Releases

WP Cerber Security 6.2


New features

Protection against a denial of service (DoS) attack that exploits recently discovered vulnerability (CVE-2018-6389). It’s not a critical vulnerability and doesn’t allow a hacker to break into a victim website. It’s rather a flaw that allows anyone to put a WordPress powered website to its knees easily. Bad actors can use it to bring a website down. The attack can be initiated from any computer by anyone. No special knowledge or software is needed.

The protection mechanism is disabled by default. To enable it go to the Hardening tab and enable Block unauthorized access to load-scripts.php and load-styles.php. After enabling this setting a set of security rules will be added to the .htaccess file.

Improvements

  • The Traffic Inspector algorithm detects malformed and double extensions like .php.jpg more precisely.
  • Access Lists now accept IPv6 addresses in any form. You can enter a shortened IPv6 (short form) or a full IPv6. A full IPv6 will be shortened to the short IPv6 address representation. All existing in access lists IP addresses will be converted.

Bugs fixed

  • If REST API is blocked, a request with specially malformed URL can bypass protection. Thanks to Tomasz Wasiak.
  • An IPv4 range in the Access Lists might not work as expected, depending on server/site settings.

Read more about CVE-2018-6389

Wonder what WP Cerber got in the previous version?

Review the release note for WP Cerber Security 6.1.

How to install WP Cerber on your WordPress

Enable automatic updates in the plugin settings or use this instruction on how to install WP Cerber if you do not have it on your website.

Have any questions?

If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered on the community forum.

Spotted a bug or glitch?

We’d love to fix it! Share your bug discoveries with us here: Bug Report.


I'm a software engineer and team lead at Cerber Tech. I started coding in 1993 on IBM System/370 and today software engineering at Cerber Tech is how I make my living.

View Comments
There are currently no comments.