Clear your cache Your Managed WordPress plan has caching features that include a content delivery network (CDN), and object caching to improve load times. Fix: Fixed an issue with country blocking and XML-RPC requests containing credentials. Improvement: Changed rule compilation to use atomic writes. Improvement: If WordPress auto-updates while a scan is running, the scan will self-abort and reschedule itself to try again later. Optionally, change your security level or adjust the advanced options to set individual scanning and protection options for your site. Improvement: Increased the textarea size for the advanced firewall options to make editing easier. Limit preloading in cache plugins. The following people have contributed to this plugin. Thanks Janek Vind. Improvement: staging. 2. Improvement: Two-factor authentication is new and improved, now available on all Premium and Free installations. Fix: Fixed an issue where the GeoIP database update check would never get marked as completed. Fix: Fixed bug with Windows users unable to save Firewall config. Improvement: Clarified text on Maximum execution time for each scan stage option. Fix: Fixed issue where PHP 8 notice sometimes cannot be dismissed. Block common WordPress security threats like fake Googlebots, malicious scans from hackers and botnets. Yes. This conflict can lead to weird glitches, and clearing your cache can help when . Web Application Firewall identifies and blocks malicious traffic. Improvement: Updated site cleaning callout with 1-year guarantee. Fix: Block/Unblock now works correctly when viewing Live Traffic with it grouped by IP. Rounded out by 2FA and a suite of additional features, Wordfence is the most comprehensive WordPress security solution available. Because I have tried two ways by making content to exclude caching and do nothing in exlude option. Fix: Fixed an issue where after scrolling on the Live Traffic page, updates would no longer automatically load. The full-page caching is enabled by default on a server level for all sites hosted at SiteGround. A deep set of additional tools round out the most comprehensive WordPress security solution available. Improvement: Added bulk actions and filters to WAF allowlist table. Fix: Fixed WAF false positives introduced with WordPress 4.6. Improvement: Added a flow for generating the WAF autoprepend file and retrieving the path for manual installations. Block logins for administrators using known compromised passwords. Improvement: Malware scan results have been modified to include both a public identifier and description. Fix: Fixed PHP memory test for newer PHP versions whose optimizations prevented it from allocating memory as desired. It will also indicate if there is a known vulnerability. Improvement: Added detection and a workaround for hosts with a non-functional MySQLi interface. Fix: Hosts using mod_lsapi will now be detected as Litespeed for WAF optimization. Change: Modified behavior of the advanced country blocking options to always show. The Wordfence scanner also has an option to "Scan for misconfigured How does Wordfence get IPs". Improvement: Added support to the WAF for validating URLs for future use in rules. Limit heartbeat, autosaves, post revisions. Improvement: Added a constant to prevent direct MySQLi use for hosts with unsupported DB configurations. Advanced: Added constant WORDFENCE_DISABLE_LIVE_TRAFFIC to prohibit live traffic from capturing regular site visits. Improvement: Added option to trim Live Traffic records after a specific number of days. Fix: Fixed an IPv6 detection issue with one form of IPv6 address. Fix: Fixed potential bug with stored data not found after a fork. Fix: Added better detection to SSL status, particularly for IIS. Fix: Fixed some broken links in the activity summary email. Fix: Prevent Wordfence auto-update from running if the user has enabled auto-update through WordPress. Wordfence verifies your website source code integrity against the official WordPress repository and shows you the changes. Improvement: Better message for dashboard widget when no failed logins. Once you install Wordfence, you will configure a list of email addresses where security alerts will be sent. Change: Long-deprecated database tables will be removed. There will be a " SEND REPORT BY EMAIL " button to send the diagnostics report. Improvement: Remove Lynwood IP range from allowlist, and add new AWS IP range. Improvement: Extended rate limiting support to the login page. Fix: Fixed a CSS glitch where the top controls could have extra space at the top when sites have long navigation menus. 