Security Blog
How to defend WordPress from modern threats effectively
Development version 6.7.3
This is a bug fix version. A small bug in the Black Access List algorithm is fixed. The bug: if you add the wildcard *.*.*.* entry (all IPv4 addresses) to the Black IP Access List, all form submissions including any login form will be denied with the request forbidden message and HTTP 403 code no matter what IP addresses the White IP [...]
Traffic Inspector in a nutshell
Traffic Inspector analyzes incoming HTTP requests, recognizes suspicious, and blocks them before they can harm your website. This security algorithm is enabled by default and in the vast majority of cases requires no configuration. When Traffic Inspector is enabled, the firewall analyzes and blocks malicious and potentially [...]
Cerber Security Professional
Upgrading to Cerber Security Pro not only unlocks the features below but puts you on the upgrade path for unbeatable security features that we’re excited to share in the near future. As of now, our customers get these powerful features and abilities: Cloud-based protection with Global Black List maintained by Cerber Lab. Our cloud [...]
WordPress 4.9.1 Security and Maintenance Release
WordPress 4.9.1 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.
What’s new in WordPress 4.9
Account Security Improvements in WordPress 4.9 https://make.wordpress.org/core/2017/10/15/improvements-for-roles-and-capabilities-in-4-9/ Security Blog Exporting personal data from logs Security Blog WordPress 5.4.1. A security update fixes seven XSS vulnerabilities Security Blog How to protect WordPress effectively: a must-do list [...]
How to stop spam form submissions on your WordPress
Cerber's anti-spam and bot detection engine is capable to protect all contact and registration forms on a website. It’s compatible with virtually any form.
Brute-force, DoS, and DDoS attacks – what’s the difference?
Let's make things clear with these intruder activities that happens every day on any website. How are they dangerous? What tools or plugin can mitigate them? What are chances that we can do that successfully?
Best WordPress Plugins for Two-Factor Authentication
Two-Factor Authentication plugins for WordPress allow you to use a mobile phone to verify yourself before you get inside.
WordPress 4.7.3 – six security issues has been fixed
This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.2 and earlier are affected by six security issues: Cross-site scripting (XSS) via media file metadata. Reported by Chris Andrè Dale, Yorick Koster, and Simon P. Briggs. Control characters can trick [...]
Do not trust those fake domain confirmation emails
If you ever receive a letter any kind that requests to create, download or install some PHP code on your website you must ignore it.
WordPress 4.7.1 – eight security issues have been fixed
Time to update! According to reports WordPress 4.7 and earlier are affected by eight security issues and now they are fixed Security Blog Deleting personal data Security Blog Exporting personal data from logs Security Blog Manage multiple WP Cerber instances from one dashboard Security Blog Get WordPress protected: rename the plugins [...]
WP Cerber Security Hooks
A list of WordPress hooks available in WP Cerber version 3.0 and above. It’s handy to use them to customize and fine tune Cerber without coding (e.g. with the jetFlow.io plugin). Filters cerber_msg_reached Applied to the message that is displayed for a user if the user has reached the limit to the number of login attempts. The [...]
Using IP Access Lists to limit access and protect WordPress
An IP Access List (commonly referred to as ACL) enables you to restricts access to the WordPress admin dashboard, vital WordPress features, protect login and registration forms from accessing by unwanted computers and bots. WP Cerber supports two types of access lists: White IP Access List and Black IP Access List. Both access [...]
Cloudflare and WP Cerber
If your site is behind the Cloudflare proxy service and your WordPress is protected by the WP Cerber plugin, you have to do two things to let them work well together. Enable My site is behind a reverse proxy on the Main Settings page. If you have configured the Custom login URL, you have to exclude it from caching by Cloudflare’s [...]
Notifications on WordPress user logs in
It can be easily done by having the jetFlow.io plugin installed and using a tiny workflow. Help What is RID and how to use it Security Blog Two-Factor Authentication for WordPress Security Blog Cloudflare add-on for WP Cerber Security Blog How to protect WordPress effectively: a must-do list