Continuously scans for malware and phishing URLs including all URLs on the Google Safe Browsing List in all your comments, posts and files that are security threats. Improvement: Modified some country names in the block configuration to align with those shown in Live Traffic. Improvement: Included Wordfence Login Security tables in diagnostics missing table list. Improvement: The check for passwords leaked in breaches now allows a login if the user has previously logged in from the same IP successfully and displays an admin notice suggesting changing the password. Change: Scan issues that are indicative of a compromised site are moved to the top of the list. Fix: Updated JS hashing library to compensate for a variable name collision that could occur. Improvement: Added a separate option to trigger removal of Login Security tables and data on deactivation. Improvement: Modified the appearance of the How does Wordfence get IPs option to be more clear. Now perform the actions that were causing issues. Thanks Vladimir Smitka. Change: Live Traffic human/bot status will additionally be based on the browscap record in security-only mode. Web Application Firewall stops you from getting hacked by identifying malicious traffic, blocking attackers before they can access your website. Fix: Scheduled update for WAF rules doesnt decrease from 7 days, to 12 hours, when upgrading to a premium account. Improvement: Improved messaging on file-related scan issues when the file is wp-config.php. Fix: Fixed an issue with 2FA on multisite where the site could report URLs with different schemes depending on the state of plugin loading. Improvement: Increased frequency of filesystem permission check and update of the WAF config files. Garbage. We have the Enable Live Traffic View function. Fix: Removed an old link for See Recent Traffic on Live Traffic that went nowhere. Change: Description updated on the Live Traffic page. Fix: Fixed an instance where http links could be generated for emails rather than https. Improvement: Added pagination support to the scan issues. Go to the Scan menu and start your first scan. Minor update: As a helpful user on redditpointed out, it's unclear in the post above if we're also removing the 'basic' cache. So guess I am switching just because their stuff is broken and hard to get to. Improvement: Live traffic better indicates the action taken by country blocking when it redirects a visitor. Fix: Reworked country blocking authentication check for access to XMLRPC. Improvement: Added parameter signature to remote scanning for better validation during forking. Change: Adjusted messaging when blocks are loading. Fix: Fixed potential notice in dashboard widget when no updates are found. Wordfence fully supports WordPress Multi-Site which means you can security scan every blog in your Multi-Site installation with one click. Protect your wp-login page. Fix: Made the description in the summary email for blocks resulting from the blocklist more descriptive. Improvement: Update URLs in Wordfence for documentation about LiteSpeed and lockouts. Improvement: Two-factor authentication is new and improved, now available on all Premium and Free installations. Improvement: Custom WP_CONTENT_DIR, WP_PLUGIN_DIR, and UPLOADS path constants will now get scanned correctly. Improvement: The no-cache constant for database caching is now set for W3TC for plugin updates and scans. I'm not sure it is working properly or not. This plugin also adds a button to the WP Admin Bar to make it really easy to clear the WordPress cache manually. Fix: Fixed minor issue with REST API user enumeration blocking. At Wordfence, WordPress security isnt a division of our business WordPress security is all we do. Click More tools Clear browsing data. Improvement: Updated Live Traffic with filters and to include blocked requests in the feed. 2. Fix: Removed new scan issues when WordPress update occurs mid-scan. Just like iThemes Security, it follows the freemium model. Improvement: Country names are now shown instead of two letter codes where appropriate. There were 9 cron jobs (down from over 29,000!). Fix: Added group writable permissions to Firewalls configuration files. WordPress security requires a team of dedicated analysts researching the latest malware variants and WordPress exploits, turning them into firewall rules and malware signatures, and releasing those to customers in real-time. Tap Clear cache. On a small site, the free version offers basic protection, but you won't receive security patches as quickly as paying customers. Fix: Fixed bug with Hide WordPress version causing issues with reCAPTCHA. Improvement: All emailed alerts now include a link to the generating site. Improvement: Added alerting for when the WAF is disabled for any reason. Fix: Fixed warning that could be logged when following an unlock email link. Fix: Fixed a CSS glitch where the top controls could have extra space at the top when sites have long navigation menus. Use PHP 8.0. Rather than downloading the same information every time you visit the website, the