Posted By Gregory

Support talks

What’s happening on the support forum

  • Recaptcha with buddypress 07/17/2017 9:54:00 PM
    Replies: 0 Hi, great plugin, And just a suggestion, Can you put in an option for recaptcha for Buddypress registration form like the WooCommerce one? Thank you.
  • PHP Notice /wp-cerber/wp-cerber.php on line 1193 07/17/2017 10:20:00 AM
    Replies: 1 Hi, WP debug log often shows the following: PHP Notice: Trying to get property of non-object in .../wp-content/plugins/wp-cerber/wp-cerber.php on line 1193
  • Notification even if user is in the whitelist 07/16/2017 12:24:00 PM
    Replies: 4 In an earlier post you showed me how to subscribe to notifications. I added one for using a prohibited login page and now I get one email for every login and logout. So I added my IP to the whitelist but still get these emails.
  • <span class="resolved" aria-label="Resolved" title="Topic is resolved."></span>strip_tags() expects parameter 1 to be string 07/15/2017 1:00:00 PM
    Replies: 1 When looking at my diagnostics for the plugin, I get this at the bottom of my server info: Warning: strip_tags() expects parameter 1 to be string, array given in /srv/users/USER1/strong>/apps/MYAPP1/public/wp-content/plugins/wp-cerber/cerber-tools.php on line 92 [argv] => [argc] => 1 MYAPP1 is my site’s name and USER1 is my username associated with the site. I am on ServerPilot
  • <span class="resolved" aria-label="Resolved" title="Topic is resolved."></span>Is it normal to have blacklisted IP still trying to login? 07/14/2017 9:12:00 AM
    Replies: 1 I noticed some IP that are already blacklisted to fail at the “invalid username” stage. I checked the WP Cerber website (, it says “Deny IP to log in to the site”, does that mean they are still allowed to try, but Cerber will deny them later? Or is the blacklist thing not working at all? This topic was modified 6 days, 21 hours ago by curiositykillsthecat. Reason: English
  • database error Unknown column ‘ip_long_begin’ 07/14/2017 1:46:00 AM
    Replies: 1 Hello, I keep getting the error: database error Unknown column ‘ip_long_begin’ I have tried: WP Cerber -> Tools -> Show diagnostic information -> Force repair tables But no luck, still this error is being generated at the error_log file. Any thoughts? please help. Thank you! PS: Complete error below. [13-Jul-2017 16:35:50 Europe/Madrid] WordPress database error Unknown column ‘ip_long_begin’ in ‘where clause’ for query SELECT tag FROM cerber_acl WHERE ip_long_begin apply_filters, cerber_access_control, cerber_acl_check
  • Front end form with plugin Messages 07/13/2017 3:20:00 PM
    Replies: 1 Hello, Great plugin!!!!!!! My inquiry: How can we implement a front end login form that display the messages the same way wp-login.php does? I will block direct access to wp-login.php and use a custom login page /login/, but I need to show them the plugin status messages such as: “You have only one attempt remaining.” “You have reached the login attempts limit. Please try again in 1440 minutes.” etc, etc Please help, Thank you!
  • <span class="resolved" aria-label="Resolved" title="Topic is resolved."></span>Limiting Login Attempts doesn’t work 07/11/2017 10:10:00 AM
    Replies: 7 I’ve enabled the Limit-Login-Attempts but the Login-Form don’t block users if they try more than 3 times (Settings: 3 times in 5 Minutes) The Log shows no failed Login-Attempts, too. But if I try to login with the Username “admin” (is in my Username-Blacklist) the User is blocked. I have no IPs added to the whitelist.
  • Custom login URL bug 07/07/2017 2:07:00 PM
    Replies: 3 Hi, there seems to be a problem with how the plugin handles custom login URL’s. From what I can tell if you set your custom URL to /login for example then any request made to your site with /login in the URL will get redirected to your login page, this includes REST requests (the problem) e.g,, all redirect to the login page This means that if someone sets their login page to a pattern that matches a REST endpoint then it breaks the REST request as instead of the call to doing/returning what it should, the plugin will intercept the request and send back the login page. I’m using Version 4.8.2 to test this on, hopefully this is enough information to reproduce? Best Wishes, Ashley
