I was using a development version of WordPress on one of my blogs, and it reported version number as 3.5-alpha which was not what was expected by Wordfence plugin, which obstinately refused to run. At the time I didnt have time to delve into the issue and just disabled Wordfence. But today when I got hit by a mass of bruteforce attacks, I regretted my decision. So I had to find a way to get Wordfence to work.

It turned out that the version number is reported by the file wp-includes/version.php.

Change the following:

/**
 * The WordPress version string
 *
 * @global string $wp_version
 */
$wp_version = '3.6-alpha-23408';

To this:

/**
 * The WordPress version string
 *
 * @global string $wp_version
 */
$wp_version = '3.6-alpha-23408';

// Override to fix Wordfence
$wp_version = '3.5.1';

3.5.1 was the latest version as of then. Just remember to turn it back when you check for updates to WordPress.