thanks to dear member @netman updated Wordfence Security Premium with a new update entry:
October 30, 2023
Read the rest of this update entry...
October 30, 2023
Read the rest of this update entry...
Fix: Addressed an issue with multisite installations when the wp_options tables had different encodings/collations
Fix: Compatibility fix for WordPress 6.4 on the login page styling
* Improvement: Added new functionality for trusted proxy presets to support proxies such as Amazon CloudFront, Ezoic, and Quic.cloud
* Improvement: WAF rule and malware signature updates are now signed with SHA-256 as well for hosts that no longer build SHA1 support
* Improvement: Updated the bundled trusted CA certificates
* Change: The WAF will no longer attempt to fetch rule or blocklist updates when run via WP-CLI
* Fix: Removed uses of SQL_CALC_FOUND_ROWS, which is deprecated as of...
* Improvement: Added ".env" to the files checked for "Scan for publicly accessible configuration, backup, or log files"
* Improvement: Provided better descriptive text for the option "Block IPs who send POST requests with blank User-Agent and Referer"
* Improvement: The diagnostics page now displays the contents of any `auto_prepend_file` .htaccess/.user.ini block for troubleshooting
* Fix: Fixed an issue where a login lockout on a WooCommerce login form could fail silently
* Fix: The scan...
* Improvement: Enhanced the vulnerability scan to check and alert for WordPress core vulnerabilities and to adjust the severity of the scan result based on findings or available updates
* Improvement: Updated the bundled GeoIP database
* Improvement: Increased compatibility of brute force protection with plugins that override the normal login flow and omit traditional hooks
* Change: Adjusted the behavior of automatic quick scans to schedule themselves further away from full scans
* Fix...
* Fix: Fixed an issue with sites containing invalid Wordfence Central site data where they could throw an error when viewing Wordfence pages
* Change: CAPTCHA verification when enabled now additionally applies to 2FA logins (may send an email verification on low scores) and no longer reveals whether a user exists for the submitted account credentials (credit: Raxis)
* Fix: Addressed a potential PHP 8 notice in the human/bot detection AJAX call
* Fix: Addressed a potential PHP 8 notice when requesting a lockout unlock verification email
* Fix: Fixed the emailed diagnostics view not showing the missing table information when...
* Fix: Revised the behavior of the reCAPTCHA verification to use the documented expiration period of the token and response to avoid sending verification requests too frequently, which could artificially lower scores in some circumstances
* Fix: Addressed PHP 8 deprecation notices in the file differ used by file changed scan results
* Fix: Reduced the frequency of Wordfence Central status update callbacks in sections of the scan that occur quickly in sequence
* Improvement: Revised the strong password requirements notice to be more readable
* Improvement: Removed unnecessary calls for the plugin and theme vulnerability checks
* Improvement: Reduced the frequency of calls to Wordfence Central during some operations where the values do not need to be synced
* Improvement: Refactored some queries to avoid the automatic SHOW FULL COLUMNS queries that WordPress performs to verify database encodings
* Improvement: Infrequently-used config values are no...
* Improvement: Optimized scan performance by reducing database queries by approximately 38% along with CPU usage
* Fix: Added translation support for "Page not found" string when viewing recent traffic