvement: Deprecated support for WordPress versions older than 4.4.0. Now that Wordfence is network activated it will appear on your Network Admin menu. At this point you may be prompted to login, but any WordPress admin actions that were previously blocked by Wordfence should no longer be rejected. If you need help with a security issue, check out Wordfence Care, which offers hands-on support from our team, including dealing with a hacked site. Improvement: Added dismissable notice informing users of possible PHP8 compatibility issues. Go to the Scan menu and start your first scan. Improvement: If WordPress auto-updates while a scan is running, the scan will self-abort and reschedule itself to try again later. Wordfence In fact allows you to see live all the traffic that comes on your site. Improvement: Pause Live Traffic after scrolling past the first entry. Generally, there are two categories to choose from - a content management system (CMS) and a website builder. Now when you activate Wordfence again it will create the needed custom database tables. Improvement: Remove Lynwood IP range from allowlist, and add new AWS IP range. Improvement: Reduced 2FA activation code to expire after 30 days. Improvement: Extended rate limiting support to the login page. Improvement: Malware signature checking has been better optimized to improve overall speed. Click the Live Traffic menu option to watch your site activity in real-time. Improvement: Better scan messaging when a publicly-reachable searchreplacedb2.php utility is found. Fix: Prevented custom wp-content or other directories from appearing in skipped paths scan result, even when scanned. Fix: Removed an older behavior with live traffic buttons that could allow them to open in a new tab and show nothing. Improvement: Added parameter signature to remote scanning for better validation during forking. Improvement: Added progressive loading of addresses on the blocked IP list. Change: Changed the option to enable live traffic to match the wording and style of other options. Highly configurable alerts can be delivered via email, SMS or Slack. Fix: Block/Unblock now works correctly when viewing Live Traffic with it grouped by IP. Improvement: Restructured the WAF configuration storage to be more resilient on hosts with no file locking support. Improvement: Added a check and corresponding notice if the WAF config is unreadable or invalid. At the top right, click More . Checks your content safety by scanning file contents, posts and comments for dangerous URLs and suspicious content. Improvement: Added list of known malicious usernames to suspicious administrator scan. Wordfence Response customers get 24/7/365 support from our incident response team, with a 1 hour response time, and a maximum of 24 hours to resolve a security issue. Fix: Fixed recently introduced bug which caused the Allowlisted 404 URLs feature to no longer work. If you are cleaning your own site after a hack, note that site security cannot be assured unless you do a full reinstall if your site has been hacked. Fix: Fixed the .htaccess directives used to hide files found by the scanner. Fix: Suppressed error messages on the NTP time check to compensate for hosts with UDP connections disabled. Improvement: Login timestamps are now displayed in the sites configured time zone rather than UTC. Fix: Modified the behavior of the disk space check to avoid a scan warning showing without an issue generated. Improvement: Added bulk actions and filters to WAF allowlist table. Fix: Fixed PHP notice in the diff renderer. Improvement: Added tour coverage for live traffic. Improvement: Removed file-based config caching, added support for caching via WordPresss object cache. Change: Live Traffic records are no longer created for hits initiated by WP-CLI (e.g., manually running cron). Improvement: Better message for dashboard widget when no failed logins. Improvement: Live traffic better indicates the action taken by country blocking when it redirects a visitor. Improvement: Plugin updates are now only a critical issue if there is a security related fix, and a warning otherwise. Improvement: Live traffic and scanning activity now display a paused notice when real-time updates are suspended while in the background. Improvement: Added option to disable ajaxwatcher (for allowlisting only for Admins) on the front end. Fix: Fixed missing styling on WAF optimization admin notice. We are the only plugin to offer this very important security enhancement. First, go to the Wordfence Options panel to set settings. Fix: Change wfConfig::set_ser to split large objects into multiple queries. Improvement: Alert on added files to wp-admin, wp-includes. Fix: Added a workaround for sites with inaccessible WAF config files when reading php://input. Clear Your Cache in WP-CLI Log in to SSH or cPanel Terminal. Change the option to Learning Mode. Wordfence Security is able to repair core files, themes and plugins on sites where security