Use to love it. Improvement: Reduced queries and potential table size for rate limiting-related data. Improvement: XML-RPC authentication may now be disabled or forced to require 2FA. Improvement: Additional flexibility for allowlist rules. On a small site, the free version offers basic protection, but you won't receive security patches as quickly as paying customers. Improvement: Reduced memory usage on scan forking and during the known files scan stage. Improvement: Better documentation on Country Blocking regarding Google AdWords. Premium users can also block countries and schedule scans for specific times and a higher frequency. Protection from brute force attacks by limiting login attempts. Scroll down to the section labeled " Never cache the following pages ". Improvement: Scan times for very large sites with huge numbers of files are greatly improved. Good morning , Improvement: Added WAF coverage for an Infinite WP authentication bypass vulnerability. Clear the Cache on Your WordPress Website: Browser, Plugin & CDN Plugins, Tutorials, WordPress/ By Marshall Reyher Your web browser, hosting server, content delivery network and WordPress caching plugins all serve cached content, which can make updates and changes to your site not immediately visible. Improvement: Local GeoIP database update. Step 1: Login to your /wp-admin and hover over the LiteSpeed Cache option in the menu on the right. Fix: Fixed a transparency issue with flags for Switzerland and Nepal. But the most important is the service - I can say that the service I get is 5 starsany issues that we had in the last 3 months we get a very good response in a very good SLAthe overall feeling is the WF team are customer oriented with a very high understanding of the security world and I will highly recommend using the pluginthe UI is very friendly and you get everything you are looking for. Use Cloudflare to reduce CPU usage. Improvement: Updated internal GeoIP database. Change: Scan issues that are indicative of a compromised site are moved to the top of the list. Improvement: The memory tester now tests up to the configured scan limit rather than a fixed value. Using Wordfence you can scan every blog in your network for malware with one click. Fix: Fixed a PHP warning that could occur if a bad response was received while updating an IP list. Improvement: Upgraded sodium_compat library to 1.13.0. References. Wordfence Security includes an endpoint firewall, malware scanner, robust login security features, live traffic views, and more. Fix: Added try/catch to uncaught exception thrown when pinging the API key. Was the absolute best security plugin for WordPress but the new license system just shows that the company is going in a very wrong direction. Designed for every skill level, The WordPress Security Learning Center is dedicated to deepening users understanding of security best practices by providing free access to entry-level articles, in-depth articles, videos, industry survey results, graphics and more. Our Threat Defense Feed arms Wordfence with the newest firewall rules, malware signatures and malicious IP addresses it needs to keep your website safe. Clear your cache and browsing data with a single click of a button. Improvement: Improved messaging on file-related scan issues when the file is wp-config.php. Premium members receive the real-time version. Fix: Removed localhost IP for auto-update email alerts. Fix: WAF attack data now correctly includes JSON payloads when appropriate. Improvement: Now displaying scan time in a more readable format rather than total seconds. Fix: Fixed an issue where certain symlinks could cause a scan to erroneously skip files. Improvement: Added a check and corresponding notice if the WAF config is unreadable or invalid. The Wordfence scanner also has an option to "Scan for misconfigured How does Wordfence get IPs". Fix: Prevent bypass of author enumeration prevention by using invalid parameters. Improvement: Significant performance improvement for determining the connecting IP. Change: The diagnostics report now includes the scan issues for easier debugging. Improvement: Added browser-based malware signatures for .js, .html files in the malware scan. Improvement: Added alerting for when the WAF is disabled for any reason. Final Thoughts Improvement: Running an update now automatically dismisses the corresponding scan issue if present. Improvement: Better message for dashboard widget when no failed logins. Fix: Modified the number of login records kept to align better with Live Traffic so theyre trimmed around the same time. Improvement: Added a Show more link to the IP block list and login attempts list. Improvement: Adjusted permissions on Firewall log/config files to be 0640. Improvement: Added TLS connection failure detection to brute force reporting and checking and a corresponding backoff period. Fix: Added third param to http_build_query for hosts with arg_separator.output set. Fix: IP detection at the WAF level better mirrors the main plugin exactly when using the automatic setting. Fix: Addressed a performance issue on databases with tens of thousands of tables when trying to load the diagnostics page. All you need to do is remember the master password and the password manager will do the rest. Sucuri offers two types of scanners, a firewall, a malware removal service, and login protection. Fix: Fixed IPv6 warning in the dashboard widget. Improvement: Add currentUserIsNot(administrator) to any generic firewall rules that are not XSS based. Follow the steps below to check if the .htaccess file is the cause of the 403 error: 1. Change the option to Learning Mode. Then, check the box for "Cached Images and