Cerber Security Features
Armed with state of the art security algorithms Cerber Security effectively defends WordPress against hackers attacks and spam any kind
- Limit login attempts when logging in by IP address or subnet Class C
- Monitors logins made by login forms, XML-RPC, REST API requests or auth cookies
- Permit or restrict logins by White IP Access list and Black IP Access List by IP address, IP range or subnet
- Automatically detects bots, robots and hackers with a set of traps
- Traffic Inspector screens all suspicious requests and blocks them if they can harm a website.
- Log all activities related to the logging in and logging out process
- Malware scanner & integrity checker.
- Antispam: reCAPTCHA for WordPress and WooCommerce forms
- Hide wp-login.php from possible attacks and return 404 HTTP Error
- Hide wp-admin (dashboard) and return 404 HTTP Error when a user isn’t logged in
- Make Custom login URL for logging in (rename wp-login.php)
- Limits the number of registrations from one IP address
- Blacklist email addresses or REGEX email address patterns. This can help you prevent problematic domains from being used for registering on your site.
- Protects registration form with reCAPTCHA and Cerber antispam and bot detection engine
- Immediately block IP or subnet when attempting to log in with non-existent username
- Disable automatic redirecting to the login page
- Disable WordPress REST API
- Disable XML-RPC: block access to the XML-RPC server including Pingbacks and Trackbacks
- Disable feeds (block access to the RSS, Atom and RDF feeds)
- Restrict access to the XML-RPC, REST API feeds by White Access list by IP address, IP range or subnet
- Stop user enumeration via author pages (block access to pages like /?author=n)
- Stop user enumeration via REST API
- Protection against (DoS) attack CVE-2018-6389
- Proactively block IP subnet class C for a suspicious IP address
- Citadel mode for massive brute force attack
- Play nice with fail2ban: write failed attempts to the syslog or custom log file
- View and filter out activity list by IP, username or particular event
- Extra WHOIS information for IP: country, abuse contacts, network owner and much more
- Handles site/server behind reverse proxy
- Configurable email notifications with rate limiting
P.S. Initially the plugin was created as a better alternative to WordPress Limit Login Attempts plugin.