Upgrading to WordFence Premium for $99-$950/year will give you access to real-time IP blocklist and country blocking features, stopping all requests from . Improvement: The no-cache constant for database caching is now set for W3TC for plugin updates and scans. Fix: Added a safety check for when the database fails to return its max_allowed_packet value. A Wordfence scan examines all files on your WordPress website looking for malicious code, backdoors, and shells that hackers have installed. Improvement: Added a prompt to allow user to download a backup prior to repairing files. Improvement: New scan stage includes a new check for TrafficTrade malware. We fully support IPv6 with all security functions including country blocking, range blocking, city lookup, whois lookup and all other security functions. Fix: Added a workaround for GoDaddy/Limit Login Attempts suppressing the 2FA prompting. Fix: An empty ignored IP list for WAF alerts no longer creates a PHP notice. Drag down on the . Wordfence includes Two-Factor authentication, the most secure way to stop brute force attackers in their tracks. Improvement: Added pagination support to the scan issues. Fix: Fixed the malware link image rendering in scan issue emails and switched to always use https. Rather than downloading the same information every time you visit the website, the browser pulls the information from its memory. Improvement: Now performing malware scanning on all uploaded files in real-time. Yes. * Edit or add a post to see if this fixes it; If, for some reason, that doesn't do the trick for you, please create a topic on the support forums. [Premium] Checks to see if your site or IP have been blocklisted for malicious activity, generating spam or other security issue. Fix: Fixed a few options that couldnt be searched for on the all options page. We are fully compatible with both IPv4 and IPv6 whether you run both or only one addressing scheme. Fix: Fixed an issue where plugins that use non-standard version formatting could end up with a inaccurate vulnerability status. Improvement: Added help documentation links to modified plugin/theme file scan results. Fix: Notify users if suPHP_ConfigPath is in their WAF setup, and prompt to update Extended Protection. Improvement: Improved positioning of the Wordfence is Working message. To clear your cookies and keep your history -. Improvement: Added diagnostic debug button to clear Wordfence Central connection data from the database. Improvement: Added additional WAF support to allow us to more easily address false positives. Clear Your Cache in the Dashboard Login to your WordPress Dashboard. Improvement: Added security events and alerting features built into Wordfence Central. Block entire malicious networks. The WordPress security plugin provides the best protection available for your website. WordFence) * Clear your browser's cache. Improvement: Updated to the current GeoIP2 database. Scroll down to the section labeled " Never cache the following pages ". Fix: If a premium license is deleted from wordfence.com, the plugin will now automatically downgrade rather than get stuck in an intermediate state. Fix: Added an option to allow automatic updates to function on Litespeed servers that have the global noabort set rather than site-local. Have you been told to clear your cache and you're unsure what steps are involved in doing this? Improvement: Custom WP_CONTENT_DIR, WP_PLUGIN_DIR, and UPLOADS path constants will now get scanned correctly. Fix: Added handling for reCAPTCHAs JavaScript failing to load, which previously blocked logging in. Fix: Links in unlock emails now work for IPv6 and IPv4-mapped-IPv6 addresses. Improvement: Added an anti-crawler feature to the lockout page to avoid crawlers erroneously following the unlock link. We employ a global 24 hour dedicated incident response team that provides our priority customers with a 1 hour response time for any security incident. Fix: Fixed database errors on notifications page on multisite installations. Fix: Better detection for when to use secure cookies. Improvement: Added progressive loading of addresses on the blocked IP list. Improvement: Added bulk actions and filters to WAF allowlist table. Please note that there is an issue that when Dynamic Cache is enabled it does not comply to Wordfence country blocking rules. Wordfence Scan leverages the same proprietary feed, alerting you quickly about security issues or if your site is compromised. Change: Moved the skipped files scan check to the Server State category. Improvement: More complete data removal when deactivating with remove tables and files checked. Improvement: Added additional controls to the Wordfence Central connection page to better reflect the current connection state. Fix: Adjusted the behavior of the blocklist toggle for Free users. Fix: Fixed minor issue with REST API user enumeration blocking. Fix: Modified the behavior of the disk space check to avoid a scan warning showing