WordPress.org

Plugin Directory

Wordfence Security – Firewall, Malware Scan, and Login Security

Wordfence Security – Firewall, Malware Scan, and Login Security

Description

DUNYoNING ENG ZO’R VAZIFALARI FIREWALL & amp; XAVFSIZLIK Skaneri

WordPress security requires a team of dedicated analysts researching the latest malware variants and WordPress exploits, turning them into firewall rules and malware signatures, and releasing those to customers in real-time. Wordfence is widely acknowledged as the number one WordPress security research team in the World. Our plugin provides a comprehensive suite of security features, and our team’s research is what powers our plugin and provides the level of security that we are known for.

At Wordfence, WordPress security isn’t a division of our business – WordPress security is all we do. We employ a global 24 hour dedicated incident response team that provides our priority customers with a 1 hour response time for any security incident. The sun never sets on our global security team and we run a sophisticated threat intelligence platform to aggregate, analyze and produce ground breaking security research on the newest security threats.

Wordfence Security includes an endpoint firewall, malware scanner, robust login security features, live traffic views, and more. Our Threat Defense Feed arms Wordfence with the newest firewall rules, malware signatures and malicious IP addresses it needs to keep your website safe. Rounded out by 2FA and a suite of additional features, Wordfence is the most comprehensive WordPress security solution available.

WORDPRESS FIREWALL

  • Web Application Firewall zararli trafikni aniqlaydi va bloklaydi. Katta jamoa tomonidan qurilgan va qo’llab-quvvatlanadigan WordPress xavfsizligi 100% ga yo’naltirilgan.
  • [Premium] Real vaqtda xavfsizlik devori qoidasi va zararli dasturiy ta’minot imzosi bilan tahdiddan himoya kanali orqali yangilanish (bepul versiya 30 kunga kechiktiriladi).
  • [Premium] Real-time IP Blocklist blocks all requests from the most malicious IPs, protecting your site while reducing load.
  • WordPress bilan chuqur integratsiyani ta’minlab, saytingizni so’nggi nuqtada himoya qiladi. Bulutli alternativalardan farqli o’laroq, shifrlash buzilmaydi, chetlab o’tib bo’lmaydi va ma’lumot oqmasligi mumkin emas.
  • Birlashtirilgan zararli dastur skaneri zararli kod yoki tarkibni o’z ichiga olgan so’rovlarni bloklaydi.
  • Kirish urinishlarini cheklash orqali shafqatsiz hujumlardan himoya qilish.

WORDPRESS XAVFSIZLIK skaneri

  • Zararli dasturlarni tekshirish brauzeri asosiy fayllarni, zararli dasturlarning mavzularini va plaginlarini, yomon URL-larni, orqa fonlarni, SEO-spamlarni, zararli yo’naltirishlarni va kodni kiritishni tekshiradi.
  • [Premium] Haqiqiy vaqt rejimida zararli dasturlarning imzosi tahdiddan himoya kanali orqali yangilanadi (bepul versiya 30 kunga kechiktiriladi).
  • O’zingizning asosiy fayllaringiz, mavzularingiz va plaginlaringizni WordPress.org omboridagi ma’lumotlar bilan taqqoslaydi, ularning yaxlitligini tekshiradi va sizga kiritilgan har qanday o’zgarishlar haqida xabar beradi.
  • O’zgartirilgan fayllarni toza, asl nusxasi bilan almashtirish orqali ularni tuzating. Wordfence interfeysida osongina tegishli bo’lmagan barcha fayllarni o’chiring.
  • Ma’lum xavfsizlik nuqtai nazaridan saytingizni tekshiradi va har qanday muammolar haqida ogohlantiradi. Agar siz plagin yopilgan yoki tark qilingan bo’lsa, ehtimoliy xavfsizlik muammolari haqida ogohlantirasiz.
  • Fayl tarkibini, xavfli URLlar va shubhali tarkiblar uchun postlar va sharhlarni skanerlash orqali tarkibingiz xavfsizligini tekshiradi.
  • [Premium] Checks to see if your site or IP have been blocklisted for malicious activity, generating spam or other security issue.

LOGIN XAVFSIZLIGI

  • Ikki faktorli autentifikatsiya (2FA), har qanday TOTP-ga asoslangan autentifikatsiya ilova yoki xizmati orqali mavjud masofaviy tizimni autentifikatsiya qilishning eng xavfsiz shakllaridan biri.
  • Kirish sahifasi CAPTCHA, botlarni kirishni to’xtatadi.
  • O’chiring yoki XML-RPC-ga 2FA qo’shing.
  • Ma`lumotni buzilgan parollardan foydalangan holda ma’murlar uchun kirishni bloklash.

WORDFENCE MARKAZI

  • Wordfence Central bir nechta saytlarning xavfsizligini bir joyda boshqarishning kuchli va samarali usulidir.
  • Barcha veb-saytlaringizning xavfsizlik holatini bitta ko’rinishda samarali baholang. Wordfence Central-dan chiqmasdan xavfsizlikning batafsil ma’lumotlarini ko’ring.
  • Kuchli andozalar Wordfence-ni shabada esadigan qilib yaratadi.
  • Yuqori darajada sozlanadigan ogohlantirishlar elektron pochta, SMS yoki Slack orqali etkazilishi mumkin. Kundalik hazm qilish optsiyasini ishlatib, shovqin nisbati signalini yaxshilang.
  • Xavfsizlikni tarixi, shu jumladan admin tizimiga kirish parollarini buzish va hujum harakatlari tizimda trafik oshib ketish holatlarini kuzatish va ogohlantirish oladi.
  • Cheksiz saytlar uchun foydalanish bepul.

XAVFSIZLIK ASBOB-USKUNALARI

  • Jonli trafik yordamida real vaqt rejimida boshqa tahlil paketlarida ko’rsatilmagan tashriflarni va xakerlik harakatlarini kuzatib boring; shu jumladan kelib chiqishi, ularning IP-manzili, saytingizda kun va vaqtni o’tkazish vaqti.
  • Hujum qiluvchilarni IP-ni blokirovka qiling yoki IP Range, Hostname, User Agent va Referrer-ga asoslangan takomillashtirilgan qoidalarni yarating.
  • Wordfence Premium-da mamlakatni blokirovka qilish mumkin.

Screenshots

  • Nazorat panelida sizning saytingiz xavfsizligi, shu jumladan bildirishnomalar, hujumlar statistikasi va Wordfence xususiyati holati haqida umumiy ma’lumotlar mavjud.
  • Xavfsizlik devori sizning saytingizni keng tarqalgan xurujlardan va xavfsizlikning ma’lum zaifliklaridan himoya qiladi.
  • Wordfence havfsizlik skaneri sizning saytingiz buzilgan yoki yo’qligini aniqlashga imkon beradi va sizni boshqa xavfsizlik muammolari to’g’risida ogohlantiradi.
  • Wordfence juda sozlangan, har bir xususiyat uchun keng imkoniyatlar to’plami mavjud. Yuqori darajadagi skanerlash imkoniyatlari yuqorida ko’rsatilgan.
  • Brute Force Protection xususiyatlari parolni taxmin qilish hujumlaridan himoya qiladi.
  • Hujumchilarni IP, mamlakat, IP diapazoni, Xost nomi, Brauzer yoki Yo’naltiruvchi tomonidan bloklang.
  • Wordfence Live Traffic ko’rinishi sizning saytingizda real vaqtdagi faollikni, shu jumladan bot-trafikni va ekspluatatsiya harakatlarini ko’rsatadi.
  • Ikki faktorli autentifikatsiya yordamida kirish xavfsizligini keyingi bosqichga o’ting.
  • Wordfence 2FA yordamida kirish oson.

