* Fix: Fixed issue with some i18n plugins/themes when a user has no 2FA recovery codes
* Fix: Toggled options with additional help links now correctly open the link rather than toggling the option
* Fix: Country Blocking editing fixed when there are multiple pages of block rules
* Fix: Added better error handling to the initial Vue data load
* Fix: Handled error when logging in using legacy 2FA with separate prompts enabled
* Improvement: Migrated all deprecated JavaScript libraries in use to a Vue-based infrastructure
* Improvement: GeoIP database update
* Improvement: Better coverage of `aria-` accessibility attributes
* Improvement: Added `translators` comments to translatable strings where previously missing
* Fix: WordPress 7.0 compatibility fixes
* Note: Legacy two factor authentication using SMS-based codes will be discontinued around July 1, 2026. Sites using this functionality should migrate users to the TOTP-based two factor authentication on the Login Security page of the plugin
* Fix: Fixed an issue with `inet_pton` introduced by a recent patch to PHP 8.1+ that could cause a fatal error if a malformed IP address was passed to the call
* Improvement: Updated the bundled geoip database
* Note: Verified compatibility with WordPress 6.9
* Improvement: Improved localization support for the various block screens and messages
* Improvement: Updated the bundled geoip database
* Improvement: Prioritized Wordfence tables in the diagnostics tool when large numbers of tables exist
* Improvement: Allow non-US Google crawler IP addresses to pass country blocking
* Improvement: Enforcement of password strength requirements is now applied on the corresponding REST API endpoints
* Fix: Fixed detection for first-time logins and overall sending for login alerts when the corresponding settings are enabled
* Fix: When the WAF is using the mysql storage engine, fixed an issue with exclusion rules for the WAF not running correctly
* Fix: Reduced per-hit database query load around checking license status for free installations
* Fix: Optimized data sync with the WAF to better detect when the known server IP address list has changed
* Improvement: Added password scanning support for WordPress 6.8 and later
* Improvement: Limited email alerts to 5 per hour by default and added notification when limit has been reached
* Improvement: Improved URL scanning performance
* Improvement: Updated GeoIP database
* Change: Reduced scan result severity for vulnerabilities with high attack complexity or required privileges
* Change: Added messaging around WAF support when NGINX Unit is detected
* Change: Added notice and scan result about Wordfence Assistant
* Change: Adjusted IPv6 connection issue message and appearance
* Fix: Prevented deprecation notice about calling base64_encode with null parameter
* Fix: Prevented deprecation message about calling preg_match with null parameter
* Fix: Corrected license type shown on dashboard when expiring
* Fix: Prevented disabled getmyuid function from causing fatal error
* Fix: Prevented disabled get_current_user function from causing fatal error
* Fix: Prevented notice about _load_textdomain_just_in_time being called incorrectly
* Improvement: Improved error handling and messaging for some responses from our servers
* Improvement: Added messaging when a site may be using the same free license shared among multiple sites because it can cause the sites to use the same scan schedule rather than spreading out the load
* Improvement: Updated the readme content and formatting