= 7.4.14 – December 3, 2020 =
* Improvement: Added option to disable application passwords.
* Improvement: Updated site cleaning callout with 1-year guarantee.
* Improvement: Upgraded sodium_compat library to 1.13.0.
* Improvement: Replaced the terms whitelist and blacklist with allowlist and blocklist.
* Improvement: Made a number of WordPress 5.6 and jQuery 3.x compatibility improvements.
* Improvement: Made a number of PHP8 compatibility improvements.
* Improvement: Added dismissible notice informing users of possible PHP8 compatibility issues.
= 7.4.12 – October 21, 2020 =
* Improvement: Initial integration of i18n in Wordfence.
* Improvement: Prevent Wordfence from loading under <PHP 5.3.
* Improvement: Updated GeoIP database.
* Improvement: Prevented wildcard from running/saving for scan’s excluded files pattern.
* Improvement: Included Wordfence Login Security tables in diagnostics missing table list.
* Fix: Removed new scan issues when WordPress update occurs mid-scan.
* Fix: Specified category when saving `whitelistedServiceIPs` to WAF storage engine.
* Fix: Removed localhost IP for auto-update email alerts.
* Fix: Fixed broken message in Live Traffic with MySQLi storage engine for blacklisted hits.
* Fix: Removed optional parameter values for PHP 8 compatibility.
= 7.4.11 – August 27, 2020 =
* Improvement: Added diagnostic debug button to clear Wordfence Central connection data from the database.
* Improvement: Added help documentation links to modified plugin/theme file scan results.
* Fix: Prevent file system scan from following symlinks to root.
* Fix: Cleared pending plugin/theme update scan results and notification when a plugin/theme is auto-updated.
* Fix: Added check for when site is disconnected on Central’s end, but not in the plugin.
= 7.4.10 – August 5, 2020 =
Improvement: Prevent author sitemap from leaking usernames in WordPress >=5.5.0.
Fix: Prevent Wordfence auto-update from running if the user has enabled auto-update through WordPress.
Fix: Added default `permission_callback` params to Wordfence Central REST routes.
Fix: Fixed missing styling on WAF optimization admin notice.
= 7.4.9 – July 8, 2020 =
* Improvement: Added list of known malicious usernames to suspicious administrator scan.
* Improvement: Added ability for the WAF to determine if a given plugin/theme/core version is installed.
* Improvement: Added a feature to export a diagnostics report.
* Improvement: Add php_errorlog to the list of downloadable logs in diagnostics.
* Improvement: Added a prompt to allow user to download a backup prior to repairing files.
* Improvement: Prevent scan from failing when the home URL has changed and the key is no longer valid.
* Improvement: Deprecated PHP 5.3, and ended PHP 5.2 support by prevent auto-update from running on older versions.
* Fix: Fixed issue where WAF mysqli storage engine cannot find credentials if wflogs/ does not exist.
* Fix: Changed capability checked to read WP REST API users endpoint when “Prevent discovery of usernames through …” is enabled.
* Fix: Prevented duplicate queries for wordfenceCentralConnected wfconfig value.
* Fix: Prevented custom wp-content or other directories from appearing in “skipped paths” scan result, even when scanned.
* Fix: Login Attempts dashboard widget “Show more” link is not visible when long usernames and IPs cause wrapping.
* Fix: Fix typo in the readme.
To view a complete changelog please visit this link here