Installation

Wordfence-ni o’rnatish uchun quyidagi qadamlar yordamida veb-saytingizni xavfsiz qiling:

  1. Wordfence-ni avtomatik ravishda yoki ZIP faylini yuklash orqali o’rnating.
  2. WordPress-dagi «Plaginlar» menyusi orqali Wordfence-ni faollashtiring. Wordfence endi faollashtirildi.
  3. Tekshirish menyusiga o’ting va birinchi tekshiruvni boshlang. Rejalashtirilgan skanerlash ham yoqiladi.
  4. Birinchi tekshiruvingiz tugagandan so’ng, tahdidlar ro’yxati paydo bo’ladi. O’zingizning saytingizni himoya qilish uchun ularni birma-bir ko’rib chiqing.
  5. Elektron pochta manzilingizni kiritish uchun Wordfence parametrlari sahifasiga tashrif buyuring, shunda siz elektron pochta orqali xavfsizlik to’g’risida ogohlantirish olasiz.
  6. Ixtiyoriy ravishda, sizning saytingiz uchun individual skanerlash va himoya qilish parametrlarini o’rnatish uchun xavfsizlik darajasini o’zgartiring yoki kengaytirilgan parametrlarni sozlang.
  7. Real vaqt rejimida saytingiz faoliyatini ko’rish uchun «Jonli trafik» menyusini bosing. Situatsion xabardorlik veb-sayt xavfsizligining muhim qismidir.

Wordfress-ni WordPress ko’p saytli o’rnatmalariga o’rnatish uchun:

  1. Wordfence-ni plagin katalogi orqali yoki ZIP-faylni yuklash orqali o’rnating.
  2. Tarmoq Wordfence-ni yoqish. Ushbu qadam juda muhim, chunki uni faollashtirmaguningizcha saytlaringiz o’z plaginlari menyusida plagin variantini ko’radilar. Faollashtirgandan so’ng, ushbu parametr yo’qoladi.
  3. Endi Wordfence tarmog’i faollashtirilsa, u sizning Network Admin menyusida paydo bo’ladi. Wordfence biron bir saytning shaxsiy menyusida ko’rinmaydi.
  4. «Tekshirish» menyusiga o’ting va birinchi tekshiruvni boshlang.
  5. Wordfence sizning WordPress o’rnatishingizdagi barcha fayllarni, shu jumladan shaxsiy saytlaringizning blogs.dir katalogida skanerlashni amalga oshiradi.
  6. Tarmoqdagi barcha saytlar uchun jonli tirbandlik paydo bo’ladi. Agar sizda juda ko’p odam savdosi tizimi mavjud bo’lsa, JBga kirishni to’xtatadigan jonli trafikni o’chirib qo’yishingiz mumkin.
  7. Firewall qoidalari va kirish qoidalari WHOLE tizimiga qo’llaniladi. Shunday qilib, agar siz saytga kirish 1.example.com va site2.example.com saytida tizimga kira olmasangiz, bu 2 ta muvaffaqiyatsiz deb hisoblanadi. Crawler trafigi bloglar orasida hisobga olinadi, shuning uchun agar siz tarmoqdagi uchta saytni ursangiz, barcha xitlar jamlangan va bu tizimga kirish tezligingiz deb hisoblanadi.

FAQ

Xavfsizlik xususiyatlari, umumiy echimlar va har tomonlama yordamni o’z ichiga olgan rasmiy hujjatlarimizga kirish uchun veb-saytimizga tashrif buyuring.

Wordfence Security qanday qilib saytlarni tajovuzkorlardan himoya qiladi?

WordPress xavfsizlik plagini veb-saytingiz uchun eng yaxshi himoyani ta’minlaydi. Doimiy yangilanib turadigan tahdidlardan himoya qilish xizmati tomonidan yaratilgan Wordfence Firewall sizni xakerlik hujumidan himoya qiladi. Wordfence Scan, xavfsizlik muammolari haqida tezkor ogohlantiradigan yoki saytingiz buzilgan taqdirda sizni ogohlantiradigan bir xil xususiy tasma vositasidan foydalanadi. Jonli tirbandlik ko’rinishi sizga real vaqt rejimida trafikni ko’rish va veb-saytingizdagi xakerlik urinishlarini ko’rish imkonini beradi. Mavjud WordPress-ning eng to’liq xavfsizlik yechimini ishlab chiqadigan qo’shimcha vositalar to’plami.

Wordfence Premium qanday xususiyatlarni yoqadi?

We offer a Premium API key that gives you real-time updates to the Threat Defense Feed which includes a real-time IP blocklist, firewall rules, and malware signatures. Premium support, country blocking, more frequent scans, and spam and spamvertising checks are also included. Click here to sign-up for Wordfence Premium now or simply install Wordfence free and start protecting your website.

Wordfence WordPress Xavfsizlik devori veb-saytlarni qanday himoya qiladi?

  • Veb-dasturlar devori sizni zararli trafikni aniqlash va buzg’unchilar veb-saytingizga kirishdan oldin blokirovka qilish orqali sizni buzadi.
  • Threat Defense Feed avtomatik ravishda sizni so’nggi tahdidlardan himoya qiladigan xavfsizlik devori qoidalarini yangilaydi. Premium a’zolar real vaqtda versiyasini olishadi.
  • Soxta Googlebotlar, xakerlar va botnetlardan zararli skanerlar kabi umumiy WordPress xavfsizlik tahdidlarini bloklang.

Wordfence Security Scanner qanday tekshiruvlarni amalga oshiradi?

  • Ularning yaxlitligini tekshirish uchun asosiy fayllarni, mavzularni va plaginlarni WordPress.org ombori versiyalariga skanerlaydi. Manbangiz xavfsizligini tekshiring.
  • Fayllar qanday o’zgarganiga qarang. Xavfsizlikka tahdid soluvchi o’zgartirilgan fayllarni ixtiyoriy ravishda tuzating.
  • 44,000 dan ortiq ma’lum zararli dasturlarning imzolarini skanerlash, ma’lum WordPress xavfsizlik tahdidlari.
  • C99, R57, RootShell, Crystal Shell, Matamu, Cybershell, W4cking, Snayper, Predator, Jackal, Phantasma, GFS, Dive, Dx va boshqa ko’plab xavfsizlik teshiklarini yaratadigan ko’plab skanerlash.
  • Doimiy ravishda zararli dasturlar va фишинг URL-larini, shu jumladan, barcha havf-xatolar, xabarlar va fayllaringizda Google-ning xavfsiz ko’rib chiqish ro’yxatidagi barcha URL-larni tekshiradi.
  • Orqa eshiklar, troyanlar, shubhali kodlar va xavfsizlikning boshqa muammolari evristikasini tekshiradi.

Wordfence xavfsizlikni qanday kuzatishni o’z ichiga oladi?

  • Real vaqt rejimida barcha trafikingizni ko’ring, shu jumladan robotlar, odamlar, 404 xato, kirish va chiqish. Saytingiz xavfsizlikka qanday tahdid solishi to’g’risida vaziyatni anglashni yaxshilaydi.
  • Barcha trafikni, shu jumladan Javascript analitik to’plamlari sizni hech qachon ko’rsatmaydigan xavfsizlikka tahdid soladigan avtomatik botlarning real vaqtda ko’rinishi.
  • Real vaqtda trafik teskari DNS va shahar darajasidagi geolokatsiyani o’z ichiga oladi. Xavfsizlik tahdidi qaysi jug’rofiy hududdan kelib chiqqanligini biling.
  • Xavfsizlik bilan bog’liq disk maydonini kuzatib boradi, chunki ko’plab DDoS hujumlari xizmatdan voz kechish uchun barcha disk maydonini iste’mol qilishga harakat qiladi.

