{"schema_version": 1, "results": [{"id": 13, "slug": "block-ai-crawlers", "version": "2.3.6", "date": "2026-06-22T00:00:00+00:00", "title": "Block AI crawlers with one click", "summary": "A new firewall toggle blocks known AI and LLM crawlers — GPTBot, ChatGPT-User, OAI-SearchBot, ClaudeBot, PerplexityBot, Google-Extended, CCBot and Bytespider — before WordPress loads, with allowlisted bots always passing first.", "body": "<p>AI and LLM crawlers now have a single firewall switch (default off). Turn it on and known agents — GPTBot, ChatGPT-User, OAI-SearchBot, ClaudeBot, PerplexityBot, Google-Extended, CCBot and Bytespider — are blocked before WordPress loads.</p>\n<h3>Verified, never spoofable</h3>\n<p>Identity is confirmed by published IP range, forward-confirmed reverse-DNS, or ASN. A faked user-agent is never blocked on its name alone — it falls through to the WAF.</p>\n<h3>Allowlist always wins</h3>\n<p>Bots you have explicitly allowlisted pass first, even with the toggle on. Precedence: allowlist &gt; AI-block &gt; WAF.</p>\n<h3>See what was blocked</h3>\n<p>A new admin panel lists recent AI-crawler blocks with a one-click “Allow this bot” action that moves a bot to your allowlist.</p>", "buckets": {}, "topic": "bot-ai", "tiers": ["free", "premium"], "media_url": null, "admin_anchor": null, "sort_order": 13}, {"id": 1, "slug": "geo-locked-urls", "version": "2.3.5", "date": "2026-06-21T00:00:00+00:00", "title": "Lock any URL to the countries you choose", "summary": "Restrict a single page \u2014 checkout, wp-admin, or a regional page \u2014 to visitors from specific countries, without blocking the rest of your site.", "body": "", "buckets": {}, "topic": "new-features", "tiers": ["free", "premium"], "media_url": null, "admin_anchor": null, "sort_order": 12}, {"id": 2, "slug": "sitemap-support-seo-plugins", "version": "2.3.5", "date": "2026-06-21T00:00:00+00:00", "title": "Search engines can always reach your sitemaps", "summary": "Sitemaps from popular SEO plugins are recognized, so trusted crawlers are never blocked by the firewall.", "body": "", "buckets": {}, "topic": "fixes", "tiers": ["free", "premium"], "media_url": null, "admin_anchor": null, "sort_order": 11}, {"id": 3, "slug": "export-waf-log-csv", "version": "2.3.5", "date": "2026-06-21T00:00:00+00:00", "title": "Export your firewall log to CSV", "summary": "Download the attack log and firewall summary as CSV for reporting, audits, and offline analysis.", "body": "", "buckets": {}, "topic": "new-features", "tiers": ["free", "premium"], "media_url": null, "admin_anchor": null, "sort_order": 10}, {"id": 4, "slug": "faster-tools-live-traffic", "version": "2.3.5", "date": "2026-06-21T00:00:00+00:00", "title": "A faster Tools page with live traffic", "summary": "The Tools page loads faster, with infinite-scroll live traffic and background reverse-DNS for smoother browsing.", "body": "<p>The Tools page's live-traffic monitor was the slowest screen in the plugin. On a busy site with a cold cache, opening it could hang for several seconds before a single row appeared. We rebuilt how it loads \u2014 now the table renders with the page, and the work that used to block it happens in the background.</p>\n<figure><img src=\"/VMPSecurity.com/wp-content/themes/VMP/assets/img/whats-new/live-traffic-perf.svg\" alt=\"Live Traffic load time: before about 6.2 seconds worst case, after about 25 milliseconds\" loading=\"lazy\"><figcaption>Live Traffic data load \u2014 worst case (200 rows, cold DNS cache). Measured 2026-06-20.</figcaption></figure>\n<h3>What was slow</h3>\n<ul>\n<li><strong>A live DNS lookup for every row.</strong> Rendering the table ran a blocking reverse-DNS (<code>gethostbyaddr()</code>) for each visitor IP while you waited \u2014 up to ~6 seconds on a cold cache full of fresh attacker IPs.</li>\n<li><strong>Five round-trips just to open the page.</strong> The table and its menus were fetched by JavaScript after load, each paying ~400 ms of WordPress + plugin bootstrap.</li>\n</ul>\n<h3>What we changed</h3>\n<ul>\n<li><strong>DNS moved off the request.</strong> The page now reads a hostname cache only; a background job resolves names (a one-minute drain plus a daily refresh).</li>\n<li><strong>The table renders with the page.</strong> Zero AJAX on load, the redundant calls removed, and the rest streams in with cursor-based infinite scroll as you scroll.</li>\n</ul>\n<h3>The numbers</h3>\n<table>\n<thead><tr><th scope=\"col\">Live Traffic data load</th><th scope=\"col\">Before</th><th scope=\"col\">After</th></tr></thead>\n<tbody>\n<tr><td>50 rows</td><td class=\"before\">477 ms</td><td class=\"after\">12 ms</td></tr>\n<tr><td>100 rows</td><td class=\"before\">850 ms</td><td class=\"after\">23 ms</td></tr>\n<tr><td>200 rows (worst case)</td><td class=\"before\">6,230 ms</td><td class=\"after\">~25 ms</td></tr>\n<tr><td>Live poll (every 10s)</td><td class=\"before\">~450 ms</td><td class=\"after\">8 ms</td></tr>\n<tr><td>admin-ajax calls on load</td><td class=\"before\">5</td><td class=\"after\">0</td></tr>\n</tbody>\n</table>\n<p class=\"vmp-wn-note\">The 6.2 s figure is the worst case \u2014 200 rows on a cold DNS cache; a typical load was about 0.5 s. Honest headline: roughly 97% faster (up to 99% in the worst case).