Plugin Update – Wordfence Security 6.2.0

Recent WordFence Security Update Bringing PHP7 Closer

WordFence Security team looks to be moving forward into the future of PHP. Along this line they have included several new improvements that are designed to increase your site speed.

With PHP 7 being the newest release of PHP available to the public, it is nice to see that plugin developers are working hard to incorporate the many updates and enhanced features that will come along.

PHP 7 is likely going to be an extremely welcomed release and upgrade once all the bugs for developers to upgrade to it. Among the most common reasons PHP7 is being so highly anticipated among the web community include:

  • Considerable speed increase – PHP 7 is nearly twice as fast as version 5.6. Who wouldn’t want faster page loads?
  • New PHP Zend Engine – PHP#NG (Next Generation)
  • Better Error Handling – Making development much faster and easier to troubleshoot.
  • Native 64-Bit Windows Integers – Really damm big numbers and file usage wont break Windows.
  • Accurate Type Declarations – Allow developers to denote that they are expecting integers, floats, strings, or booleans to be returned
  • Anonymous Classes – Used well, they can speed up coding as well execution time.

 

Unfortunately the recent improvement of “Adding PHP& compatible .htaccess directives” does not entirely seem like a start in the right direction..

As seen here, disabling code execution in sub-folders is not a specific function of PHP7:


<FilesMatch “\.(php|php\.)$”>
Order Allow,Deny
Deny from all
</FilesMatch>

 

Htaccess rules have been out for some time and this should be a relatively old one for anyone keeping up-to-date with any basic WordPress Security. I like the guys over there are WordFence so I am unsure of they put in a typo, or exactly what they had in mind for this new feature. I would love for some clarification since Htaccess rules are primarily the domain of the Web-server software that is being run, such as Apache or NginX.

I applaud their efforts to speed up the plugin, particularly the scan feature. This feature does run rather slow, and on shared servers it can be quite cumbersome. I am glad to see them implement an option to lower resource usage in order to help those who are running on shared servers.

From WordFence Security:

[WordPress Security] 18X Speedup in Wordfence Scan
Wordfence [email protected] via aweber.com
11:37 AM (11 hours ago)

Yesterday we released Wordfence 6.2.0 which includes huge gains in scan performance. Specifically we focused on reducing IO load and managed to knock it out of the park.

On sites of around 680 megabytes, we managed to reduce the amount of data read during a scan by over 18 times. We achieved this with absolutely zero reduction in the number of files we scan or the number of scan signatures we use. The scan is just as effective, only way faster.

This was a collaborative effort where we worked closely with our customers and hosting providers to achieve this remarkable improvement in scan performance.

Wordfence 6.2.0 also includes a new “low resource” scan which provides exactly the same scan but significantly reduces peak scan load on severely resource constrained servers.

To read about how we achieved this incredible gain in performance and about the new “low resource” scan, visit our blog for the full story and a few benchmarks….

 

Also, it seems they have fixed a potential infinite looping scan. I have encountered this particularly when the scan was triggered manually. So much so that I generally refrained from even attempting to manually scan the sites.

Still by far one of the best WordPress security plugins there is, the WordFence security team is still dropping the ball a little with support issues. As of this posting there are 67 of 264 support tickets answered over the last 2 months.

Unfortunately this also includes a dozen or so issues that may be related to the most recent update to the 6.2.0 version. WordFence Security Support Forum @WordPress

As there are no real security updates in this patch, it might be wise to wait a day or two o at least backup the version of your plugin in the event you update it and problems arise.

 

Wordfence Security

Version: 6.2.0
Author: WordFence
Last Updated: 9/27/2016
Requires: 3.9+ or higher
Compatible up to: 4.6.1
Average 5-Star Rating: 5

6.2.0

  • Improvement: Massive performance boost in file system scan.
  • Improvement: Added low resource usage scan option for shared hosts.
  • Improvement: Aggregated login attempts when checking the Wordfence Security Network for brute force attackers to reduce total requests.
  • Improvement: Now displaying scan time in a more readable format rather than total seconds.
  • Improvement: Added PHP7 compatible .htaccess directives to disable code execution within uploads directory.
  • Fix: Added throttling to sync the WAF attack data.
  • Fix: Removed unnecessary single quote in copy containing “IP’s”.
  • Fix: Fixed rare, edge case where cron key does not match the key in the database.
  • Fix: Fixed bug with regex matching carriage returns in the .htaccess based IP block list.
  • Fix: Fixed scans failing in subdirectory sites when updating malware signatures.
  • Fix: Fixed infinite loop in scan caused by symlinks.
  • Fix: Remove extra slash from “File restored OK” message in scan results.