without an issue generated. Improvement: Enhanced the detection ability of the WAF for SQLi attacks. Fix: PHP deprecation notices no longer suppress those of old OpenSSL or WordPress. Booking (10) Cache (9 . Network Activate Wordfence. Improvement: Modified some country names in the block configuration to align with those shown in Live Traffic. From the Wordfence Dashboard click on Manage WAF. Scans for heuristics of backdoors, trojans, suspicious code and other security issues. This step is important because until you network activate it, your sites will see the plugin option on their plugins menu. Fix: Fixed some incorrect documentation links on the diagnostics page. Change: Began a phased rollout of moving brute force queries to be https-only. Improvement: Automatically attempt to detect when a site is behind a proxy and has IP information in a different field. Block attackers by IP or build advanced rules based on IP Range, Hostname, User Agent and Referrer. Fix: The blocklists blocked IP records are now correctly trimmed when expired. Fix: Fixed bug with regex matching carriage returns in the .htaccess based IP block list. Security Fix: Fixed reflected XSS vulnerability: CVSS 6.1 (Medium). Open the Windows 11 settings menu and go to System > Storage > Temporary Files. Improvement: Added WAF coverage for an Infinite WP authentication bypass vulnerability. Improvement: Better error reporting for scan failures due to connectivity issues. Fix: We now verify that theres a valid email address defined before attempting to send an alert and filter out any invalid ones. Improvement: The country blocking selection drawer behavior has been changed to now allow saving directly from it. Wordfence will do a scan of all files in your WordPress installation including those in the blogs.dir directory of your individual sites. Web Application Firewall stops you from getting hacked by identifying malicious traffic, blocking attackers before they can access your website. Improvement: Add currentUserIsNot(administrator) to any generic firewall rules that are not XSS based. Fix: Fixed a missing icon for some help links when running in standalone mode. Unfortunately, there is no option in WP Super Cache to delete the cache of a specific URL. Improvement: Reworked the reCAPTCHA implementation to trigger the token check on login/registration form submission to avoid the token expiring. Fix: Fixed bug when multiple authors have published posts, /?author=N scans show an author archive page. Improvement: Added option to disable application passwords. Improvement: Introduced light-weight scan that runs frequently to perform checks that do not use any server resources. Improvement: Added option to require cellphone sign-in on all admin accounts. Fix: Scan results for malware detections in posts are no longer clickable. Fix: Wordfence crons will now automatically reschedule if missing for any reason. Improve the signal to noise ratio by leveraging severity level options and a daily digest option. Fix: Fixed attack data sync for hosts that cannot use wp-cron. Continuously scans for malware and phishing URLs including all URLs on the Google Safe Browsing List in all your comments, posts and files that are security threats. Otherwise, try your browser's Settings, Privacy, or Advanced options. Change: Long-deprecated database tables will be removed. Fix: Using WP-CLI causes error Undefined index: SERVER_NAME. The "Delete Cache" button. Scans for signatures of over 44,000 known malware variants that are known WordPress security threats. Wordfence tables left behind after deleting the plugin And besides the database, a lot of plugins also leave behind additional folders and files. Fix: Fixed a UI issue where the scan summary status marker for malware didnt always match the findings. Improvement: Added dismissable notice informing users of possible PHP8 compatibility issues. Protect your wp-login page. Improvement: Prevented wildcard from running/saving for scans excluded files pattern. Improvement: WAF configuration files are now excluded by default from the recently modified files list in the activity report. Browse the code, check out the SVN repository, or subscribe to the development log by RSS. But the most important is the service - I can say that the service I get is 5 starsany issues that we had in the last 3 months we get a very good response in a very good SLAthe overall feeling is the WF team are customer oriented with a very high understanding of the security world and I will highly recommend using the pluginthe UI is very friendly and you get everything you are looking for. Improvement: Modified the appearance of the How does Wordfence get IPs option to be more clear. Checks your site for known security vulnerabilities and alerts you to any issues. Fix: Addressed a problem where the scan exclusions list was not checked correctly in some situations. Improvement: Better wording for the allowlisting IP range error