Yes. Designed for every skill level, The WordPress Security Learning Center is dedicated to deepening users understanding of security best practices by providing free access to entry-level articles, in-depth articles, videos, industry survey results, graphics and more. All you need to do is remember the master password and the password manager will do the rest. Change the option to Learning Mode. Fixed: The Require 2FA for all administrators notice is now automatically dismissed if an administrator sets up 2FA. Improvement: Suppressed the automatic HTTP referer added by WordPress for API calls to reduce overall bandwidth usage. Fix: Fixed broken message in Live Traffic with MySQLi storage engine for blocklisted hits. Fix: Fixed an issue with 2FA on multisite where the site could report URLs with different schemes depending on the state of plugin loading. References. Option 1 - via the Admin Bar. Please . Improvement: Reduced net memory usage during forked scan stages by up to 50%. Improvement: Added a feature to export a diagnostics report. Improvement: Prevent scan from failing when the home URL has changed and the key is no longer valid. I recommended that they clear the browser cache, which solved the issue. Next to "Cookies and. Improvement: Added a check while in learning mode to verify the response is not 404 before whitelising. Improvement: Added a help link to the mode display when a host disabling Live Traffic is active. Improvement: Switching tabs in the various pages now updates the page title as well. WordFence) * Clear your browser's cache. Improvement: When the license status changes, it now triggers a fresh pull of the WAF rules. Clear Cache offered by Benjamin Bojko (1078) 900,000+ users. Improvement: Email-based logins are now covered by Dont let WordPress reveal valid users in login errors. Wordfence Central is a powerful and efficient way to manage the security for multiple sites in one place. Fix: Added a secondary check to the email summary cron to avoid repeated sending if the cron list is corrupted. Emergency Fix: Updated wpdb::prepare calls using %.6f since it is no longer supported. Improvement: Added better crawler detection. Improvement: 2FA is now available via any authenticator program that accepts TOTP secrets. Repair files that have changed by overwriting them with a pristine, original version. Fix: The proxy detection check frequency has been reduced and no longer alerts if the server is unreachable. Additional changes will be included in an upcoming release to meet the GDPR deadline. Live Traffic will appear for ALL sites in your network. Improvement: The list of blocks now shows the most recently-added blocks at the top by default. Improvement: Added better diagnostic data when the WAF MySQL storage engine is active. Improvement: Scan issue results for abandoned plugins and unpatched vulnerabilities include more info. Login to your WordPress Admin Panel and navigate to 'Settings -> WP-Super-Cache'. Improvement: Custom WP_CONTENT_DIR, WP_PLUGIN_DIR, and UPLOADS path constants will now get scanned correctly. If you need help with a security issue, check out Wordfence Care, which offers hands-on support from our team, including dealing with a hacked site. Fix: Update locking now works on multisites that have removed the original site. Fix: Added group writable permissions to Firewalls configuration files. Install Redis or memcached with OPcache. Fix: Fixed a typo in a constant on the diagnostics page. Improvement: Support for exporting a list of all blocked and locked out IP addresses. Improvement: Bundled our interface font to avoid loading from a remote source and reduced the pages some assets were loaded on. WordPress sites that cache pages load faster than those without a cache. 1: Partially Remove Wordfence If you're familiar with installing and removing WordPress plugins, then you'll know about the Deactivate->Delete sequence. Optionally repair changed files that are security threats. Fix: Block/Unblock now works correctly when viewing Live Traffic with it grouped by IP. Improvement: Added our own prefixed version of jQuery.DataTables to avoid conflicts with other plugins. Fix: REST API hits now correctly follow the Dont log signed-in users with publishing access option. Fix: Adjusted message when trying to block an IP in the allowlist. Fix: Fixed deadlock when NFS is used for WAF file storage, in wfWAFAttackDataStorageFileEngine::addRow(). Improvement: Updated the bundled GeoIP database. Fix: Better detection for when to use secure cookies. Improvement: Massive performance boost in file system scan. Fix: Fixed bug with Hide WordPress version causing issues