WordPress Security
How to protect WordPress from modern cybersecurity threats
Managing WordPress application passwords a hassle-free way
Using application passwords as a security measure was introduced in WordPress 5.6. This feature enables you and your users to generate and use separate passwords for accessing website APIs such as REST API. The WP Cerber plugin brings a set of tools to manage application passwords in an effective and secure way. In this article, we will [...]
How to limit the number of concurrent user sessions in WordPress
By default, WordPress has no limits applied to the number of concurrent sessions a user may create. This may pose a risk of compromising user security and personal data leakage. The professional version of WP Cerber enables you to enhance user accounts’ security by configuring a limit to the number of concurrent user sessions a [...]
WordPress 5.4.1. A security update fixes seven XSS vulnerabilities
Here we go. Multiple serious security issues affect WordPress versions 5.4 and earlier. Those issues include seven XSS vulnerabilities that exist for years in the WordPress core. Because this is a security release, it is recommended that you update your websites immediately. Along with a security plugin you have. Here is the list of [...]
Cloudflare add-on for WP Cerber
This optional add-on brings an additional security measure for your WordPress by providing integration with the Cloudflare cloud-based firewall. When enabled, it adds and removes IP addresses blocked by WP Cerber to and from the Cloudflare IP Access Rules continuously. This prevents malicious IP addresses from accessing the entire [...]
Browser cookies set by WP Cerber
When WP Cerber is installed on your website it can generate and set several browser cookies with the sole purpose of securing your website by detecting and mitigating malicious activity. All these cookies have randomly generated names and contain randomly generated values. No personal or sensitive data is stored in the cookies. Those [...]
Deleting personal data
Depending on configuration during its normal operations WP Cerber can accumulate information in the website database. This information can be considered as personal data in terms of applicable privacy law (such as GDPR). All that data can be deleted as well as exported by a user request from within the WordPress dashboard with easy, no [...]
Exporting personal data from logs
Depending on configuration during its normal operations WP Cerber can accumulate information in the website database. This information can be considered as personal data in terms of applicable privacy law (such as GDPR). All that data can be exported by a user request or deleted from within the WordPress dashboard with easy, no database [...]
Two-Factor Authentication for WordPress
Two-Factor Authentication or 2FA provides an additional layer of security requiring a second factor of identification beyond just a username and password. Two-factor authentication has long been used to control access to personal and financial data processed in banks or insurance companies; and today website owners are increasingly using [...]
How to protect WordPress effectively: a must-do list
A must-do list to get high-security and durable protection for your website. To get the most out of Cerber’s security algorithms, your should configure all the settings below. Do this thoughtfully because some settings may conflict with another plugin or your web server settings. In case of any problem, check the Activity log for [...]
Manage multiple WP Cerber instances from one dashboard
A short introduction to remote management technology which has been built into WP Cerber Security since version 8.0. How does it work The technology enables you to manage the WP Cerber plugin, monitor activity, and upgrade plugins on multiple WordPress powered websites from a main WordPress website which is called a master website. To [...]
Registered users only mode
Enabling this mode forces users to log in before viewing your WordPress powered website. By default, if a user is not logged in, the user is redirected to the default login page. After successfully logging in, the user will be redirected back to the page they tried to view. To achieve this, enable Authorized users only. When a user opens [...]
Automatic cleanup of malware and suspicious files
This powerful feature automatically deletes trojans, viruses, backdoors, and other malware and recover infected files. Cerber Security Professional scans the website on an hourly basis and removes malware immediately, providing the best in class threat protection. Automatic cleanup of malware If the malware scanner detects malicious [...]
Get WordPress protected: rename the plugins folder
Giving the plugins folder a new name is one of the most underestimated ways that make your WordPress protection stronger. And yet it’s free and easy. Why it matters and how it works According to our studies at Cerber Lab most hacker attacks and attempts to exploit plugin vulnerabilities assume that all WordPress plugins are located [...]
What the WP Cerber scanner scans and detects
Cerber Security Scanner is a sophisticated and extremely powerful tool that thoroughly scans every folder and inspects every file on a website for traces of malware, trojans, backdoors, changed and new files. The scanner verifies the integrity of WordPress, plugins, and themes and prevents them from being infected with unforeseen [...]
Automated recurring scans and email reporting for WordPress
It’s essential to regularly scan a WordPress powered website for malware and viruses and get scheduled reports. Cerber Security Scanner allows you to easily configure your schedule for automated recurring scanning and automatic malware removal. Once the schedule is configured, the scanner automatically scans the website and sends [...]