Wordfence 5.3.6 Released!
This entry was posted in Wordfence on January 26, 2015 by Mark Maunder 0 Replies
Wordfence 5.3.6 has just been released! This version includes a few important fixes and a few awesome new features including the ability to block anyone (or anything) from submitting a form to your site if they have a blank referrer header and user-agent header. This is a common pattern among bots and will help you block a few more hack attempts. This is included in the free and Premium versions of Wordfence.
The changes are below and the full changelog is here: https://wordpress.org/plugins/wordfence/changelog/
- Feature: You can now block POST requests to your WordPress site that have an empty User-Agent and Referer header. This is a common pattern among badly written brute force bots.
- Feature: Added cron viewer at bottom of Wordfence options page. The plugin we were using to help diagnose customer issues is broken. Use this instead.
- Feature: Added DB table viewer at bottom of Wordfence options page. This is a read-only utility to view table names and detailed status. Also for customer diagnostic purposes.
- Improvement: Code cleanup after in-depth code analysis. Removed unused functions and variables and re-indented selected code.
- Fix: Fixed issue that appeared after last release where raw HTML tags were appearing in email alerts.
- Fix: Tour behaved inconsistently under some conditions. Fixed.
- Fix: Mismatched HTML tags in some presentation code. Fixed.
- Fix: When fetching theme list the interator had the same name as the array. Fixed.
- Fix: Detection for malware URLs in comments had a partial description in the issue. Was being overwritten when it should have been appended. Fixed.
- Fix: Check if dns_get_record() exists before using it to avoid warnings.
- Fix: If you have the wordfence security network disabled, the _wfVulnScanners table may have grown indefinitely. Fixed so it’s regularly truncated.
- Fix: wordfence::getLog() was private and should be public. Fixed.
- Fix: Removed warning about _wfsf not being an element of GET params. Usually hidden, but in case something checks error_get_last()