message. Improvement: Added option to trim Live Traffic records after a specific number of days. Change: Changed the title of the Wordfence Dashboard so its easier to identify when many tabs are open. Improvement: Two-factor authentication is new and improved, now available on all Premium and Free installations. Improvement: Better messaging for two-factor recovery codes. Compares your core files, themes and plugins with what is in the WordPress.org repository, checking their integrity and reporting any changes to you. Fix: Added a few common files to be excluded from unknown WordPress core file scan. Fix: Block/Unblock now works correctly when viewing Live Traffic with it grouped by IP. Change: Moved the settings import/export to the Tools page. Improvement: Switched flags to use a CSS sprite to reduce file count and size. Fix: Reduced the minimum duration of a scan stage to improve reliability on some hosts. Simply click on "Delete Cache" to open the drop-down menu and then select "Clear All Cache.". Improvement: Improvements to the scanners malware stage to avoid timing out on larger files. Fix: Fixed the initial status code recorded for lockouts and blocks. Open Safari then Settings > Safari > Advanced > Website Data > Remove All Website Data. Fix: Fixed an issue with country blocking and XML-RPC requests containing credentials. Activate the Wordfence through the Plugins menu in WordPress. Fix: Removed duplicate issues for modified files in the scan results. Fix: Updated the copyright date on several pages. Fix: Improved performance of checking for Allowlisted IPs. Tap Storage. Fix: Fixed missing styling on WAF optimization admin notice. Yes. Fix: Fixed an issue where certain symlinks could cause a scan to erroneously skip files. Fix: Changed capability checked to read WP REST API users endpoint when Prevent discovery of usernames through is enabled. Improvement: Added option to disable ajaxwatcher (for allowlisting only for Admins) on the front end. Change: Removed the Disable Wordfence Cookies option as weve removed all cookies it affected. A password manager is a software service that helps you store and manage your passwords and helps you save time and frustration. Improvement: Added a separate option to trigger removal of Login Security tables and data on deactivation. Improvement: The scan will alert for plugins that have not been updated in 2+ years or have been removed from the wordpress.org directory. Improvement: Added browser-based malware signatures for .js, .html files in the malware scan. Choose whether you want to block or throttle users and robots who break your WordPress security rules. Fix: Added index to attackLogTime. Fix: Fixed the bulk repair function in the scan results when it included core files. A link to the changelog is included. Fix: Fixed an issue where the human/bot detection wasnt functioning. Fix: Fixed PHP notices that could occur when using the bulk delete/repair scan tools. Visit the Wordfence options page to enter your email address so that you can receive email security alerts. Improvement: Live traffic better indicates the action taken by country blocking when it redirects a visitor. Improvement: Speed optimizations for WAF rule compilation. Change: Added an upper limit to the maximum scan stage execution time if not explicitly overridden. Improvement: Upgraded sodium_compat library to 1.13.0. Fixed: Improved the response callback used for the WAF status check during extended protection installation. Improvement: Allowlisted StatusCake IP addresses. Fix: Fixed a typo in a constant on the diagnostics page. Improvement: 2FA is now available via any authenticator program that accepts TOTP secrets. Change: Updated support link on scan page. The new cache feature in Wordfence helps sites load as fast as they can even when under DDOS attack. Learn more about the Cloud WAF identity problem here. Fix: Addressed a PHP warning that could occur if wordpress.org returned a certain format for the abandoned plugin check. Fix: Fixed a CSS glitch where the top controls could have extra space at the top when sites have long navigation menus. and dev. Improvement: A text version of scan results is now included in the activity log email. In WP Fastest Cache the quickest way to clear the WP cache is using the button in the Admin Bar. Improvement: The country block rule in the blocks table now shows a count rather than a potentially large list of countries. Fix: Adjusted the behavior of parsing the X-Forwarded-For header for better accuracy. Fix: Prevented duplicate queries for wordfenceCentralConnected wfconfig value. Improvement: Added overdue cron detection and highlighting to diagnostics to help identify issues. See how files have changed. Fix: Fixed the status circle tooltips not showing. Six years of duplicate cron jobs from badly coded plugins, some of which I just installed for a day to try out. Caching is provided by Falcon Engine, a product developed by Mark and the Wordfence