WP Cerber Security 9.3.2
This is a bug fix and code optimization version. Some features have got improvements as well. We have tested the plugin and made sure that it’s compatible with WordPress 6.1.
If you are updating from WP Cerber 9.2 or newer, the update is available to install on the “Plugins” admin page. For a fresh install or updating an older version of WP Cerber, follow these simple steps.
- Every locked-out IP address on the “Lockout” tab has a link to check its suspicious activity in the Activity log.
- WP Cerber logs more details on two-factor authentication (2FA) events with the following new statuses that occur if an attempt to log in using 2FA was aborted. Previously such events were logged with generic status “Site policy enforcement”.
User’s IP address does not match the one used to log in
User’s browser does not match the one used to log in
This indicates a situation when a user tries to log into the website by entering their login and password on one computer (browser) and a 2FA code on another one.
Exceeded the limit on the number of attempts to enter 2FA code
A user entered invalid 2FA codes multiple times and reached the limit to the number of attempts, which is 5 times per a user’s 2FA session. If this happens, WP Cerber destroys the user 2FA session and the pin code. If the user’s computer has no history of being logged-in on the website previously, the WP Cerber blocks the user’s computer IP address.
IP address is locked out
The IP address has been blocked due to suspicious or malicious requests coming from the user’s computer (browser). To see the detailed information, click the IP address in the Activity log.
Malicious activity detected
The IP address of the computer is in the global WP Cerber database of well-known malicious IP addresses. The database is available in the professional version of WP Cerber. None of IP addresses from the database are permitted to log in.
- WP Cerber logs more details when a user was forcefully logged out (user session has been terminated) due to a restriction. Previously such log out events were logged with generic status “Site policy enforcement”.
WP Cerber detects an attempt to use an invalid user account that has been created or modified by altering data in the WordPress database tables directly. This typically occurs if an attacker tries to exploit a breach in a plugin to bypass conventional security measures available in WordPress and create an admin account. The professional version of WP Cerber makes such scenarios impossible.
Blocked by country rule
Occurs if the country from which a logged in user tries to get access to the website is in the list of blocked by the website admin countries. This can occur if a user uses mobile Internet and has crossed a country border or establishes a connection via a VPN server in a different country.
User blocked by administrator
Occurs when the website admin has manually blocked the user from logging in.
- If WordPress is installed in a subfolder and access to REST API has been blocked on the “Hardening” tab, a bad actor can get access to REST API by using a specially formatted request (CVE-2022-4417).
- Multiple duplicate notifications are sent via email and Pushbullet if an IP address is permanently getting blocked due to multiply consequent malicious requests and the notification limit is set to 0.
Have any questions?
If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered here: G2.COM/WPCerber.