Wordfence Security Premium 8.0.5 Nulled

* Change: CAPTCHA verification when enabled now additionally applies to 2FA logins (may send an email verification on low scores) and no longer reveals whether a user exists for the submitted account credentials (credit: Raxis)
* Fix: Addressed a potential PHP 8 notice in the human/bot detection AJAX call
* Fix: Addressed a potential PHP 8 notice when requesting a lockout unlock verification email
* Fix: Fixed the emailed diagnostics view not showing the missing table information when applicable
* Fix: Improved quick scan logic to base timing on regular scans so they're more evenly distributed

* Fix: Fixed an issue with sites containing invalid Wordfence Central site data where they could throw an error when viewing Wordfence pages

* Improvement: Enhanced the vulnerability scan to check and alert for WordPress core vulnerabilities and to adjust the severity of the scan result based on findings or available updates
* Improvement: Updated the bundled GeoIP database
* Improvement: Increased compatibility of brute force protection with plugins that override the normal login flow and omit traditional hooks
* Change: Adjusted the behavior of automatic quick scans to schedule themselves further away from full scans
* Fix: Added detection for a site being linked to a non-matching Wordfence Central record (e.g., when cloning the database to a staging site)
* Fix: Streamlined the license and terms of use installation flow to avoid unnecessary prompting
* Fix: Fixed an issue where user profiles with a selected locale different from the site itself could end up loading the site's locale instead

* Improvement: Added ".env" to the files checked for "Scan for publicly accessible configuration, backup, or log files"
* Improvement: Provided better descriptive text for the option "Block IPs who send POST requests with blank User-Agent and Referer"
* Improvement: The diagnostics page now displays the contents of any `auto_prepend_file` .htaccess/.user.ini block for troubleshooting
* Fix: Fixed an issue where a login lockout on a WooCommerce login form could fail silently
* Fix: The scan result for abandoned plugins no longer states it has been removed from wordpress.org if it is still listed
* Fix: Addressed an exception parsing date information in non-repo plugins that have a bad `last_updated` value
* Fix: The URL scanner no longer generates a log warning when matching a potential URL fragment that ends up not being a valid URL

* Improvement: Added new functionality for trusted proxy presets to support proxies such as Amazon CloudFront, Ezoic, and Quic.cloud
* Improvement: WAF rule and malware signature updates are now signed with SHA-256 as well for hosts that no longer build SHA1 support
* Improvement: Updated the bundled trusted CA certificates
* Change: The WAF will no longer attempt to fetch rule or blocklist updates when run via WP-CLI
* Fix: Removed uses of SQL_CALC_FOUND_ROWS, which is deprecated as of MySQL 8.0.17
* Fix: Fixed an issue where final scan summary counts in some instances were not sent to Central
* Fix: Fixed a deprecation notice for get_class in PHP 8.3.0
* Fix: Corrected an output error in the connectivity section of Diagnostics in text mode

Fix: Compatibility fix for WordPress 6.4 on the login page styling

Fix: Addressed an issue with multisite installations when the wp_options tables had different encodings/collations

* Improvement: Updated the bundled GeoIP database
* Improvement: Added detection for Cloudflare reverse proxies blocking callbacks to the site
* Change: Files are no longer excluded from future scans if a previous scan stopped during their processing
* Fix: Added handling for the pending WordPress 6.4 change that removes $wpdb->use_mysqli
* Fix: The WAF MySQLi storage engine will now work correctly when either DB_COLLATE or DB_CHARSET are not defined
* Fix: Added additional error handling to Central calls to better handle request failures or conflicts
* Fix: Addressed a warning that would occur if a non-repo plugin update hook did not provide a last updated date
* Fix: Fixed an error in PHP 8 that could occur if the time correction offset was not numeric
* Fix: 2FA AJAX calls now use an absolute path rather than a full URL to avoid CORS issues on sites that do not canonicalize www and non-www requests
* Fix: Addressed a race condition where multiple concurrent hits on multisite could trigger overlapping role sync tasks
* Fix: Improved performance when viewing the user list on large multisites
* Fix: Fixed a UI bug where an invalid code on 2FA activation would leave the activate button disabled
* Fix: Reverted a change on error modals to bring back the additional close button for better accessibility

no changelog for this version

* Improvement: Updated GeoIP database
* Fix: Added missing text domain to translation function call
* Fix: Corrected inconsistent styling of switch controls
* Change: Made MySQLi storage engine the default for Flywheel hosted sites