Wordfence remains the number one security plugin of choice for website owners serious about protecting their investment and their customers. Our Threat Intelligence team and engineering team stay abreast of the newest threats and ensure that Wordfence is able to protect against them. But keeping a product like Wordfence ahead of the pack requires that we maintain and improve many other aspects of the product including performance, internationalization, the user interface, and that we continue to add improvements and bug fixes as they’re discovered.
Wordfence 7.10.0 has just been released and incorporates many of those ongoing improvements like improving the ability to internationalize Wordfence messages that are customer facing, clarifying messages around plugins that have been removed from the repository and even recognizing the Prespa Accord which resolved a decades long dispute over the name of the Republic of North Macedonia.
A huge thanks and congrats to the entire engineering team at Wordfence for this latest release, Wordfence 7.10.0. I think you’ll find many features you’ve been asking for, or looking forward to, are included in Wordfence 7.10.0. You can find the details of what is included in this release, below.
Wordfence 7.10.0 Changes
Several improvements were made for translations:
- Improvement: Added translation support for strings from login security plugin
- Improvement: Added translator notes regarding word order and hidden text
- Improvement: Added translation support for additional strings
- Change: Moved translation file from .po to .pot
These changes implement the translation of strings for the Login Security module which could not be translated previously, add more context for translators in several areas, and allow translation of the remaining text that was not translatable before. Some text in scan results or in error messages sent from the Wordfence servers may still appear in English, but all text that is visible by your site’s visitors and nearly all text for admins should be translatable. Please contact our support team if you have any issues translating additional strings.
Improvement: Updated scan result text to clarify meaning of plugins removed from wordpress.org
We clarified the text of scan results that show when a plugin was removed from wordpress.org, since people sometimes thought this meant that a plugin was removed from their sites.
Improvement: Prevented scans from failing if unreadable directories are encountered
On some hosts, the Wordfence scan could fail if it found a private directory inside the site’s public files, if reading the directory was blocked by a method other than file permissions. This issue no longer occurs.
Fix: Corrected IPv6 address expansion
Manually blocking IPv6 address ranges could previously cause a str_repeat() error on PHP 8 and above.
Fix: Ensured long request payloads for malicious requests are recorded in live traffic
Certain blocked hits for large requests would sometimes not appear in Live Traffic. These blocked hits should now appear.
Change: Moved detection for old TimThumb files to malware signature
Finding a vulnerability in TimThumb lead to the creation of Wordfence. Detection for vulnerable TimThumb files had been built into the plugin since that time, and detection has now been moved to the same method used for detecting malware and other dangerous files. This change prevents a false positive result on sites where PHP’s “opcache” is stored inside the document root.
Fix: Prevented rare JSON encoding issues from breaking free license registration
We found a few cases in our logs where a site could not register for a free key due to an improperly encoded URL or other data, and added a method to handle such cases.
Additional minor changes:
- Improvement: Added help link to IPv4 scan option
- Improvement: Made “Increased Attack Rate” emails actionable
- Improvement: Updated GeoIP database
- Fix: Prevented “commands out of sync” database error messages when the database connection has failed
- Fix: Prevented PHP notice from being logged when request parameter is missing
- Fix: Prevented deprecation warning in PHP 8.1
- Change: Renamed “Macedonia” to “North Macedonia, Republic of”
The above list includes text changes, prevention of unnecessary log messages, and some updates to libraries and data used by Wordfence.
We hope you enjoy Wordfence 7.10.0 as much as we enjoyed creating it!
~The Wordfence Team