Development version 6.7.3
This is a bug fix version. A small bug in the Black Access List algorithm is fixed. The bug: if you add the wildcard *.*.*.* entry (all IPv4 addresses) to the Black IP Access List, all form submissions including any login form will be denied with the request forbidden message and HTTP 403 code no matter what IP addresses the White IP [...]
WP Cerber Security 6.7
Improvements Antispam engine algorithms have been updated to improve AJAX requests handling and reduce false positives. Improved compatibility with WooCommerce, Formidable Forms, Gravity Forms and AJAX file upload. Regular expressions are now available for the Traffic Inspector Request whitelist and Antispam Query whitelist. To specify a [...]
Development version 6.5.5
The antispam algorithm has been updated to improve AJAX requests handling. Improved compatibility with WooCommerce, Formidable Forms and Gravity Forms AJAX file upload. Use this link to download the development version of the plugin: https://my.wpcerber.com/downloads/wp-cerber.zip WordPress Security WP Cerber Bug Bounty Program WordPress [...]
Development version 6.5.1
This version solves a rare issue with an undefined COOKIEPATH constant. If you come across this issue, usually you see the following messages in the web server error log file: PHP Notice: Use of undefined constant COOKIEPATH This version also enables logging any requests to the login page if the logging is in the Smart mode. Use this [...]
Restrict access to the WordPress REST API
WP Cerber Security allows you to restrict or completely block access to WordPress REST API which is enabled by default. To enable protection go to the Hardening tab and enable Block access to WordPress REST API except any of the following. This blocks access to the REST API unless you grant access to it in the settings fields [...]
WP Cerber Security 6.5
This version brings a new, advanced and more effective way of loading plugin modules and the plugin security engine. This allows Cerber Security to intercept and inspect suspicious requests more effectively and protect WordPress against attacks that try to exploit a vulnerability in a plugin or a theme. It’s advised to enable loading in [...]
How to stop spam user registrations on your WordPress
Enable an antispam engine for the registration form The fastest way to stop spammers is to enable the antispam engine for the WordPress registration form. To enable protection: Go to the Antispam plugin admin page Enable Protect registration form with bot detection engine in the Cerber antispam engine section If you have a [...]
Development version 6.3
Use this link to download the development version of the plugin: https://my.wpcerber.com/downloads/wp-cerber.zip This version brings a new, advanced and more effective way of loading plugin modules and the plugin security engine. By default, Cerber Security loads itself in a Legacy, old mode. But from the version 6.3, the advanced way is [...]
How to clean up the activity and live traffic logs
Note: the following operations cannot be rolled back How to delete all Activity log records To completely delete all Activity log records stored in the website database, go to the WP Cerber → Tools admin page and click the Diagnostic tab. In the Database info section find the following title: Table: cerber_log, rows: xxxx. Click the [...]
How to protect WordPress against CVE-2018-6389 DoS attacks
We should say that this is not a critical vulnerability and doesn’t allow a hacker to break into a victim website. It’s rather a design flaw that allows anyone to put a WordPress powered website to its knees easily. Bad actors can use it to bring your online store down. The attack can be initiated from any computer by anyone. No special [...]
WP Cerber Security 6.2
New features Protection against a denial of service (DoS) attack that exploits recently discovered vulnerability (CVE-2018-6389). It’s not a critical vulnerability and doesn’t allow a hacker to break into a victim website. It’s rather a flaw that allows anyone to put a WordPress powered website to its knees easily. Bad [...]
Traffic Logging for WordPress
WP Cerber’s Traffic Inspector not only analyzes and blocks suspicious HTTP requests but also can optionally log them with request details, enabling you to inspect them manually. It uses a thoroughly designed high-performance logging engine. All logged requests are displayed on the Live Traffic page. The logging settings [...]
Development version 6.1.3
Improvements The Traffic Inspector algorithm detects malformed and double extensions like .php.jpg more precisely. Access Lists now accept IPv6 address in any form. You can enter a shortened IPv6 (short form) or a full IPv6. A full IPv6 will be shortened to the short IPv6 address representation. Bugs fixed If REST API is blocked, a [...]
WP Cerber Security 6.1
In case you missed: version 6.0 announcement. Improvements Traffic Inspector has got a Request White List setting. To exclude a particular request from inspection specify a request string without the website domain and query string (GET parameters). Read more. An Activity filter has been added to the Advanced search form on the Traffic [...]
Traffic Inspector in a nutshell
Traffic Inspector analyzes incoming HTTP requests, recognizes suspicious, and blocks them before they can harm your website. This security algorithm is enabled by default and in the vast majority of cases requires no configuration. When Traffic Inspector is enabled, the firewall analyzes and blocks malicious and potentially [...]