Änderungsprotokoll

7.2

• New: Monitoring new and changed files.
• New: Detecting malicious redirections and directives in .htaccess files.
• New: Automated hourly and daily scheduled scans with flexible email reports.
• Update: Added a protection from logging wrong time stamps on some not correctly configured servers.
• Bug fixed: Unexpected warning messages in the WordPress dashboard.
• Bug fixed: Some file status links on the scanner results page may not work.

7.0

• Cerber Security Scanner: integrity checker, malware detector and malware removal tool.
• New: a new setting for Traffic Inspector: Use White IP Access List.
• Update: the redirection from /wp-admin/ to the login page is not blocked for a user that has been logged in once before.
• Bug fixed: the limit to the number of new user registrations is calculated the way that allows one additional registration within a given period of time.
• Read more

6.7.5

• A new button View Activity has been added to the user edit page in the WordPress dashboard.
• Miscellaneous code optimizations: performance of database routines and SQL queries are improved.
• A new Swedish translation has been added. Thanks to Fredrik Näslund.
• Bug fixed: The wildcard ... entry (all IPv4 addresses) to the Black IP Access List, doesn’t work as intended.

6.7

• New: Regular expressions are now available for the Traffic Inspector Request whitelist and Antispam Query whitelist.
• Update: Antispam engine algorithms have been updated to improve AJAX requests handling and reduce false positives.
• Update: Improved compatibility with WooCommerce, Formidable Forms, Gravity Forms and AJAX file upload.
• Update: Any symbols other than letters, numbers, dashes and underscores are not permitted in Custom login URL anymore.
• Bug fixed: The Safe antispam mode doesn’t work correctly on some website configurations. That may lead to false positives and erroneous spam form submission detection.
• Read more

6.5

• New: A new, advanced initialization mode which reinforces overall security performance.
• New: Traffic Inspector’s algorithms detect and deny any attempt to upload executable files or an .htaccess file via any POST request.
• New: A new setting to disable email notifications about new versions of the plugin.
• New: Search in the traffic log improved. Search in the User agent string and filter out the HTTP method (GET/POST) are available.
• Update: Performance of the logging subsystem is improved.
• Update: In the Smart mode if a user is not logged in, all requests to the admin dashboard are logged.
• Bug fixed: If a user tries to log in with an email address and an incorrect password, the „Invalid username“ message is shown.
• Bug fixed: On a multisite installation with websites in subdirectories a user activation link doesn’t work.
• Read more

6.2

• New: Protection against (DoS) attacks that exploit recently discovered vulnerability (CVE-2018-6389).
• New: The Traffic Inspector algorithm detects malformed and double extensions like .php.jpg more precisely.
• New: The Access Lists now accept IPv6 addresses in any form and handle them in a shortened form. All existing IPs will be converted.
• Bug fixed: If the WP REST API is blocked, a request with a specially malformed URL can bypass protection. Thanks to Tomasz Wasiak.
• Bug fixed: An IPv4 range in the Access Lists might not work as expected, depending on server/site settings.

6.1

• New: Traffic Inspector has got a Request White List setting.
• New: An Activity filter for the Advanced search form on the Traffic Inspector page.
• Bug fixed: Two reCAPTCHA widgets on login/registration forms.
• Bug fixed: A legitimate IP address can be locked out by Traffic Inspector on a Windows hosting (server).

6.0

• New: Traffic Inspector. It’s a specialized request inspection algorithm that performs inspection all suspicious incoming HTTP requests and block them before they can harm a website.
• New: Traffic Inspector optionally logs all or just suspicious and malicious requests so you can inspect them.
• New: Added ability to clean up Cerber’s DB tables.
• New: If the web server has some issues and those issues can affect plugin functionality, they are shown on the Diagnostic page.
• Added protection to prevent scheduled tasks from being executed multiple times an hour.
• JavaScript antispam code is improved to eliminate excessive fields in GET requests.
• To eliminate possible warning messages, the inet_pton() function has been replaced with filter_var().

5.9

• New: You can add comments for new entries in the access lists
• Improved compatibility with exotic hosting environments: now the plugin handles URLs with the MultiViews server option enabled.
• Improved compatibility with caching plugins
• Bug fixed: The plugin logs a logout event if the actual logout doesn’t happen
• Read more

5.8.6

• New: Regular expressions (REGEX) in the list of prohibited usernames.
• New: Enable/disable weekly reports, a new setting to specify email addresses for weekly reports.
• Improved compatibility with non-standard authentication processes, WooCommerce and exotic/outdated hosting environments.
• Bug fixed: Some interface elements of WordPress Customizer might not work.
• Read more

5.8

• New: Now the plugin will send a brief security report (activity for past seven days) to specified email addresses.
• Plugin admin interface pages: compatibility with screen readers has been improved.
• REST API: the deprecated rest_enabled filter is used for WordPress older than 4.7.
• Bug fixed: After updating the plugin to the 5.7 version some disabled checkboxes (and corresponding disabled settings) are set to their default, enabled states.
• Bug fixed: An IP address in the white access list may be locked out as a suspicious IP.
• Read more

5.7

• New: Limit access to WordPress REST API for logged in users only.
• New: For new users the plugin records the date of registration, the IP address and a user who has added a new user.
• New: Sorting users on the Users admin page by date of registration.
• New: User registration monitoring and activity logging functions has been improved.
• Translations has been updated, thanks to Jon Knippen, Wojciech Górski and Francesco.
• Bug fixed: Stop user enumeration via REST API doesn’t work on a multisite WordPress installation.
• Read more

5.5

• New: White list for the WordPress anti-spam engine.
• New: White list for REST API requests.
• New: Disable access to user data via REST API and stop REST API user enumeration.
• Read more

5.2

• Bug fixed: Hidden custom login URL may be discovered by using specially formatted URL.
• Bug fixed: Customized CSS styles don’t work on the Custom login page.