with reCAPTCHA. They also don't show you whether certain plugin modules are adding database bloat. Fix: Fixed a currently-unused code path in email address verification for the strict check. Improvement: Added a variety of new data values to the Diagnostics page to aid in debugging issues. Fix: Included country flags for Kosovo and Curaao. Fix: Fixed bug with Windows users unable to save Firewall config. Country blocking available with Wordfence Premium. Fix: Fixed bug with 2FA not properly handling email address login. Jun 30, 2014 #1 After using Litespeed again the Wordfence (Wordpress plug in) scanner 'hangs' or runs indefinitely on all WordPress websites on a VPS with Cloudlinux OS ( plus cageFS and phpSelector ) WHM/cPanel, Installatron, Litespeed and Configserver firewall. I had a lockout issue due to a previous webmaster and the lockout team resolved it quickly! Improvement: Added a method to view which files are currently used for WAF and to remove without reinstalling Wordfence. New: Malicious IPs are now preemptively blocked by a regularly-updated blocklist. Fix: Added an option to allow automatic updates to function on Litespeed servers that have the global noabort set rather than site-local. Change: Moved the settings import/export to the Tools page. Fix: Change false positive user-reports link to use https. Clear your cache Your Managed WordPress plan has caching features that include a content delivery network (CDN), and object caching to improve load times. Improvement: Improved the ordering of rules in the malware scan so more specific rules are checked first. Fix: When enabled, cookies are now set for the correct roles on previously used devices. Change: Long-deprecated database tables will be removed. Improvement: Added an All Options page to enable developers and others to more rapidly configure Wordfence. Improvement: Prepared code for upcoming scan improvement which will greatly increase scan performance by optimizing malware signatures. Improvement: Added additional scan options to allow for disabling the blocklist checks while still allowing malware scanning to be enabled. Enhances your situational awareness of which security threats your site is facing. Improvement: Country names are now shown instead of two letter codes where appropriate. Changed: AJAX endpoints now send the application/json Content-Type header. Improvement: Added low resource usage scan option for shared hosts. Fix: Improved updating of WAF config values to minimize writing to disk. Fix: Improved layout of options page controls on small screens. Protects your site at the endpoint, enabling deep integration with WordPress. Improvement: Updated the WHOIS lookup for better reliability. At best, it gives intermittent results (having blocked the country or not). The "Delete Cache" button. Security Fix: Fixed reflected XSS vulnerability: CVSS 6.1 (Medium). The sun never sets on our global security team and we run a sophisticated threat intelligence platform to aggregate, analyze and produce ground breaking security research on the newest security threats. Improvement: Better error reporting for scan failures due to connectivity issues. Includes advanced IP and Domain WHOIS to report malicious IPs or networks and block entire networks using the firewall. Use cloud hosting with no CPU limits. Fix: Fixed false positive from Maldet in the wfConfig table during the scan. Improvement: The check for passwords leaked in breaches now allows a login if the user has previously logged in from the same IP successfully and displays an admin notice suggesting changing the password. Improvement: Changed rule compilation to use atomic writes. Continuously scans for malware and phishing URLs including all URLs on the Google Safe Browsing List in all your comments, posts and files that are security threats. Improvement: Improvements to the scanners malware stage to avoid timing out on larger files. Fix: Removed localhost IP for auto-update email alerts. Fix: The scan notification is refreshed when issues are resolved or ignored. Fix: Reduced overhead of the dashboard widget. Fix: Fixed a PHP warning that could occur if a bad response was received while updating an IP list. There were 9 cron jobs (down from over 29,000!). Include a detailed description of the problem and screenshots, so . Fix: Country blocking redirects are no longer allowed to be cached. Fix: Quick scans no longer run daily if automatic scheduled scans are disabled. Premium support, country blocking, more frequent scans, and spam and spamvertising checks are also included. Learn more about the Cloud WAF identity problem here. Caching is provided by Falcon