Posted By Gregory

WP Cerber Security 9.5.8

A new addition to WP Cerber’s security arsenal: mitigation of excessive use of the WordPress password reset form. Whenever WP Cerber detects multiple attempts to reset passwords for non-existing users from a specific IP address, that IP address is blocked. This feature aims to prevent user account guessing. Although, it is not a widely used technique, bad actors can use it to discover usernames and email addresses registered on the website.

In the Activity log, such events are labeled as “Exceeded the allowed number of attempts to reset password”.

Squashed bugs

  • Erroneous events “Password reset request denied” are logged to the Activity log when viewing the profile page of a blocked user or browsing the “Users” admin page in WordPress dashboard containing blocked users.
  • If WP Cerber is unable to create its diagnostic log, it produces the software error “PHP Fatal error: Uncaught ValueError: Path cannot be empty in”.
  • When browsing plugin updates on the Dashboard / Updates page, no details about the last release of WP Cerber is shown in the pop-up window.

Wonder what WP Cerber got in the previous version?

Review the release note for WP Cerber Security 9.5.7.

How to install WP Cerber on your WordPress

Enable automatic updates in the plugin settings or use this instruction on how to install WP Cerber if you do not have it on your website.

Have any questions?

If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered on the community forum.

Spotted a bug or glitch?

We’d love to fix it! Share your bug discoveries with us here: Bug Report.

I'm a software engineer and team lead at Cerber Tech. I started coding in 1993 on IBM System/370 and today software engineering at Cerber Tech is how I make my living.

View Comments
There are currently no comments.