WordPress Security How To
WordPress security recipes and brief instructions how to protect your website with Cerber Security & Antispam plugin
Troubleshooting malware scanner issues
If you come across an issue with the malware scanner, your go-to tool is diagnostic logging. Normally and by default it’s disabled. 1. Enable diagnostic logging in the scanner settings To do this click the “Site Integrity” menu and then click the “Settings” tab, turn on “Enable diagnostic [...]
Optimizing export performance
If you come across an issue with exporting a large number of activity events or the traffic log entries and so you’re unable to download the CSV file, you can tweak the plugin export mechanism. When WP Cerber creates an export file, it does it in several iterations, meaning it splits all the rows retrieved from the database into [...]
How to safely reinstall WordPress
Reinstalling WordPress is useful if some files were altered or missing, it’s a safe way to fix security issues with WordPress files. In the vertical WordPress admin menu click “Dashboard”, then the “Updates” submenu. It takes you to the “WordPress Updates” admin page as shown below. Click the [...]
How to block a WordPress user
In this post, we explain how to disable a WordPress user account without deleting it. You can do it with WP Cerber Security in a few clicks. Once a user is blocked, the user will not be able to log into the website. If you block a logged-in user, the user will be automatically logged out and redirected to the home page of the website. [...]
Restrict access to the WordPress REST API
WP Cerber Security allows you to restrict or completely block access to WordPress REST API which is enabled by default. To enable protection go to the Hardening tab and enable Block access to WordPress REST API except any of the following. This blocks access to the REST API unless you grant access to it in the settings fields [...]
How to stop spam user registrations on your WordPress
Enable an antispam engine for the registration form The fastest way to stop spammers is to enable the antispam engine for the WordPress registration form. To enable protection: Go to the Antispam plugin admin page Enable Protect registration form with bot detection engine in the Cerber antispam engine section If you have a [...]
How to clean up the activity and live traffic logs
Note: the following operations cannot be rolled back How to delete all Activity log records To completely delete all Activity log records stored in the website database, go to the WP Cerber → Tools admin page and click the Diagnostic tab. In the Database info section find the following title: Table: cerber_log, rows: xxxx. Click the [...]
How to protect WordPress against CVE-2018-6389 DoS attacks
We should say that this is not a critical vulnerability and doesn’t allow a hacker to break into a victim website. It’s rather a design flaw that allows anyone to put a WordPress powered website to its knees easily. Bad actors can use it to bring your online store down. The attack can be initiated from any computer by anyone. No special [...]
Traffic Logging for WordPress
WP Cerber’s Traffic Inspector not only analyzes and blocks suspicious HTTP requests but also can optionally log them with details, so you can inspect them manually. It uses a carefully designed high-performance logging engine. The most optimal and recommended logging mode is Smart. What traffic is logged when Smart [...]
Instant mobile and browser notifications with Pushbullet
WP Cerber allows you to easily enable desktop and mobile notifications and get all those notifications from your WordPress instantly and for free. In a desktop browser, you will get popup messages even if you logged out of your WordPress. Security Blog Get WordPress protected: rename the plugins folder Security Blog Manage [...]
WordPress notifications made easy
Yes, you heard it right. Subscriptions to events work like a subscription to a newsletter or following someone on Facebook. Once you have subscribed to a specific activity you will get a notification letter by email and a push notification with each event. You can create as many subscriptions as you need. You can easily [...]
How to change date format on Activity page
The plugin has a special setting – Date format. It allows you to specify what format to use to display dates and time on admin pages: Activity log, Traffic Inspector and in notification emails. The setting is located in the Preferences section on the Main settings admin page. If the Date format setting field is empty, the date and [...]
How to catch bots and robots with a list of prohibited logins
As you already know, there is a small but powerful feature called a list of prohibited logins/usernames. This is a comma-separated list of usernames you do not want to be used on your website in any circumstances. That’s it? Nope, there is no “just in case” features in the WP Cerber Security plugin. But how [...]
How to set up reCAPTCHA
What is reCAPTCHA and how does it work? reCAPTCHA is a human verification mechanism that provides a free anti-spam service. It can be used alongside with the WP Cerber anti-spam engine. When reCAPTCHA is configured for a form on your website, a couple of JavaScript scripts are loaded from Google’s servers every time the [...]