WP Cerber Security 9.3.2

This is a bug fix and code optimization version. Some features have got improvements as well. We have tested the plugin and made sure that it’s compatible with WordPress 6.1.

If you are updating from WP Cerber 9.2 or newer, the update is available to install on the “Plugins” admin page. For a fresh install or updating an older version of WP Cerber, follow these simple steps.


  1. Every locked-out IP address on the “Lockout” tab has a link to check its suspicious activity in the Activity log.
  2. WP Cerber logs more details on two-factor authentication (2FA) events with the following new statuses that occur if an attempt to log in using 2FA was aborted. Previously such events were logged with generic status “Site policy enforcement”.
    User’s IP address does not match the one used to log in

    User’s browser does not match the one used to log in

    This indicates a situation when a user tries to log into the website by entering their login and password on one computer (browser) and a 2FA code on another one.

    Exceeded the limit on the number of attempts to enter 2FA code

    A user entered invalid 2FA codes multiple times and reached the limit to the number of attempts, which is 5 times per a user’s 2FA session. If this happens, WP Cerber destroys the user 2FA session and the pin code. If the user’s computer has no history of being logged-in on the website previously, the WP Cerber blocks the user’s computer IP address.

    IP address is locked out

    The IP address has been blocked due to suspicious or malicious requests coming from the user’s computer (browser). To see the detailed information, click the IP address in the Activity log.

    Malicious activity detected

    The IP address of the computer is in the global WP Cerber database of well-known malicious IP addresses. The database is available in the professional version of WP Cerber. None of IP addresses from the database are permitted to log in.

  3. WP Cerber logs more details when a user was forcefully logged out (user session has been terminated) due to a restriction. Previously such log out events were logged with generic status “Site policy enforcement”.
    Invalid user

    WP Cerber detects an attempt to use an invalid user account that has been created or modified by altering data in the WordPress database tables directly. This typically occurs if an attacker tries to exploit a breach in a plugin to bypass conventional security measures available in WordPress and create an admin account. The professional version of WP Cerber makes such scenarios impossible.

    Blocked by country rule

    Occurs if the country from which a logged in user tries to get access to the website is in the list of blocked by the website admin countries. This can occur if a user uses mobile Internet and has crossed a country border or establishes a connection via a VPN server in a different country.

    User blocked by administrator

    Occurs when the website admin has manually blocked the user from logging in.

Fixed bugs

  1. If WordPress is installed in a subfolder and access to REST API has been blocked on the “Hardening” tab, a bad actor can get access to REST API by using a specially formatted request (CVE-2022-4417).
  2. Multiple duplicate notifications are sent via email and Pushbullet if an IP address is permanently getting blocked due to multiply consequent malicious requests and the notification limit is set to 0.

Wonder what WP Cerber got in the previous version?

Review the release note for WP Cerber Security 9.3.

How to install WP Cerber on your WordPress

Enable automatic updates in the plugin settings or use this instruction on how to install WP Cerber if you do not have it on your website.

Have any questions?

If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered on the community forum.

Spotted a bug or glitch?

We’d love to fix it! Share your bug discoveries with us here: Bug Report.

I'm a software engineer and team lead at Cerber Tech. I started coding in 1993 on IBM System/370 and today software engineering at Cerber Tech is how I make my living.

View Comments
There are currently no comments.