* Improvement: Migrated all deprecated JavaScript libraries in use to a Vue-based infrastructure
* Improvement: GeoIP database update
* Improvement: Better coverage of `aria-` accessibility attributes
* Improvement: Added `translators` comments to translatable strings where previously missing
* Fix: WordPress 7.0 compatibility fixes
* Note: Legacy two factor authentication using SMS-based codes will be discontinued around July 1, 2026. Sites using this functionality should migrate users to the TOTP-based two factor authentication on the Login Security page of the plugin
* Fix: Fixed an issue with `inet_pton` introduced by a recent patch to PHP 8.1+ that could cause a fatal error if a malformed IP address was passed to the call
* Improvement: Updated the bundled geoip database
* Note: Verified compatibility with WordPress 6.9
* Improvement: Improved localization support for the various block screens and messages
* Improvement: Updated the bundled geoip database
* Improvement: Prioritized Wordfence tables in the diagnostics tool when large numbers of tables exist
* Improvement: Allow non-US Google crawler IP addresses to pass country blocking
* Improvement: Enforcement of password strength requirements is now applied on the corresponding REST API endpoints
* Fix: Fixed detection for first-time logins and overall sending for login alerts when the corresponding settings are enabled
* Fix: When the WAF is using the mysql storage engine, fixed an issue with exclusion rules for the WAF not running correctly
* Fix: Reduced per-hit database query load around checking license status for free installations
* Fix: Optimized data sync with the WAF to better detect when the known server IP address list has changed
* Improvement: Added password scanning support for WordPress 6.8 and later
* Improvement: Limited email alerts to 5 per hour by default and added notification when limit has been reached
* Improvement: Improved URL scanning performance
* Improvement: Updated GeoIP database
* Change: Reduced scan result severity for vulnerabilities with high attack complexity or required privileges
* Change: Added messaging around WAF support when NGINX Unit is detected
* Change: Added notice and scan result about Wordfence Assistant
* Change: Adjusted IPv6 connection issue message and appearance
* Fix: Prevented deprecation notice about calling base64_encode with null parameter
* Fix: Prevented deprecation message about calling preg_match with null parameter
* Fix: Corrected license type shown on dashboard when expiring
* Fix: Prevented disabled getmyuid function from causing fatal error
* Fix: Prevented disabled get_current_user function from causing fatal error
* Fix: Prevented notice about _load_textdomain_just_in_time being called incorrectly
* Improvement: Improved error handling and messaging for some responses from our servers
* Improvement: Added messaging when a site may be using the same free license shared among multiple sites because it can cause the sites to use the same scan schedule rather than spreading out the load
* Improvement: Updated the readme content and formatting
* Improvement: Added support for hosts relocating the WAF's auto-prepend file via the constant/envvar WORDFENCE_WAF_PREPEND_DIRECTORY
* Improvement: Added detection for non-repo plugins and themes to avoid the scanner reporting changes when the same slug + version exists within the wordpress.org repo
* Improvement: Messaging for Central disconnections now better reflects the user making the change
* Improvement: Scan errors due to unreachable Wordfence servers will now provide a link to our status page to check for outages
* Improvement: Reduced the number of network calls created to sync scan issues when updates are performed in bulk
* Change: Reworked setting caching to avoid issues with some object caches
* Change: Reworked cURL check to avoid using WP_Http_Curl, which has been deprecated
* Fix: Normalized all wordfence.com links to be https
* Fix: Fixed a rare error that could occur on the diagnostics page when displaying a list of error logs
* Fix: Removed the "back to top" button and related script block from emailed diagnostics
* Fix: Fixed some UI coloring that did not correctly reflect the license type in use