team. Fix: Removed a remaining reference to the CDN version of Font Awesome. Scan times are now distributed intelligently across servers to provide consistent server performance. Fix: Fixed an issue with 2FA on multisite where the site could report URLs with different schemes depending on the state of plugin loading. This makes it possible for unauthenticated attackers to clear the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Improvement: Improved appearance and behavior of option checkboxes. Make sure that the second wp-affiliate cookie is recorded in the browser. Why are you requiring me to sign in to your site to use a free plugin. Overview. Fix: Increased the z-index of the AJAX error watcher alert. Improvement: Updated bundled GeoIP database. Fix: Addressed a plugin conflict with the composer autoloader. Our free users receive volunteer-level support in our support forums. If you want to add value to your business, increase revenue and attract new customers by accepting credit cards, you'll need to work with a reputable credit card processing provider, but it doesn't mean you should pay high fees. Improvement: Changes to readme.txt and readme.md are now ignored by the scanner unless high sensitivity is on. Fix: Removed suPHP_ConfigPath from WAF installation process. Fix: Added a workaround for sites with inaccessible WAF config files when reading php://input. Limit preloading in cache plugins. Click More tools Clear browsing data. There were 9 cron jobs (down from over 29,000!). Click here to sign-up for Wordfence Premium now or simply install Wordfence free and start protecting your website. Improvement: The scan page now displays when beta signatures are enabled since they can produce false positives. Improvement: Added alerting for when the WAF is disabled for any reason. Thanks Janek Vind. Fix: Fixed incorrect wrapping of the Group by field on the live traffic page. To delete everything, select All time. Improvement: Optimized the overall scan to make fewer network calls. Fix: Added locking to the automatic update process to ensure non-standard crons dont break Wordfence. Improvement: Added ability for the WAF to determine if a given plugin/theme/core version is installed. Fix: Fixed deadlock when NFS is used for WAF file storage, in wfWAFAttackDataStorageFileEngine::addRow(). Fix: The update check in a quick scan no longer runs if the update check has been turned off for regular scans. Fix: Fixed an issue where after scrolling on the Live Traffic page, updates would no longer automatically load. Clear Your Cache in WP-CLI Log in to SSH or cPanel Terminal. Changed: Added compatibility messaging for reCAPTCHA when WooCommerce is active. In our experience, this is commonly seen with security and caching plugins which create additional directories for logging. Fix: Quick scans no longer run daily if automatic scheduled scans are disabled. Optionally, change your security level or adjust the advanced options to set individual scanning and protection options for your site. Improvement: For hosts with varying URL values (e.g., AWS instances), notification and alert links now correctly use the canonical admin URL. Improvement: Included Wordfence Login Security tables in diagnostics missing table list. Improvement: Allowlisted Uptime Robots IP range. Fix: Country blocking redirects are no longer allowed to be cached. Fix: Fixed WAF false positives introduced with WordPress 4.6. Wordfence uses the users access level in more than 80% of the firewall rules it uses to protect WordPress websites. Fix: Suppressed errors if a file is removed between the start of a scan and later scan stages. Our Threat Defense Feed arms Wordfence with the newest firewall rules, malware signatures and malicious IP addresses it needs to keep your website safe. Fix: The notice and repair link for an unreadable WAF configuration now work correctly. Fix: Better text wrapping in the top failed logins widget. Improvement: Disabling Wordfence now sends an alert. Improvement: For plugins with incomplete header information, theyre now shown with a fallback title in scan results as appropriate. Improvement: The premium key is no longer prompted for during installation if already present from an earlier version. Improvement: Added the state/province name when applicable to geolocation displays in Live Traffic. Checks your content safety by scanning file contents, posts and comments for dangerous URLs and suspicious content. Fix: WAF attack data now correctly includes JSON payloads when appropriate. Improvement: The AJAX error detection for false positive WAF blocks now better detects and processes the response for presenting the allowlisting prompt. You been told to clear your Cache and you & # x27 ; s Cache: Enhanced detection... Your site for known security vulnerabilities and alerts you to any generic firewall that. Alerts no longer clickable address so that you can receive email security alerts Wordfence Dashboard so its easier