Wordfence 5.2.5 released – Please update

  • WFSupport

    (@wfsupport)


    9 years, 7 months ago

    Greetings Wiordfence community!

    Our crack dev team has been hard at work and has rolled out an update that addresses some security fixes and added a few things to help you better understand your option choices. Below are some of the highlights:

    5.2.5

    • Security release. Update immediately. Thanks to Julio Potier.
    • Code hardening including improved sanitization and an additional nonce for unlock email form. Special thanks to Ryan Satterfield for the hard work.
    • Stability of auto-update improved for LiteSpeed customers. We auto-detect if you don’t have E=noabort:1 in your .htaccess and give you instructions.
    • Auto-update also disabled now for LiteSpeed customers who don’t have E=noabort:1 and you will get an email alert with an explanation.
    • Fixed a bug that may cause you to have advanced blocking patterns disabled with falcon engine enabled that should not be disabled.
    • Removed a benign warning in wfCache.php.
    • Added clarity to the banned URL option on the options page. All URL’s must be relative.
    • Added a primary key to the wp_wfStatus table which is required for certain incremental backup plugins and utilities.
    • Fixed advanced country blocking which was not correctly displaying advanced options.
    • Migrated to using wp_kses() for sanitization.
    • Prevent IP spoofing in default Wordfence IP configuration.
    • Change explanations of how Wordfence gets IP’s to make it clear which to use to prevent spoofing.
    • Make it clear that the option to have IP’s immediately blocked when they access a URL requires relative URL’s starting with a forward slash.
    • Whitelist Sucuri’s scanning IP addresses which were getting blocked because they triggered Wordfence blocking during a scan.
    • Improved Wordfence’s code that acquires the visitor IP to block certain spoofing attacks, be more platform agnostic and deal with visits from private IP’s more elegantly.

      • As always, thanks for being the best plugin community in WordPress. You guys (and gals) rock!

      tim

    https://wordpress.org/plugins/wordfence/

Viewing 4 replies - 1 through 4 (of 4 total)
  • jessicana

    (@jessicana)

    9 years, 7 months ago

    Hello,

    Under live traffic, I used to see the flag of every country visiting the website and this makes it easier to recognize from where I am getting a traffic. After the last update I don’t see those flags associated with every IP. I wish I have them back.

    Thanks!

    indigokj

    (@indigokj)

    9 years, 7 months ago

    Since Saturday morning WordFence is reporting all traffic as coming from our server’s IP address, so I can’t tell where attacks are actually originating. Am I the only one with this problem?

    indigokj

    (@indigokj)

    9 years, 7 months ago

    I also had to disable the “Immediately block fake Google crawlers” option because it was shutting down our sites. Presumably this was because it was our server’s IP that was causing the fake-out.

    Plugin Author Wordfence Security

    (@mmaunder)

    9 years, 7 months ago

    Hi folks,

    Please don’t reply to the sticky announcing the release with a support request. You’re not going to get a response. Please create a new forum post and Tim will be happy to help you.

    Regards,

    Mark.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Wordfence 5.2.5 released – Please update’ is closed to new replies.