Kirish xavfsizligining qanday xususiyatlari mavjud

  • Real vaqt rejimida barcha trafikingizni ko’ring, shu jumladan robotlar, odamlar, 404 xato, kirish va chiqish. Saytingiz xavfsizlikka qanday tahdid solishi to’g’risida vaziyatni anglashni yaxshilaydi.
  • Barcha trafikni, shu jumladan Javascript analitik to’plamlari sizni hech qachon ko’rsatmaydigan xavfsizlikka tahdid soladigan avtomatik botlarning real vaqtda ko’rinishi.
  • Real vaqtda trafik teskari DNS va shahar darajasidagi geolokatsiyani o’z ichiga oladi. Xavfsizlik tahdidi qaysi jug’rofiy hududdan kelib chiqqanligini biling.
  • Xavfsizlik bilan bog’liq disk maydonini kuzatib boradi, chunki ko’plab DDoS hujumlari xizmatdan voz kechish uchun barcha disk maydonini iste’mol qilishga harakat qiladi.

Agar saytimda xavfsizlik muammosi bo’lsa, qanday ogohlantirish olaman?

Wordfence elektron pochta orqali xavfsizlik haqida ogohlantirishlarni yuboradi. Wordfence-ni o’rnatganingizdan so’ng, xavfsizlik to’g’risida ogohlantirishlar yuboriladigan elektron pochta manzillari ro’yxatini tuzasiz. Xavfsizlik haqida ogohlantirish olsangiz, saytingiz xavfsizligini ta’minlash uchun zudlik bilan harakat qiling.

Agar men bulutli xavfsizlik devori (WAF) dan foydalansam, menga Wordfence kabi plagin kerakmi?

Wordfence sizning WordPress veb-saytingiz uchun haqiqiy nuqta xavfsizligini ta’minlaydi. Bulutli xavfsizlik devorlaridan farqli o’laroq, Wordfence WordPress muhitida ishlaydi va unga foydalanuvchi kirgan-kirmaganligi, kimligi va qanday kirish darajasi kabi ma’lumotlarni beradi. Wordfence WordPress veb-saytlarini himoya qilish uchun foydalanadigan xavfsizlik devori qoidalarining 80% dan ortig’ida foydalanuvchining kirish darajasidan foydalanadi. Cloud WAF identifikatsiya muammosi haqida ko’proq bilib oling. Bundan tashqari, bulutli xavfsizlik devorlarini chetlab o’tish mumkin, bu sizning saytingizni tajovuzkorlarga duchor qiladi. Wordfence so’nggi nuqtaning (sizning WordPress veb-saytingiz) ajralmas qismi bo’lgani uchun uni chetlab o’tib bo’lmaydi. Cloud WAF chetlab o’tish muammosi haqida ko’proq bilib oling. O’zingizning veb-saytingizga kiritgan sarmoyangizni to’liq himoya qilish uchun siz xavfsizlikka chuqur yondoshishingiz kerak. Wordfence ushbu yondashuvni qo’llaydi.

Wordfence qanday bloklash xususiyatlarini o’z ichiga oladi?

  • Haqiqiy vaqtda ma’lum tajovuzkorlarni blokirovka qilish. Agar Wordfence-dan foydalanuvchi boshqa saytga hujum qilinsa va tajovuzkorni bloklasa, saytingiz avtomatik ravishda himoyalanadi.
  • Barcha zararli tarmoqlarni blokirovka qiling. Yomon IP yoki tarmoqlarni xabar qilish va xavfsizlik devori yordamida butun tarmoqlarni blokirovka qilish uchun rivojlangan IP va WHOIS domenlarini o’z ichiga oladi. Tarmoq egasiga WordPress xavfsizlik tahdidlari to’g’risida xabar bering.
  • O’zingizning saytingizdagi zaifliklar uchun skanerlash bilan shug’ullanadigan tajovuzkor tarayıcılar, kazıyıcılar va botlar kabi WordPress xavfsizlik tahdidlarini cheklang yoki bloklang.
  • WordPress xavfsizlik qoidalarini buzadigan foydalanuvchilar va robotlarni blokirovka qilish yoki blokirovka qilishni xohlaysizmi, tanlang.
  • Premium foydalanuvchilar shuningdek, mamlakatlarni blokirovka qilishlari va ma’lum vaqt va undan yuqori chastotalarni skanerlashni rejalashtirishlari mumkin.

Wordfence-ni boshqa WordPress Security plaginlaridan nimasi bilan farq qiladi?

  • Wordfence Security WordPress uchun maxsus ishlab chiqilgan WordPress xavfsizlik devori bilan ta’minlaydi va saytingizda zaiflik izlayotgan tajovuzkorlarni bloklaydi. Xavfsizlik devori bizning yangi tahdidlar paydo bo’lishi bilan doimiy ravishda yangilab turiladigan tahdidlarga qarshi mudofaa kanalimiz orqali ishlaydi. Premium mijozlar yangilanishlarni real vaqt rejimida olishadi.
  • Wordfence sizning veb-saytingiz manba kodining rasmiy WordPress omboriga qarshi to’liqligini tekshiradi va sizga kiritilgan o’zgarishlarni ko’rsatadi.
  • Wordfence skanerlashi sizning barcha fayllaringiz, sharhlaringiz va Google-ning havfsiz brauzerlari ro’yxatidagi URL-lar uchun yozuvlarni tekshiradi. Biz ushbu juda muhim xavfsizlikni taklif qiladigan yagona plaginmiz.
  • Wordfence skanerlari sizning keng tarmoqli kengligingizdan foydalanmaydi, chunki barcha xavfsizlik tekshiruvi veb-serveringizda juda tez sodir bo’ladi.
  • Wordfence WordPress Multi-Site-ni to’liq qo’llab-quvvatlaydi, bu sizning ko’p sahifali o’rnatilishingizda har bir blogni bir marta bosish orqali skanerlashingiz mumkinligini anglatadi.
  • Wordfence ikki faktorli autentifikatsiyani o’z ichiga oladi.
  • Wordfence IPv6-ni to’liq qo’llab-quvvatlaydi, shu jumladan sizga IPv6 manzillarini qidirish, IPv6 diapazonlarini blokirovka qilish, IPv6 mamlakatini aniqlash va IPv6 manzillarida kimnidir qidirish va boshqalar.

Wordfence veb-saytimni sekinlashtiradimi?

Yo’q. Wordfence Security juda tezkor va ma’lumotlar bazasini qidirishni oldini olish va saytingizni sekinlashtiradigan zararli hujumlarni blokirovka qilish uchun o’z konfiguratsiya ma’lumotlarini keshlash kabi usullardan foydalanadi.

Mening saytim allaqachon buzilgan bo’lsa-chi?

Wordfence Security is able to repair core files, themes and plugins on sites where security is already compromised. You can follow this guide on how to clean a hacked website using Wordfence. If you are cleaning your own site after a hack, note that site security cannot be assured unless you do a full reinstall if your site has been hacked. We recommend you only use Wordfence Security to get your site into a running state in order to recover the data you need to do a full reinstall. If you need help with a security issue, check out Wordfence Care, which offers hands-on support from our team, including dealing with a hacked site. For mission-critical sites, check out Wordfence Response.

Wordfence Security IPv6-ni qo’llab-quvvatlaydimi?

Ha. Biz IPv6-ni barcha xavfsizlik funktsiyalari, jumladan, mamlakatni blokirovka qilish, hududni blokirovka qilish, shaharni obodonlashtirish, kimni qidirish va boshqa barcha xavfsizlik funktsiyalari bilan to’liq qo’llab-quvvatlaymiz. Agar siz IPv6-ni ishlamasangiz, Wordfence saytingizda ham juda yaxshi ishlaydi. Ikkala IPv4 va IPv6 bilan ikkalasiga ham, bitta manzil sxemasiga ham to’la mos kelamiz.

Wordfence Security ko’p saytlarni o’rnatishni qo’llab-quvvatlaydimi?

