WordPress Security How To
Instructions and guidelines on how to protect your website effectively
How to view spam form submissions
If you’ve enabled WP Cerber’s anti-spam protection, the engine protects all or selected forms on your WordPress-powered website and denies attempts to submit spam. But how can we see submitted form data if a form submission was identified as spam? It’s possible by using Traffic Inspector logging capabilities. Enable the [...]
Strong login security with WP Cerber
It’s no secret that bad actors can break into a newly installed WordPress within a few minutes by mounting a brute-force attack. It’s possible because WordPress has no built-in attack mitigation mechanisms, the default login URL is well known, and the username of a website’s admin can be discovered with ease. WP Cerber [...]
Removing malware without paying a dime
If you found your website infected with malware, you have many options to remove it. Most of them are paid, but one of them is free. It’s free if you are willing to do it by yourself following this guide. It is important to note that this approach will help you remove many types of WordPress malware but may fail in case of complex [...]
Optimizing export performance
If you come across an issue with exporting a large number of activity events or the traffic log entries and so you’re unable to download the CSV file, you can tweak the plugin export mechanism. When WP Cerber creates an export file, it does it in several iterations, meaning it splits all the rows retrieved from the database into [...]
How to safely reinstall WordPress
Reinstalling WordPress is useful if some files were altered or missing, it’s a safe way to fix security issues with WordPress files. In the vertical WordPress admin menu click “Dashboard”, then the “Updates” submenu. It takes you to the “WordPress Updates” admin page as shown below. Click the [...]
How to block a WordPress user
In this post, we explain how to disable a WordPress user account without deleting it. You can do it with WP Cerber Security in a few clicks. Once a user is blocked, the user will not be able to log into the website. If you block a logged-in user, the user will be automatically logged out and redirected to the home page of the website. [...]
Restrict access to the WordPress REST API
WP Cerber Security allows you to restrict or completely block access to WordPress REST API which is enabled by default. To enable protection go to the Hardening tab and enable Block access to WordPress REST API except any of the following. This blocks access to the REST API unless you grant access to it in the settings fields [...]
How to stop spam user registrations on your WordPress
Enable an antispam engine for the registration form The fastest way to stop spammers is to enable the antispam engine for the WordPress registration form. To enable protection: Go to the Antispam plugin admin page Enable Protect registration form with bot detection engine in the Cerber antispam engine section If you have a [...]
How to clean up the activity and live traffic logs
Note: the following operations cannot be rolled back How to delete all Activity log records To completely delete all Activity log records stored in the website database, go to the WP Cerber → Tools admin page and click the Diagnostic tab. In the Database info section find the following title: Table: cerber_log, rows: xxxx. Click the [...]
How to protect WordPress against CVE-2018-6389 DoS attacks
We should say that this is not a critical vulnerability and doesn’t allow a hacker to break into a victim website. It’s rather a design flaw that allows anyone to put a WordPress powered website to its knees easily. Bad actors can use it to bring your online store down. The attack can be initiated from any computer by anyone. No special [...]
Traffic Logging for WordPress
WP Cerber’s Traffic Inspector not only analyzes and blocks suspicious HTTP requests but also can optionally log them with request details, enabling you to inspect them manually. It uses a thoroughly designed high-performance logging engine. All logged requests are displayed on the Live Traffic page. The logging settings [...]
Instant mobile and browser notifications with Pushbullet
WP Cerber allows you to enable desktop and mobile notifications with easy and get all those notifications from your WordPress instantly and for free. In a desktop browser, you will get popup messages even if you logged out of your WordPress. WordPress Security Cloudflare add-on for WP Cerber WordPress Security Browser cookies [...]
WordPress notifications made easy
Yes, you heard it right. Subscriptions to events work like a subscription to a newsletter or following someone on Facebook. Once you have subscribed to a specific activity you will get a notification letter by email and a push notification with each event. You can create as many subscriptions as you need. You can easily [...]
How to change date format on Activity page
The plugin has a special setting – Date format. It allows you to specify what format to use to display dates and time on admin pages: Activity log, Traffic Inspector and in notification emails. The setting is located in the Preferences section on the Main settings admin page. If the Date format setting field is empty, the date and [...]
How to catch bots and robots with a list of prohibited logins
As you already know, there is a small but powerful feature called a list of prohibited logins/usernames. This is a comma-separated list of usernames you do not want to be used on your website in any circumstances. That’s it? Nope, there is no “just in case” features in the WP Cerber Security plugin. But how [...]