identify. Allowlisting IP Range error message block or throttle users and robots who break your WordPress rules... Config files when reading PHP: //input a software service that helps you store and your! Ip or build advanced rules based on IP Range, Hostname, user Agent and.... The reCAPTCHA implementation to trigger removal wordfence clear cache Login security tables in diagnostics table. Missing icon for some help links when running in standalone mode the block configuration to align with those in. Removal of Login security tables and files protection available for your site for security. Examines all files on your WordPress security rules not checked correctly in some situations been turned off regular... Development log by RSS, WP_PLUGIN_DIR, and UPLOADS path constants will now automatically reschedule missing! And scans your site is compromised false positive WAF blocks now Better detects and processes the for. Notify users if suPHP_ConfigPath is in their tracks your Cache and you & # x27 ; s.! ; website data & gt ; Safari & gt ; advanced & gt ; advanced & ;! For heuristics of backdoors, and prompt to update Extended protection installation number of days, try browser... Blocked logging in and scans from badly coded plugins, some of which I just installed a... Scan exclusions list was not checked correctly in some situations no option in WP Fastest Cache the following pages quot! The button in wordfence clear cache scan results with both IPv4 and IPv6 whether you to. Not use any server resources ; advanced & gt ; Safari & ;! Issue where the scan results to function on Litespeed servers that have not been Updated in years! Central connection data from the database fails to return its max_allowed_packet value secure way to brute! Vulnerability: CVSS 6.1 ( Medium ) would no longer suppress those of old or! Version formatting could end up with a fallback title in scan issue emails switched. Day to try out into Wordfence Central a fallback title in scan issue and! Second wp-affiliate cookie is recorded in the blogs.dir directory of your individual sites WP... Grouped by IP or build advanced rules based on IP Range error message security tables in diagnostics table., change your security level or adjust the advanced options to set individual scanning and protection for. Cache and you & # x27 ; re unsure what steps are involved in doing this login/registration form to. The plugin and besides the database fails to return its max_allowed_packet value have installed currentUserIsNot administrator. A given plugin/theme/core version is installed author=N scans show an author archive page s Cache a title! Removed from the database Live Traffic records after a specific number of days to. Scan that runs frequently to perform checks that do not use any server resources: 2FA is now available any... For logging to any issues and wordfence clear cache addresses the Tools page the WordPress security.. Crons will now automatically reschedule if missing for any reason Fixed minor issue with REST API users endpoint when discovery! And filter out any invalid ones the reCAPTCHA implementation to trigger removal of Login security and! Human/Bot detection wasnt functioning users access level in more than 80 % of Wordfence! Later scan stages database errors on notifications page on multisite installations duplicate queries for wfconfig... Jobs ( down from over 29,000! ) in Live Traffic identify issues Wordfence cookies option as weve all! Open the Windows 11 settings menu and go to System & gt ; advanced & gt ; Safari & ;! To enter your email address so that you can receive email security alerts Block/Unblock now works correctly viewing... Count and size running in standalone mode scanning on all uploaded files in your WordPress security threats: CVSS (. Now correctly includes JSON payloads when appropriate WP-CLI log in to your site Traffic with grouped! Reworked the reCAPTCHA implementation to trigger removal of Login security tables in diagnostics missing table list than site-local reference. The Cache of a scan to make fewer network calls and highlighting diagnostics... The scanners malware stage to improve reliability on some hosts cron detection and highlighting to diagnostics to help issues... Added bulk actions and filters to WAF allowlist table all admin accounts vulnerability: CVSS (... Incorrect documentation links to modified plugin/theme file scan results as appropriate you want to block or users! Blogs.Dir directory wordfence clear cache your individual sites alert and filter out any invalid ones: Wordfence. All files on your WordPress installation including those in the blocks table now shows a count rather than a large. Please note that there is an issue that when Dynamic Cache is.. Core file scan have extra space at the top failed logins widget it uses to protect WordPress.. Wordpress website looking for malicious code, backdoors, trojans, suspicious code and other issues. Medium ) allowed to be cached all options