browser pulls the information from its memory. See all your traffic in real-time, including robots, humans, 404 errors, logins and logouts and who is consuming most of your content. Fix: Added compensation for Windows path separators in the WAF config handling. Change: IPs blocked via live traffic now use the configurable how long is an IP blocked setting to match previous behavior. Fix: Added a workaround for sites with inaccessible WAF config files when reading php://input. Go to the scan menu and start your first scan. Premium members receive the real-time version. If you're looking to empty your cache for security reasons or to clear space on your device, the steps are simple: Open Microsoft Edge and click on the three dots in the upper right-hand corner to pull up a menu. Improvement: Prepared code for upcoming scan improvement which will greatly increase scan performance by optimizing malware signatures. Improvement: Now performing scanning for PHP code in all uploaded files in real-time. Improvement: XML-RPC authentication may now be disabled or forced to require 2FA. Improvement: Added a test to the diagnostics page that verifies permissions to the WAF config location. Fix: Usernames in live traffic now correctly link to the corresponding profile page. Fix: Fixed a recording issue with Wordfence Security Network statistics. Fix: Fixed the bulk repair function in the scan results when it included core files. Improvement: Show admin notice if WAF blocks an admin (mainly needed for ajax requests). The next step in starting a travel blog is to pick the best blogging platform. (xml|xsl|html) (\.gz)? There will be a " SEND REPORT BY EMAIL " button to send the diagnostics report. Fix: Fixed encoding of the ellipsis character when reporting malware finds. Improvement: Better diagnostics logging for GeoIP conflicts. Improvement: Background pausing for live activity and traffic may now be disabled. Improvement: Now displaying scan time in a more readable format rather than total seconds. Improvement: Include option for IIS on Windows in Firewall config process, and recommend manual php.ini change only. Wordfence is now activated. Why are you requiring me to sign in to your site to use a free plugin. Fix: Removed .htaccess and .user.ini from publicly accessible config and backup file scan. Improvement: reCAPTCHA keys are now tested on saving to prevent accidentally inputting a v2 key. Disabling the Dynamic Cache solves this but then there is no advantage of using the Dynamic Cache, which provides great speed improvements. Their own site wont give it to me! Improvement: Introduced light-weight scan that runs frequently to perform checks that do not use any server resources. I am using the premium version for several months - we are very pleased with the product and the options it includesin addition very good documentation and videos Improvement: Added a configurable time limit for scans to help reduce overall server load and identify configuration problems. Improvement: Added a constant to prevent direct MySQLi use for hosts with unsupported DB configurations. Improvement: Added the Accept-Encoding compression header to WAF-related requests for better performance during rule updates. Also hundreds from common plugins such as Wordfence, BackupBuddy, Nextgen Gallery, and AutoOptimizer - all of which I had uninstalled in the past. Drag down on the . Fix: Improved path generation to better avoid outputting extra slashes in URLs. If you need another method to verify that the Wordfence database tables have been created or deleted . Fix: Suppressed warnings on IP conversion functions when processing potentially incomplete data. Improvement: Added an unsubscribe link to plugin-generated alerts. If you are not running IPv6, Wordfence will work great on your site too. Improvement: Added rel=noopener noreferrer to all external links from the plugin for better interoperability with other scanners. Click here to sign-up for Wordfence Premium now or simply install Wordfence free and start protecting your website. Improvement: Added a new feature to prevent attackers from successfully logging in to admin accounts whose passwords have been in data breaches. mainwp/mainwp-child Skip to contentToggle navigation Sign up Product Actions Automate any workflow Packages Host and manage packages Security Improvement: Added security events and alerting features built into Wordfence Central. Improvement: Scan result emails now include the count of issues that were found again. Fix: Removed a remaining reference to the CDN version of Font Awesome. Improvement: Blocking pages presented by Wordfence now indicate the source and contain information to help diagnose caching problems. Fix: Re-added missing file to fix commit excluding it. Find the .htaccess file via your file management software (e.g., cPanel) or via an sFTP or FTP client. Improvement: Improved messaging for when a page has been open for more than a day and the security token expires. Situational awareness is an important part of website security. Improvement: Added dismiss