Yes. WordPress Multi-Site is fully supported. Using Wordfence you can scan every blog in your network for malware with one click. If one of your customers posts a page or post with a known malware URL that threatens your whole domain with being blocklisted by Google, we will alert you in the next scan.

Wordfence foydalanuvchilari uchun qanday qo’llab-quvvatlash imkoniyatlari mavjud?

Providing excellent customer service is very important to us. Our free users receive volunteer-level support in our support forums. Wordfence Premium customers get paid ticket-based support. Wordfence Care customers receive hands-on support including help with security incidents and a yearly security audit. Wordfence Response customers get 24/7/365 support from our incident response team, with a 1 hour response time, and a maximum of 24 hours to resolve a security issue.

WordPress xavfsizligi haqida qaerdan ko’proq ma’lumot olishim mumkin?

Har bir mahorat darajasi uchun ishlab chiqilgan WordPress Xavfsizlik O’quv Markazi , foydalanuvchilarning xavfsizlikka oid eng yaxshi amaliyotlar to’g’risida tushunchalarini chuqurlashtirishga, kirish darajasidagi maqolalarga, chuqur maqolalarga, videolarga, sanoatni o’rganish natijalariga, grafikalarga va boshqalarga bepul kirishni ta’minlaydi.

Where can I find the Wordfence Terms of Service and Privacy Policy?

These are available on our website: Terms of Service and Privacy Policy

Reviews

May 18, 2024
Arguably the best free security plugin, considering the features. However the notification system is an absolute mess! The plugin is spamming your inbox with similar notifications over and over. Which might force you disable notifications for anything but critical alerts (which is already a security risk, but it’s just impossible to deal with the flood of messages otherwise). It’s common that notifications for issues that have been already resolved keep reappearing. Clients get scared about notification spam. So as a result the current notification system make the plugin actually less secure (you one way or another pay less attention to them because they’re overwhelming) and feel less secure because clients constantly think their website is at risk. I don’t understanding’s why Wordfence hasn’t done anything for years to solve this… Wordfence is still the plugin that I prefer using myself, but I unfortunately can’t recommend it to my clients.
Read all 4 170 reviews

Contributors & Developers

“Wordfence Security – Firewall, Malware Scan, and Login Security” is open source software. The following people have contributed to this plugin.

Contributors

“Wordfence Security – Firewall, Malware Scan, and Login Security” has been translated into 17 locales. Thank you to the translators for their contributions.

Translate “Wordfence Security – Firewall, Malware Scan, and Login Security” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

7.11.5 – April 3, 2024

  • Fix: Revised the behavior of the reCAPTCHA verification to use the documented expiration period of the token and response to avoid sending verification requests too frequently, which could artificially lower scores in some circumstances
  • Fix: Addressed PHP 8 deprecation notices in the file differ used by file changed scan results
  • Fix: Reduced the frequency of Wordfence Central status update callbacks in sections of the scan that occur quickly in sequence

7.11.4 – March 11, 2024

  • Change: CAPTCHA verification when enabled now additionally applies to 2FA logins (may send an email verification on low scores) and no longer reveals whether a user exists for the submitted account credentials (credit: Raxis)
  • Fix: Addressed a potential PHP 8 notice in the human/bot detection AJAX call
  • Fix: Addressed a potential PHP 8 notice when requesting a lockout unlock verification email
  • Fix: Fixed the emailed diagnostics view not showing the missing table information when applicable
  • Fix: Improved quick scan logic to base timing on regular scans so they’re more evenly distributed

7.11.3 – February 15, 2024

  • Fix: Fixed an issue with sites containing invalid Wordfence Central site data where they could throw an error when viewing Wordfence pages

7.11.2 – February 14, 2024

  • Improvement: Enhanced the vulnerability scan to check and alert for WordPress core vulnerabilities and to adjust the severity of the scan result based on findings or available updates
  • Improvement: Updated the bundled GeoIP database
  • Improvement: Increased compatibility of brute force protection with plugins that override the normal login flow and omit traditional hooks
  • Change: Adjusted the behavior of automatic quick scans to schedule themselves further away from full scans
  • Fix: Added detection for a site being linked to a non-matching Wordfence Central record (e.g., when cloning the database to a staging site)
  • Fix: Streamlined the license and terms of use installation flow to avoid unnecessary prompting
  • Fix: Fixed an issue where user profiles with a selected locale different from the site itself could end up loading the site’s locale instead

7.11.1 – January 2, 2024

  • Improvement: Added «.env» to the files checked for «Scan for publicly accessible configuration, backup, or log files»
  • Improvement: Provided better descriptive text for the option «Block IPs who send POST requests with blank User-Agent and Referer»
  • Improvement: The diagnostics page now displays the contents of any auto_prepend_file .htaccess/.user.ini block for troubleshooting
  • Fix: Fixed an issue where a login lockout on a WooCommerce login form could fail silently
  • Fix: The scan result for abandoned plugins no longer states it has been removed from wordpress.org if it is still listed
  • Fix: Addressed an exception parsing date information in non-repo plugins that have a bad last_updated value
  • Fix: The URL scanner no longer generates a log warning when matching a potential URL fragment that ends up not being a valid URL

7.11.0 – November 28, 2023

  • Improvement: Added new functionality for trusted proxy presets to support proxies such as Amazon CloudFront, Ezoic, and Quic.cloud
  • Improvement: WAF rule and malware signature updates are now signed with SHA-256 as well for hosts that no longer build SHA1 support
  • Improvement: Updated the bundled trusted CA certificates
  • Change: The WAF will no longer attempt to fetch rule or blocklist updates when run via WP-CLI
  • Fix: Removed uses of SQL_CALC_FOUND_ROWS, which is deprecated as of MySQL 8.0.17
  • Fix: Fixed an issue where final scan summary counts in some instances were not sent to Central
  • Fix: Fixed a deprecation notice for get_class in PHP 8.3.0
  • Fix: Corrected an output error in the connectivity section of Diagnostics in text mode

7.10.7 – November 6, 2023

  • Fix: Compatibility fix for WordPress 6.4 on the login page styling

7.10.6 – October 30, 2023

  • Fix: Addressed an issue with multisite installations when the wp_options tables had different encodings/collations

7.10.5 – October 23, 2023

  • Improvement: Updated the bundled GeoIP database
  • Improvement: Added detection for Cloudflare reverse proxies blocking callbacks to the site
  • Change: Files are no longer excluded from future scans if a previous scan stopped during their processing
  • Fix: Added handling for the pending WordPress 6.4 change that removes $wpdb->use_mysqli
  • Fix: The WAF MySQLi storage engine will now work correctly when either DB_COLLATE or DB_CHARSET are not defined
  • Fix: Added additional error handling to Central calls to better handle request failures or conflicts
  • Fix: Addressed a warning that would occur if a non-repo plugin update hook did not provide a last updated date
  • Fix: Fixed an error in PHP 8 that could occur if the time correction offset was not numeric
  • Fix: 2FA AJAX calls now use an absolute path rather than a full URL to avoid CORS issues on sites that do not canonicalize www and non-www requests
  • Fix: Addressed a race condition where multiple concurrent hits on multisite could trigger overlapping role sync tasks
  • Fix: Improved performance when viewing the user list on large multisites
  • Fix: Fixed a UI bug where an invalid code on 2FA activation would leave the activate button disabled
  • Fix: Reverted a change on error modals to bring back the additional close button for better accessibility

7.10.4 – September 25, 2023

  • Improvement: «Admin created outside of WordPress» scan results may now be reviewed and approved
  • Improvement: The WAF storage engine may now be specified by setting the environmental variable «WFWAF_STORAGE_ENGINE»
  • Improvement: Detect when a plugin or theme with a custom update handler is broken and blocking update version checks
  • Change: Deprecated support for WordPress versions lower than 4.7.0
  • Change: Exclude parse errors of a damaged compiled rules file from reporting
  • Fix: Suppress PHP notices related to rule loading when running WP-CLI
  • Fix: Fixed an issue with the scan monitor cron that could leave it running unnecessarily

