I'm a team lead in Cerber Tech. I'm a software & database architect, WordPress - PHP - SQL - JavaScript developer. I started coding in 1993 on IBM System/370 (yeah, that was amazing days) and today software engineering at Cerber Tech is how I make my living. I've taught to have high standards for myself as well as using them in developing software solutions.
WP Cerber Security Hooks
A list of WordPress hooks available in WP Cerber version 3.0 and above. It’s handy to use them to customize and fine tune Cerber without coding (e.g. with the jetFlow.io plugin). Filters cerber_msg_reached Applied to the message that is displayed for a user if the user has reached the limit to the number of login attempts. The [...]
How to catch bots and robots with a list of prohibited logins
As you already know, there is a small but powerful feature called a list of prohibited logins/usernames. This is a comma-separated list of usernames you do not want to be used on your website in any circumstances. That’s it? Nope, there is no “just in case” features in the WP Cerber Security plugin. But how [...]
Using IP Access Lists to limit access and protect WordPress
An IP Access List (commonly referred to as ACL) enables you to restricts access to the WordPress admin dashboard, vital WordPress features, protect login and registration forms from unwanted computers and bots. WP Cerber supports two types of access lists: White IP Access List and Black IP Access List. Both access lists are [...]
Why you need to use Custom login URL for your WordPress
You can create your own Custom login page (rename default wp-login.php) in no time. After you have configured the Custom login URL, the plugin will display wp-login.php page with the newly configured URL.
Why does reCAPTCHA not protect WordPress against bots and brute-force attacks
What is reCAPTCHA, anyway? reCAPTCHA is a human verification mechanism that created and maintained by Google as a free web service. WP Cerber supports reCAPTCHA for WooCommerce and WordPress forms as antispam feature. Why does reCAPTCHA not protect WordPress from bots and brute-force attacks? Because WordPress has three [...]
How to set up reCAPTCHA
What is reCAPTCHA and how does it work? reCAPTCHA is a human verification mechanism that provides a free anti-spam service. It can be used alongside with the WP Cerber anti-spam engine. When reCAPTCHA is configured for a form on your website, a couple of JavaScript scripts are loaded from Google’s servers every time the [...]
Cloudflare and WP Cerber
If your site is behind the Cloudflare proxy service and your WordPress is protected by the WP Cerber plugin, you have to do two things to let them work well together. Check My site is behind a reverse proxy in the main WP Cerber Security plugin settings. If you have set Custom login URL, you have to exclude it from CloudFlare’s [...]
Notifications on WordPress user logs in
It can be easily done by having the jetFlow.io plugin installed and using a tiny workflow. Security Blog Two-Factor Authentication for WordPress Security Blog Cerber Security Scanner Settings Security Blog Manage multiple WP Cerber instances from one dashboard Security Blog How to protect WordPress effectively: a must-do list
A better way to automate WordPress
I am pleased to announce an absolutely new automation plugin that has recently arrived. The jetFlow plugin is an automation tool that brings power of workflows to your WordPress powered site. This new plugin allows you to automate almost any task or business process without coding knowledge. Furthermore, you can fine tune any aspect of [...]
WP Cerber 2.9
What is new? Added ability to check and block prohibited usernames (logins). You can specify list of usernames (logins) on a new settings tab called Users. The plugin will immediately block any attempt to log in and will lock out any IP address have tried to use those logins. It’s recommended to have at least following [...]
WP Cerber 2.7.2
Small issues in the plugin were fixed Fixed bug for non-English WordPress configuration: the plugin is unable to block IP in some server environment. If you have configured language other than English you have to install this release. Fixed two small bugs related to 1) unable to remove IP subnet from the Access Lists and 2) getting IP [...]
Turn your WordPress into Fort Knox
This article assumes that we want to get a bulletproof protected website powered by WordPress. It’s not necessarily to do all the following steps word for word and point by point exactly as described. But I do recommend that if you want to create your own Fort Knox. Security Blog Cerber Security Scanner Settings Security [...]
Limit login attempts without a plugin?
You can find plenty of comments and advice on that on the Internet. But is it real? Security Blog Two-Factor Authentication for WordPress Security Blog Cerber Security Scanner Settings Security Blog Get WordPress protected: rename the plugins folder Security Blog Manage multiple WP Cerber instances from one dashboard
WP Cerber 2.7
What’s new in the most powerful and flexible solution to mitigate brute force attacks and hardening WordPress New: Now you can easily view extra WHOIS information for IP addresses in the activity log including country, network info, abuse contact, etc. New: Added ability to disable WordPress REST API, see Hardening WordPress New: [...]
Hardening WordPress with WP Cerber
All suggested settings are highly recommended for most websites on the Internet. If you need, for some reason, these functions are being accessible from a particular computer or an IP network you can easily add them to the White IP Access List. Disable REST API The plugin restricts access to the WordPress REST API. The ability [...]