</p>\n<h3>A faster floor underneath everything</h3>\n<p>We also primed the plugin's configuration cache. Reading a setting used to hit the database twice on a cache miss, so a single request could fire hundreds of tiny queries. Now the whole config table loads once per request and every read is served from memory.</p>\n<table>\n<thead><tr><th scope=\"col\">Full config read (216 keys)</th><th scope=\"col\">Before</th><th scope=\"col\">After</th></tr></thead>\n<tbody>\n<tr><td>Database queries</td><td class=\"before\">432</td><td class=\"after\">2</td></tr>\n<tr><td>Time</td><td class=\"before\">341 ms</td><td class=\"after\">2.9 ms</td></tr>\n</tbody>\n</table>\n<p class=\"vmp-wn-note\">That is the full-config worst case; a typical request reading ~30 keys drops from ~60 queries to 2. On a remote database the saving is larger.</p>\n<blockquote>Live Traffic loads about 97% faster, and every request makes up to ~430 fewer database queries. Measured 2026-06-20.</blockquote>", "buckets": {}, "topic": "general", "tiers": ["free", "premium"], "media_url": null, "admin_anchor": null, "sort_order": 9}, {"id": 5, "slug": "precision-bot-detection", "version": "2.3.4", "date": "2026-06-16T00:00:00+00:00", "title": "Sharper bot detection, fewer false blocks", "summary": "Bots are matched by their exact user-agent signature, so real visitors and browsers pass through while threats are stopped.", "body": "", "buckets": {}, "topic": "bot-ai", "tiers": ["free", "premium"], "media_url": null, "admin_anchor": null, "sort_order": 8}, {"id": 6, "slug": "expanded-trusted-crawlers", "version": "2.3.4", "date": "2026-06-16T00:00:00+00:00", "title": "More trusted crawlers recognized out of the box", "summary": "Google, Bing, ClaudeBot, ChatGPT, Ahrefs and more are recognized, keeping your site visible in search and AI results.", "body": "", "buckets": {}, "topic": "bot-ai", "tiers": ["free", "premium"], "media_url": null, "admin_anchor": null, "sort_order": 7}, {"id": 7, "slug": "ipv6-trusted-bots", "version": "2.3.4", "date": "2026-06-16T00:00:00+00:00", "title": "Trusted-bot verification now covers IPv6", "summary": "Bot verification works across IPv6 networks, with refreshed Anthropic Claude address ranges.", "body": "", "buckets": {}, "topic": "bot-ai", "tiers": ["free", "premium"], "media_url": null, "admin_anchor": null, "sort_order": 6}, {"id": 8, "slug": "custom-bot-allowlist", "version": "2.3.3", "date": "2026-06-09T00:00:00+00:00", "title": "Allowlist ChatGPT and Claude crawlers safely", "summary": "One-click presets for GPTBot, ChatGPT-User, OAI-SearchBot and Claude, each verified against official IP lists refreshed daily.", "body": "", "buckets": {}, "topic": "bot-ai", "tiers": ["free", "premium"], "media_url": null, "admin_anchor": null, "sort_order": 5}, {"id": 9, "slug": "cancel-running-scans", "version": "2.3.1", "date": "2026-05-21T00:00:00+00:00", "title": "Cancel a running scan anytime", "summary": "Stop a scan at the next safe checkpoint \u2014 no more waiting out a long scan lock. Partial results are kept.", "body": "", "buckets": {}, "topic": "new-features", "tiers": ["free", "premium"], "media_url": null, "admin_anchor": null, "sort_order": 4}, {"id": 10, "slug": "firewall-summary-pagination", "version": "2.3.0", "date": "2026-05-14T00:00:00+00:00", "title": "Browse your full attack history", "summary": "The firewall summary is paginated, so you can review the complete attack history instead of just the latest 50.", "body": "", "buckets": {}, "topic": "new-features", "tiers": ["free", "premium"], "media_url": null, "admin_anchor": null, "sort_order": 3}, {"id": 11, "slug": "bulk-ip-blocking", "version": "2.2.8", "date": "2026-04-22T00:00:00+00:00", "title": "Manage blocked IPs in bulk", "summary": "Bulk-unblock, bulk-ban, and export your blocked IPs to a file for backup or syncing.", "body": "", "buckets": {}, "topic": "new-features", "tiers": ["free", "premium"], "media_url": null, "admin_anchor": null, "sort_order": 2}, {"id": 12, "slug": "custom-login-url-compat", "version": "2.2.8", "date": "2026-04-22T00:00:00+00:00", "title": "Works with custom login URLs", "summary": "The firewall detects login URLs set by plugins like WPS Hide Login, preventing false blocks on your hidden login.", "body": "", "buckets": {}, "topic": "security", "tiers": ["free", "premium"], "media_url": null, "admin_anchor": null, "sort_order": 1}], "next_cursor": null}