When it comes to your wordpress security, it is almost impossible to say that you have enough. Improvement: switched the bundled select2 library to use to prefixed version to work around other plugins including older versions on our pages. Improvement: the ip address of the user activating wordfence is now used by the breached password check until an admin successfully logs in. Repair files that have changed by overwriting them with a pristine, original version.
Wordfence security is able to repair core files, themes and plugins on sites where security is already compromised. Wordfence fully supports wordpress multi-site which means you can security scan every blog in your multi-site installation with one click. Improvement: added rel=”noopener noreferrer” to all external links from the plugin for better interoperability with other scanners.
Improvement: for plugins with incomplete header information, they're now shown with a fallback title in scan results as appropriate. Protection from brute force attacks by limiting login attempts. Improvement: scan issue results for abandoned plugins and unpatched vulnerabilities include more info. Improvement: hide my wp a show more” link to the ip block list and login attempts list.
Improvement: prepared code for upcoming scan improvement which will greatly increase scan performance by optimizing malware signatures. Delete any files that don't belong easily within the wordfence interface. Improvement: more descriptive text for the scan issue email when there's an unknown wordpress core version. Block common wordpress security threats like fake googlebots, malicious scans from hackers and botnets.
Fix: addressed an issue where the scan did not alert about a new wordpress version. Improvement: added a path for people blocked by the ip blacklist (premium feature) to report false positives. Change: wordfence now enters a read-only mode with its configuration files when run via the ‘cli' php sapi on a misconfigured web server to avoid file ownership changing.