  • <span class="resolved" aria-label="Resolved" title="Topic is resolved."></span>Access to wp-login.php not blocked 07/07/2017 8:27:00 AM
    Replies: 1 Hi there, I am having an issue with the plugin — I have enabled a custom login url and I have enabled ” block access to wp-login.php and return HTTP 404 Not Found” Yet, I am still receiving attempts to wp-login.php… No matter what I do the bots just keep on coming 🙁 Notification I am getting is: Number of active lockouts: 4 Last lockout was added: July 7, 2017, 9:56 am for IP ( Reason: Attempt to access: wp-login.php View activity for this IP: XXXXXX View lockouts in dashboard: XXXXX Could you possibly assist? Kind regards Francois Wessels
  • <span class="resolved" aria-label="Resolved" title="Topic is resolved."></span>Login attempt and blocking number increasing 07/06/2017 10:30:00 AM
    Replies: 4 Hi, First of all, many thanks for your great plugin ! Today, it’s the first day I have a email every 5 minutes to tell me that there is a lot of login attempt and blocking number is increasing on my site. I trust you to protect it, but, do I have to do something myself? Thank you for your response. Regards Brin de Cocagne
  • <span class="resolved" aria-label="Resolved" title="Topic is resolved."></span>Whitelisting certain IPs on particular configuration does not work 07/01/2017 2:34:00 AM
    Replies: 7 Hi Fantastic plugin but I have one little issue. On my site hosted on IIS with WP 4.7.5 & PHP 5.6 any IP address white listed like or with larger numbers will not behave as a white listed IP. Any IP with an address like or with smaller numbers works fine. I haven’t determined the exact cutoff point. In the table cerber_acl all the larger IPs have a value of 0 for ip_long_begin and ip_long_end which would appear to be part of the problem. My other site with similar plugins hosted on Apache with WP 4.8 & PHP 7.0 does not have this problem. I am using WP Cerber 4.8.2 on both sites. This may explain why various people have been locked out of their sites in the past despite thinking their IPs are whitelisted. I am not locked out, and can work around the issue, but it may point to a problem.
  • Suggestion: Unify prepared statement usage 06/30/2017 7:59:00 PM
    Replies: 0 First of all let me say that this plugin looks awesome, especially considering its competitors, and the fact that it’s donationware, ie basically completely free! That being said, I’ve noticed that there’s quite a few queries that do not use prepared statements. While most of the values that are being injected directly could be considered safe, given that they stem from PHP internal functions or mathematical calculations (compare for example cerber_acl_fixer() with cerber_upgrade_db(), both inserting ip2long(), one using prepared statements, one using injection), there are also functions that accept arbitrary values and inject them directly into the query (like cerber_is_table() and cerber_check_table()), which should be a no-go, as it could easily turn into a problem too when utilized incorrectly. I’d consider it generally advised to use prepared statements for all queries, no exceptions, given that a simple mistake when changing the logic could open the way for unexpected
  • <span class="resolved" aria-label="Resolved" title="Topic is resolved."></span>Hourly Cron Job 06/30/2017 1:31:00 PM
    Replies: 4 Hi guys, Came across this topic ( and was wondering more or less the same. Is the cerber_do_hourly() really necessary or can this be modified to once a day or even less as well? Greetings, Olaf
  • <span class="resolved" aria-label="Resolved" title="Topic is resolved."></span>Language codes 06/28/2017 7:12:00 PM
    Replies: 7 I think best solution use Language codes from this url Becouse if You try this: $lang = get_bloginfo( 'language' ); You must after not good code: if ( $lang == 'en-US' ) { $lang = 'en'; } And for Russian You need: if ( $lang == 'ru-RU' ) { $lang = 'ru'; } So easy if You use DB for Language codes from original source: This topic was modified 3 weeks, 1 day ago by waclawnetwork.

Last posts from WordPress security blog

I’m a self-employed developer who builds software products and services using WordPress for more that seven years. I enjoy partnering with others for interesting and challenging projects. If you’re interested in, feel free to contact me.