WP Cerber Security 8.8

We are excited to announce a major release of WP Cerber that brings several new features and multiple important improvements to many algorithms and parts of the plugin. Some of the features are available in the professional version of the plugin only.

Application passwords management done right

You get control over the use of WordPress application passwords. WP Cerber has a set of features to manage application passwords effectively and securely. Use them if you need more than just a plain on-off switch. You can configure settings globally and on a per-role basis, monitor the use in the Activity log, and be notified of related events e.g., a user creates a password via email and mobile notifications.

WP Cerber adds two new columns to the lists of users’ application passwords on their profile pages to monitor the related events in the Activity log.

New events are logged now: API request authorized, API request authorization failed, User application password created.

Know more: Managing WordPress application passwords the right way.

A custom comment URL improves spam protection

This anti-spam feature works similarly to the custom login URL. It improves the efficiency of spam protection of the WordPress comment form by making it unique to your website. The only thing you need to do is to turn it on. The switch is located on the Anti-spam settings page.

The user login process got improvements

Handling user authentication and authorization by Cerber’s access control mechanism has been significantly improved and optimized to allow using external user authentication via third-part connectors and WordPress plugins.

New settings and handy features

You can specify a user message to be displayed if the configured limit on user sessions has been reached and new sessions configured to be denied. Simply put, if a user is not allowed to log in due to the limit to the number of sessions, they see this message instead of the default one. The setting is on the role-based settings page under the “User Policies” admin menu.

Limiting the number of concurrent user sessions in WordPress

A custom user message when limiting the number of concurrent user sessions in WordPress

Know more on how to limit the number of concurrent user sessions in WordPress.

New traffic log settings: “Log all REST API requests” and “Log all XML-RPC requests”. They can help you monitor API requests and reduce your web server load when the minimal logging level is set.

New traffic log settings: “Save response headers” and “Save response cookies”. They have been introduced primarily for diagnostic purposes to understand what WordPress and active plugins send to the users’ browsers. They should not be enabled in normal circumstances.

Minor improvements

  • For better compatibility with different web server configurations, the anti-spam query whitelist now ignores trailing slashes if a list entry or a requested URI has no GET parameters. For instance, these two entries, “/some-path/” and “/some-path”, are equal now in case of a request like “”.
  • Processing of extended and invalid UTF-8 characters in the Traffic Inspector log has been improved. The collation of some database fields is converted to utf8mb4_unicode_ci.
  • The displaying of invalid UTF-8 characters (invalid byte sequences) in the WP Cerber’s logs throughout the admin interface has been improved.
  • WP Cerber is tested and fully jQuery 3 compatible.
  • The wording and translations of the plugin admin interface have been updated and improved.

Bug fixes

  • Fixed a bug that prevented activating the Cerber.Hub master mode on PHP 8.
  • Fixed bug: a fatal PHP error occurs while saving some WP Cerber settings when using Cerber.Hub on a remote website with “Standard mode” enabled.
  • Fixed a bug that generated warning messages in the web server error log: Use of undefined constant LOGGED_IN_COOKIE – assumed ‘LOGGED_IN_COOKIE’
  • Fixed a bug that blocked theme preview if the anti-spam engine is enabled for all forms on the website.

Wonder what WP Cerber got in the previous version?

Review the release note for WP Cerber Security 8.7.

How to install WP Cerber on your WordPress

Enable automatic updates in the plugin settings or use this instruction on how to install WP Cerber if you do not have it on your website.

Have any questions?

If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered on the community forum.

Spotted a bug or glitch?

We’d love to fix it! Share your bug discoveries with us here: Bug Report.

I'm a software engineer and team lead at Cerber Tech. I started coding in 1993 on IBM System/370 and today software engineering at Cerber Tech is how I make my living.

View Comments