Posted By Gregory

WP Cerber Security 8.6.7

We continue to develop and improve WP Cerber to deliver better security, reliability, and performance to your WordPress powered websites. This version brings many small but important improvements to the plugin code and a few bug fixes.

New features

In the professional version of WP Cerber, you can now permit user registrations for IP addresses in the White IP Access List only. The new setting is on the User Policies / Global page. Now, in total, you have three options you can combine as you need:


  • All URLs in the logs are displayed in a shortened form without the website’s domain. There is no much value having see known things. However, if you’d like to keep the old look, you can add this line: const CERBER_FULL_URI = 1; to the wp-config.php
  • A new “IP Whitelisted” label with green borders has been introduced. It is displayed in a log row on the Live Traffic if the IP address was in White IP Access List, but the appropriate setting “Use White IP Access List” was not enabled at the moment when the event was logged.
  • All non-REGEX entries in the list of prohibited usernames (logins) are case-insensitive now. This applies to standard Latin-based (ASCII) WordPress usernames only. If you need to specify a special character in a username, use REGEX.
  • If you now hover the mouse over a red square icon in the Activity or Live Traffic log, you see the reason why the IP address in the row is currently locked out.
  • If you now hover the mouse over a green or black square Access List icon in the Activity or Live Traffic log, you see the comment you’ve previously specified for that Access List entry.
  • The launch time of the daily maintenance tasks is now set to the night-time at 02:20. If you need them to get rescheduled, you can manually delete the “cerber_daily” cron task via a plugin or deactivate/activate WP Cerber.

Other changes

  • IP CIDR notations with, well a bit strange but legitimate, /32 network mask now are supported in the IP Access Lists and work well like single IP addresses.
  • The name of the website group in the Group column on Cerber.Hub’s website list is a link that takes you to the list of websites in the group.
  • A PHP software warning in the /wp-includes/class-phpass.php file on line 68 you might see on a rare occasion is not logged to the live traffic log anymore. It doesn’t make much sense because it is not a critical error, the ancient code in the file was written ten years ago, and, finally, nobody really cares about it.
  • User browser and device detection has been improved.

Bug fixes

  • A bug with REST API restrictions – configured restrictions have no effect if a WordPress is installed not in the root folder of a website (there is a path in the site URL). Affected versions: 8.6.1 and newer.
  • A bug in the logging subsystem: depending on server configuration submitted form fields are not saved into the DB (if it is enabled in the logging settings). Affected versions: 8.6.5 and 8.6.6.
  • A bug with Cerber’s admin CSS styles that were added in the previous version and hid top pagination links on the “All posts” and “All posts” pages.

Have any questions?

If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered here: G2.COM/WPCerber.

I'm a team lead in Cerber Tech. I'm a software & database architect, WordPress - PHP - SQL - JavaScript developer. I started coding in 1993 on IBM System/370 (yeah, that was amazing days) and today software engineering at Cerber Tech is how I make my living. I've taught to have high standards for myself as well as using them in developing software solutions.

View Comments
There are currently no comments.