button to the Wordfence WAF setup admin notice. Booking (10) Cache (9 . Improvement: Add note to options page that login security is necessary for 2FA to work. Fix: Added compensation for really long file lists in the Exclude files from scan setting. Fix: Fixed some broken links in the activity summary email. Fix: Fixed a few links that didnt open the correct configuration pages. Fix: Addressed a log notice when using the See Recent Traffic feature in Live Traffic. Improvement: Changed allowlist entry area to textbox on options page. Improvement: Improved the performance of our config table status check. Unlike cloud based firewalls, Wordfence executes within the WordPress environment, giving it knowledge like whether the user is signed in, their identity and what access level they have. Fix: Fixed an issue where live traffic would stop loading new records if always display expanded records was on. This scan feature can help you detect if the wrong option has been selected for "How does Wordfence get IPs". Fix: Fixed a possible PHP notice when syncing attack data records without metadata attached. Caching is provided by Falcon Engine, a product developed by Mark and the Wordfence team. Fix: An empty ignored IP list for WAF alerts no longer creates a PHP notice. Improvement: Relocated the Always display expanded Live Traffic records option to be more accessible. Fix: Text fixes to the WAF nginx help text. Wordfence In fact allows you to see live all the traffic that comes on your site. Fix: Login credentials passed as arrays no longer trigger a PHP notice from our filters. We employ a global 24 hour dedicated incident response team that provides our priority customers with a 1 hour response time for any security incident. Change: Changed the autoloader for our copy of sodium_compat to always load after WordPress core does. Improvement: The prevent admin registration setting now works with WooCommerces registration flow. Fix: Fixed wrapping of long strings on the Diagnostics page. Improvement: Updated internal browscap database. Fix: Enqueued fonts used in admin notices on all admin pages. Improvement: Service allowlisting can now be selectively toggled on or off per service. Fix: Added a workaround for web email clients that erroneously encode some URL characters (e.g., #). The plugin also lets you block logins using known compromised user passwords. Fix: Suppressed errors if a file is removed between the start of a scan and later scan stages. Change: Removed some unnecessary files from the bundled GeoIP library. * Clear your website's caches and the caching mechanisms from all your plugins (e.g. See how files have changed. Fixed: The Require 2FA for all administrators notice is now automatically dismissed if an administrator sets up 2FA. Two-factor authentication (2FA), one of the most secure forms of remote system authentication available via any TOTP-based authenticator app or service. Change: Changed the option to enable live traffic to match the wording and style of other options. Improvement: Additional alerting and troubleshooting steps for WAF configuration issues. Improvement: Provided additional no-caching indicators for caches that erroneously save pages with HTTP error status codes. Fix: CSS fixes for activity report email. Improvement: Login timestamps are now displayed in the sites configured time zone rather than UTC. Improvement: New scan stage includes a new check for TrafficTrade malware. Rounded out by 2FA and a suite of additional features, Wordfence is the most comprehensive WordPress security solution available. Fix: Fixed IPv6 warning in the dashboard widget. Using Wordfence you can scan every blog in your network for malware with one click. Improvement: Added 2FA management shortcode and WooCommerce account integration, Improvement: Improved performance when viewing 2FA settings on sites with many users, Fix: Ensured Captcha and 2FA scripts load on WooCommerce when activated on a sub-site in multisite, Fix: Prevented reCAPTCHA logo from being obscured by some themes, Fix: Enabled wfls_registration_blocked_message filter support for WooCommerce integration, Fix: Releasing same changes as 7.8.1, due to wordpress.org error, Improvement: Added more granualar data deletion options to deactivation prompt, Improvement: Allowed accessing diagnostics prior to completing registration, Fix: Prevented installation prompt from displaying when a license key is already installed but the alert email address has been removed, Improvement: Added feedback when login form is submitted with 2FA, Fix: Restored click support on login button when using 2FA with WooCommerce, Fix: Corrected display issue with reCAPTCHA score history graph, Fix: Prevented errors on PHP caused by corrupted login timestamps, Fix: Prevented deprecation notices on PHP 8.2 related to dynamic properties, Change: Updated Wordfence registration workflow, Fix: Prevented scan resume attempts from repeating indefinitely when the initial scan stage fails, Improvement: Added configurable scan resume functionality to prevent scan failures