Historical information about previous Wordfence plugin versions.

= 7.11.5 – April 3, 2024 =

* Fix: Revised the behavior of the reCAPTCHA verification to use the documented expiration period of the token and response to avoid sending verification requests too frequently, which could artificially lower scores in some circumstances.
* Fix: Addressed PHP 8 deprecation notices in the file differ used by file changed scan results.
* Fix: Reduced the frequency of Wordfence Central status update callbacks in sections of the scan that occur quickly in sequence.

= 7.11.4 – March 11, 2024 =

* Change: CAPTCHA verification when enabled now additionally applies to 2FA logins (may send an email verification on low scores) and no longer reveals whether a user exists for the submitted account credentials (credit: Raxis).
* Fix: Addressed a potential PHP 8 notice in the human/bot detection AJAX call.
* Fix: Addressed a potential PHP 8 notice when requesting a lockout unlock verification email.
* Fix: Fixed the emailed diagnostics view not showing the missing table information when applicable.
* Fix: Improved quick scan logic to base timing on regular scans so they’re more evenly distributed.

= 7.11.3 – February 15, 2024 =

* Fix: Fixed an issue with sites containing invalid Wordfence Central site data where they could throw an error when viewing Wordfence pages.

= 7.11.2 – February 14, 2024 =

* Improvement: Enhanced the vulnerability scan to check and alert for WordPress core vulnerabilities and to adjust the severity of the scan result based on findings or available updates.
* Improvement: Updated the bundled GeoIP database.
* Improvement: Increased compatibility of brute force protection with plugins that override the normal login flow and omit traditional hooks.
* Change: Adjusted the behavior of automatic quick scans to schedule themselves further away from full scans.
* Fix: Added detection for a site being linked to a non-matching Wordfence Central record (e.g., when cloning the database to a staging site).
* Fix: Streamlined the license and terms of use installation flow to avoid unnecessary prompting.
* Fix: Fixed an issue where user profiles with a selected locale different from the site itself could end up loading the site’s locale instead.

= 7.11.1 – January 2, 2024 =

* Improvement: Added “.env” to the files checked for “Scan for publicly accessible configuration, backup, or log files”.
* Improvement: Provided better descriptive text for the option “Block IPs who send POST requests with blank User-Agent and Referer”.
* Improvement: The diagnostics page now displays the contents of any ‘auto_prepend_file’ .htaccess/.user.ini block for troubleshooting.
* Fix: Fixed an issue where a login lockout on a WooCommerce login form could fail silently.
* Fix: The scan result for abandoned plugins no longer states it has been removed from if it is still listed.
* Fix: Addressed an exception parsing date information in non-repo plugins that have a bad ‘last_updated’ value.
* Fix: The URL scanner no longer generates a log warning when matching a potential URL fragment that ends up not being a valid URL.

To view a complete changelog, visit this link here