3. Improvement: Running an update now automatically dismisses the corresponding scan issue if present. Clearing cache can fix browsing problems, free up space, and remove saved versions of visited pages. Why does this help? Fix: Login credentials passed as arrays no longer trigger a PHP notice from our filters. Improvement: Better page load performance for multisite installations with thousands of tables. Use PHP 8.0. Improvement: Added additional constants to the diagnostics page. Clearing the WordPress Cache For a WordPress website there are three types of cache: Browser - a place on your computer or device where your browser stores the information about a website that doesn't change often. Fix: Fixed a typo in a constant on the diagnostics page. Change: Updated the text on the option to alert for scan results of a certain severity. The Live Traffic view gives you real-time visibility into traffic and hack attempts on your website. Improvement: Improved the standard appearance for block pages. Improvement: Optimized the country update process in the upgrade handler so it only updates changed records. Improvement: Improved live traffic sizing on smaller screens. Improvement: Automatically attempt to detect when a site is behind a proxy and has IP information in a different field. Improvement: The scan page now displays when beta signatures are enabled since they can produce false positives. Fix: Multiple improvements to automatic updating to avoid broken updates on sites with low resources or slow file systems. Improvement: Removed file-based config caching, added support for caching via WordPresss object cache. Improvement: Added a dedicated error display that will show when a scan is detected as failed. Fix: Fixed a compatibility issue with determining the sites home_url when WPML is installed. Fix: Prevent bypass of author enumeration prevention by using invalid parameters. New: Malicious IPs are now preemptively blocked by a regularly-updated blocklist. Fixed: Added missing $wp_query->set_404() call when outputting a 404 page on a custom action. Clear cache quickly via Ctrl+Shift+Del (Windows) or Command+Shift+Delete (Mac). They also don't show you whether certain plugin modules are adding database bloat. 2. Improvement: Better messaging when selecting restrictive rate limits. Fix: REST API hits now correctly follow the Dont log signed-in users with publishing access option. Improvement: Service allowlisting can now be selectively toggled on or off per service. Fix: Fixed the Make Permanent button behavior for blocks created from Live Traffic. Situational awareness is an important part of website security. Fix: Suppressed PHP notice with time formatting when a microtimestamp is passed. Fix: Fixed issue with fatal errors encountered during activation under certain conditions. Fix: WAF attack data now correctly includes JSON payloads when appropriate. Tap Other apps. Change: Reworked Live Traffic/Rate Limiting human and bot detection to function without cookies. Improvement: Added a check while in learning mode to verify the response is not 404 before whitelising. Improvement: WAF-related file permissions will now lock down further when possible. Thanks Kacper Szurek. Improvement: Added Google reCAPTCHA v3 support to the login and registration forms. Fix: Modified the number of login records kept to align better with Live Traffic so theyre trimmed around the same time. Wordfence Scan leverages the same proprietary feed, alerting you quickly about security issues or if your site is compromised. Fix: Fixed an issue where the count of URLs checked was incorrect. Fix: Added an option to allow automatic updates to function on Litespeed servers that have the global noabort set rather than site-local. Fix: Better messaging by the status circles when the WAF config is inaccessible or corrupt. Fix: Adjusted timeouts to improve reliability of WAF rule updates on slower servers. Fix: On WAF roadblock page: Warning: urlencode() expects parameter 1 to be string, array given . Fix: Fixed fatal error on sites running Wordfence 6.1.11 in subdirectory and 6.1.10 or lower in parent directory. . On your computer, open Chrome. Improvement: Added an additional home/siteurl resolution check for WPML installations. Fix: Fixed a couple issue types that were not able to be permanently ignored. Improvement: Modified the default allowlisting to include the new core AJAX action in WordPress 4.8.1. Fix: Added compensation for Windows path separators in the WAF config handling. Improvement: Updated Live Traffic with filters and to include blocked requests in the feed. Change: Updates that refresh country statistics are more efficient and now only affect the most recent records. Improvement: Integrated blocklist blocking statistics into the dashboard for Premium users. Improvement: Added our own prefixed version of jQuery.DataTables to avoid conflicts with other plugins. Wordfence Central is a powerful and efficient way to manage the security for multiple sites in one place. At this point you may be prompted to login, but any WordPress admin actions that were previously blocked by Wordfence should no longer be rejected. Improvement: Live Traffic now better displays failed logins. Fix: Hooked up reverse IP lookup in Live Traffic. Solution: Configure Autoptimize to write files within the standard wp-content/uploads path for WordPress ( wp-content/uploads/autoptimize) by adding the following to wp-config.php: wp-config.php /** Changes location where Autoptimize stores optimized files */ define('AUTOPTIMIZE_CACHE_CHILD_DIR','/uploads/autoptimize/'); Your web browser, hosting, and caching plugins can each add a. I have it installed on many, many sites free + paid. This scan feature can help you detect if the wrong option has been selected for "How does Wordfence get IPs". Fix: Avoid running out of memory when viewing very large activity logs. Fix: Fixed the functionality of the button to send 