Cerber Security Features
Armed with state of the art security algorithms Cerber Security effectively defends WordPress against hackers attacks and spam any kind
- Limit login attempts when logging in by IP address or subnet Class C
- Monitors logins made by login forms, XML-RPC, REST API requests, or auth cookies
- Restricts access with rich GEO country-based rules
- Restrict access with White IP Access List and Black IP Access List by IP address, IP range, or subnet
- Detects bots and hacker activity by using a set of traps and honeypots
- Malware scanner & WordPress integrity checker
- Automatic cleanup of malware and suspicious files
- Manage multiple WP Cerber instances from one dashboard.
- Traffic Inspector screens all suspicious requests and blocks them if they can harm a website.
- Log all activities related to the logging in and logging out processes
- Protects WordPress accounts with Two-Factor Authentication (2FA)
- Limiting the number of concurrent user sessions
- Spam protection: reCAPTCHA for WordPress and WooCommerce forms
- Hide wp-login.php from possible attacks and return 404 HTTP Error
- Hide wp-admin (dashboard) and return 404 HTTP Error when a user isn’t logged in
- Make Custom login URL for logging in (rename wp-login.php)
- Limits the number of allowed registrations from one IP address
- Managing WordPress application passwords done right
- Block WordPress user accounts
- Block user registration with a set of prohibited usernames or by specifying REGEX username patterns.
- Role-based access control for WordPress REST API
- Protects registration forms with reCAPTCHA and Cerber anti-spam and bot detection engine
- Immediately block IP or subnet when attempting to log in with non-existent username
- Disable automatic redirecting to the login page
- Disable WordPress REST API
- Disable XML-RPC: block access to the XML-RPC server including Pingbacks and Trackbacks
- Disable feeds (block access to the RSS, Atom, and RDF feeds)
- Restrict access to the XML-RPC, REST API feeds by White Access List by IP address, IP range or subnet
- Stop user enumeration via author pages
- Stop user enumeration via REST API
- Protection against (DoS) attack CVE-2018-6389
- Proactively block IP subnet class C for a suspicious IP address
- Citadel mode for massive brute force attack
- Play nice with fail2ban: write failed attempts to the syslog or a custom log file
- Provides an additional security layer with a special Cloudflare add-on
- View and filter out activity list by IP, username or a particular event
- Extra WHOIS information for IP: country, abuse contacts, network owner and much more
- Handles site/server behind a reverse proxy
- Configurable email notifications with rate limiting
Screenshots
- Dashboard to watch what’s going now with recent important events and recent lockouts
- WordPress activity log
- Activity log filtered by login and type of activity
- Detailed information about an IP address in the WordPress dashboard
- The White and Black IP access lists for WordPress
- Unbeatable amount of settings enables customizing WordPress protection in many aspects
- Notification settings in WordPress
- Cerber retrieves WHOIS information for an intruder IP address
- Export and import settings to a file in one click
- reCAPTCHA for WooCommerce and WordPress
- Powerful email, mobile and browser notification for WordPress events
- Hardening WordPress: disable REST API, XML-RPC and stop user enumeration
P.S. Initially the plugin was created as a better alternative to WordPress Limit Login Attempts plugin.