Mark Maunder
January 26, 2015

Wordfence 5.3.6 Released!

Wordfence 5.3.6 has just been released! This version includes a few important fixes and a few awesome new features including the ability to block anyone (or anything) from submitting a form to your site if they have a blank referrer header and user-agent header. This is a common pattern among bots and will help you block a few more hack attempts. This is included in the free and Premium versions of Wordfence.

The changes are below and the full changelog is here: https://wordpress.org/plugins/wordfence/changelog/

  • Feature: You can now block POST requests to your WordPress site that have an empty User-Agent and Referer header. This is a common pattern among badly written brute force bots.
  • Feature: Added cron viewer at bottom of Wordfence options page. The plugin we were using to help diagnose customer issues is broken. Use this instead.
  • Feature: Added DB table viewer at bottom of Wordfence options page. This is a read-only utility to view table names and detailed status. Also for customer diagnostic purposes.
  • Improvement: Code cleanup after in-depth code analysis. Removed unused functions and variables and re-indented selected code.
  • Fix: Fixed issue that appeared after last release where raw HTML tags were appearing in email alerts.
  • Fix: Tour behaved inconsistently under some conditions. Fixed.
  • Fix: Mismatched HTML tags in some presentation code. Fixed.
  • Fix: When fetching theme list the interator had the same name as the array. Fixed.
  • Fix: Detection for malware URLs in comments had a partial description in the issue. Was being overwritten when it should have been appended. Fixed.
  • Fix: Check if dns_get_record() exists before using it to avoid warnings.
  • Fix: If you have the wordfence security network disabled, the _wfVulnScanners table may have grown indefinitely. Fixed so it’s regularly truncated.
  • Fix: wordfence::getLog() was private and should be public. Fixed.
  • Fix: Removed warning about _wfsf not being an element of GET params. Usually hidden, but in case something checks error_get_last()

 

Trust Your Site
to the Leader in WordPress Security

Wordfence includes an endpoint firewall, malware scanner, robust login security features, live traffic views, and more. Discover why over 5 million WordPress sites put their trust in Wordfence.

Protect Your Site

Did you enjoy this post? Share it!

LinkedIn 

Comments

No Comments

Breaking WordPress Security Research in your inbox as it happens.

Example of a news story

This site uses cookies in accordance with our Privacy Policy.