Mark Maunder
January 26, 2015

Wordfence 5.3.6 Released!

Wordfence 5.3.6 has just been released! This version includes a few important fixes and a few awesome new features including the ability to block anyone (or anything) from submitting a form to your site if they have a blank referrer header and user-agent header. This is a common pattern among bots and will help you block a few more hack attempts. This is included in the free and Premium versions of Wordfence.

The changes are below and the full changelog is here: https://wordpress.org/plugins/wordfence/changelog/

  • Feature: You can now block POST requests to your WordPress site that have an empty User-Agent and Referer header. This is a common pattern among badly written brute force bots.
  • Feature: Added cron viewer at bottom of Wordfence options page. The plugin we were using to help diagnose customer issues is broken. Use this instead.
  • Feature: Added DB table viewer at bottom of Wordfence options page. This is a read-only utility to view table names and detailed status. Also for customer diagnostic purposes.
  • Improvement: Code cleanup after in-depth code analysis. Removed unused functions and variables and re-indented selected code.
  • Fix: Fixed issue that appeared after last release where raw HTML tags were appearing in email alerts.
  • Fix: Tour behaved inconsistently under some conditions. Fixed.
  • Fix: Mismatched HTML tags in some presentation code. Fixed.
  • Fix: When fetching theme list the interator had the same name as the array. Fixed.
  • Fix: Detection for malware URLs in comments had a partial description in the issue. Was being overwritten when it should have been appended. Fixed.
  • Fix: Check if dns_get_record() exists before using it to avoid warnings.
  • Fix: If you have the wordfence security network disabled, the _wfVulnScanners table may have grown indefinitely. Fixed so it’s regularly truncated.
  • Fix: wordfence::getLog() was private and should be public. Fixed.
  • Fix: Removed warning about _wfsf not being an element of GET params. Usually hidden, but in case something checks error_get_last()

 

Did you enjoy this post? Share it!

LinkedIn 

Comments

No Comments

Breaking WordPress Security Research in your inbox as it happens.

Example of a news story

This site uses cookies in accordance with our Privacy Policy.