WP Cerber Security 8.8
We are excited to announce a major release of WP Cerber that brings several new features and multiple important improvements to many algorithms and parts of the plugin. Some of the features are available in the professional version of the plugin only.
Application passwords management done right
You get control over the use of WordPress application passwords. WP Cerber has a set of features to manage application passwords effectively and securely. Use them if you need more than just a plain on-off switch. You can configure settings globally and on a per-role basis, monitor the use in the Activity log, and be notified of related events e.g., a user creates a password via email and mobile notifications.
WP Cerber adds two new columns to the lists of users’ application passwords on their profile pages to monitor the related events in the Activity log.
New events are logged now: API request authorized, API request authorization failed, User application password created.
Know more: Managing WordPress application passwords the right way.
A custom comment URL improves spam protection
This anti-spam feature works similarly to the custom login URL. It improves the efficiency of spam protection of the WordPress comment form by making it unique to your website. The only thing you need to do is to turn it on. The switch is located on the Anti-spam settings page.
The user login process got improvements
Handling user authentication and authorization by Cerber’s access control mechanism has been significantly improved and optimized to allow using external user authentication via third-part connectors and WordPress plugins.
New settings and handy features
You can specify a user message to be displayed if the configured limit on user sessions has been reached and new sessions configured to be denied. Simply put, if a user is not allowed to log in due to the limit to the number of sessions, they see this message instead of the default one. The setting is on the role-based settings page under the “User Policies” admin menu.
Know more on how to limit the number of concurrent user sessions in WordPress.
New traffic log settings: “Log all REST API requests” and “Log all XML-RPC requests”. They can help you monitor API requests and reduce your web server load when the minimal logging level is set.
New traffic log settings: “Save response headers” and “Save response cookies”. They have been introduced primarily for diagnostic purposes to understand what WordPress and active plugins send to the users’ browsers. They should not be enabled in normal circumstances.
- For better compatibility with different web server configurations, the anti-spam query whitelist now ignores trailing slashes if a list entry or a requested URI has no GET parameters. For instance, these two entries, “/some-path/” and “/some-path”, are equal now in case of a request like “https://wpcerber.com/some-path/”.
- Processing of extended and invalid UTF-8 characters in the Traffic Inspector log has been improved. The collation of some database fields is converted to utf8mb4_unicode_ci.
- The displaying of invalid UTF-8 characters (invalid byte sequences) in the WP Cerber’s logs throughout the admin interface has been improved.
- WP Cerber is tested and fully jQuery 3 compatible.
- The wording and translations of the plugin admin interface have been updated and improved.
- Fixed a bug that prevented activating the Cerber.Hub master mode on PHP 8.
- Fixed bug: a fatal PHP error occurs while saving some WP Cerber settings when using Cerber.Hub on a remote website with “Standard mode” enabled.
- Fixed a bug that generated warning messages in the web server error log: Use of undefined constant LOGGED_IN_COOKIE – assumed ‘LOGGED_IN_COOKIE’
- Fixed a bug that blocked theme preview if the anti-spam engine is enabled for all forms on the website.
Have any questions?
If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered here: G2.COM/WPCerber.