7.10.3 – July 31, 2023

  • Improvement: Updated GeoIP database
  • Fix: Added missing text domain to translation function call
  • Fix: Corrected inconsistent styling of switch controls
  • Change: Made MySQLi storage engine the default for Flywheel hosted sites

7.10.2 – July 17, 2023

  • Fix: Prevented bundled sodium_compat library from conflicting with versions included with older WordPress versions

7.10.1 – July 12, 2023

  • Improvement: Added support for processing arrays of files in the WAF
  • Improvement: Refactored security event processing to send events in bulk
  • Improvement: Updated bundled sodium_compat and random_compat libraries
  • Fix: Prevented deprecation warning caused by dynamic property creation
  • Fix: Added translation support for additional strings
  • Change: Adjusted Wordfence registration UI

7.10.0 – June 21, 2023

  • Improvement: Added translation support for strings from login security plugin
  • Improvement: Added translator notes regarding word order and hidden text
  • Improvement: Added translation support for additional strings
  • Improvement: Prevented scans from failing if unreadable directories are encountered
  • Improvement: Added help link to IPv4 scan option
  • Improvement: Updated scan result text to clarify meaning of plugins removed from wordpress.org
  • Improvement: Made «Increased Attack Rate» emails actionable
  • Improvement: Updated GeoIP database
  • Improvement: Updated JavaScript libraries
  • Fix: Corrected IPv6 address expansion
  • Fix: Ensured long request payloads for malicious requests are recorded in live traffic
  • Fix: Prevented «commands out of sync» database error messages when the database connection has failed
  • Fix: Prevented rare JSON encoding issues from breaking free license registration
  • Fix: Prevented PHP notice from being logged when request parameter is missing
  • Fix: Prevented deprecation warning in PHP 8.1
  • Change: Moved detection for old TimThumb files to malware signature
  • Change: Moved translation file from .po to .pot
  • Change: Renamed «Macedonia» to «North Macedonia, Republic of»

7.9.3 – May 31, 2023

  • Improvement: Added exception handling to prevent WAF errors from being fatal
  • Fix: Corrected error caused by method call on null in WAF
  • Change: Deprecated support for PHP 5.5 and 5.6, ended support for PHP 5.3 and 5.4
  • Change: Specified WAF version parameter when requesting firewall rules

7.9.2 – March 27, 2023

  • Improvement: The vulnerability severity score (CVSS) is now shown with any vulnerability findings from the scanner
  • Improvement: Changed several links during initial setup to open in a new window/tab so it doesn’t interrupt installation
  • Change: Removed the non-https callback test to the Wordfence servers
  • Fix: Fixed an error on PHP 8 that could occur when checking for plugin updates and another plugin has a broken hook
  • Fix: Added a check for disabled functions when generating support diagnostics to avoid an error on PHP 8
  • Fix: Prevent double-clicking when activating 2FA to avoid an «already set up» error

7.9.1 – March 1, 2023

  • Improvement: Further improved performance when viewing 2FA settings and hid user counts by default on sites with many users
  • Fix: Adjusted style inclusion and usage to prevent missing icons
  • Fix: Avoided using the ctype extension as it may not be enabled
  • Fix: Prevented fatal errors caused by malformed Central keys

7.9.0 – February 14, 2023

  • Improvement: Added 2FA management shortcode and WooCommerce account integration
  • Improvement: Improved performance when viewing 2FA settings on sites with many users
  • Improvement: Updated GeoIP database
  • Fix: Ensured Captcha and 2FA scripts load on WooCommerce when activated on a sub-site in multisite
  • Fix: Prevented reCAPTCHA logo from being obscured by some themes
  • Fix: Enabled wfls_registration_blocked_message filter support for WooCommerce integration

7.8.2 – December 13, 2022

  • Fix: Releasing same changes as 7.8.1, due to wordpress.org error

7.8.1 – December 13, 2022

  • Improvement: Added more granualar data deletion options to deactivation prompt
  • Improvement: Allowed accessing diagnostics prior to completing registration
  • Fix: Prevented installation prompt from displaying when a license key is already installed but the alert email address has been removed

7.8.0 – November 28, 2022

  • Improvement: Added feedback when login form is submitted with 2FA
  • Fix: Restored click support on login button when using 2FA with WooCommerce
  • Fix: Corrected display issue with reCAPTCHA score history graph
  • Fix: Prevented errors on PHP caused by corrupted login timestamps
  • Fix: Prevented deprecation notices on PHP 8.2 related to dynamic properties
  • Change: Updated Wordfence registration workflow

7.7.1 – October 4, 2022

  • Fix: Prevented scan resume attempts from repeating indefinitely when the initial scan stage fails

7.7.0 – October 3, 2022

  • Improvement: Added configurable scan resume functionality to prevent scan failures on sites with intermittent connectivity issues
  • Improvement: Added new scan result for vulnerabilities found in plugins that do not have patched versions available via WordPress.org
  • Improvement: Implemented stand-alone MMDB reader for IP address lookups to prevent plugin conflicts and support additional PHP versions
  • Improvement: Added option to disable looking up IP address locations via the Wordfence API
  • Improvement: Prevented successful logins from resetting brute force counters
  • Improvement: Clarified IPv6 diagnostic
  • Improvement: Included maximum number of days in live traffic option text
  • Fix: Made timezones consistent on firewall page
  • Fix: Added «Use only IPv4 to start scans» option to search
  • Fix: Prevented deprecation notices on PHP 8.1 when emailing the activity log
  • Fix: Prevented warning on PHP 8 related to process owner diagnostic
  • Fix: Prevented PHP Code Sniffer false positive related to T_BAD_CHARACTER
  • Fix: Removed unsupported beta feed option

7.6.2 – September 19, 2022

  • Improvement: Hardened 2FA login flow to reduce exposure in cases where an attacker is able to obtain privileged information from the database

7.6.1 – September 6, 2022

  • Fix: Prevented XSS that would have required admin privileges to exploit (CVE-2022-3144)

7.6.0 – July 28, 2022

  • Improvement: Added option to start scans using only IPv4
  • Improvement: Added diagnostic for internal IPv6 connectivity to site
  • Improvement: Added AUTOMATIC_UPDATER_DISABLED diagnostic
  • Improvement: Updated password strength check
  • Improvement: Added support for scanning plugin/theme files in when using the WP_CONTENT_DIR/WP_PLUGIN_DIR constants
  • Improvement: Updated GeoIP database
  • Improvement: Made DISABLE_WP_CRON diagnostic more clear
  • Improvement: Added «Hostname» to Live Traffic message displayed for hostname blocking
  • Improvement: Improved compatibility with Flywheel hosting
  • Improvement: Adopted semantic versioning
  • Improvement: Added support for dynamic cookie redaction patterns when logging requests
  • Fix: Prevented scanned paths from being displayed as skipped in rare cases
  • Fix: Corrected indexed files count in scan messages
  • Fix: Prevented overlapping AJAX requests when viewing Live Traffic on slower servers
  • Fix: Corrected WP_DEBUG_DISPLAY diagnostic
  • Fix: Prevented extraneous warnings caused by DNS resolution failures
  • Fix: Corrected display issue with Save/Cancel buttons on All Options page
  • Fix: Prevented errors caused by WHOIS searches for invalid values