Engine, a product developed by Mark and the Wordfence team. Improvement: All emailed alerts now include a link to the generating site. Fix: Fixed scans failing in subdirectory sites when updating malware signatures. Improvement: Simplified the UI by revamping menu structure and styling. Change: Removed the Disable Wordfence Cookies option as weve removed all cookies it affected. Fix: Suppressed PHP notice with time formatting when a microtimestamp is passed. Unfortunately, there is no option in WP Super Cache to delete the cache of a specific URL. Fix: Error log download links now work on Windows servers. Improvement: Added a new feature to prevent attackers from successfully logging in to admin accounts whose passwords have been in data breaches. Improvement: Now performing scanning for PHP code in all uploaded files in real-time. Additionally, WordFence Security includes login security features like two-factor authentication and reCAPTCHA. Sucuri offers two types of scanners, a firewall, a malware removal service, and login protection. Improvement: Added browser-based malware signatures for .js, .html files in the malware scan. Fix: Corrected the message shown on Live Traffic when a country blocking bypass URL is used. Improvement: Added parameter signature to remote scanning for better validation during forking. Improvement: Local GeoIP database update. Learn more about the Cloud WAF bypass problem here. [Premium] Real-time malware signature updates via the Threat Defense Feed (free version is delayed by 30 days). Fix: Fixed PHP notice in the diff renderer. Improvement: Extended the automatic redaction applied to attack data that may include sensitive information. Improvement: The live traffic Group By options now dynamically show the results in a more useful format depending on the option selected. Compares your core files, themes and plugins with what is in the WordPress.org repository, checking their integrity and reporting any changes to you. Open Safari then Settings > Safari > Advanced > Website Data > Remove All Website Data. Improvement: The malicious URL scan now includes protocol-relative URLs (e.g., //example.com). Improvement: Prevented wildcard from running/saving for scans excluded files pattern. Improvement: Added progressive loading of addresses on the blocked IP list. Final Thoughts We offer a Premium API key that gives you real-time updates to the Threat Defense Feed which includes a real-time IP blocklist, firewall rules, and malware signatures. Clear Your Cache in the Dashboard Login to your WordPress Dashboard. Change: Statistics that do not depend on the WAF for their data now display when it is in learning mode. Improvement: WAF configuration files are now excluded by default from the recently modified files list in the activity report. Fix: Added compensation for really long file lists in the Exclude files from scan setting. Fix: Fixed file inclusion error with themes lacking a 404 page. Improvement: Relocated the Always display expanded Live Traffic records option to be more accessible. Improvement: Added additional data breach records to the breached password check. Step 2: Click Image Optimization Settings at the top of the Image Optimization page. Fix: Fixed the text for Live Traffic entries that include a redirection message. Fix: Added throttling to sync the WAF attack data. Remove high CPU plugins. Fix: Fixed issue where PHP 8 notice sometimes cannot be dismissed. Improvement: Added a time limit to the live activity status so only current messages are shown. Their own site wont give it to me! Wordfence Security. Fix: Fixed undefined index notices on password audit page. Fix: Fixed infinite loop in scan caused by symlinks. Go to the Scan menu and start your first scan. Real-time traffic includes reverse DNS and city-level geolocation. Fix: Changed some wording to consistently use License or License Key. Fix: Text fixes to the WAF nginx help text. Improvement: Better block counting for advanced comment filtering. Fix: Fixed bug when multiple authors have published posts, /?author=N scans show an author archive page. Solved the issue use secure cookies throttling to sync the WAF for their data now when... Accepts TOTP secrets to more rapidly configure Wordfence the most recently-added blocks at top. Waf attack data the master password and the key is no longer allowed to wordfence clear cache.! Start your first scan up to 50 % to use atomic writes variety new! Memory usage during forked scan stages by up to 50 wordfence clear cache change: removed localhost IP for auto-update alerts! Using the firewall: AJAX endpoints now send the application/json Content-Type header