2FA grace period notifications. Change: Wording change for the option Maximum execution time for each stage. Fix: Synchronized the scan option names between the main options page and smaller scan options page. Fix: Fixed bug with regex matching carriage returns in the .htaccess based IP block list. I'm not sure it is working properly or not. If one of your customers posts a page or post with a known malware URL that threatens your whole domain with being blocklisted by Google, we will alert you in the next scan. How to Clear Page Cache Using WP Fastest Cache Improvement: Show message on scan results when a result is caused by enabling Scan images and binary files as if they were executable or. Fix: Modified the behavior of the disk space check to avoid a scan warning showing without an issue generated. Fix: Better messaging when the WAF rules are manually updated. Improvement: Added TLS connection failure detection to brute force reporting and checking and a corresponding backoff period. Fix: Fixed status code and human/bot tagging of block hit entries for live traffic and the Wordfence Security Network. 10 parimat e-kaubanduse veebimajutusteenust; 9 parimat taskukohast WordPressi hostimist blogijatele; 7 parimat SSD-salvestuse veebimajutusteenust WordPressi jaoks Fix: The scan issues alerting option is now set correctly for new installations. Fix: Improved path generation to better avoid outputting extra slashes in URLs. Wordfence will do a scan of all files in your WordPress installation including those in the blogs.dir directory of your individual sites. Improvement: Additional flexibility for allowlist rules. Scroll to the bottom of the menu and click on "Settings." Select "Privacy, search, and services." Improvement: Extended the automatic redaction applied to attack data that may include sensitive information. Fix: Made the description in the summary email for blocks resulting from the blocklist more descriptive. Fix: Added a secondary check to the email summary cron to avoid repeated sending if the cron list is corrupted. Improvement: Added diagnostic debug button to clear Wordfence Central connection data from the database. Designed for every skill level, The WordPress Security Learning Center is dedicated to deepening users understanding of security best practices by providing free access to entry-level articles, in-depth articles, videos, industry survey results, graphics and more. Also alerts you to potential security issues when a plugin has been closed or abandoned. Improvement: A text version of scan results is now included in the activity log email. Change: Removed a no-longer-used API call. Just like iThemes Security, it follows the freemium model. Improvement: Added the block duration to alerts generated when an IP is blocked. Fix: Fixed bug with specific Advanced Blocking user-agent patterns causing 500 errors. Delete Wordfence data on deactivation If you are removing Wordfence permanently, or if you want to do a complete reinstallation of Wordfence then you can enable the option "Delete Wordfence tables and data on deactivation". Wordfence Security Firewall, Malware Scan, and Login Security has been translated into 14 locales. Click the Live Traffic menu option to watch your site activity in real-time. Fix: Addressed an issue where plugins that return a null user during authentication would cause a PHP notice to be logged. Wordfence provides true endpoint security for your WordPress website. There is a big goal behind WordPress, but this does not mean that we cannot reduce some of the risks and deter attackers. Improvement: Better diagnostics logging for GeoIP conflicts. First, you will need to deactivate the Wordfence plugin, then in the Wordfence Assistant, you can click the button to clear all data and the created tables. Fix: Addressed an additional way to enumerate authors with the REST JSON API. Change: Added dismissible prompt to switch Live Traffic to security-only mode. If you need another method to verify that the Wordfence database tables have been created or deleted . Fix: Made the administrator email address admin notice dismissable. 1. Improvement: Added a MySQL-based configuration and data storage for the WAF to expand the number of hosting environments supported. Fix: The diff viewer now forces wrapping to prevent long lines of text from stretching the layout. Improvement: Locked out IPs are now enforced at the WAF level to reduce server load. Improvement: Live traffic and scanning activity now display a paused notice when real-time updates are suspended while in the background. Fix: Fixed an issue that could occur on older WordPress versions when processing login attempts. Improvement: Deprecated PHP 5.3, and ended PHP 5.2 support by prevent auto-update from running on older versions. Fix: Fixed a URL in alert emails that did not correctly detect when sent from a multisite installation. Wordfence Security includes an endpoint firewall, malware scanner, robust login security features, live traffic views, and more. Improvement: The memory tester now tests up to the configured scan limit rather than a fixed value. Improvement: Added some additional flags. Fixed: Improved the response callback used for the WAF status check during extended protection installation. Fix: Fixed