The default language of any content posted is English. Do not create multi-accounts, you will be blocked!
Information: Safety & Support
Resources here are generally safe, but false positives may occur on Virustotal due to certain coding techniques. Exercise caution and test before use. Consider buying licenses to support developers. Your security is our priority.
Improvement: Added support for hosts relocating the WAF’s auto-prepend file via the constant/envvar WORDFENCE_WAF_PREPEND_DIRECTORY
Improvement: Added detection for non-repo plugins and themes to avoid the scanner reporting changes when the same slug + version exists within the wordpress.org repo
Improvement: Messaging for Central disconnections now better reflects the user making the change
Improvement: Scan errors due to unreachable Wordfence servers will now provide a link to our status page to check for outages
Improvement: Reduced the number of network calls created to sync scan issues when updates are performed in bulk
Change: Reworked setting caching to avoid issues with some object caches
Change: Reworked cURL check to avoid using WP_Http_Curl, which has been deprecated
Fix: Normalized all wordfence.com links to be https
Fix: Fixed a rare error that could occur on the diagnostics page when displaying a list of error logs
Fix: Removed the “back to top” button and related script block from emailed diagnostics
Fix: Fixed some UI coloring that did not correctly reflect the license type in use
Change: Revised some help text related to the audit log to be more clear
Fix: Improved audit log compatibility with some plugins that would cause excessive noise due to their behaviors around setting up user roles and capabilities
Fix: Fixed a log notice that could occur when deactivating Wordfence with audit log events still pending and a broken Wordfence Central link
Improvement: Introduced the Wordfence Audit Log, a new premium feature to monitor all changes and actions in security-sensitive areas of the site with remote tamper-proof data storage via Wordfence Central
Change: Increased the minimum supported WordPress version to 4.7
Change: Increased the minimum supported PHP version to 7.0
Fix: Revised the behavior of the reCAPTCHA verification to use the documented expiration period of the token and response to avoid sending verification requests too frequently, which could artificially lower scores in some circumstances
Fix: Addressed PHP 8 deprecation notices in the file differ used by file changed scan results
Fix: Reduced the frequency of Wordfence Central status update callbacks in sections of the scan that occur quickly in sequence
Change: CAPTCHA verification when enabled now additionally applies to 2FA logins (may send an email verification on low scores) and no longer reveals whether a user exists for the submitted account credentials (credit: Raxis)
Fix: Addressed a potential PHP 8 notice in the human/bot detection AJAX call
Fix: Addressed a potential PHP 8 notice when requesting a lockout unlock verification email
Fix: Fixed the emailed diagnostics view not showing the missing table information when applicable
Fix: Improved quick scan logic to base timing on regular scans so they’re more evenly distributed
Improvement: Enhanced the vulnerability scan to check and alert for WordPress core vulnerabilities and to adjust the severity of the scan result based on findings or available updates
Improvement: Updated the bundled GeoIP database
Improvement: Increased compatibility of brute force protection with plugins that override the normal login flow and omit traditional hooks
Change: Adjusted the behavior of automatic quick scans to schedule themselves further away from full scans
Fix: Added detection for a site being linked to a non-matching Wordfence Central record (e.g., when cloning the database to a staging site)
Fix: Streamlined the license and terms of use installation flow to avoid unnecessary prompting
Fix: Fixed an issue where user profiles with a selected locale different from the site itself could end up loading the site’s locale instead