7.5.11 – June 14, 2022

  • Improvement: Added option to toggle display of last login column on WP Users page
  • Improvement: Improved autocomplete support for 2FA code on Apple devices
  • Improvement: Prevented Batcache from caching block pages
  • Improvement: Updated GeoIP database
  • Fix: Prevented extraneous scan results when non-existent paths are configured using UPLOADS and related constants
  • Fix: Corrected issue that prevented reCAPTCHA scores from being recorded
  • Fix: Prevented invalid JSON setting values from triggering fatal errors
  • Fix: Made text domains consistent for translation support
  • Fix: Clarified that allowlisted IP addresses also bypass reCAPTCHA

7.5.10 – May 17, 2022

  • Improvement: Improved scan support for sites with non-standard directory structures
  • Improvement: Increased accuracy of executable PHP upload detection
  • Improvement: Addressed various deprecation notices with PHP 8.1
  • Improvement: Improved handling of invalidated license keys
  • Fix: Corrected lost password redirect URL when used with WooCommerce
  • Fix: Prevented errors when live traffic data exceeds database column length
  • Fix: Prevented bulk password resets from locking out admins
  • Fix: Corrected issue that prevented saving country blocking settings in certain cases
  • Change: Updated copyright information

7.5.9 – March 22, 2022

  • Improvement: Updated GeoIP database
  • Improvement: Removed blocking data update logic in order to reduce timeouts
  • Improvement: Increased timeout value for API calls in order to reduce timeouts
  • Improvement: Clarified notification count on Wordfence menu
  • Improvement: Improved scan compatibility with WooCommerce
  • Improvement: Added messaging when application passwords are disabled
  • Fix: Prevented warnings and errors when constants are defined based on the value of other constants in wp-config.php
  • Fix: Corrected redundant escaping that prevented viewing or repairing files in scan results

7.5.8 – February 1, 2022

  • Launch of Wordfence Care and Wordfence Response

7.5.7 – November 22, 2021

  • Improvement: Made preliminary changes for compatibility with PHP 8.1
  • Change: Added GPLv3 license and updated EULA

7.5.6 – October 18, 2021

  • Fix: Prevented login errors with WooCommerce integration when manual username entry is enabled on the WooCommerce registration form
  • Fix: Corrected theme incompatibilities with WooCommerce integration

7.5.5 – August 16, 2021

  • Improvement: Enhanced accessibility
  • Improvement: Replaced regex in scan log with signature ID
  • Improvement: Updated Knockout JS dependency to version 3.5.1
  • Improvement: Removed PHP 8 compatibility notice
  • Improvement: Added NTP status for Login Security to Diagnostics
  • Improvement: Updated plugin headers for compatibility with WordPress 5.8
  • Improvement: Updated Nginx documentation links to HTTPS
  • Improvement: Updated IP address geolocation database
  • Improvement: Expanded WAF SQL syntax support
  • Improvement: Added optional constants to configure WAF database connection
  • Improvement: Added support for matching punycode domain names
  • Improvement: Updated Wordfence install count
  • Improvement: Deprecated support for WordPress versions older than 4.4.0
  • Improvement: Added warning messages when blocking U.S.
  • Improvement: Added MYSQLI_CLIENT_SSL support to WAF database connection
  • Improvement: Added 2FA and reCAPTCHA support for WooCommerce login and registration forms
  • Improvement: Added option to require 2FA for any role
  • Improvement: Added logic to automatically disable NTP after repeated failures and option to manually disable NTP
  • Improvement: Updated reCAPTCHA setup note
  • Fix: Prevented issue where country blocking changes are not saved
  • Fix: Corrected string placeholder
  • Fix: Added missing text domain to translation calls
  • Fix: Corrected warning about sprintf arguments on Central setup page
  • Fix: Prevented lost password functionality from revealing valid logins

7.5.4 – June 7, 2021

  • Fix: Resolve conflict with woocommerce-gateway-amazon-payments-advanced plugin

7.5.3 – May 10, 2021

  • Improvement: Expanded WAF capabilities including better JSON and user permission handling
  • Improvement: Switched to relative paths in WAF auto_prepend file to increase portability
  • Improvement: Eliminated unnecessary calls to Wordfence servers
  • Fix: Prevented errors on PHP 8.0 when disk_free_space and/or disk_total_space are included in disabled_functions
  • Fix: Fixed PHP notices caused by unexpected plugin version data
  • Fix: Gracefully handle unexpected responses from Wordfence servers
  • Fix: Time field now displays correctly on «See Recent Traffic» overlay
  • Fix: Corrected typo on Diagnostics page
  • Fix: Corrected IP counts on activity report
  • Fix: Added missing line break in scan result emails
  • Fix: Sending test activity report now provides success/failure response
  • Fix: Reduced SQLi false positives caused by comma-separated strings
  • Fix: Fixed JS error when resolving last scan result

7.5.2 – March 24, 2021

  • Fix: Fixed fatal error on single-sites running WordPress <4.9.

7.5.1 – March 24, 2021

  • Fix: Fixed fatal error when viewing the Login Security settings page from an allowlisted IP.

7.5.0 – March 24, 2021

  • Improvement: Translation-readiness: All user-facing strings are now run through WordPress’s i18n functions.
  • Improvement: Remove legacy admin functions no longer used within the UI.
  • Improvement: Local GeoIP database update.
  • Improvement: Remove Lynwood IP range from allowlist, and add new AWS IP range.
  • Fix: Fixed bug with unlocking a locked out IP without correctly resetting its failure counters.
  • Fix: Sites using deleted premium licenses correctly revert to free license behavior.
  • Fix: When enabled, cookies are now set for the correct roles on previously used devices.
  • Fix: WAF cron jobs are now skipped when running on the CLI.
  • Fix: PHP 8.0 compatibility – prevent syntax error when linting files.
  • Fix: Fixed issue where PHP 8 notice sometimes cannot be dismissed.

7.4.14 – December 3, 2020

  • Improvement: Added option to disable application passwords.
  • Improvement: Updated site cleaning callout with 1-year guarantee.
  • Improvement: Upgraded sodium_compat library to 1.13.0.
  • Improvement: Replaced the terms whitelist and blacklist with allowlist and blocklist.
  • Improvement: Made a number of WordPress 5.6 and jQuery 3.x compatibility improvements.
  • Improvement: Made a number of PHP8 compatilibility improvements.
  • Improvement: Added dismissable notice informing users of possible PHP8 compatibility issues.

7.4.12 – October 21, 2020

  • Improvement: Initial integration of i18n in Wordfence.
  • Improvement: Prevent Wordfence from loading under <PHP 5.3.
  • Yaxshilash: yangilangan GeoIP ma’lumotlar bazasi.
  • Improvement: Prevented wildcard from running/saving for scan’s excluded files pattern.
  • Improvement: Included Wordfence Login Security tables in diagnostics missing table list.
  • Fix: Removed new scan issues when WordPress update occurs mid-scan.
  • Fix: Specified category when saving whitelistedServiceIPs to WAF storage engine.
  • Fix: Removed localhost IP for auto-update email alerts.
  • Fix: Fixed broken message in Live Traffic with MySQLi storage engine for blocklisted hits.
  • Fix: Removed optional parameter values for PHP 8 compatibility.

7.4.11 – August 27, 2020

  • Improvement: Added diagnostic debug button to clear Wordfence Central connection data from the database.
  • Improvement: Added help documentation links to modified plugin/theme file scan results.
  • Fix: Prevent file system scan from following symlinks to root.
  • Fix: Cleared pending plugin/theme update scan results and notification when a plugin/theme is auto-updated.
  • Fix: Added check for when site is disconnected on Central’s end, but not in the plugin.

7.4.10 – August 5, 2020

  • Improvement: Prevent author sitemap from leaking usernames in WordPress >= 5.5.0.
  • Fix: Prevent Wordfence auto-update from running if the user has enabled auto-update through WordPress.
  • Fix: Added default permission_callback params to Wordfence Central REST routes.
  • Fix: Fixed missing styling on WAF optimization admin notice.

