Historical information about previous Wordfence Releases.

= 7.4.7 – April 23, 2020 =

* Improvement: Updated bundled GeoIP database.
* Improvement: Better messaging when selecting restrictive rate limits.
* Improvement: Scan result emails now include the count of issues that were found again.
* Improvement: Resolved scan issues will now email again if they reoccur.
* Improvement: Added the state/province name when applicable to geolocation displays in Live Traffic.
* Improvement: New blocking page design to better inform blocked visitors on how to resolve the block.
* Improvement: Custom WP_CONTENT_DIR, WP_PLUGIN_DUR, and UPLOADS path constants will now get scanned correctly.
* Improvement: Added TLS connection failure detection to brute force reporting and checking and a corresponding backoff period.
* Fix: Fixed an issue where a bad cron record could interfere with automatic WAF rule updates.
* Fix: Fixed a PHP warning that could occur if a bad response was received while updating an IP list.
* Fix: The new user tour and onboarding flow will now work correctly on the 2FA page.

= 7.4.6 – February 12, 2020 =

* Improvement: Enhanced the detection ability of the WAF for SQLi attacks.
* Improvement: Updated the bundled GeoIP database.
* Improvement: Modified some country names in the block configuration to align with those shown in Live Traffic.
* Change: Moved the skipped files scan check to the Server State category.
* Fix: Fixed an issue where after scrolling on the Live Traffic page, updates would no longer automatically load.
* Fix: Modified the number of login records kept to align better with Live Traffic so they’re trimmed around the same time.

= 7.4.5 – January 15, 2020 =

* Improvement: Improved WAF coverage for an Infinite WP authentication bypass vulnerability. Credit to Marc Montpas for finding a bypass.

= 7.4.4 – January 14, 2020 =

* Fix: Fixed a UI issue where the scan summary status marker for malware didn’t always match the findings.

= 7.4.3 – January 13, 2020 =

* Improvement: Added WAF coverage for an Infinite WP authentication bypass vulnerability.
* Improvement: The malicious URL scan now includes protocol-relative URLs (e.g., //
* Improvement: Malware signatures are now better applied to large files read in multiple passes.
* Improvement: Added a scan issue that will appear when one or more paths are skipped due to scan settings excluding them.
* Changed: AJAX endpoints now send the application/json Content-Type header.
* Changed: Updated text on scan issues for plugins removed from to better indicate possible reasons.
* Changed: Added compatibility messaging for reCAPTCHA when WooCommerce is active.
* Fixed: Added missing $wp_query->set_404() call when outputting a 404 page on a custom action.
* Fixed: Fixed the logout username display in Live Traffic broken by a change in WordPress 5.3.
* Fixed: Improved the response callback used for the WAF status check during extended protection installation.
* Fixed: The “Require 2FA for all administrators” notice is now automatically dismissed if an administrator sets up 2FA.

To view a complete changelog please visit this link here