Changelog
Historical information about previous Wordfence plugin versions.
= 7.11.4 – March 11, 2024 =
* Change: CAPTCHA verification when enabled now additionally applies to 2FA logins (may send an email verification on low scores) and no longer reveals whether a user exists for the submitted account credentials (credit: Raxis).
* Fix: Addressed a potential PHP 8 notice in the human/bot detection AJAX call.
* Fix: Addressed a potential PHP 8 notice when requesting a lockout unlock verification email.
* Fix: Fixed the emailed diagnostics view not showing the missing table information when applicable.
* Fix: Improved quick scan logic to base timing on regular scans so they’re more evenly distributed.
= 7.11.3 – February 15, 2024 =
* Fix: Fixed an issue with sites containing invalid Wordfence Central site data where they could throw an error when viewing Wordfence pages.
= 7.11.2 – February 14, 2024 =
* Improvement: Enhanced the vulnerability scan to check and alert for WordPress core vulnerabilities and to adjust the severity of the scan result based on findings or available updates.
* Improvement: Updated the bundled GeoIP database.
* Improvement: Increased compatibility of brute force protection with plugins that override the normal login flow and omit traditional hooks.
* Change: Adjusted the behavior of automatic quick scans to schedule themselves further away from full scans.
* Fix: Added detection for a site being linked to a non-matching Wordfence Central record (e.g., when cloning the database to a staging site).
* Fix: Streamlined the license and terms of use installation flow to avoid unnecessary prompting.
* Fix: Fixed an issue where user profiles with a selected locale different from the site itself could end up loading the site’s locale instead.
= 7.11.1 – January 2, 2024 =
* Improvement: Added “.env” to the files checked for “Scan for publicly accessible configuration, backup, or log files”.
* Improvement: Provided better descriptive text for the option “Block IPs who send POST requests with blank User-Agent and Referer”.
* Improvement: The diagnostics page now displays the contents of any ‘auto_prepend_file’ .htaccess/.user.ini block for troubleshooting.
* Fix: Fixed an issue where a login lockout on a WooCommerce login form could fail silently.
* Fix: The scan result for abandoned plugins no longer states it has been removed from wordpress.org if it is still listed.
* Fix: Addressed an exception parsing date information in non-repo plugins that have a bad ‘last_updated’ value.
* Fix: The URL scanner no longer generates a log warning when matching a potential URL fragment that ends up not being a valid URL.
= 7.11.0 – November 28, 2023 =
* Improvement: Added new functionality for trusted proxy presets to support proxies such as Amazon CloudFront, Ezoic, and Quic.cloud
* Improvement: WAF rule and malware signature updates are now signed with SHA-256 as well for hosts that no longer build SHA1 support.
* Improvement: Updated the bundled trusted CA certificates.
* Change: The WAF will no longer attempt to fetch rule or blocklist updates when run via WP-CLI.
* Fix: Removed uses of SQL_CALC_FOUND_ROWS, which is deprecated as of MySQL 8.0.17
* Fix: Fixed an issue where final scan summary counts in some instances were not sent to Central.
* Fix: Fixed a deprecation notice for get_class in PHP 8.3.0
* Fix: Corrected an output error in the connectivity section of Diagnostics in text mode.
To view a complete changelog, visit this link here