WP Cerber Security 9.7.3

This release is a stability-focused update, but we approached it as a cleanup before re-entry.

With Artemis II already on its way back from the Moon, it felt like the right moment to take a hard look at our own systems. It would be awkward if our heroes make it back to Earth while we are still chasing avoidable warnings in server logs.

So we focused on the unglamorous work: tightening validation at configuration time, improving diagnostics in the Readiness widget, and cleaning up edge cases that had been quietly adding noise where it didn’t belong.

REGEX Pattern Validation in Plugin Settings

Every WP Cerber setting that accepts a REGEX pattern such as firewall path exclusions, log exclusions, and anti-spam exclusions now validates the syntax of your pattern the moment you hit Save. If a pattern contains a typo or an unbalanced group, you will see a clear, actionable error message naming the exact broken pattern, right there on the settings page. No more wondering why a carefully crafted exclusion rule “just doesn’t work” in production. Invalid patterns are caught before they can cause silent configuration failures.

Bugfixes

REGEX Patterns with Forward Slashes Now Work

If you used a REGEX pattern containing forward slashes (e.g., matching a URI like /api/v2/callback) in the “Do not log these locations” Traffic Inspector setting, the pattern could fail silently or trigger a PHP warning (preg_match(): Unknown modifier). The root cause was the old code using / as the REGEX delimiter. We’ve fixed this bug, so forward slashes in your patterns now work exactly as intended.

Translation Downloads No Longer Fail for Non-Existent Locales

In certain WordPress configurations, the i18n subsystem would identify locales that do not actually have translation files available in the repository. This led to a misleading error during updates: “Updating translations for WP Cerber Security (haz)… Download failed. Not Found.” WP Cerber now verifies that a locale exists in the translation repository before initiating a download, eliminating this false alarm entirely.

Eliminated Server Error Log Messages

We tracked down and resolved a series of edge cases that could produce noise in your server error log under specific conditions:

preg_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated – Occurred when the PHP code comment-removal routine received a null value during malware scanning or firewall inspection. The function now enforces strict string typing.
Constant CRB_DOING_BG_TASK already defined – Could occur if WordPress triggered the daily scheduled task more than once in the same request. The task runner now checks for the constant before defining it.
Attempt to read property "ID" on null – Happened on pages where the global $post object was not yet available when the comment form reCAPTCHA filter ran. We now verify the object exists before accessing its properties.
Call to undefined function curl_init() – On servers where the cURL extension is not available, the cloud communication module now performs a function-existence check before attempting to initialize a cURL session, preventing this fatal-level message.
Undefined array key "primary_ip" / Undefined array key "local_ip" – Occurred when the cURL info array returned from a cloud API request did not contain these keys. Both are now accessed with the null coalescing operator, silencing the notices.

By enforcing stricter configuration validation and eliminating superficial PHP warnings, version 9.7.3 directly reduces your daily triage time. You get cleaner server logs, fewer false positives, and the peace of mind that your WordPress site is running on a stable, predictable, and highly optimized security framework.

Wonder what WP Cerber got in the previous version?

Review the release note for WP Cerber Security 9.7.

How to update WP Cerber

We recommend enabling automatic updates to ensure you always have the latest security features and performance improvements: how to enable automatic updates in the plugin settings.