WP Cerber Security 9.8

This release concentrates on the parts of WP Cerber that you rely on every day but rarely think about: how we identify the real visitor behind a request, how access decisions are reported in your logs, and how reliably the integrity scanner runs on your WordPress. We closed a cross-site scripting vector in the Cerber.Hub management console, improved client IP detection in proxy and IPv6 setups, and fixed several issues that caused noisy server logs and misleading Access List labels.

Key Highlights

Hardened the Cerber.Hub update dialog to prevent XSS through plugin metadata reported by compromised managed sites.
Client IP detection is more accurate and predictable in reverse-proxy and IPv6 environments.
Clearer Access List terminology across the admin interface.
Several bug fixes that remove log noise, correct misleading Access List labels, and restore integrity scanning on sites with unusual table prefixes.

Defensive rendering in the Cerber.Hub update dialog

For administrators who manage WP Cerber on multiple websites through Cerber.Hub, we hardened the update dialog against XSS from compromised managed websites. If a connected website had already been compromised, unsafe plugin metadata or site names reported back to the main website could potentially affect how the dialog rendered update information. The main website console now treats that remote metadata more defensively, strengthening the trust boundary between managed websites and the main website.

More accurate client IP detection in proxy and IPv6 environments

Correctly identifying the client IP is the foundation of every access decision WP Cerber makes. This release introduces two independent improvements to that logic:

IPv4-mapped IPv6 addresses are now converted to standard IPv4 notation, so a client arriving over an IPv4-mapped IPv6 address is represented consistently throughout logging and access control.
WP Cerber no longer falls back to the HTTP_CLIENT_IP header when the X-Forwarded-For proxy header is empty or does not contain a valid address. HTTP_CLIENT_IP is trivially spoofable, and removing this fallback makes client IP determination more deterministic behind reverse proxies.

New IP Access List terminology to improve administrator clarity

Replaced the formerly standard “White IP Access List” and “Black IP Access List” terms with the clearer canonical terms “Allowed IP Access List” and “Blocked IP Access List” across the plugin dashboard.

This update aligns the UI with more precise access-control wording. The new terms describe the actual access decision more directly and provide stronger, clearer terminology for administrators, documentation, and future UI improvements.

Detailed database error logging for the integrity scanner

The integrity scanner now records detailed database error information in the log when diagnostic logging is enabled in the settings. When you are triaging a scanner problem, this gives you concrete diagnostic detail instead of a silent failure, making it easier to understand what happened and where.

Bugfixes

IPv6 geolocation data is now cached correctly

A bug prevented geolocation data for IPv6 addresses from being cached. As a result, every time the Activity log or the Traffic log was displayed, country information for IPv6 addresses had to be retrieved again from the geolocation service, which introduced unnecessary AJAX requests and could cause a noticeable delay before country names appeared. IPv6 country information is now cached correctly and displayed immediately on subsequent views. As a side effect, this also clears the recurring ERROR 1062 (“Duplicate entry”) messages that the bug wrote to the server error log on each IPv6 lookup, reducing log noise for administrators.

Correct Access List comments and labels for IPv6 range matches

On sites with more than one IPv6 range or IPv6 network defined in IP Access Lists, WP Cerber could display comments or labels belonging to a different IPv6 Access List entry in the Traffic and Activity logs. For example, a request could be denied while the Activity log label was shown as “IP whitelisted”, or the reverse. This was a display issue in the logs, which could show details that did not match the Access List entry actually involved. The logs now report the comment and label that correspond to the matching entry.

Integrity scanner restored for table prefixes starting with a digit

Internal SQL identifier validation now allows valid WordPress database table names when the configured table prefix starts with a digit, such as 1_. This fixes a regression introduced by the stricter database operation validation in WP Cerber 9.7.4, where affected sites could fail to run integrity scanner queries and the scan could stop shortly after starting.

Breaking Changes

Access List terminology. “White IP Access List” and “Black IP Access List” are now “Allowed IP Access List” and “Blocked IP Access List” in the admin interface. No configuration changes are required, but documentation and internal procedures that reference the older terms should be updated.
IPv4-mapped IPv6 matching in the Access List. Because client IP detection now normalizes IPv4-mapped IPv6 addresses to standard IPv4 notation, Access List entries written in mapped IPv6 notation will no longer match these normalized client IP addresses. If you maintain such entries, review them and use standard IPv4 notation instead.

Wonder what WP Cerber got in the previous version?

Review the release note for WP Cerber Security 9.7.4.

How to update WP Cerber

We recommend enabling automatic updates to ensure you always have the latest security features and performance improvements: how to enable automatic updates in the plugin settings.