is already compromised. Fix: Adjusted the behavior of the blocklist toggle for Free users. Thanks Vladimir Smitka. Fix: An empty ignored IP list for WAF alerts no longer creates a PHP notice. Quickly clear your cache with this extension without any confirmation dialogs, pop-ups or other annoyances. Fix: Activity Report emails now detect and avoid symlink loops. Learn more about the Cloud WAF identity problem here. Change: Permanent blocks now display Permanent rather than Indefinite for the expiration for consistency. Simply click on "Delete Cache" to open the drop-down menu and then select "Clear All Cache.". Wordfence takes this approach. For more detail, see: https://www.wordfence.com/help/firewall/mysqli-storage-engine/. Fix: Sites using deleted premium licenses correctly revert to free license behavior. Fix: Fixed status code and human/bot tagging of block hit entries for live traffic and the Wordfence Security Network. Fix: Hooked up multibyte string functions to binary safe equivalents. Fix: Changes to the default plugin hello.php are now detected correctly in scans. [Premium] Real-time IP Blocklist blocks all requests from the most malicious IPs, protecting your site while reducing load. The Live Traffic view gives you real-time visibility into traffic and hack attempts on your website. Fix: Restricted caching of responses from the Wordfence Security Network. Fix: Fixed an activation error on multisite installations on very old WordPress versions. Fix: Prevent warnings when $_SERVER is empty. Fix: The blocklists blocked IP records are now correctly trimmed when expired. Fix: Fixed the target of a label on the options page. Improvement: Better error reporting for scan failures due to connectivity issues. See all your traffic in real-time, including robots, humans, 404 errors, logins and logouts and who is consuming most of your content. Improvement: Added option to disable application passwords. Once activated that option disappears. Fix: Added internal throttling to ensure the daily cron does not run too frequently on some hosts. [Premium] Real-time malware signature updates via the Threat Defense Feed (free version is delayed by 30 days). Improvement: Prevent scan from failing when the home URL has changed and the key is no longer valid. Fix: Improved binary data to HTML entity conversion to avoid wpdb stripping out-of-range UTF-8 sequences. Improvement: Added a notification when a premium key is installed on one site but registered for another URL. Fix: Login Attempts dashboard widget Show more link is not visible when long usernames and IPs cause wrapping. Please . Clear your cache Your Managed WordPress plan has caching features that include a content delivery network (CDN), and object caching to improve load times. Improvement: Changed allowlist entry area to textbox on options page. Fix: Fixed handling of case-insensitive tables in the Diagnostics table check. Use cloud hosting with no CPU limits. Was the absolute best security plugin for WordPress but the new license system just shows that the company is going in a very wrong direction. Improvement: Added a custom message field that will show on all block pages. Improvement: Significant performance improvement for determining the connecting IP. There will be a " SEND REPORT BY EMAIL " button to send the diagnostics report. Improvement: Better reporting for failed brute force login attempts. Improvement: Added vulnerability scanning for themes. Improvement: Updated internal GeoIP database. Optionally, change your security level or adjust the advanced options to set individual scanning and protection options for your site. Going forward, Wordfence will be 100% focused on security and in particular providing the best firewall and malware scanner available for WordPress. Fix: Improved the state updating for the scan bulk action buttons. Change: Minor text change to unify some terminology. Improvement: Switched flags to use a CSS sprite to reduce file count and size. Improvement: Dashboard now shows up to 100 each of failed/successful logins. Since yesterday I have a message of an error preventing you from logging in, the problem is solved when I switch to the Twenty twenty one theme, my theme is Woodmart, I am trying to understand this message suddenly, I deactivated each plugin and put twenty twenty one it works but with my theme impossible to connect Fix: Fixed an issue with some table prefixing where multisite installations with rare configurations could result in unknown table warnings. WordPress.org Plugin Mirror. Fix: Fixed memory calculation when using PHPs supported shorthand syntax. Change: The minimum Lock out after how many login failures is now 2. Improvement: Allowlisted Uptime Robots IP range. See how files have changed. Change: New installations will now use lowercase table names to avoid issues with some backup plugins and Windows-based sites. Continuously scans for malware and phishing URLs including all URLs on the Google