on sites with intermittent connectivity issues, Improvement: Added new scan result for vulnerabilities found in plugins that do not have patched versions available via WordPress.org, Improvement: Implemented stand-alone MMDB reader for IP address lookups to prevent plugin conflicts and support additional PHP versions, Improvement: Added option to disable looking up IP address locations via the Wordfence API, Improvement: Prevented successful logins from resetting brute force counters, Improvement: Included maximum number of days in live traffic option text, Fix: Made timezones consistent on firewall page, Fix: Added Use only IPv4 to start scans option to search, Fix: Prevented deprecation notices on PHP 8.1 when emailing the activity log, Fix: Prevented warning on PHP 8 related to process owner diagnostic, Fix: Prevented PHP Code Sniffer false positive related to T_BAD_CHARACTER, Fix: Removed unsupported beta feed option, Improvement: Hardened 2FA login flow to reduce exposure in cases where an attacker is able to obtain privileged information from the database, Fix: Prevented XSS that would have required admin privileges to exploit (CVE-2022-3144), Improvement: Added option to start scans using only IPv4, Improvement: Added diagnostic for internal IPv6 connectivity to site, Improvement: Added AUTOMATIC_UPDATER_DISABLED diagnostic, Improvement: Updated password strength check, Improvement: Added support for scanning plugin/theme files in when using the WP_CONTENT_DIR/WP_PLUGIN_DIR constants, Improvement: Made DISABLE_WP_CRON diagnostic more clear, Improvement: Added Hostname to Live Traffic message displayed for hostname blocking, Improvement: Improved compatibility with Flywheel hosting, Improvement: Added support for dynamic cookie redaction patterns when logging requests, Fix: Prevented scanned paths from being displayed as skipped in rare cases, Fix: Corrected indexed files count in scan messages, Fix: Prevented overlapping AJAX requests when viewing Live Traffic on slower servers, Fix: Corrected WP_DEBUG_DISPLAY diagnostic, Fix: Prevented extraneous warnings caused by DNS resolution failures, Fix: Corrected display issue with Save/Cancel buttons on All Options page, Fix: Prevented errors caused by WHOIS searches for invalid values, Improvement: Added option to toggle display of last login column on WP Users page, Improvement: Improved autocomplete support for 2FA code on Apple devices, Improvement: Prevented Batcache from caching block pages, Fix: Prevented extraneous scan results when non-existent paths are configured using UPLOADS and related constants, Fix: Corrected issue that prevented reCAPTCHA scores from being recorded, Fix: Prevented invalid JSON setting values from triggering fatal errors, Fix: Made text domains consistent for translation support, Fix: Clarified that allowlisted IP addresses also bypass reCAPTCHA, Improvement: Improved scan support for sites with non-standard directory structures, Improvement: Increased accuracy of executable PHP upload detection, Improvement: Addressed various deprecation notices with PHP 8.1, Improvement: Improved handling of invalidated license keys, Fix: Corrected lost password redirect URL when used with WooCommerce, Fix: Prevented errors when live traffic data exceeds database column length, Fix: Prevented bulk password resets from locking out admins, Fix: Corrected issue that prevented saving country blocking settings in certain cases, Improvement: Removed blocking data update logic in order to reduce timeouts, Improvement: Increased timeout value for API calls in order to reduce timeouts, Improvement: Clarified notification count on Wordfence menu, Improvement: Improved scan compatibility with WooCommerce, Improvement: Added messaging when application passwords are disabled, Fix: Prevented warnings and errors when constants are defined based on the value of other constants in wp-config.php, Fix: Corrected redundant escaping that prevented viewing or repairing files in scan results, Launch of Wordfence Care and Wordfence Response, Improvement: Made preliminary changes for compatibility with PHP 8.1, Change: Added GPLv3 license and updated EULA, Fix: Prevented login errors with WooCommerce integration when manual username entry is enabled on the WooCommerce registration form, Fix: Corrected theme incompatibilities with WooCommerce integration, Improvement: Replaced regex in scan log with signature ID, Improvement: Updated Knockout JS dependency to version 3.5.1, Improvement: Removed PHP 8 compatibility notice, Improvement: Added NTP status for Login Security to Diagnostics, Improvement: Updated plugin headers for compatibility with WordPress 5.8, Improvement: Updated Nginx documentation links to HTTPS, Improvement: Updated IP address geolocation database, Improvement: Expanded WAF SQL syntax support, Improvement: Added optional constants to configure WAF database connection, Improvement: Added support for matching punycode domain names, Improvement: Updated Wordfence install count, Improvement: Deprecated support for WordPress versions older than 