WP Cerber Security 9.6.9

Boost your site’s security and get smarter IP insights with the latest WP Cerber update! This release features hardened .htaccess rules to better protect your uploads folder and introduces support for the modern Registration Data Access Protocol (RDAP), offering faster and more reliable IP address information. Explore further to discover additional refinements, including enhanced login controls and a smoother upgrade process, all designed for a more secure and efficient experience.

New features and important changes

The behavior of the authenticate hook has been reverted to restore its functionality from versions prior to WP Cerber 9.6.6. Custom login workflows that rely on the previous behavior of this hook may require review and adjustment. For any plugin that needs to restrict user authentication, it is now recommended to use the wp_authenticate_user hook to ensure correct interaction and compatibility.

We have added support for the Registration Data Access Protocol (RDAP) for retrieving IP address data. RDAP serves as a modern and more efficient replacement for the traditional WHOIS protocol, offering improved speed and data structure for IP lookups.

New settings

A new setting is now available to configure an optional message displayed when a user attempts to register with an email address that is not permitted by WP Cerber’s settings. This allows administrators to provide specific guidance or information to users encountering this restriction during registration.

Administrators gain more control over responses to login attempts with prohibited usernames thanks to a new setting. You can now choose to either silently deny access for such attempts or implement a stricter measure by also blocking the originating IP address.

Other improvements

The .htaccess rules have been further hardened to provide enhanced protection against file execution within the WordPress uploads folder. This improvement strengthens security by preventing unauthorized script execution, even in less common or edge-case scenarios.

We have updated the plugin upgrade process to more reliably handle the copying of new settings and the deletion of obsolete plugin settings. This change ensures a smoother transition between plugin versions and helps prevent configuration inconsistencies after an upgrade.

The rendering performance of the Activity and Live Traffic log tables has been optimized. This improvement was achieved by replacing the standard WordPress esc_url() function with the faster, internal crb_escape_url() function for these specific tables.

Diagnostic messaging within the “Upload a reference ZIP archive” dialog on the scanner page has been enhanced. Users will now receive clearer and more informative feedback, which can aid in troubleshooting if any issues occur during the ZIP archive upload process for manual scans.

The internal crb_escape_url() function, used for sanitizing URLs, has undergone additional code hardening. This further strengthens the security of this utility function within the plugin.

Bug fixes

A PHP warning, Warning: Undefined array key 'title' in cerber-load.php on line 9157, which could appear under certain conditions, has been resolved. This fix contributes to more stable plugin operation by preventing this notice.

An issue leading to a PHP notice, Undefined property: stdClass::$plugin in cerber-common.php on line 5853, has been corrected. This fix addresses an undefined property access, improving overall code robustness.

We have fixed a bug where the notification threshold setting would incorrectly reset to its default value after the plugin was upgraded. Your custom-configured notification thresholds will now be correctly retained across plugin updates.

A problem that could cause the integrity scanner to stop prematurely if the WP Cerber data folder became write-protected has been addressed. The scanner is now more resilient in such situations, improving its reliability and ability to complete scans.

Minor changes

For better organization within the plugin settings, the “Non-existing users are strictly prohibited” option has been moved. This setting is no longer in “Main Settings” and can now be found under the “Global User Policies” tab.

Similarly, the “Disable login language switcher” checkbox has been relocated from “Main Settings”. This option is now also available in the “Global User Policies” tab, consolidating user-related policy configurations.

Wonder what WP Cerber got in the previous version?

Review the release note for WP Cerber Security 9.6.7.3.

How to update WP Cerber

We recommend enabling automatic updates to ensure you always have the latest security features and performance improvements: how to enable automatic updates in the plugin settings.