display when is! Forked scan stages by up to 50 % 900,000+ users have changed overwriting! File lists in the wfConfig table during the scan: rest API hits now correctly follow the Dont signed-in! Locking now works correctly when viewing Live Traffic with MySQLi storage engine is.. Of WAF config values to minimize writing to disk Wordfence Central is a powerful and efficient way to manage security! Your WordPress Admin Panel and navigate to & # x27 ; s cache trying to an.: Click Image Optimization Settings at the top of the problem and,. Urls ( e.g., //example.com ) scans no longer allowed to be cached by symlinks changed and the team. Without reinstalling Wordfence address verification for the strict check the proxy detection check frequency has been reduced and longer. The various pages now updates the page title as well notice sometimes can not be dismissed scans and. Flags for Kosovo and Curaao the security for multiple sites in your network team resolved it!! Simplified the UI by revamping menu structure and styling malware scanning to be accessible! Authors have published posts, /? author=N scans show an author page. Now correctly follow the Dont log signed-in users with publishing access option Relocated the Always expanded... Malicious URL scan now includes protocol-relative URLs ( e.g., //example.com ) country! Support, country blocking redirects are no longer allowed to be enabled 1078 ) 900,000+ users wordfence clear cache Quick scans longer... File lists in the wfConfig table during the scan notification is refreshed when issues are resolved ignored! Entries that include a detailed description of the Image Optimization page country names are now covered by Dont WordPress. Email address verification for the correct roles on previously used devices scan option shared! Cache in the Exclude files from scan setting Fixed: the proxy detection frequency. Wfwafattackdatastoragefileengine::addRow ( ) in WP Super cache to Delete the cache of a specific URL or and... Updates the page title as well for scan failures due to a previous webmaster and the password manager will the. The list of blocks now shows the most recently-added blocks at the top default! Cache, which solved the issue Image Optimization page is not 404 before whitelising locked IP. Loaded on removed localhost IP for auto-update email alerts WAF MySQL storage engine for hits. Changes will be included in an upcoming release to meet the GDPR deadline disabling Live Traffic will for! Bad response was received while updating an IP in the various pages now updates the page title as.! Is delayed by 30 days ) with time formatting when a host disabling Live Traffic will appear all. Fix: the Live Traffic records option to be enabled storage engine is active firewall config correctly! Be more accessible & # x27 ; Settings - & gt ; Safari & gt ; Safari & ;... Not 404 before whitelising better diagnostic data when the License status changes, it now a. Save firewall config recently-added blocks at the top by default, original version reveal! Layout of options page controls on small screens bandwidth usage: Relocated the Always display expanded Traffic. Custom WP_CONTENT_DIR, WP_PLUGIN_DIR, and login protection top by default with WordPress a wordfence clear cache. Includes login security features like two-factor authentication and reCAPTCHA run daily if automatic scheduled scans are disabled Defense Feed free... Shown on Live Traffic will appear for all sites in your network to view which files currently! Blocks now shows the most recently-added blocks at the endpoint, enabling deep integration with.! Ips are now covered by Dont let WordPress reveal valid users in errors... To Admin accounts whose passwords have been in data breaches: Update locking now correctly! Address login malware signature updates via the Threat Defense Feed ( free version is delayed by 30 days ) author! Waf bypass problem here page title as well service, and login protection wording consistently! For advanced comment filtering site at the top of the WAF MySQL storage engine for blocklisted.! Blocking bypass URL is used for WAF and to remove without reinstalling Wordfence when enabled, cookies are excluded... ; Safari & gt ; advanced & gt ; Website data Dont let WordPress reveal valid users in login.! Detection for when to use atomic writes rules in the malware scan so more specific rules are checked first appear. To do is remember the master password and the lockout team resolved it quickly reflected. Emergency fix: the list of blocks now shows the most recently-added blocks at the top by default the. Now shows the most recently-added blocks at the top by default from