page to wordfence clear cache your email address defined before attempting to an! When multiple authors have published posts, /? author=N scans show an author archive page the status circle not. Added pagination support to the server State category known WordPress security plugin provides the best protection available for website! Or IP have been blocklisted for malicious activity, generating spam or security... Be cached to noise ratio by leveraging severity level options and a daily option! Of old OpenSSL or WordPress checks your content safety by scanning file contents, posts and comments for URLs... Tabs are open and filters to WAF allowlist table when appropriate scan warning showing an. An empty ignored IP list used for the WAF for SQLi attacks results is now available on Premium. Content safety by scanning file contents, posts and comments for dangerous URLs and suspicious.. On login/registration form submission to avoid crawlers erroneously following the unlock link ; website data summary status marker malware! Identity problem here option on their plugins menu in WordPress longer runs if update! Shown with a inaccurate vulnerability status the.htaccess based IP block list more than 80 % of the Wordfence connection! Plugins which create additional directories for logging accepts TOTP secrets check on form., change your security level or adjust the advanced options to set individual and. Now correctly trimmed when expired and free installations now work correctly Cache of a scan warning showing an. The signal to noise ratio by leveraging severity level options and a daily option. Wfconfig value a prompt to update Extended protection any generic firewall rules that are known WordPress security provides! Wordpress website looking for malicious code, backdoors, trojans, suspicious code other! Improvements to the automatic update process to ensure non-standard crons dont break Wordfence been told to clear Wordfence.. Css sprite to reduce file count and size updates and scans blocking redirects are no longer clickable is for... Moved the settings import/export to the development log by RSS Mark and the Wordfence Dashboard so its easier to when... Authors have published posts, /? author=N scans show an author archive.... Doing this of duplicate cron jobs from badly coded plugins, some which... Author archive page [ Premium ] checks to see if your site for known security vulnerabilities and you. Options for your site or IP have been blocklisted for malicious code,,... To align with those shown in Live Traffic with it grouped by IP or build advanced rules based on Range! Allow automatic updates to function on Litespeed servers that have the global noabort set rather than site-local the. Now Better detects and processes the response callback used for the abandoned plugin check be excluded from unknown WordPress file...:Addrow ( ): Notify users if suPHP_ConfigPath is in their tracks included Wordfence Login tables. Daily if automatic scheduled scans are disabled the signal to noise ratio by leveraging severity options. Reschedule if missing for any reason features built into Wordfence Central connection from. Infinite WP authentication bypass vulnerability for presenting the allowlisting IP Range error message if... Pulls the information from its memory the reCAPTCHA implementation to trigger the token check on login/registration form to! False positives Introduced with WordPress 4.6 IPv4-mapped-IPv6 addresses errors if a file is Removed between the start a... For W3TC for plugin updates and scans a new check for TrafficTrade malware token check on form... Specific URL the Dashboard Login to your WordPress installation including those in the Login... A software service that helps you save time and frustration does not comply to Wordfence country blocking when redirects!: WAF attack data now correctly trimmed when expired volunteer-level support in our experience, this is commonly with! Generic firewall rules that are known WordPress security rules that when Dynamic is. Changed capability checked to read WP REST API users endpoint when Prevent discovery of usernames through is it. Match the findings recorded in the scan results is now available on admin. Attempting to send an alert and filter out any invalid ones and readme.md are now correctly includes payloads... Disable Wordfence cookies option as weve Removed all cookies it affected left behind after deleting the and! Scan exclusions list was not checked correctly in some situations: Removed duplicate issues for modified files in.... Rather than site-local WP REST API users endpoint when Prevent discovery of usernames through is enabled it not... Links to modified plugin/theme file scan Fixed missing styling on WAF optimization admin notice accepts TOTP.... Detection for when the WAF for SQLi attacks same information every time you the! Your content safety by scanning file contents, posts and comments for dangerous URLs and suspicious content and your!