Real Time Scanning Hits WordFence Security
Last week WordFence put out a new update that was relatively minor but made some potential impact for larger sites. However the previous version updates over the past month have made several changes that are of greater interest.
One highly sought after feature is the implementation of real time scanning both for security scans (version 6.1.16) and uploaded files (version 6.2.1). This real time scanning feature looks for both malware and PHP code. Both of which can cause serious issues with your website.
While I would not expect this feature to make a major impact on single user blogs, (hopefully your not uploading corrupted files to your own blog), but should have a considerable impact on multi user sites.
Too many people have encountered problems with corrupt uploads that were placed onto a site by a user. This is unfortunately very easy to accomplish as all a user needs to to is “play nice” until they have the privilege to upload files. Once that happens, they upload files that the admin may not always confirm. A violation of trust to the unsuspecting admin or site owner. It’s reason like this I became a security specialist.
Falcon Cache Has Been Removed
Another feature here is quite important and that is the removal of the Falcon Cache engine as part of the WordFence Security plugin.
Seen here: We are removing Falcon Cache from Wordfence.
Wordfence has decided to remove their popular caching function stating “They are a security team, not caching programmers”. This took affect during the 6.2.1 update and should no longer be active for anyone doing automatic updates. Please also note, the WordFence has suggested that you contact your hosting provider as well to make sure what if any caching features they have implemented as these could affect your performance regardless of caching plugin.
The WordFence team has made a suggestion that the “Falcon Cache Code” could be implemented by anyone wishing to partake of that project. Perhaps someone will take them up on that offer.
Along with a dozen or more fixes and updates over the last month make sure to keep this plugin up to date. WordFence has been also making some major changes. There will always be the potential that these changes might cause site issues depending on your settings. )for instance losing caching will slow your site down)
WordFence Catches CloudFlare WAF Issues
Also from WordFence, they have also caught some security issues with concerns to CloudFlare users. This should mostly affect those users not using WordFence, and I’ll take a greater look at that in another post. For now if you are not using WordFence, but are using CloudFlare you may still be at risk of sever intrusion:
WorDfence is and has been our Go To security plugin for some time now. It will still remain so. I have not personally used the Falcon Caching engine on any sites so this will likely not impact any of our sites. The team will be focusing more on security concerns and hopefully this means they will be able to pick up some slack on the support issues that have arisen lately.
Make sure that you create a backup file of your site before you upgrade this plugin, especially if you are using the caching feature. In fact I would recommend the following steps:
- Disable the caching feature
- Then Update the plugin
The plugin will automatically disable the chace, but this may not guarantee that the edits will be made to the Htaccess file, which could cuase problems later on.
Last Updated: 10/13/2016
Requires: 3.9+ or higher
Compatible up to: 4.6.1
Average 5-Star Rating: 4.8
Fix: Replaced a slow query in the dashboard widget that could affect sites with very large numbers of users.
Improvement: Now performing real time scanning for PHP code in all uploaded files.
Improvement: Improved handling of bad characters and IPv6 ranges in Advanced Blocking.
Improvement: Live traffic and scanning activity now display a paused notice when real-time updates are suspended while in the background.
Improvement: The file system scan alerts for files flagged by antivirus software with a ‘.suspected’ extension.
Improvement: New alert option to get notified only when logins are from a new location/device.
Change: First phase for removing the Falcon cache in place, which will add a notice of its pending removal.
Fix: Included country flags for Kosovo and Curaçao.
Fix: Fixed the .htaccess directives used to hide files found by the scanner.
Fix: Dashboard widget shows correct status for failed logins by deleted users.
Fix: Removed duplicate issues for modified files in the scan results.
Fix: Suppressed warning from reverse lookup on IPv6 addresses without valid DNS records.
Fix: Fixed file inclusion error with themes lacking a 404 page.
Fix: CSS fixes for activity report email.
Improvement: Massive performance boost in file system scan.
Improvement: Added low resource usage scan option for shared hosts.
Improvement: Aggregated login attempts when checking the Wordfence Security Network for brute force attackers to reduce total requests.
Improvement: Now displaying scan time in a more readable format rather than total seconds.
Improvement: Added PHP7 compatible .htaccess directives to disable code execution within uploads directory.
Fix: Added throttling to sync the WAF attack data.
Fix: Removed unnecessary single quote in copy containing “IP’s”.
Fix: Fixed rare, edge case where cron key does not match the key in the database.
Fix: Fixed bug with regex matching carriage returns in the .htaccess based IP block list.
Fix: Fixed scans failing in subdirectory sites when updating malware signatures.
Fix: Fixed infinite loop in scan caused by symlinks.
Fix: Remove extra slash from “File restored OK” message in scan results.
Fix: Replaced calls to json_decode with our own implentation for hosts without the JSON extension enabled.
Improvement: Now performing real time scanning for malware on all uploaded files.
Improvement: Added Web Application Firewall activity to Wordfence summary email.
Fix: Now using 503 response code in the page displayed when an IP is locked out.
Fix: wflogs directory is now correctly removed on uninstall.
Fix: Fixed recently introduced bug which caused the Whitelisted 404 URLs feature to no longer work.
Fix: Added try/catch to uncaught exception thrown when pinging the API key.
Improvement: Improved performance of the Live Traffic page in Firefox.
Improvement: Updated GeoIP database.
Improvement: Removed file-based config caching, added support for caching via WordPress’s object cache.
Improvement: Whitelisted Uptime Robot’s IP range.
Fix: Notify users if suPHP_ConfigPath is in their WAF setup, and prompt to update Extended Protection.
Fix: Fixed bug with allowing logins on admin accounts that are not fully activated with invalid 2FA codes when 2FA is required for all admins.
Fix: Removed usage of wp_get_sites() which was deprecated in WordPress 4.6.
Fix: Fixed PHP notice from Undefined index: url with custom/premium plugins.
Improvement: Converted the banned URLs input to a textarea.
Improvement: Support downloading a file of 2FA recovery codes.
Fix: Fixed PHP Notice: Undefined index: coreUnknown during scans.
Improvement: Add note to options page that login security is necessary for 2FA to work.
Fix: Fixed WAF false positives introduced with WordPress 4.6.
Improvement: Update Geo IP database.
Fix: Fixed fatal error on sites running Wordfence 6.1.11 in subdirectory and 6.1.10 or lower in parent directory.
Fix: Added a few common files to be excluded from unknown WordPress core file scan.
Overall we are glad to see the many features and changes that have been made to WordFence. we look forward to seeing how they move into the future with a more security focused team. It would be nice to see someone pick up the coding for the cache feature. Who knows, maybe one day I’ll take a look at it. If nothing else, having the features of real time scanning to make your site safer inot the future then these updates should be well worth the effort.