WordPress Security How To
Instructions and guidelines on how to protect your website effectively
Changing the location of the WP Cerber directory
WP Cerber uses its own directory to store quarantined files, diagnostic logs, and temporary files created and deleted by the integrity and malware scanner. By default, this directory is created as a hidden subdirectory within the WordPress uploads directory and is protected by an .htaccess file. Since WP Cerber 9.5.3 you can change its [...]
How to enable automatic updates for WP Cerber
Starting from WP Cerber 9.2, you can enable automatic plugin updates in just a few clicks. If you are using an older version of WP Cerber, please follow these simple steps to update the plugin: https://wpcerber.com/installation/ To enable automatic updates for WP Cerber, you need to enable two settings. For more detailed information, [...]
How to view spam form submissions
If you’ve enabled WP Cerber’s anti-spam protection, the engine protects all or selected forms on your WordPress-powered website and denies attempts to submit spam. But how can we see submitted form data if a form submission was identified as spam? It’s possible by using Traffic Inspector logging capabilities. Enable the [...]
Strong login security with WP Cerber
It’s no secret that bad actors can break into a newly installed WordPress within a few minutes by mounting a brute-force attack. It’s possible because WordPress has no built-in attack mitigation mechanisms, the default login URL is well known, and the username of a website’s admin can be discovered with ease. WP Cerber [...]
Removing malware without paying a dime
If you found your website infected with malware, you have many options to remove it. Most of them are paid, but one of them is free. It’s free if you are willing to do it by yourself following this guide. It is important to note that this approach will help you remove many types of WordPress malware but may fail in case of complex [...]
Optimizing export performance
If you come across an issue with exporting a large number of activity events or the traffic log entries and so you’re unable to download the CSV file, you can tweak the plugin export mechanism. When WP Cerber creates an export file, it does it in several iterations, meaning it splits all the rows retrieved from the database into [...]
How to safely reinstall WordPress
Reinstalling WordPress is useful if some files were altered or missing, it’s a safe way to fix security issues with WordPress files. In the vertical WordPress admin menu click “Dashboard”, then the “Updates” submenu. It takes you to the “WordPress Updates” admin page as shown below. Click the [...]
How to block a WordPress user
In this post, we explain how to disable a WordPress user account without deleting it. You can do it with WP Cerber Security in a few clicks. Once a user is blocked, the user will not be able to log into the website. If you block a logged-in user, the user will be automatically logged out and redirected to the home page of the website. [...]
Restrict access to the WordPress REST API
WP Cerber Security allows you to restrict or completely block access to WordPress REST API which is enabled by default. To enable protection go to the Hardening tab and enable Block access to WordPress REST API except any of the following. This blocks access to the REST API unless you grant access to it in the settings fields [...]
How to stop spam user registrations on your WordPress
Enable an antispam engine for the registration form The fastest way to stop spammers is to enable the antispam engine for the WordPress registration form. To enable protection: Go to the Antispam plugin admin page Enable Protect registration form with bot detection engine in the Cerber antispam engine section If you have a [...]
How to clean up the activity and live traffic logs
Note: the following operations cannot be rolled back How to delete all Activity log records To completely delete all Activity log records stored in the website database, go to the WP Cerber → Tools admin page and click the Diagnostic tab. In the Database info section find the following title: Table: cerber_log, rows: xxxx. Click the [...]
How to protect WordPress against CVE-2018-6389 DoS attacks
We should say that this is not a critical vulnerability and doesn’t allow a hacker to break into a victim website. It’s rather a design flaw that allows anyone to put a WordPress powered website to its knees easily. Bad actors can use it to bring your online store down. The attack can be initiated from any computer by anyone. No special [...]
Traffic Logging for WordPress
WP Cerber’s Traffic Inspector not only analyzes and blocks suspicious HTTP requests but also can optionally log them with request details, enabling you to inspect them manually. It uses a thoroughly designed high-performance logging engine. All logged requests are displayed on the Live Traffic page. The logging settings [...]
Instant mobile and browser notifications with Pushbullet
WP Cerber allows you to enable desktop and mobile notifications with easy and get all those notifications from your WordPress instantly and for free. In a desktop browser, you will get popup messages even if you logged out of your WordPress. Help What is RID and how to use it WordPress Security How to limit the number of [...]
WordPress notifications and alerts made easy
Once you have created an alert for a specific activity, you will receive a notification email or an optional mobile notification for each event. You can create as many alerts as you need. Creating alerts for specific events is easy. You can do this by going to the Activity tab, filtering the log for the activity you wish to [...]