WP Cerber Security 8.9.6

This version brings a significant improvement to the alerts and fixes two critical bugs discovered in the previous version. The minimal recommended version is WordPress 5.5. The minimal supported version is still WordPress 4.9.

Improvements to the alerting system

If you’re familiar with WP Cerber, chances are you’ve used alerts with, sometimes, not satisfying results because you had no options to create them flexibly. With new alert settings, you can create an alert with new limits: an expiration time, the maximum number of alerts allowed to send, and optional rate-limiting. All new alert settings are optional. When you create an alert with a new pop-up dialog, you can leave them to default. Once the configured alert limits have been reached, the alert will be deleted automatically.

Another update: alert filters can include the URL of a request. It means you can limit alerting by a given URL and monitor events related to that URL — for instance, those occurring on a registration page only.

Breaking change: global rate limiting, available to configure in the Notification settings, now affects all alerts. You can change this behavior on a per-alert basis in the new alert settings dialog using the “Ignore global rate limits” checkbox. Alerts created before WP Cerber 8.9.6 will be suspended for a while if the hourly limit is reached.

Minor improvement and changes

  • Deleting of WordPress application passwords is logged now.
  • Ability to monitor anti-spam, reCAPTCHA, and several other setting-specific events using links on the settings pages. Once you’ve clicked a link, you can also create an alert.
  • Improved wording of multiple log labels shown on the Activity log page.
  • If a WP Cerber feature requires a newer version of WordPress, such a feature will not be shown in the plugin admin interface anymore.
  • New meaningful and actionable messages on the log screens if no activity has been found in the logs using a given search filter.

Fixed bugs

  • A fatal PHP error occurs while logging in on a version of WordPress older than 5.5 and a user has more than one active session. For instance, a user is logged in on several devices.
  • A fatal PHP error occurs while using the reset password form on a version of WordPress older than 5.4. This bug affects third-party code (a plugin) that utilizes reset password functionality.
  • While opening the Tools admin page, the PHP error might occur on some web servers: “Uncaught TypeError: strip_tags(): Argument #1 ($string) must be of type string, array given in…”.
  • While rendering the Activity tab, depending on the activities logged, the PHP warning can occur in the server error log “PHP Warning: Undefined property: stdClass::$user in…”.
  • When managing WP Cerber on a remote website via Cerber.Hub, the admin page footer incorrectly displays the version of WP Cerber installed on the main website.
  • If the Site Title of a website contains some special characters like apostrophes, the subject of email alerts and notifications contains such characters in encoded form (e.g., for apostrophes, it is ').

Wonder what WP Cerber got in the previous version?

Review the release note for WP Cerber Security 8.9.5.

How to install WP Cerber on your WordPress

Enable automatic updates in the plugin settings or use this instruction on how to install WP Cerber if you do not have it on your website.

Have any questions?

If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered on the community forum.

Spotted a bug or glitch?

We’d love to fix it! Share your bug discoveries with us here: Bug Report.

I'm a software engineer and team lead at Cerber Tech. I started coding in 1993 on IBM System/370 and today software engineering at Cerber Tech is how I make my living.

View Comments
There are currently no comments.