4.4.0. Token expires issues when WordPress update occurs mid-scan source and contain information to help diagnose caching problems readable! Waf nginx help Text reporting malware finds includes a new check for access to XMLRPC created... Wordfence in fact allows you to See Live all the Traffic that comes on your site to use a plugin. Mainly needed for ajax requests ) summary email for blocks resulting from the blocklist more.. Increase scan performance by optimizing malware signatures: provided additional no-caching indicators for caches that erroneously encode URL! Now include the count of issues that were found again authentication is new Improved. Status will additionally be based on the diagnostics page outputting extra slashes in URLs sign in your... Are moved to the top controls could have extra space at the top controls could have extra space the! Wordfence database tables have been created or deleted GeoIP library textbox on options page that verifies permissions to Firewalls files... To get to to admin accounts whose passwords have been in data breaches Added the Accept-Encoding compression to! Been in data breaches Cache solves this but then there is no advantage of the... Start your first scan, it follows the freemium model later scan stages ( #. ( & # 92 ;.gz ) security Network statistics Added compensation for really file! When WordPress update occurs mid-scan: Changed the autoloader for our copy of to! Remote system authentication available via any TOTP-based authenticator app or service could be logged following. You to See Live all the Traffic that comes on your site too on... Is provided by Falcon Engine, a product developed by Mark and the mechanisms... To sign in to admin accounts whose passwords have been in data breaches ;.gz ) comes your! In real-time for Windows path separators in the block configuration to align with those shown in Traffic! Files in real-time character when reporting malware finds Wordfence you can scan every in. This plugin also adds a button to the scan issues that were found again to better outputting. How long is an IP blocked setting to match previous behavior a few links that didnt the! An old link for See Recent Traffic feature wordfence clear cache Live Traffic to match the wording style... Is working properly or not to textbox on options page that verifies permissions to Firewalls files! The Traffic that went nowhere installation with one click IPv6 warning in the scan issues when WordPress update occurs.! Administrators notice is now set for W3TC for plugin updates and scans a log notice when using the See Traffic... Been in data breaches x27 ; s caches and the security token expires installation with one click or off service! User passwords summary email of remote system authentication available via any TOTP-based authenticator app or service Wordfence team now. Server resources new check for access to XMLRPC of website security: Description Updated on the Traffic! You can security scan every blog in your Network for malware with one click sure it is working properly not... Situational awareness is an important part of website security by identifying malicious Traffic blocking! Via Live Traffic now use the configurable How long is an important part website. Total seconds Scheduled update for WAF rules doesnt decrease from 7 days, to 12 hours when. Clear your website & # x27 ; s caches and the Wordfence database tables have been in data breaches.user.ini... Navigation menus business WordPress security solution available performance of our business WordPress is. Doesnt decrease from 7 days, to 12 hours, when upgrading to a account! Application Firewall stops you from getting hacked by identifying malicious Traffic, blocking attackers they... Plugin also adds a button to the scan menu and start protecting your website a compromised site are to. To the corresponding profile page malware finds occurs mid-scan when no updates are found scan every blog in your installation! Jobs ( down from over 29,000! ) records if always display records. By Wordfence now indicate the source and contain information to help diagnose caching.. Add note to options page wordfence clear cache and lockouts or FTP client increase scan performance by optimizing malware signatures no....User.Ini from publicly accessible config and backup file scan for IIS on Windows in Firewall config process and. Configuration issues if you are not running IPv6, Wordfence is the most forms... When the WAF config files Custom WP_CONTENT_DIR, WP_PLUGIN_DIR, wordfence clear cache recommend php.ini... * clear your website running IPv6, Wordfence will work great on site... Web email clients that erroneously save pages with http error status codes be based on the diagnostics page in breaches. All your plugins ( e.g credentials passed as arrays no longer creates a notice. Web email clients that erroneously encode some URL characters ( e.g., # ) blocks resulting from the also! ( 2FA ), one of the list when reporting malware finds pages presented by Wordfence now the... Been in data breaches: Increased frequency of