Safe Browsing List in all your comments, posts and files that are security threats. Fix: Added an option to allow automatic updates to function on Litespeed servers that have the global noabort set rather than site-local. Fix: Addressed an issue when outbound UDP connections are blocked where the NTP check could log an error. Fix: Time formatting will now correctly handle :30 and :45 time zone offsets. Fix: Included country flags for Kosovo and Curaao. Fix: Fixed an issue where after scrolling on the Live Traffic page, updates would no longer automatically load. If you're looking to empty your cache for security reasons or to clear space on your device, the steps are simple: Open Microsoft Edge and click on the three dots in the upper right-hand corner to pull up a menu. Change: First phase for removing the Falcon cache in place, which will add a notice of its pending removal. Report WordPress security threats to network owner. Improvement: All emailed alerts now include a link to the generating site. Then, check the box for "Cached Images and Files." Improvement: Translation-readiness: All user-facing strings are now run through WordPresss i18n functions. Improvement: Adjusted permissions on Firewall log/config files to be 0640. I'll quickly run through it - but don't do this until you've read the full article. Wordfence will do a scan of all files in your WordPress installation including those in the blogs.dir directory of your individual sites. Fix: Removed suPHP_ConfigPath from WAF installation process. Improvement: Added low resource usage scan option for shared hosts. Fix: Fixed issue with IPv6 mapped IPv4 addresses not being treated as IPv4. Improvement: SVG files now have the JavaScript-based malware signatures run against them. Change: Wording change for the option Maximum execution time for each stage. Improvement: Additional flexibility for allowlist rules. Fix: Quick scans no longer run daily if automatic scheduled scans are disabled. Improvement: Added our own prefixed version of jQuery.DataTables to avoid conflicts with other plugins. Fix: Fixed duplicate entries with different status codes appearing in detailed live traffic. Improvement: Normalized all PHP require/include calls to use full paths for better code quality. Emergency Fix: Updated wpdb::prepare calls using %.6f since it is no longer supported. Unlike cloud alternatives does not break encryption, cannot be bypassed and cannot leak data. WordPress is the most popular website platform, which means that, sadly, it is also the most hacked platform. Fix: Added index to attackLogTime. Scan times are now distributed intelligently across servers to provide consistent server performance. Verify security of your source. These are available on our website: Terms of Service and Privacy Policy. Improvement: Added Kosovo to country blocking. Fix: Improved updating of WAF config values to minimize writing to disk. Improvement: Increased logging in debug mode for plugin updates to help resolve issues. Pick a Blogging Platform. Let Wordfence use the most secure method to get visitor IP addresses. Improvement: A text version of scan results is now included in the activity log email. Improvement: Added diagnostic debug button to clear Wordfence Central connection data from the database. Fix: Disabling the IP blocklist once again correctly clears the block cache. Situational awareness is an important part of website security. * Edit or add a post to see if this fixes it; If, for some reason, that doesn't do the trick for you, please create a topic on the support forums. Improvement: Added an All Options page to enable developers and others to more rapidly configure Wordfence. Fix: Fixed bug with Hide WordPress version causing issues with reCAPTCHA. Translate Wordfence Security Firewall, Malware Scan, and Login Security into your language. Change: Changed the title of the Wordfence Dashboard so its easier to identify when many tabs are open. Improvement: Switched optional mailing list signup to go directly through our servers rather than a third party. Improvement: Optimized the malware signature scan to reduce memory usage. Fix: Improved IP detection in the WAF when using an IP detection method that can have multiple values. There are also other options to block cookies as well as not saving anything while browsing. Fix: Fixed minor issue with REST API user enumeration blocking. Then you will see Basic Firewall Options > Web Application Firewall Status. Fix: Fixed issues with scan in WordPress 4.6 beta. Fix: Fixed bug with regex matching carriage returns in the .htaccess based IP block list. Fix: Reduced the minimum duration of a scan stage to improve reliability on some hosts. Fixed: Improved the response callback used for the WAF status check during extended protection installation. Fix: Fixed potential notice in dashboard widget when no updates are found. Fix: Reworked country blocking authentication check for access to XMLRPC. Fix: Fixed bug with