* Improvement: The vulnerability severity score (CVSS) is now shown with any vulnerability findings from the scanner* Improvement: Changed several links during initial setup to open in a new window/tab so it doesn't interrupt installation* Change: Removed the non-https callback test to the Wordfence servers* Fix: Fixed an error on PHP 8 that could occur when checking for plugin updates and another plugin has a broken hook* Fix: Added a check for disabled functions when generating support diagnostics to avoid an error on PHP 8* Fix: Prevent double-clicking when activating 2FA to avoid an "already set up" error

* Improvement: Added feedback when login form is submitted with 2FA* Fix: Restored click support on login button when using 2FA with WooCommerce* Fix: Corrected display issue with reCAPTCHA score history graph* Fix: Prevented errors on PHP caused by corrupted login timestamps* Fix: Prevented deprecation notices on PHP 8.2 related to dynamic properties* Change: Updated Wordfence registration workflow

Fix: Prevented scan resume attempts from repeating indefinitely when the initial scan stage fails

* Improvement: Added configurable scan resume functionality to prevent scan failures on sites with intermittent connectivity issues* Improvement: Added new scan result for vulnerabilities found in plugins that do not have patched versions available via WordPress.org* Improvement: Implemented stand-alone MMDB reader for IP address lookups to prevent plugin conflicts and support additional PHP versions* Improvement: Added option to disable looking up IP address locations via the Wordfence API* Improvement: Prevented successful logins from resetting brute force counters* Improvement: Clarified IPv6 diagnostic* Improvement: Included maximum number of days in live traffic option text* Fix: Made timezones consistent on firewall page* Fix: Added "Use only IPv4 to start scans" option to search* Fix: Prevented deprecation notices on PHP 8.1 when emailing the activity log* Fix: Prevented warning on PHP 8 related to process owner diagnostic* Fix: Prevented PHP Code Sniffer false positive related to T_BAD_CHARACTER* Fix: Removed unsupported beta feed option

Fix: Prevented XSS that would have required admin privileges to exploit (CVE-2022-3144)

* Improvement: Added option to start scans using only IPv4* Improvement: Added diagnostic for internal IPv6 connectivity to site* Improvement: Added AUTOMATIC_UPDATER_DISABLED diagnostic* Improvement: Updated password strength check* Improvement: Added support for scanning plugin/theme files in when using the WP_CONTENT_DIR/WP_PLUGIN_DIR constants* Improvement: Updated GeoIP database* Improvement: Made DISABLE_WP_CRON diagnostic more clear* Improvement: Added "Hostname" to Live Traffic message displayed for hostname blocking* Improvement: Improved compatibility with Flywheel hosting* Improvement: Adopted semantic versioning* Improvement: Added support for dynamic cookie redaction patterns when logging requests* Fix: Prevented scanned paths from being displayed as skipped in rare cases* Fix: Corrected indexed files count in scan messages* Fix: Prevented overlapping AJAX requests when viewing Live Traffic on slower servers* Fix: Corrected WP_DEBUG_DISPLAY diagnostic* Fix: Prevented extraneous warnings caused by DNS resolution failures* Fix: Corrected display issue with Save/Cancel buttons on All Options page* Fix: Prevented errors caused by WHOIS searches for invalid values

* Improvement: Added option to toggle display of last login column on WP Users page* Improvement: Improved autocomplete support for 2FA code on Apple devices* Improvement: Prevented Batcache from caching block pages* Improvement: Updated GeoIP database* Fix: Prevented extraneous scan results when non-existent paths are configured using UPLOADS and related constants* Fix: Corrected issue that prevented reCAPTCHA scores from being recorded* Fix: Prevented invalid JSON setting values from triggering fatal errors* Fix: Made text domains consistent for translation support* Fix: Clarified that allowlisted IP addresses also bypass reCAPTCHA

* Improvement: Improved scan support for sites with non-standard directory structures* Improvement: Increased accuracy of executable PHP upload detection* Improvement: Addressed various deprecation notices with PHP 8.1* Improvement: Improved handling of invalidated license keys* Fix: Corrected lost password redirect URL when used with WooCommerce* Fix: Prevented errors when live traffic data exceeds database column length* Fix: Prevented bulk password resets from locking out admins* Fix: Corrected issue that prevented saving country blocking settings in certain cases* Change: Updated copyright information

* Improvement: Updated GeoIP database* Improvement: Removed blocking data update logic in order to reduce timeouts* Improvement: Increased timeout value for API calls in order to reduce timeouts* Improvement: Clarified notification count on Wordfence menu* Improvement: Improved scan compatibility with WooCommerce* Improvement: Added messaging when application passwords are disabled* Fix: Prevented warnings and errors when constants are defined based on the value of other constants in wp-config.php* Fix: Corrected redundant escaping that prevented viewing or repairing files in scan results

Launch of Wordfence Care and Wordfence Response

* Improvement: Made preliminary changes for compatibility with PHP 8.1* Change: Added GPLv3 license and updated EULA

* Fix: Prevented login errors with WooCommerce integration when manual username entry is enabled on the WooCommerce registration form* Fix: Corrected theme incompatibilities with WooCommerce integration

* Improvement: Enhanced accessibility* Improvement: Replaced regex in scan log with signature ID* Improvement: Updated Knockout JS dependency to version 3.5.1* Improvement: Removed PHP 8 compatibility notice* Improvement: Added NTP status for Login Security to Diagnostics* Improvement: Updated plugin headers for compatibility with WordPress 5.8* Improvement: Updated Nginx documentation links to HTTPS* Improvement: Updated IP address geolocation database* Improvement: Expanded WAF SQL syntax support* Improvement: Added optional constants to configure WAF database connection* Improvement: Added support for matching punycode domain names* Improvement: Updated Wordfence install count* Improvement: Deprecated support for WordPress versions older than 4.4.0* Improvement: Added warning messages when blocking U.S.* Improvement: Added MYSQLI_CLIENT_SSL support to WAF database connection* Improvement: Added 2FA and reCAPTCHA support for WooCommerce login and registration forms* Improvement: Added option to require 2FA for any role* Improvement: Added logic to automatically disable NTP after repeated failures and option to manually disable NTP* Improvement: Updated reCAPTCHA setup note* Fix: Prevented issue where country blocking changes are not saved* Fix: Corrected string placeholder* Fix: Added missing text domain to translation calls* Fix: Corrected warning about sprintf arguments on Central setup page* Fix: Prevented lost password functionality from revealing valid logins