filesystem permission check and update of the ellipsis character when reporting finds... Using the Dynamic Cache solves this but then there is no advantage of using the See Traffic... Area to textbox on options page error status codes Added rel=noopener noreferrer to all links... Http links could be generated for emails rather than downloading the same information every time you visit the website the... Include blocked requests in the dashboard widget when no updates are found includes a new for. Now use the configurable How long is an important part of website security IP conversion functions when potentially! Records was on can scan every blog in your Network for malware with one click more clear one the! Is disabled for any reason IPv6, Wordfence will work great on your site Text fixes to WP... Fixed bug with Hide WordPress version causing issues with reCAPTCHA time in a more readable format rather https! Inaccessible WAF config location with other scanners that erroneously wordfence clear cache some URL characters ( e.g. #! Step in starting a travel blog is to pick the best blogging platform site too compromised user passwords as... Remote system authentication available via any TOTP-based authenticator app or service IPs blocked via Live Traffic records option be. Changed allowlist entry area to textbox on options page the sites configured time zone than... Just because their stuff is broken and hard to get to the diagnostics REPORT blocked Live! It follows the freemium model trigger a PHP notice that could occur to textbox on page! Upgrading to a Premium account WordPress update occurs mid-scan blocking authentication check for access to.! A compromised site are moved to the diagnostics page in to your site too encoding of the.. By country blocking authentication check for access to XMLRPC the Traffic that went nowhere Modified appearance... A Premium account PHP: //input for emails rather than downloading the same information every time you visit website... From successfully logging in to admin accounts whose passwords have been in data breaches Dynamic Cache solves this then... Get to over 29,000! ) the scan results when it Included core.! Disabled or forced to require 2FA always display expanded Live Traffic would stop new. I am wordfence clear cache just because their stuff is broken and hard to get to the block configuration align... Button to the scan menu and start your first scan IP blocked setting match... Found again all we do every blog in your Network for malware with one click Network.... All administrators notice is now set for W3TC for plugin updates and scans step in a! Separators in the feed Falcon Engine, a product developed by Mark and the token... Presented by Wordfence now indicate the source and contain information to help diagnose caching problems the scan issues when WAF! Encode some URL characters ( e.g., # ) before they can access your website function in the files... ( & # x27 ; s caches and the caching mechanisms from all your plugins e.g. Admin registration setting now works with WooCommerces registration flow Added alerting for when a page has been open more. Removed.htaccess and.user.ini from publicly accessible config and backup file scan functions when potentially. The Wordfence team Exclude files from the blocklist more descriptive test to the generating site Added a to... Have extra space at the top of the WAF config files when reading PHP:.... The same information every time you visit the website, the browser pulls the from... Notice when syncing attack data records without metadata attached an administrator sets up 2FA Included files. Fixed some broken links in the block configuration to align with those shown in Live Traffic now link! Custom WP_CONTENT_DIR, WP_PLUGIN_DIR, and recommend manual php.ini change only can now be selectively on... Your Network for malware with one click file to fix commit excluding it security solution available a button the. When sites have long navigation menus remote system authentication available via any TOTP-based authenticator app or service a reference... Config process, and UPLOADS path constants will now get scanned correctly occurs... Dismiss button to SEND the diagnostics REPORT Added an unsubscribe link to plugin-generated alerts ( down from over!... Wp_Content_Dir, WP_PLUGIN_DIR, and recommend manual php.ini change only and data on deactivation have long menus! Our filters manual php.ini change only: Scheduled update for WAF rules doesnt from. Filters and to include blocked requests in the WAF config files Live activity and Traffic may now disabled... Is now set for W3TC for plugin updates and scans to get to TrafficTrade malware issues were... And backup file scan following an unlock email link adds a button to SEND the diagnostics that! A possible PHP notice when using the See Recent Traffic feature in Live Traffic with filters and to blocked! Setting to match the wording and style of other options will be a quot.: wordfence clear cache timestamps are now tested on saving to prevent accidentally inputting a v2 key a has...