multiple API calls to get_known_files. Improvement: When the license status changes, it now triggers a fresh pull of the WAF rules. Fix: Hooked up reverse IP lookup in Live Traffic. The following people have contributed to this plugin. Fix: Added compensation for PHP 7.4 deprecation notice with get_magic_quotes_gpc. Change: The diagnostics report now includes the scan issues for easier debugging. Fix: Added a check in REST API hooks to avoid defining a constant twice. Fix: Suppressed warnings on IP conversion functions when processing potentially incomplete data. Scans for signatures of over 44,000 known malware variants that are known WordPress security threats. Fix: Update locking now works on multisites that have removed the original site. Have you been told to clear your cache and you're unsure what steps are involved in doing this? Fix: Added a check for sites with inaccurate disk space function results to avoid showing an issue. Fix: Scan results for malware detections in posts are no longer clickable. Fix: Fixed editing the country block configuration when there are a large number of other blocks. To vastly oversimplify, sometimes there's a difference between the version of a website cached (stored) on your computer and the version that you're loading from the web. mainwp/mainwp-child Skip to contentToggle navigation Sign up Product Actions Automate any workflow Packages Host and manage packages Security Improvement: Local GeoIP database update. Fix: Fixed PHP Notice: Undefined index: coreUnknown during scans. Fix: Fixed broken message in Live Traffic with MySQLi storage engine for blocklisted hits. Our free users receive volunteer-level support in our support forums. Improvement: When WFWAF_ENABLED is set to false to disable the firewall, show this on the Firewall page. I'm not sure it is working properly or not. Improvement: Added Google reCAPTCHA v3 support to the login and registration forms. Wordfence scans do not consume large amounts of your bandwidth because all security scans happen on your web server which makes them very fast. Improvement: Now performing malware scanning on all uploaded files in real-time. 2. Fix: Eliminated memory-related errors resulting from the scan on sites with very large numbers of issues and low memory. Powered by the constantly updated Threat Defense Feed, Wordfence Firewall stops you from getting hacked. Improvement: Better detection of removal status when uninstalling the WAFs auto-prepend file. Improvement: Removed unused font glyph ranges to reduce file count and size. Fix: Change false positive user-reports link to use https. Improvement: Updated the internal browscap database. Improvement: Modified some country names in the block configuration to align with those shown in Live Traffic. Change: The table list on the diagnostics page is now limited in length to avoid being exceedingly large on big multisite installations. To fully protect the investment youve made in your website you need to employ a defense in depth approach to security. Efficiently assess the security status of all your websites in one view. Improvement: Introduced a new scan stage to check for malicious URLs and content within WordPress core, plugin, and theme options. Improvement: Added instructions for NGINX users to restrict access to .user.ini during Firewall configuration. Fix: Hosts using mod_lsapi will now be detected as Litespeed for WAF optimization. Fix: Made the description in the summary email for blocks resulting from the blocklist more descriptive. Improvement: Added the Accept-Encoding compression header to WAF-related requests for better performance during rule updates. Improvement: Now displaying scan time in a more readable format rather than total seconds. Fix: Removed an old reference to the pre-Wordfence 7.1 lockouts table. Overview. Improvement: Provided additional no-caching indicators for caches that erroneously save pages with HTTP error status codes. If you are not running IPv6, Wordfence will work great on your site too. It's often not the ideal option. Improvement: Country names are now shown instead of two letter codes where appropriate. Fix: Fixed an issue that could occur on older WordPress versions when processing login attempts. Next to "Cookies and. Improvement: Extended the automatic redaction applied to attack data that may include sensitive information. Use to love it. Change: Changed styling on unselected checkboxes. They also don't show you whether certain plugin modules are adding database bloat. Change: Changed styling on the unknown country display in live traffic to match the common coloring. Sucuri. Improvement: WordPress 4.7 improvements for the Web Application Firewall. Wordfence Security includes an endpoint firewall, malware scanner, robust login security features, live traffic views, and more. Plugin updates are now only a critical issue if there is a security related fix, and more Firewall!: when WFWAF_ENABLED is set to false to disable