5.1

• New: Anti-spam and anti-bot for contact and other forms. Cerber antispam and bot detection engine now protects all forms on a website. It’s compatible with virtually any form. Tested with Caldera Forms, Gravity Forms, Contact Form 7, Ninja Forms, Formidable Forms, Fast Secure Contact Form, Contact Form by WPForms.
• New: Portuguese of Portugal translation has been added, thanks to Helderk.
• Bug fixed: A user with admin account is unable to approve comments with pending status in the WordPress Dashboard.

5.0

• New: A new antispam and bot detection engine that protects comment and user registration forms from bot attacks. After several attempts bot IP will be locked out.
• New: You can tell Cerber either to mark detected spam comments as spam or deny them completely.
• New: Cerber can automatically move spam comments older than the specified amount of days to trash.
• New: Added the cerber_404_template filter for specifying an alternative to the default 404 page not found template.
• New: Added code to avoid possible conflict between Custom login URL and REST API.
• New: Italian translation has been added, thanks to Francesco Venuti.
• Bug fixed: WordPress database error: Table ‚…cerber_lab_net‘ doesn’t exist.

4.9

• New: Additional details will be logged and displayed on the Activity page: the URL of a request and decision the plugin engine had made.
• New: Added a nice panel with performance indicators showing key events and plugin performance in the last 24 hours.
• New: To improve reliability self check-up code has been added.
• New: Polish translation has been added, thanks to Wojciech Górski.
• New: On a multisite WP installation scheduled tasks will be executed once per hour for the entire network: there will no excess SQL queries when the plugin executes hourly cron tasks.
• Bug fixed: The language for visible reCAPTCHA doesn’t set according to the site language setting. It’s always English.

4.8.2

• New: Starting with this version all database tables will be created with a default database engine. It should be InnoDB.
• New: To improve compatibility with some plugins the email notification function has been updated and now uses the comma-separated list of email addresses instead of an array.
• Bug fixed: An IP address from a range might not be allowed to log in if you have overlapping IP ranges in the both IP Access List.
• Bug fixed: A reason of blocking an IP address is not shown in notification emails if Always block entire subnet Class C of intruders IP is selected in the settings.

4.8

• New: You can enable/disable applying limit login rules to IP addresses in the White IP Access List.
• New: Block malicious IP addresses after a specified number of failed attempts to solve visible or invisible reCAPTCHA.
• New: Track password reset requests with username entered.

4.7.7

• New: invisible reCAPTCHA (classic, visible also available).
• New: reCAPTCHA for comment forms. Works well as anti-spam tool.
• Fixed bug: „Add network to the Black List“ and „Add IP to the Black List“ buttons on the Activity tab doesn’t work in the Safari web browser.

4.5

• New: Instant mobile and browser notifications with Pushbullet.
• New: Ability to choose a 404 page template.
• New: Events on the Activity tab are displaying with user roles and avatars.
• Update: PHP function file_get_contents() has been replaced with cURL to improve compatibilty with restrictive hostings.
• Fixed bug: Password reset link that is generated by the WooCommerce reset password form can be corrupted if reCAPTCHA is enabled for the form.
• Fixed bug: The plugin doesn’t block IPv6 addresses from the Black IP Access List (versions affected: 4.0 – 4.3).

4.3

• New: Use powerful subscriptions to get email notifications according to filters for events you have set.
• New: Search and/or filter activity by IP address, username (login), specific event and a user. You may use any combination of them.
• New: Now you can export activity from your WordPress website to a CSV file. You may export all activities or just a set of filtered out activities.
• Update: Now you can specify multiple email boxes for notifications.
• Update: The Spanish translation has been updated, thanks to leemon.

4.1

• New: Date format field allows you to specify a desirable format for displaying dates and time.
• Updated code for registration_errors filter to handle errors right way.
• The French translation has been updated.
• Fixed issue: Loading settings from a file with reCAPTCHA key and secret on a different website overwrite existing reCAPTCHA key and secret with values from the file.
• Fixed bug: The plugin tries to validate reCAPTCHA on WooCommerce login form if the validation enabled for the default WordPress login form only.

4.0

• New: reCAPTCHA for WooCommerce forms. How to set up reCAPTCHA.
• New: IP Access Lists has got support for IP networks in three forms: ability to restrict access with IPv4 ranges, IPv4 CIDR notation and IPv4 subnets: A,B,C has been added. Access Lists for WordPress.
• New: Cerber can automatically detect an IP network of an intruder and suggest you to block entire network right from the Activity screen.
• New: Norwegian translation added, thanks to Eirik Vorland.
• Update: WP REST API is controlled by Access Lists. While REST API is blocked for the rest of the world, IP addresses from the White Access List can use WP REST API.
• Update: The WP Cerber admin menu is moved from Settings to the main admin menu.
• Update: To make Cerber more compatible with other plugins, the order of the init hook on the Custom login page (Custom login URL) has been changed.
• Update: Several languages and translations has been updated.
• Update: Large amount of code has been rewritten to improve performance and stability.
• Fixed bug: If a hacker or a bot uses login from the list of prohibited usernames or non-existent username, Citadel mode is unable to be automatically activated.
• Fixed bug: reCAPTCHA for an ordinary WordPress login form is incompatible with a WooCommerce login form.
• Fixed issue: In some cases the plugin log first digits of an IP address as an ID of existing user.