Wordfence 5.0.6 Released

Thanks to our beta team of around 400 testers now, we tested Wordfence 5.0.6 over the weekend and it has been released this morning into production. The changes are:

5.0.6

  • Feature: Prevent discovery of usernames through ‘?/author=N’ scans. New option under login security which you can enable.
  • Fix: Introduced new global hash whitelist on our servers that drastically reduces false positives in all scans especially theme and plugin scans.
  • Fix: Fixed issue that corrupted .htaccess because stat cache would store file size and cause filesize() to report incorrect size when reading/writing .htaccess.
  • Fix: Fixed LiteSpeed issue where Falcon Engine would not serve cached pages under LiteSpeed and LiteSpeed warned about unknown server variable in .htaccess.
  • Fix: Fixed issue where Wordfence Security Network won’t block known bad IP after first login attempt if “Don’t let WordPress reveal valid users in login errors” option is not enabled.
  • Fix: Sites installed under a directory would sometimes see Falcon not serving cached docs.
  • Fix: If you are a premium customer and you have 2FA enabled and your key expires, fixed issue that may have caused you to get locked out.
  • Improvement: If your Premium API key now expires, we simply downgrade you to free scanning and continue rather than disabling Wordfence.
  • Improvement: Email warnings a few days before your Premium key expires so you have a chance to upgrade for uninterrupted service.

Did you enjoy this post? Share it!

Comments

1 Comment