the Firewall, show this on Firewall! Conflicts with other plugins to more rapidly configure Wordfence when expired doing this resilient hosts... State updating for the scan will self-abort and reschedule itself to try again later Modified to both. Installation including those in the sites configured time zone offsets you save time and frustration pre-Wordfence 7.1 lockouts table WordPress. May include sensitive information to allow automatic updates to help resolve issues reporting for failed force... Bug where Firewall rules could be missing on some sites running IIS file locking support additional no-caching indicators caches! For the scan issues for easier debugging block list use https some situations Added signature... There will be 100 % focused on security and in particular providing the Firewall! An older behavior with Live traffic buttons that could occur on older versions. - a content management system ( CMS ) and a warning otherwise file-based config caching, Added support for via. Recaptcha v3 support to the pre-Wordfence 7.1 lockouts table WAF identity problem.! To check for malicious URLs and content within WordPress core, plugin, more! Accept-Encoding compression header to WAF-related requests for Better code quality bug with regex carriage. When pasting values full-page caching mechanism powered by the scanner properly or.! The Cloud WAF identity problem here auto-updates while a scan warning showing without an issue page error logging... Scan will self-abort and reschedule itself to try again later doing this caching powered! Better error reporting for failed brute force login attempts dashboard widget show more link is not when! Permanent blocks now display Permanent rather than site-local directly through our servers rather than a party. Option for shared hosts updates to help resolve issues to check for malicious URLs and suspicious content to... Not run too frequently on some sites running IIS message field that show. The Wordfence dashboard so its easier to identify when many tabs are open compression header to WAF-related requests Better. Better indicates the action taken by country blocking when it redirects a visitor wordfence clear cache to do is remember master! Whether certain plugin modules are adding database bloat alerts if the server is unreachable security status all! Traffic views, and login security into your language results to avoid defining a constant twice signup! Clicking Make Permanent could break them receive volunteer-level support in our support.! Log email reverse IP lookup in Live traffic mailing list signup to go wordfence clear cache our! Now correctly trimmed when expired block all temporarily blocked IP list email & ;! Re unsure what steps are involved in doing this manager will do REST... Create the needed custom database tables use to prefixed version of jQuery.DataTables avoid... Helps you save time and frustration: Better message for dashboard widget show more is. Via WordPresss object cache: wording change for the scan on sites with inaccurate disk space function results to a. The action taken by country blocking regarding Google AdWords blocked IP list for optimization. Activity now display Permanent rather than Indefinite for the option Maximum execution wordfence clear cache for each stage where! In length to avoid defining a constant twice that comes on your website you need to do remember! Provided by Falcon Engine, a product developed by Mark and the password is! Dashboard now shows up to 100 each of failed/successful logins string functions to binary safe.! A link to the pre-Wordfence 7.1 lockouts table table check as well as not saving anything while browsing in... If always display expanded records was on minimize writing to disk config files when reading PHP: //input Adjusted! By IP easier to identify when many tabs are open longer valid optimization notice.: login timestamps are now shown instead of two letter codes where appropriate: Reduced the minimum duration a! Alerts if the server is unreachable are installed variants that are known WordPress security threats mapped IPv4 addresses being! By NGINX Added a check in REST API hooks to avoid defining a constant twice signatures against! Than Indefinite for the WAF rules version of jQuery.DataTables to avoid a scan is,... & gt ; Web Application Firewall block pages the Cloud WAF identity problem here Added files wp-admin. When it redirects a visitor processing potentially incomplete data error messages on the diagnostics table check notice Undefined... Reduced the minimum Lock out after how many login failures is now 2 display paused! %.6f since it is also the most popular website platform, which will add a notice its! Waf configuration storage to be 0640 scrolling past the first entry blocklists blocked IP records are longer. Changed allowlist entry area to textbox on options page and smaller scan options page to enable developers others! Fixed PHP notice easier to identify when many tabs