Skip to main content

Changelog

v1.0.7

January 30, 2026

New Features

  • Googlebot Whitelist Card: New card in Firewall page with Sync Now button and Show/Hide toggle.
  • Redesigned Setup Wizard: Simplified 2-step flow (Choose Mode → Activate).
  • Progress Bar Animation: Professional progress bar animation during wizard activation.
  • Settings Reorganization: Improved card groupings on Settings page.

Bug Fixes

  • Googlebot Option: Fixed whitelist_googlebot option not being saved in Settings.
  • Wizard AJAX: Fixed action name mismatch causing wizard to hang at 100%.
  • JavaScript Error: Fixed "vietshieldWizard is not defined" error in wizard.
  • Wizard UI: Fixed duplicate "Recommended" text in wizard mode selection.
  • Threat Intelligence Sync: Fixed not syncing after wizard completion.
  • About Tab: Fixed Plugin Information icon size/alignment.
  • Learning Mode: Fixed selection being lost when navigating to step 2 (now single-page flow).

v1.0.6

January 30, 2026

Bug Fixes

  • Translation Warning: Fixed _load_textdomain_just_in_time warning on block page.
  • CAPTCHA Challenge: Fixed not triggering for some attack types.

Improvements

  • Block Page Message: Now displays specific attack message for better user understanding.

v1.0.5

January 30, 2026

New Features

  • Auto-Update from GitHub: Plugin now supports automatic updates directly from GitHub Releases.
  • Release Check: Automatically checks for new releases every 12 hours.
  • Update Notification: Shows update notification in WordPress admin when new version available.
  • View Details Popup: Shows changelog from GitHub release in "View Details" popup.
  • One-Click Update: Update directly from Plugins page with one click.

v1.0.4

January 29, 2026

New Features

  • CAPTCHA Challenge: Optional CAPTCHA verification instead of blocking for suspicious requests.
  • Multi-CAPTCHA Support: Supports Google reCAPTCHA v2/v3, Cloudflare Turnstile, and hCaptcha.
  • Country Blocking Mode: New "Allow Selected Countries Only" option for stricter geo-blocking.

Improvements

  • RCE Protection Default: Now defaults to OFF in setup wizard to prevent false positives.
  • Wizard z-index: Set to 9985 to prevent notification overlapping.
  • Attack Type Standardization: Standardized attack_type to 'threat_intelligence' across all code.

v1.0.3

January 29, 2026

Bug Fixes

  • Wizard Setup 403 Error: Fixed 403 Forbidden error at step 3 when completing the setup wizard.
  • Nonce Verification: Fixed nonce verification mismatch in wizard AJAX handlers.
  • RCE False Positives: Fixed RCE false positives with marketing/tracking parameters (e.g., typ=organic|||src=google|||id=(none)).
  • Block Page CSS: Fixed block page CSS styling issues for responsive design.
  • Threats Sharing Sync: Fixed country_block attack type being incorrectly synced to Threats Sharing API.

Improvements

  • Wizard Completion: Wizard "Complete Setup" button now works correctly.
  • RCE Whitelist Patterns: Enhanced RCE whitelist patterns to support ||| delimiter format used by marketing tracking.
  • Injection Detection: Advanced injection detection patterns to avoid matching marketing parameters.
  • Global Rate Limit: Increased default from 100 to 250 requests per minute.
  • 403 Block Page: Professional redesigned with glassmorphism, animations, and improved accessibility. Responsive design optimized for all devices.

v1.0.2

January 21, 2026

New Features & Improvements

  • Smart Timezone Sync: Removed manual timezone configuration. The WAF now automatically synchronizes with your WordPress timezone settings for accurate logging.
  • Cloudflare Integration: Added native support for Cloudflare Trusted Proxies. The WAF automatically fetches and trusts Cloudflare IP ranges to prevent false positives when behind their proxy.
  • Automated Whitelist Updates: Implemented daily automated synchronization for Googlebot IP ranges and Cloudflare IPs to ensure your whitelist is always up-to-date.
  • Attack Type Classification: Enhanced Early Blocker to intelligently assign attack types (e.g., ip_blacklist, threat_intelligence) based on block reasons, improving log accuracy.

