* Improvement: Added new functionality for trusted proxy presets to support proxies such as Amazon CloudFront, Ezoic, and Quic.cloud
* Improvement: WAF rule and malware signature updates are now signed with SHA-256 as well for hosts that no longer build SHA1 support
* Improvement: Updated the bundled trusted CA certificates
* Change: The WAF will no longer attempt to fetch rule or blocklist updates when run via WP-CLI
* Fix: Removed uses of SQL_CALC_FOUND_ROWS, which is deprecated as of MySQL 8.0.17
* Fix: Fixed an issue where final scan summary counts in some instances were not sent to Central
* Fix: Fixed a deprecation notice for get_class in PHP 8.3.0
* Fix: Corrected an output error in the connectivity section of Diagnostics in text mode
Fix: Addressed an issue with multisite installations when the wp_options tables had different encodings/collations
* Improvement: Updated the bundled GeoIP database
* Improvement: Added detection for Cloudflare reverse proxies blocking callbacks to the site
* Change: Files are no longer excluded from future scans if a previous scan stopped during their processing
* Fix: Added handling for the pending WordPress 6.4 change that removes $wpdb->use_mysqli
* Fix: The WAF MySQLi storage engine will now work correctly when either DB_COLLATE or DB_CHARSET are not defined
* Fix: Added additional error handling to Central calls to better handle request failures or conflicts
* Fix: Addressed a warning that would occur if a non-repo plugin update hook did not provide a last updated date
* Fix: Fixed an error in PHP 8 that could occur if the time correction offset was not numeric
* Fix: 2FA AJAX calls now use an absolute path rather than a full URL to avoid CORS issues on sites that do not canonicalize www and non-www requests
* Fix: Addressed a race condition where multiple concurrent hits on multisite could trigger overlapping role sync tasks
* Fix: Improved performance when viewing the user list on large multisites
* Fix: Fixed a UI bug where an invalid code on 2FA activation would leave the activate button disabled
* Fix: Reverted a change on error modals to bring back the additional close button for better accessibility
* Improvement: Updated GeoIP database
* Fix: Added missing text domain to translation function call
* Fix: Corrected inconsistent styling of switch controls
* Change: Made MySQLi storage engine the default for Flywheel hosted sites
Fix: Prevented bundled sodium_compat library from conflicting with versions included with older WordPress versions
* Improvement: Added support for processing arrays of files in the WAF
* Improvement: Refactored security event processing to send events in bulk
* Improvement: Updated bundled sodium_compat and random_compat libraries
* Fix: Prevented deprecation warning caused by dynamic property creation
* Fix: Added translation support for additional strings
* Change: Adjusted Wordfence registration UI
- Improvement: Added translation support for strings from login security plugin
- Improvement: Added translator notes regarding word order and hidden text
- Improvement: Added translation support for additional strings
- Improvement: Prevented scans from failing if unreadable directories are encountered
- Improvement: Added help link to IPv4 scan option
- Improvement: Updated scan result text to clarify meaning of plugins removed from wordpress.org
- Improvement: Made “Increased Attack Rate” emails actionable
- Improvement: Updated GeoIP database
- Improvement: Updated JavaScript libraries
- Fix: Corrected IPv6 address expansion
- Fix: Ensured long request payloads for malicious requests are recorded in live traffic
- Fix: Prevented “commands out of sync” database error messages when the database connection has failed
- Fix: Prevented rare JSON encoding issues from breaking free license registration
- Fix: Prevented PHP notice from being logged when request parameter is missing
- Fix: Prevented deprecation warning in PHP 8.1
- Change: Moved detection for old TimThumb files to malware signature
- Change: Moved translation file from .po to .pot
- Change: Renamed “Macedonia” to “North Macedonia, Republic of”
- Improvement: Added exception handling to prevent WAF errors from being fatal
- Fix: Corrected error caused by method call on null in WAF
- Change: Deprecated support for PHP 5.5 and 5.6, ended support for PHP 5.3 and 5.4
- Change: Specified WAF version parameter when requesting firewall rules