Posted By Gregory

WP Cerber Security 8.9

This version brings a lot of small but important changes and updates to many parts of WP Cerber, but primarily to the malware scanner. Almost all aspects of file scanning have been improved and optimized. It means fewer false positives, more precise risk analysis, and better scan performance. Although most of them are under the hood, we expect you’ll get a better experience with the scanner.

Breaking changes

The minimum supported PHP version is 7.0.


  • An updated scan statistic and filtering widget. Dynamically displays the most important issues with sorting.
  • The percentage of completion of a scanner step is shown now.
  • Sanitizing of malformed filenames in the scanner reports has been improved to avoid possible issues with the layout of the scan results page if malware creates malformed filenames to hinder their detection.
  • Handling of WordPress locales and versions on websites with multilanguage plugins has been improved.
  • A missing wp-config-sample.php file is not reported as an issue in the results of the scan anymore.
  • Improved handling REGEX patterns for the setting fields “Restrict email addresses” and “Prohibited usernames”. Now they support REGEX quantifiers.
  • Text on the forbidden page is translatable now.
  • You can specify the “User-Agent” string for requests from the main (master) Cerber.Hub website by defining the PHP constant CERBER_HUB_UA in the wp-config.php file. Here is the line you can use:define('CERBER_HUB_UA', 'My User Agent');
  • Diagnostic logging for network requests to the WP Cerber cloud. To enable logging, define the PHP constant CERBER_CLOUD_DEBUG in the wp-config.php file. Logging covers admin operations on the WP Cerber admin pages only. Here is the line you need to add:define('CERBER_CLOUD_DEBUG', 1);
  • Breaking changes on the plugin admin pages: all versions of Internet Explorer browser and Safari browser version 13.0 and older are not supported anymore, meaning some elements might not work as expected.

Minor bugs fixed

  • Scanner bug: some long filenames in the scan results break the layout of the scan results page, making it hard to navigate and use.
  • Scanner bug: unwanted file extensions are not detected if a file is identified as malicious.
  • Scanner bug: if a file is missing, the full filename is not shown in the scan results when clicking the “Show full filenames” icon.
  • PHP Warning: “Undefined variable $user_login in /wp-login.php.”
  • PHP Warning: “Undefined variable $error in /wp-login.php.”
  • PHP 8 Deprecated: “Required parameter $function follows optional parameter $pattern in /plugins/wp-cerber/cerber-scanner.php.”
  • PHP Fatal error: “Call to undefined function crb_admin_hash_token() in cerber-load.php.”
  • PHP Notice: “Undefined property: WP_Error::$ID in cerber-load.php.”

Wonder what WP Cerber got in the previous version?

Review the release note for WP Cerber Security 8.8.5.

How to install WP Cerber on your WordPress

Enable automatic updates in the plugin settings or use this instruction on how to install WP Cerber if you do not have it on your website.

Have any questions?

If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered on the community forum.

Spotted a bug or glitch?

We’d love to fix it! Share your bug discoveries with us here: Bug Report.

I'm a software engineer and team lead at Cerber Tech. I started coding in 1993 on IBM System/370 and today software engineering at Cerber Tech is how I make my living.

View Comments
There are currently no comments.