Wordfence 5.0.6 Beta 1 Released

[UPDATE May 5th: Wordfence 5.0.6 Official has now been released. Thanks to our beta team for testing this release and their feedback.]

This is for our Beta team. Wordfence 5.0.6 Beta1 has been released and you can download it using this link.

This is one of our coolest releases ever because it MASSIVELY reduces false positives through a new API function we’ve introduced in our scanning servers which checks to see if a file is a “known safe file” in a database of safe file hashes we’ve compiled.

We’ve also added a feature that lets you prevent hackers from scanning for your usernames by using the /?author=N scan technique.

We’veĀ are also now officially supporting LiteSpeed and Nginx and Wordfence is tested on both platforms before release. This release includes a fix that will make Falcon Engine work correctly on LiteSpeed. It also auto-detects Nginx and will direct you to a page that helps you configure Nginx when you enable Falcon Engine.

It also has some important improvements. The changes are:

  • Feature: Prevent discovery of usernames through ‘?/author=N’ scans. New option under login security which you can enable.
  • Fix: Introduced new global hash whitelist on our servers that drastically reduces false positives in all scans especially theme and plugin scans.
  • Fix: Fixed issue that corrupted .htaccess because stat cache would store file size and cause filesize() to report incorrect size when reading/writing .htaccess.
  • Fix: Fixed LiteSpeed issue where Falcon Engine would not serve cached pages under LiteSpeed and LiteSpeed warned about unknown server variable in .htaccess.
  • Fix: Fixed issue where Wordfence Security Network won’t block known bad IP after first login attempt if “Don’t let WordPress reveal valid users in login errors” option is not enabled.
  • Fix: Sites installed under a directory would sometimes see Falcon not serving cached docs.
  • Fix: If you are a premium customer and you have 2FA enabled and your key expires, fixed issue that may have caused you to get locked out.
  • Improvement: If your Premium API key now expires, we simply downgrade you to free scanning and continue rather than disabling Wordfence.
  • Improvement: Email warnings a few days before your Premium key expires so you have a chance to upgrade for uninterrupted service.

Beta testers as usual please send your bug reports to beta@wordfence.com.

Thanks for your help getting this release ready for the enterprise production environment.

Regards,

Mark.

Did you enjoy this post? Share it!

Comments

2 Comments
  • Uhm, guys, there should be a link to install and uninstall instructions and known issues and workarounds.

    • Hi Sean,

      You install the zip file as you would any plugin distributed in a ZIP archve - just use the WordPress upload function. However I understand that many folks don't realize this so we'll make sure for the next beta we include this.

      Regarding known issues: Thanks for this, I'll give it some thought e.g. we might open-source our bug tracking system so that customers/users can view known issues and their status.

      Regards,

      Mark.