potential notice in dashboard widget when no updates are found. Block attackers by IP or build advanced rules based on IP Range, Hostname, User Agent and Referrer. Improvement: Clarify error message Error reading config data, configuration file could be corrupted.. Improvement: Added a custom message field that will show on all block pages. Garbage. Improvement: Better messaging when a WAF rule update fails to better indicate the cause. Improvement: WordPress 4.7 improvements for the Web Application Firewall. Visit the Wordfence options page to enter your email address so that you can receive email security alerts. Our Threat Defense Feed arms Wordfence with the newest firewall rules, malware signatures and malicious IP addresses it needs to keep your website safe. Improvement: Added WAF coverage for an Infinite WP authentication bypass vulnerability. To clear your cookies and keep your history -. Fix: Fixed bug where Firewall rules could be missing on some sites running IIS. Fix: Fixed memory calculation when using PHPs supported shorthand syntax. Improvement: Now displaying scan time in a more readable format rather than total seconds. Install Wordfence via the plugin directory or by uploading the ZIP file. Improvement: The check for passwords leaked in breaches now allows a login if the user has previously logged in from the same IP successfully and displays an admin notice suggesting changing the password. Right-click the .htaccess file and select Download to create a local backup. Step 1: Login to your /wp-admin and hover over the LiteSpeed Cache option in the menu on the right. Improvement: The URL blocklist check now includes additional variants in some checks to more accurately match. Our plugin provides a comprehensive suite of security features, and our teams research is what powers our plugin and provides the level of security that we are known for. Open the Windows 11 settings menu and go to System > Storage > Temporary Files. Improvement: Added a path for people blocked by the IP blocklist (Premium Feature) to report false positives. Fix: Fix reference to non-existent function when registering menus. Fix: Fixed an issue where plugins that use non-standard version formatting could end up with a inaccurate vulnerability status. At Wordfence, WordPress security isnt a division of our business WordPress security is all we do. Fix: Addressed a problem where the scan exclusions list was not checked correctly in some situations. A Wordfence scan examines all files on your WordPress website looking for malicious code, backdoors, and shells that hackers have installed. Improvement: Upgraded sodium_compat library to 1.13.0. Fix: Removed an older behavior with live traffic buttons that could allow them to open in a new tab and show nothing. Improvement: Show admin notice if WAF blocks an admin (mainly needed for ajax requests). Fix: Fixed duplicate entries with different status codes appearing in detailed live traffic. Fix: Addressed a warning that could occur on PHP 7.1 when reading php.ini size values. Improvement: Modified some country names in the block configuration to align with those shown in Live Traffic. Fix: IP detection at the WAF level better mirrors the main plugin exactly when using the automatic setting. Fix: The proxy detection check frequency has been reduced and no longer alerts if the server is unreachable. Fix: Fixed issue with IPv6 mapped IPv4 addresses not being treated as IPv4. Fix: Addressed an issue when outbound UDP connections are blocked where the NTP check could log an error. Improvement: Updated bundled GeoIP database. Improvement: Added detection for Jetpack and a notice when XML-RPC authentication is disabled. If you have a heavily trafficked system you may want to disable live traffic which will stop logging to the DB. Your cache might need to be "flushed" (or cleared) if you recently: made changes to your site but you do not see those changes on the Internet Improvement: Enhanced the detection ability of the WAF for SQLi attacks. All you need to do is remember the master password and the password manager will do the rest. Fix: Added a check for sites with inaccurate disk space function results to avoid showing an issue. Jun 30, 2014 #1 After using Litespeed again the Wordfence (Wordpress plug in) scanner 'hangs' or runs indefinitely on all WordPress websites on a VPS with Cloudlinux OS ( plus cageFS and phpSelector ) WHM/cPanel, Installatron, Litespeed and Configserver firewall. Improvement: Updated the browscap database. Improvement: Updated IPv6 GeoIP lite data. Fix: Added JSON fallback for PHP installations that dont have JSON enabled. Improvement: Modified the appearance of the How does Wordfence get IPs option to be more clear. Know which geographic area security threats originate from. Fix: Added safety checks for when the configuration table migration has failed. Improvement: Added detection for an additional config file that may be created and publicly visible on some hosts. Thank you to the translators for their contributions. At best, it gives intermittent results (having blocked the country or not). Fix: Login Attempts dashboard widget Show more link is not visible when long usernames and IPs cause wrapping. Improvement: Prevent Wordfence from loading under