Maintenance release out Version 6.0.19

Hi – I’m getting an alert from wordfence that looks a bit worrying. The site has been under prolonged attack for a couple of days – some plugins were changed.
Hope this isn’t a sneaky hack – noting that when I look at installed plugins it says I’m running version 6.0.19

This is copied from the wordfence alert:
Current Plugin Version: 6.0.17
New Plugin Version: 6.0.19
Severity: Critical
Status New
You need to upgrade “Wordfence Security” to the newest version to ensure you have any security fixes the developer has released. Click here to update now.

Our site is:
https://www.melharris.co.uk

On all my installations I have email alerts set to only trigger for critical issues. The current update to 6.0.19 seems to have changed the options so that emails are triggered for everything. I guess this could give some people the impression they’re suddenly under more sustained attack than normal, but as far as I can tell this is just the change of options.

Well, “just” the change of options… Hardly a minor thing. I can’t think why a plugin would think it’s got the right to change user options like this?

Not just me then…

Yep – I have the same – having to log into all sites to reset the settings.

Hello
The update is causing some of my sites to break and it is displaying the following error. I have had to restore previous version.

Parse error: syntax error, unexpected end of file, expecting function (T_FUNCTION) in /home/public_html/wp-content/plugins/wordfence/lib/wfLog.php on line 1249

Same error more than one site but not all sites..

Hi,

This update overrides some preferences in options. I had unchecked “Alert me when someone with administrator access signs in” and after the update this option was ticked so I got an email once I signed as administrator.

That’s the only issue i’ve found so far.

I had the same experience with the update undoing/overriding the options I had set and getting a deluge of attack messages.

Joining the chorus stating this update enables a lot of options that were previously disabled.

Hi All,

We have released a fix that addresses a bug introduced with the release that went out 15 hours ago. The issue is that if a Wordfence options checkbox is unchecked and is different from the default setting, the release resets the Wordfence setting to the default setting of checked.

Obviously this is a significant issue which our code review and QA process missed. We clearly need to improve things further. We are already investigating how this bug crept into our release process without being detected and are putting processes in place to prevent this from happening in future. This will include additional QA, a more thorough code review and a few other changes.

Please update immediately.