Files." Improvement: Now performing scanning for PHP code in all uploaded files in real-time. Fix: Better wrapping behavior on the reason column in the blocks table. Improvement: Added bulk actions and filters to WAF allowlist table. Malware scanner checks core files, themes and plugins for malware, bad URLs, backdoors, SEO spam, malicious redirects and code injections. These are available on our website: Terms of Service and Privacy Policy. Open Safari then Settings > Safari > Clear History and Website Data. Fix: Multiple improvements to automatic updating to avoid broken updates on sites with low resources or slow file systems. Change: Changed styling on unselected checkboxes. Improvement: Modified the default allowlisting to include the new core AJAX action in WordPress 4.8.1. Fix: Fixed bug with specific Advanced Blocking user-agent patterns causing 500 errors. Improvement: Improved performance of the Live Traffic page in Firefox. Improvement: Added a flow for generating the WAF autoprepend file and retrieving the path for manual installations. Improvement: Updated to the current GeoIP2 database. Fix: Add the user the web server (or PHP) is currently running as to Diagnostics page. Improvement: Added a dedicated error display that will show when a scan is detected as failed. This is due to missing or incorrect nonce validation on the clear_all_cache function. Wordfence tables left behind after deleting the plugin And besides the database, a lot of plugins also leave behind additional folders and files. Their own site wont give it to me! Use PHP 8.0. Fix: Fixed scans failing in subdirectory sites when updating malware signatures. Improvement: Added a prompt to allow user to download a backup prior to repairing files. You can also take note of the current Whitelisted URLs you have in Wordfence > Firewall > All Firewall Options > Whitelisted URLs as these are NOT included in the Import/Export, and will be lost during the re-install. Improvement: The scan will now alert for a publicly visible .user.ini file. At this point you may be prompted to login, but any WordPress admin actions that were previously blocked by Wordfence should no longer be rejected. Protect your wp-login page. Fix: Added error suppression to ignore_user_abort calls to silence it on hosts with it disabled. Improvement: Prevent Wordfence from loading under set_404() call when outputting a 404 page on a custom action. Fix: Fixed a warning by adjusting a query to remove old-style variable references. Clear your cache and browsing data with a single click of a button. Improvement: Added a help link to the mode display when a host disabling Live Traffic is active. Improvement: Update URLs in Wordfence for documentation about LiteSpeed and lockouts. Improvement: The malicious URL scan now includes protocol-relative URLs (e.g., //example.com). There is a big goal behind WordPress, but this does not mean that we cannot reduce some of the risks and deter attackers. The "Delete Cache" button. Improvement: Updated Live Traffic with filters and to include blocked requests in the feed. Change: Support for the Falcon cache has been removed. Improvement: Added security events and alerting features built into Wordfence Central. Improvement: More descriptive text for the scan issue email when theres an unknown WordPress core version. Fix: Fixed the quick navigation letters in the country picker not scrolling. Improvement: Better diagnostics logging for GeoIP conflicts. Fix: Added compensation for really long file lists in the Exclude files from scan setting. Option 1 - via the Admin Bar. Fix: Fixed the malware link image rendering in scan issue emails and switched to always use https. Fix: Fixed an issue where after scrolling on the Live Traffic page, updates would no longer automatically load. Fix: Added a validation check to IP range allowlisting to avoid log warnings if theyre malformed. Improvement: Added support for hiding the username information revealed by the WordPress 4.7 REST API. Fix: Fixed an issue with an internal data structure to prevent error log entries when using mbstring functions. Fix: Fixed a missing icon for some help links when running in standalone mode. Improvement: Various styling consistency improvements. Improvement: Switching tabs in the various pages now updates the page title as well. Improvement: Live Traffic now only shows verified Googlebot under Google Crawler filter for new visits. Fix: Suppressed warning from reverse lookup on IPv6 addresses without valid DNS records. Improve the signal to noise ratio by leveraging severity level options and a daily digest option. Improvement: Changes to readme.txt and readme.md are now ignored by the scanner unless high sensitivity is on. Improvement: Added additional scan options to allow for disabling the blocklist checks while still allowing malware scanning to be enabled. 2. Providing excellent customer service is very important to us. Have you been told to clear your cache and you're unsure what steps are involved in doing this? Improvement: Added short-term caching of breach check results. Click here to sign-up for Wordfence Premium now or simply install Wordfence free and start protecting your website. Since yesterday I have a message of an error preventing you from logging in, the problem is solved when I switch to the Twenty twenty one theme, my theme is Woodmart, I am trying to understand this message suddenly, I deactivated each plugin and put twenty twenty one it works but with my theme impossible to connect Improvement: Added an All Options page to enable developers and others to more rapidly configure Wordfence. Fix: Removed the disallow file mods for admins created outside of WordPress.