WP Cerber Security Pro - WordPress Antispam & Malware Scan v9.6.2

New login security features Disabling the default WordPress user authentication through the wp-login.php and using it as a honeypot When enabled, WP Cerber prevents any user authentication even with correct usernames and passwords. After an attempt to log in, WP Cerber shows the default incorrect password error message mimicking the [...]

We are excited to announce a major release of WP Cerber that brings several new features and multiple important improvements to many algorithms and parts of the plugin. Some of the features are available in the professional version of the plugin only. Application passwords management done right You get control over the use of WordPress [...]

unknown.

New features

In the professional version of WP Cerber, you can now permit user registrations for IP addresses in the White IP Access List only. The new setting is on the User Policies / Global page. Now, in total, you have three options you can combine as you need:

• Using the Black IP Access List to block registrations from certain IP addresses
• Using the White IP Access List to permit registrations from certain IP addresses only
• Using the GEO rules to permit or deny registrations from certain countries.

Improvements

• All URLs in the logs are displayed in a shortened form without the website’s domain. There is no much value having see known things. However, if you’d like to keep the old look, you can add this line: const CERBER_FULL_URI = 1; to the wp-config.php
• A new “IP Whitelisted” label with green borders has been introduced. It is displayed in a log row on the Live Traffic if the IP address was in White IP Access List, but the appropriate setting “Use White IP Access List” was not enabled at the moment when the event was logged.
• All non-REGEX entries in the list of prohibited usernames (logins) are case-insensitive now. This applies to standard Latin-based (ASCII) WordPress usernames only. If you need to specify a special character in a username, use REGEX.
• If you now hover the mouse over a red square icon in the Activity or Live Traffic log, you see the reason why the IP address in the row is currently locked out.
• If you now hover the mouse over a green or black square Access List icon in the Activity or Live Traffic log, you see the comment you’ve previously specified for that Access List entry.
• The launch time of the daily maintenance tasks is now set to the night-time at 02:20. If you need them to get rescheduled, you can manually delete the “cerber_daily” cron task via a plugin or deactivate/activate WP Cerber.

Other changes

• IP CIDR notations with, well a bit strange but legitimate, /32 network mask now are supported in the IP Access Lists and work well like single IP addresses.
• The name of the website group in the Group column on Cerber.Hub’s website list is a link that takes you to the list of websites in the group.
• A PHP software warning in the /wp-includes/class-phpass.php file on line 68 you might see on a rare occasion is not logged to the live traffic log anymore. It doesn’t make much sense because it is not a critical error, the ancient code in the file was written ten years ago, and, finally, nobody really cares about it.
• User browser and device detection has been improved.

Bug fixes

• A bug with REST API restrictions – configured restrictions have no effect if a WordPress is installed not in the root folder of a website (there is a path in the site URL). Affected versions: 8.6.1 and newer.
• A bug in the logging subsystem: depending on server configuration submitted form fields are not saved into the DB (if it is enabled in the logging settings). Affected versions: 8.6.5 and 8.6.6.
• A bug with Cerber’s admin CSS styles that were added in the previous version and hid top pagination links on the “All posts” and “All posts” pages.

New settings for traffic logging

• A new, minimal logging mode has introduced. When it is set, only HTTP requests related to known activities are logged. It’s the default mode now. Use it to reduce server load and the database size. You will always have data on malicious requests and blocked IP addresses with no additional overhead.
• Now you can specify locations (URL Paths) to exclude requests from logging. They can be either exact matches or regular expressions (REGEX). You have to specify the full path from an URL without the website domain for an exact match. To specify a REGEX pattern, enclose a whole line in two braces.
• You can now exclude requests from logging based on the value of the User-Agent (UA) header. If the User-Agent header string contains a specified string, the request is not logged.

User session management has been improved

• The user sessions page has been optimized for performance and compatibility and now works blazingly fast on websites with thousands of active WordPress user sessions.
• On the user sessions page, you can now search sessions by a user name, email, and the IP address from which a user has logged in.
• If your WordPress is behind a proxy (e.g., Cloudflare), IP addresses of user sessions now are detected more precisely. Incorrect user data provided by WordPress core is not used anymore.

Minor updates

• When you configure the request whitelist in the Traffic Inspector settings, you can now specify rules with or without trailing slash. Previously you may not specify rules without trailing slash.
• Since WP Cerber detects and denies attempts to scan for any kind of vulnerable code on a website (behind the WordPress code), the log label “Probing for vulnerable PHP code” has been changed to “Probing for vulnerable code.”
• The file cerber-news.php is not the part of the plugin anymore. You can safely delete it.

Cloudflare add-on for WP Cerber

A new version of Cloudflare add-on for WP Cerber is available: the performance of the add-on has been optimized.

Download WP Cerber Security Pro v8.6.5 - WordPress Antispam & Malware Scan Nulled Free
v8.6.5
* New: File system analytics. It's generated based on the results of the last full integrity scan.
* New: Logging user deletions. The user’s display name and roles are temporarily stored until all log entries related to the user are deleted.
* New: Faster export with a new date format for CSV log export.
* New: Ability to disable adding the website administrator's IP address to the White IP Access List upon WP Cerber activation.
* Improved: Handling the creation of new users by WooCommerce and membership plugins.
* Improved: Handling user registrations with prohibited emails.
* Improved: Handling secure Cerber‘s cookies on websites with SSL encryption enabled.
* Improved: The performance of the integrity checker and malware scanner on huge websites with a large number of files.
* Fixed: Loading the default plugin settings has no effect. Now it’s fixed and moved from the admin sidebar to the Tools admin page.
* [Read more](https://wpcerber.com/wp-cerber-security-8-6-5/)