Bug Fixes

  • Persistent Block IDs: Fixed issue where Block IDs were regenerating on every reload. Block IDs now persist for 1 hour for the same IP and attack type, ensuring consistency and preventing log spam.
  • Threat Sharing Sync: Fixed critical issue where IPs blocked by High-Performance Early Blocker (Threat Intelligence) were not being synced to the Threat Sharing API.
  • Block Labeling: Fixed incorrect display of "TEMP_BLOCK" for permanently blacklisted IPs. Manual Blacklist blocks now correctly show as "IP_BLACKLIST".
  • Timezone Consistency: Fixed double timezone conversion issues in Live Traffic and Login Security views. All logs are now consistently stored in UTC and displayed in the user's local timezone.
  • Login Security Logging: Fixed an issue where login attempts were stored in local time, causing incorrect timestamps (future dates) in the dashboard.

v1.0.1

January 20, 2026

Bug Fixes

  • Dashboard z-index: Fixed issue where other plugin notifications were overlapping VietShield WAF dashboard. Dashboard now uses higher z-index priority (100001+) to always display on top.
  • Live Traffic Block ID: Fixed empty Block ID when visitor is blocked with Brute Force attack type. Block ID is now generated for all blocked requests including brute force attacks.
  • Attack Type Filter: Added missing attack types to Live Traffic filter dropdown: Brute Force, Threat Intelligence, Enumeration, Rate Limit, XML-RPC, and SSRF.
  • Threats Sharing: Fixed issue where brute force attacks were not being queued for submission to Intelligence API. All blocked IPs (including brute force) are now properly shared.
  • Metadata Retrieval: Improved IP metadata (country_code, as_number) retrieval when queueing threats. Metadata is now fetched from cache/threat intel table before queueing to reduce API calls.
  • RCE Whitelist Sanitization: Fixed TypeError when saving RCE whitelist patterns. Now properly handles both array and string inputs from textarea.

Improvements

  • RCE Rule Default: Remote Code Execution (RCE) protection is now OFF by default on fresh installs to prevent false positives with Google Ads and legitimate ad services.
  • RCE Whitelist Management: Added comprehensive regex-based whitelist system for RCE rules. Pre-configured with Google Ads patterns (gclid, utm_*, gad_*, safeframe.googlesyndication.com, etc.) to prevent blocking legitimate traffic.
  • RCE Detection Enhancement: Improved RCE detection to check whitelist patterns before blocking. Whitelist applies to both RCE detection and advanced injection detection rules.
  • Threats Sharing Metadata: Enhanced metadata enrichment for threat IPs. Automatically fetches country and ASN information from threat intel table or existing logs before queueing, reducing API calls during submission.
  • CSS Styling: Added CSS styles for new attack types (brute_force, threat_intel, xmlrpc, ssrf) in Live Traffic view for better visual identification.

v1.0.0

January 16, 2026

Advanced Web Application Firewall

Core protection engine that blocks malicious requests in real-time.

  • SQL Injection (SQLi): Blocks UNION SELECT, time-based, and error-based attacks.
  • Cross-Site Scripting (XSS): Prevents reflected and stored script injection.
  • RCE / LFI: Stops remote code execution, shell commands, and path traversal attempts.
  • Bad Bots & Scanners: Automatically identifies and blocks tools like SQLMap, Nikto, and Nuclei.
  • Dual Modes: Switch between "Learning Mode" (log only) and "Protecting Mode" (active blocking).

Live Traffic & Analytics

Monitor who is visiting your site with zero latency impact.

  • Real-time Monitoring: Watch requests hitting your site live with detailed metadata.
  • Detailed Insights: View IP Country, ASN (ISP), and specific Attack Details (Rule ID, Payload).
  • Instant Action: One-click "Block" on suspicious requests to instantly ban IPs.

IP Management & Firewall

Comprehensive access control lists and automated rules.

  • Whitelist: Trusted IPs (admins, gateways) bypass WAF checks.
  • Blacklist: Permanently blocked malicious IPs.
  • Auto-Blocks: Temporary bans for rate limiting or brute-force (auto-release).
  • Geo-Blocking: Block all traffic from high-risk countries.

Threat Intelligence

  • Community Feed: Syncs threat data from VietShield Network (1/7/30-day).
  • Auto-Whitelist: Validates Googlebot daily and supports Cloudflare IPs.

Malware & Integrity

  • WP Core Scanner: Verifies core files against official repo.
  • Malware Scanner: Detects backdoors, shells, and hazardous code.

Login Security

  • Brute Force Protection: Limits failed login attempts per IP.
  • Smart Lockout: Temporarily bans IPs after failed attempts.

Bot & Auth Protection

  • Honeypot Fields: Invisible fields to trap and identify bots.
  • Author Enumeration: Blocks username discovery attempts.