7.4.9 – July 8, 2020

  • Improvement: Added list of known malicious usernames to suspicious administrator scan.
  • Improvement: Added ability for the WAF to determine if a given plugin/theme/core version is installed.
  • Improvement: Added a feature to export a diagnostics report.
  • Improvement: Add php_errorlog to the list of downloadable logs in diagnostics.
  • Improvement: Added a prompt to allow user to download a backup prior to repairing files.
  • Improvement: Prevent scan from failing when the home URL has changed and the key is no longer valid.
  • Improvement: Deprecated PHP 5.3, and ended PHP 5.2 support by prevent auto-update from running on older versions.
  • Fix: Fixed issue where WAF mysqli storage engine cannot find credentials if wflogs/ does not exist.
  • Fix: Changed capability checked to read WP REST API users endpoint when «Prevent discovery of usernames through …» is enabled.
  • Fix: Prevented duplicate queries for wordfenceCentralConnected wfconfig value.
  • Fix: Prevented custom wp-content or other directories from appearing in «skipped paths» scan result, even when scanned.
  • Fix: Login Attempts dashboard widget «Show more» link is not visible when long usernames and IPs cause wrapping.
  • Fix: Fix typo in the readme.

7.4.8 – June 16, 2020

  • Fix: Fixed issue with fatal errors encountered during activation under certain conditions.

7.4.7 – April 23, 2020

  • Yaxshilash: yangilangan birlashtirilgan GeoIP ma’lumotlar bazasi.
  • Yaxshilash: Cheklangan narx chegaralarini tanlashda yaxshiroq xabarlashish.
  • Yaxshilash: Endi elektron pochta xabarlarini skanerlash yana topilgan muammolar sonini o’z ichiga oladi.
  • Yaxshilash: Skanerlash bilan bog’liq muammolar qayta tiklangan taqdirda, endi elektron pochta xabarlarini yuboradilar.
  • Yaxshilanish: Jonli trafikda geolokatsion displeylarda qo’llanilganda shtat / viloyat nomi qo’shildi.
  • Yaxshilash: Bloklangan saytni blokirovka qilingan mehmonlarni blokni qanday hal qilish to’g’risida yaxshiroq xabardor qilish uchun.
  • Improvement: Custom WP_CONTENT_DIR, WP_PLUGIN_DIR, and UPLOADS path constants will now get scanned correctly.
  • Yaxshilanish: TLS ulanishining buzilishi aniqlangan va kuch ishlatib xabar berish va tekshirish uchun va tegishli orqaga qaytish davri.
  • Tuzatish: Yomon yozuv WAF qoidalarining avtomatik yangilanishiga xalaqit beradigan muammoni hal qildi.
  • Tuzatish: Agar IP ro’yxatini yangilash paytida noto’g’ri javob olingan bo’lsa, paydo bo’lishi mumkin bo’lgan PHP ogohlantirishi.
  • Tuzatish: Endi yangi foydalanuvchi safari va bortli oqim 2FA sahifasida to’g’ri ishlaydi.

7.4.6 – February 12, 2020

  • Yaxshilash: SQLi hujumlarini WAF aniqlash qobiliyatini oshirdi.
  • Yaxshilash: Birlashtirilgan GeoIP ma’lumotlar bazasi yangilandi.
  • Yaxshilash: Blok konfiguratsiyasidagi ba’zi mamlakat nomlari jonli trafikda ko’rsatilganlarga moslashtirildi.
  • O’zgartirish: O’tkazib yuborilgan fayllarni tekshirish tekshiruvini Server holati toifasiga o’tkazdi.
  • Tuzatish: Jonli trafik sahifasiga o’tgandan so’ng yangilanishlar endi avtomatik ravishda yuklanmaydigan muammoni hal qildi.
  • Tuzatish: Live trafikka yaxshiroq moslashish uchun saqlangan kirish yozuvlari soni o’zgartirildi, shunda ular bir vaqtning o’zida kesilgan.

7.4.5 – January 15, 2020

  • Yaxshilash: Cheksiz WP autentifikatsiyasining zaifliklarini chetlab o’tish uchun WAF qamrovi yaxshilandi.

7.4.4 – January 14, 2020

  • Tuzatish: UI muammosi hal qilindi, bu erda zararli dasturni skanerlashning holatini aniqlash belgisi har doim ham topilmalarga mos kelmadi.

7.4.3 – January 13, 2020

  • Yaxshilanish: Cheksiz WP autentifikatsiyasi uchun zaiflikni chetlab o’tish uchun WAF qamrovi qo’shildi.
  • Yaxshilash: Endi zararli URL-skanerlash protokolga tegishli URL-manzillarni o’z ichiga oladi (masalan, //example.com).
  • Yaxshilash: zararli dasturlarning imzolari endi bir nechta o’tish joylarida o’qilgan katta fayllarga nisbatan yaxshiroq qo’llaniladi.
  • Yaxshilash: Skanerlash muammosi qo’shildi, ular bir yoki bir nechta yo’lni o’tkazib yuborilganda paydo bo’ladi, ularda parametrlarni hisobga olmaganda ko’rib chiqish sozlamalari mavjud.
  • O’zgartirildi: endi AJAX so’nggi nuqtalari dasturni / json Content-Type sarlavhasini yuboradi.
  • O’zgartirildi: mumkin bo’lgan sabablarni yaxshiroq ko’rsatish uchun wordpress.org-dan olib tashlangan plaginlarni skanerlash bilan bog’liq muammolar bo’yicha yangilangan matn.
  • O’zgartirildi: WooCommerce faol bo’lganda reCAPTCHA uchun muvofiqlik xabarlari qo’shildi.
  • Ruxsat berilgan: Maxsus amalda 404 sahifa chiqqanda $ wp_query- & gt; set_404 () qo’ng’irog’i qo’shildi.
  • Ruxsat etilgan: WordPress 5.3-dagi o’zgarish tufayli Live Traffic-da foydalanuvchi nomining chiqishi bekor qilindi.
  • Ruxsat etilgan: Kengaytirilgan himoyani o’rnatish paytida WAF holatini tekshirish uchun ishlatiladigan javob qaytarish qo’ng’irog’i yaxshilandi.
  • Ruxsat etilgan: «Agar barcha ma’murlar uchun 2FA talab qilsa» xabarnomasi, agar ma’mur 2FA o’rnatgan bo’lsa, avtomatik ravishda bekor qilinadi.

7.4.2 – December 3, 2019

  • Yaxshilash: IP CIDR diapazonini taqqoslash samaradorligini oshirish.
  • Yaxshilash: vilkalar paytida yaxshiroq tekshirish uchun masofaviy tekshirish uchun parametr imzosi qo’shildi.
  • O’zgartirish: Live Traffic-da brauzerning takroriy yorlig’i olib tashlandi.
  • Tuzatish: Get_magic_quotes_gpc bilan PHP 7.4 eskirganligi to’g’risida ogohlantirish uchun qo’shimcha kompensatsiya.
  • Tuzatish: Yangilanishlar topilmaganda, boshqaruv paneli vidjetida mumkin bo’lgan xabar.
  • Tuzatish: o’zgarishi mumkin bo’lgan nomlarning to’qnashuvini qoplash uchun yangilangan JS hashing kutubxonasi.
  • Tuzatish: Muayyan bog’lamalar skanerdan fayllarni noto’g’ri o’tkazib yuborilishiga olib keladigan muammoni hal qildi.
  • Fix: yangi PHP versiyalari uchun o’rnatilgan PHP xotira testi, ularning optimallashtirilishi xotirani xohlagancha ajratishga imkon bermadi.