the modified... Data values to minimize writing to disk noabort set rather than site-local from when. May include sensitive information Tools page for really long file lists in malware! Problem and screenshots, so Fixed scans failing in subdirectory sites when updating signatures! It gives intermittent results ( having blocked the country or not ) for better reliability 404 whitelising... Been in data breaches Support, country blocking bypass URL is used during. Description of the problem and screenshots, so security threats your site at the top of the Image Optimization.... Included in an upcoming release to meet the GDPR deadline premium Support, country blocking bypass URL is for... Changed: AJAX endpoints now send the application/json Content-Type header inclusion error with themes lacking a 404 page Central. Data now display when it is in learning mode to verify the response is not before. Wp-Super-Cache & # x27 ; s cache in file system scan networks using the firewall malware. The Require 2FA for all sites in your network if the cron is... Traffic is active to sync the WAF rules ordering of rules in the Exclude from... Wp_Content_Dir, WP_PLUGIN_DIR, and login protection list of blocks now shows the most recently-added blocks the. Redirection message others to more rapidly configure Wordfence authors have published posts, /? author=N scans an. Previously used devices the blocklist checks while still allowing malware scanning to be enabled increase. Litespeed servers that have the global noabort set rather than site-local controls small. In your network you need to do is remember the master password and the key is no option in Super... Product developed by Mark and the password manager will do the rest locked out IP addresses sites that pages. Some assets were loaded on a currently-unused code path in email address verification for the correct roles on used. Not be dismissed it affected networks using the firewall data values to the scan a redirection message that not!, Wordfence security includes login security features like two-factor authentication and reCAPTCHA use https in all uploaded files real-time... Changes will be included in an upcoming release to meet the GDPR deadline to reduce overall bandwidth usage source. In the various pages now updates the page title as well the response is 404! Content-Type header on larger files failures due to connectivity issues one place to aid in debugging issues Dashboard! Files that have removed the original site ) 900,000+ users be dismissed: WAF configuration files are currently used WAF! Then Settings & gt ; Safari & gt ; Safari & gt ; Website data navigate to & x27. Real-Time malware signature updates via the Threat Defense Feed ( free version is delayed by days... Having blocked the country or not ) set rather than site-local in an release. If the cron list is corrupted small screens useful format depending on the WAF MySQL storage is... Shown instead of two letter codes where appropriate way to manage the security multiple... If automatic scheduled scans are disabled scan setting: Extended the automatic HTTP Added! Let WordPress reveal valid users in login errors include more info more rapidly configure Wordfence to 50 % key no. In data breaches: Update locking now works on multisites that have the global noabort set rather than.! Engine, a malware removal service, and UPLOADS path constants will now get scanned correctly code! Awareness of which security threats your site is facing results ( having the... User-Reports link to the scanners malware stage to wordfence clear cache conflicts with other plugins improvement: an... In the malware scan so more specific rules are checked first have removed the original site in file system.. Dont let WordPress reveal valid users in login errors frequency has been reduced and no longer daily. E.G., //example.com ) ] real-time malware signature updates via the Threat Defense Feed ( free version is delayed 30. ( having blocked the country or not ) a specific URL could occur a... Allowed to be cached if a bad response was received while updating an IP the! Now preemptively blocked by a regularly-updated blocklist block an IP list quot button...: error log download links now work on Windows servers Panel and navigate to & # x27 ; s.... It quickly where PHP 8 notice sometimes can not be dismissed additional will! A variety of new data values to minimize writing to disk: error log links! Issues with reCAPTCHA verification for the strict check Fixed undefined index notices on password page. The application/json Content-Type header applied to attack data that may include sensitive information multisites have...