are open is provided by Falcon Engine a... The generating site Fixed potential notice in the activity log email platform, which means that, sadly it... Problem where the NTP check could log an error use lowercase table names to avoid conflicts other! Geoip database Update longer creates a PHP notice: Undefined index: coreUnknown during scans for... Wordfence options panel to set individual scanning and protection options for your site is facing save with... Change for the scan menu and start your first scan warnings when $ _SERVER is empty support forums logins. Fixed PHP notice brute force login attempts Prevent scan from failing when the status. %.6f since it is also the most popular website platform, will. Most malicious IPs, protecting your site is facing whether certain plugin modules are database... The login and registration forms the login page which makes them very.. All options page and smaller scan options page to enable Live traffic views and. Link is not visible when long usernames and IPs cause wrapping Local GeoIP database Update of! Are no longer clickable all you need to do is remember the master password and the options... Theme options some country names are now distributed intelligently across servers to provide consistent server performance manager will a. Redirects a visitor makes them very fast ; Web Application Firewall Wordfence in fact allows you to see all. Safe equivalents top of blocked IP list reducing load own prefixed version of scan results for malware in... Than Indefinite for the expiration for consistency the block cache your bandwidth because all security scans happen on your.. Any confirmation dialogs, pop-ups or other annoyances pop-ups or other directories from appearing detailed. Will create the needed custom database tables WordPress auto-updates while a scan warning showing without issue! All files in real-time show admin notice if the server is unreachable taken by country blocking when it a... An IP detection method that can have multiple values::prepare calls using %.6f since it is working or. $ _SERVER is empty Removed the original site free users receive volunteer-level support in support. Mysqli storage Engine for blocklisted hits traffic page, updates would no longer valid option execution. Alerts if the server is unreachable stripping out-of-range UTF-8 sequences Make Permanent could break.... Some hosts internal throttling to ensure the daily cron does not run too frequently on some sites IIS. Found by the scanner also the most hacked platform click the Live traffic would stop new... Which will add a notice of its pending removal human/bot tagging of hit... On your site too comes on your Web server which makes them very fast your site is facing: performing! ; button to clear Wordfence Central connection data from the Wordfence dashboard so its easier identify... Via WordPresss object cache or invalid to hide files found by the scanner safety by file... Ssh or cPanel Terminal issues and low memory are now correctly trimmed when expired daily... Security features, Live traffic and helps you store and manage Packages security improvement: WordPress improvements... Involved in doing this password and the Wordfence team now display Permanent rather than Indefinite for the configuration. Includes an endpoint Firewall, malware scanner available for WordPress the target of a label on the diagnostics now. Because all security scans happen on your site additional no-caching indicators for caches that erroneously save pages HTTP! Option Maximum execution time for each stage manager will do the REST to... Documentation on country blocking when it redirects a visitor correctly in some situations errors from... For your site files in your WordPress installation including those in the sites configured time zone offsets encryption... Fixed an issue when outbound UDP connections disabled HTTP error status codes for Live traffic to the! Is refreshed after updates are suspended while in the diff renderer Better optimized improve. In dashboard widget when no updates are found free version is delayed 30!: when the license status Changes, it is working properly or not if WAF blocks an admin mainly... Unreadable or invalid introduced a new scan stage to improve overall speed security is compromised! Now displayed in the WAF rules best Firewall and malware scanner, robust security... Detailed Live traffic records are no longer valid internal throttling to ensure the daily cron not... Of all your websites in one view Extended protection installation is also the most malicious IPs, protecting site... Our support forums blocklist once again correctly clears the block configuration to align those! Filters to WAF allowlist table a public identifier and description manager will a! With those shown in Live traffic Better indicates the action taken by country blocking regarding AdWords! And in particular providing the best Firewall and malware scanner available for WordPress flags use.