7.4.1 – November 6, 2019

  • Yaxshilash: Birlashtirilgan GeoIP ma’lumotlar bazasi yangilandi.
  • Yaxshilash: PHP 7.4 bilan mosligini ta’minlash uchun kichik o’zgarishlar.
  • Yaxshilanish: WHOISning ishonchliligi uchun yangilanish.
  • Yaxshilash: WAF MySQL saqlash mexanizmi ishlaganda yaxshiroq diagnostika ma’lumotlari qo’shildi.
  • Yaxshilash: Premium va bepul litsenziyalar o’rtasida almashinishda xabarlar yaxshilandi.
  • O’zgartirish: Eskirgan DNS tekshiruvni o’zgartiradi.
  • O’zgartirish: Markaziy ularni boshqarayotganida plagin endi elektron pochta orqali ogohlantirmaydi.
  • Tuzatish: Xatolarni o’chirish uchun xostlarni o’chirib qo’yish uchun ignore_user_abort qo’ng’iroqlariga qo’shimcha bostirish.
  • Tuzatish: URL-larda qo’shimcha qirralarning chiqishini oldini olish uchun yaxshilangan yo’l yaratish.
  • Tuzatish: Katta hajmdagi kontent tufayli nosozliklarni oldini olish uchun zararli dasturlar haqida xabar berish uchun cheklov qo’llaniladi.

7.4.0 – August 22, 2019

  • Yaxshilash: qo’llab-quvvatlanadigan hosting muhitini kengaytirish uchun WAF uchun MySQL-ga asoslangan konfiguratsiya va ma’lumotlar ombori qo’shildi. To’liqroq ma’lumot uchun: https://www.wordfence.com/help/firewall/mysqli-storage-engine/
  • Yaxshilash: yangilangan birlashtirilgan GeoIP ma’lumotlar bazasi.
  • Tuzatish: CLI orqali ishlayotganda bir nechta konsol eslatmalari o’rnatildi.

7.3.6 – July 31, 2019

  • Yaxshilash: Bir necha «php.ini faylini yadro katalogidagi» muammolar endi aniqroq skanerlash natijalari uchun bitta songa birlashtirildi.
  • Improvement: The AJAX error detection for false positive WAF blocks now better detects and processes the response for presenting the allowlisting prompt.
  • Yaxshilash: Muammolarni aniqlashga yordam berish uchun diagnostikaga ajratilgan va muddati o’tgan kronni aniqlash.
  • Takomillashtirish: Kelgusida WP Tide bilan muvofiqligi uchun phpcs bilan ogohlantirishlarni yaratish uchun orqaga qarab muvofiqlik kodini olib tashlamaslik uchun zarur ko’rsatmalar qo’shildi.
  • Yaxshilash: Normallashtirilgan barcha PHP kodlarning sifatini yaxshilash uchun to’liq yo’llardan foydalanish uchun qo’ng’iroqlar talab qiladi / o’z ichiga oladi.
  • O’zgartirish: eskirgan yuqori sezgirlikni tekshirish opsiyasi o’chirildi, chunki joriy imzolar yanada aniqroq.
  • Tuzatish: Vaziyat doirasini ko’rsatadigan ko’rsatmalar o’rnatildi.
  • Tuzatish: WAF darajasida IP-ni aniqlash avtomatik sozlamadan foydalanganda asosiy plaginni yaxshiroq aks ettiradi.
  • Tuzatish: Qat’iy tekshirish uchun elektron pochta manzilini tasdiqlashda hozirda foydalanilmagan kod yo’lini o’rnatdi.

7.3.5 – July 16, 2019

  • Yaxshilash: Shafqatsiz kuchdan himoya qilish uchun kirishning so’nggi nuqtasi yaxshilandi.
  • Yaxshilash: reCAPTCHA to’g’risida qo’shimcha ma’lumotlarni uning sozlamalarini boshqarish tizimiga qo’shdi.
  • Yaxshilash: Kirishni tasdiqlovchi elektron pochta havolalari muddati tugashini sozlash uchun bekor qilinishi mumkin bo’lgan doimiylik qo’shildi.
  • Yaxshilash: re2APTCHA tugmachalari v2-kalitni tasodifiy kiritilishining oldini olish uchun saqlash bo’yicha sinovdan o’tkazildi.
  • Yaxshilash: reCAPTCHA inson / bot chegaralarini boshqarish uchun sozlama qo’shildi.
  • Yaxshilash: Login havolasi jadvallari va o’chirish to’g’risidagi ma’lumotlarning o’chirilishini boshlash uchun alohida variant qo’shildi.
  • Yaxshilash: reCAPTCHA-ni topshirdi, token muddati tugamasligi uchun login / ro’yxatdan o’tish formasini topshirishda tokenni tekshirishni boshlashi kerak.
  • Tuzatish: reCAPTCHA tugmachalari maydonlarini kengaytirib, to’liq tugmachalarni ko’rinib turishga imkon berdi.
  • Tuzatish: zararli dastur haqida xabar berilganda ellipsning belgilarini mahkamlangan kodlash.
  • Fix: Disabling the IP blocklist once again correctly clears the block cache.
  • Tuzatish: NTP tekshiruvi xatoga yo’l qo’yishi mumkin bo’lgan tashqi UDP ulanishlari bloklanganida muammoni hal qildi.
  • Tuzatish: reCAPTCHA-ning JavaScript-ni yuklay olmaganligi uchun qo’shilgan, avval kirishni bloklagan.
  • Tuzatish: 2FA imtiyozli davri haqida bildirishnomalarni yuborish uchun tugmachaning funktsiyalari o’rnatildi.
  • Tuzatish: Alohida rejimda ishlaganda ba’zi yordam havolalari uchun etishmayotgan belgini tuzatdi.

7.3.4 – June 17, 2019

  • Yaxshilash: Wordfence Central-ga o’rnatilgan xavfsizlik tadbirlari va ogohlantirish xususiyatlari qo’shildi.

7.3.3 – June 11, 2019

  • Yaxshilash: Wordfence Central-ga kirish xavfsizligi sozlamalarini boshqarish bo’yicha yordam qo’shildi.
  • Yaxshilash: Birlashtirilgan ildiz CA sertifikatlari do’koni yangilandi.
  • Yaxshilash: mod_php xostlarini tekshirish va yangilash oqimini WAF kengaytirilgan himoya rejimi uchun faqat PHP5 direktivasi bilan qo’shildi.
  • Yaxshilash: Diagnostika uchun vaqt bilan bog’liq muammolarni hal qilish uchun qo’shimcha qiymatlar qo’shildi, xatolarni qayta ko’rib chiqishning yangi sozlamalari va WordPress-ning yangi 5.6.20 talablarini aks ettirish uchun PHP versiyasini tekshirish yangilandi.
  • O’zgartirish: WordPress yadrosidan keyin har doim yuklash uchun natriy_compat nusxasini avtomatik yuklash vositasini o’zgartirdi.
  • Tuzatish: API o’zgarishi tufayli buzilgan plagin uchun «wordpress.org dan o’chirilgan» aniqlashni o’rnatdi.
  • Tuzatish: yadro fayllarini qo’shganda ko’rish natijalarida ommaviy ta’mirlash funktsiyasini o’rnatdi.

7.3.2 – May 16, 2019

  • Yaxshilash: Kutilayotgan WordPress 5.2.1 bilan mos kelishi mumkin bo’lgan nomuvofiqlikni bartaraf etish uchun natriy_compat yangilandi.
  • Yaxshilash: re3APTCHA sozlamasi atrofida v3 tugmachalari ishlatilishi kerakligini ko’rsatadigan ravshanlashtirilgan matn.
  • Yaxshilash: Jetpack uchun aniqlangan ma’lumot va XML-RPC autentifikatsiyasi o’chirilgan bo’lsa, xabar.
  • Tuzatish: UDP ulanishi o’chirilgan xostlarning o’rnini qoplash uchun NTP vaqtini tekshirishda bostirilgan xato xabarlari.

= 7.3.1 – …