Posted By Gregory

WP Cerber Security 8.6.7

We continue to develop and improve WP Cerber to deliver better security, reliability, and performance to your WordPress powered websites. This version brings many small but important improvements to the plugin code and a few bug fixes.

New features

In the professional version of WP Cerber, you can now permit user registrations for IP addresses in the White IP Access List only. The new setting is on the User Policies / Global page. Now, in total, you have three options you can combine as you need:


  • All URLs in the logs are displayed in a shortened form without the website’s domain. There is no much value having see known things. However, if you’d like to keep the old look, you can add this line: const CERBER_FULL_URI = 1; to the wp-config.php
  • A new “IP Whitelisted” label with green borders has been introduced. It is displayed in a log row on the Live Traffic if the IP address was in White IP Access List, but the appropriate setting “Use White IP Access List” was not enabled at the moment when the event was logged.
  • All non-REGEX entries in the list of prohibited usernames (logins) are case-insensitive now. This applies to standard Latin-based (ASCII) WordPress usernames only. If you need to specify a special character in a username, use REGEX.
  • If you now hover the mouse over a red square icon in the Activity or Live Traffic log, you see the reason why the IP address in the row is currently locked out.
  • If you now hover the mouse over a green or black square Access List icon in the Activity or Live Traffic log, you see the comment you’ve previously specified for that Access List entry.
  • The launch time of the daily maintenance tasks is now set to the night-time at 02:20. If you need them to get rescheduled, you can manually delete the “cerber_daily” cron task via a plugin or deactivate/activate WP Cerber.

Other changes

  • IP CIDR notations with, well a bit strange but legitimate, /32 network mask now are supported in the IP Access Lists and work well like single IP addresses.
  • The name of the website group in the Group column on Cerber.Hub’s website list is a link that takes you to the list of websites in the group.
  • A PHP software warning in the /wp-includes/class-phpass.php file on line 68 you might see on a rare occasion is not logged to the live traffic log anymore. It doesn’t make much sense because it is not a critical error, the ancient code in the file was written ten years ago, and, finally, nobody really cares about it.
  • User browser and device detection has been improved.

Bug fixes

  • A bug with REST API restrictions – configured restrictions have no effect if a WordPress is installed not in the root folder of a website (there is a path in the site URL). Affected versions: 8.6.1 and newer.
  • A bug in the logging subsystem: depending on server configuration submitted form fields are not saved into the DB (if it is enabled in the logging settings). Affected versions: 8.6.5 and 8.6.6.
  • A bug with Cerber’s admin CSS styles that were added in the previous version and hid top pagination links on the “All posts” and “All posts” pages.

Wonder what WP Cerber got in the previous version?

Review the release note for WP Cerber Security 8.6.6.

How to install WP Cerber on your WordPress

Enable automatic updates in the plugin settings or use this instruction on how to install WP Cerber if you do not have it on your website.

Have any questions?

If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered on the community forum.

Spotted a bug or glitch?

We’d love to fix it! Share your bug discoveries with us here: Bug Report.

I'm a software engineer and team lead at Cerber Tech. I started coding in 1993 on IBM System/370 and today software engineering at Cerber Tech is how I make my living.

View Comments
There are currently no comments.