Beschreibung

Defends WordPress against hacker attacks, spam, trojans and malware.
Mitigates brute force attacks by limiting the number of login attempts through the login form, XML-RPC / REST API requests or using auth cookies.
Restricts access with the Black IP Access List and the White IP Access List.
Tracks user and intruder activity with powerful email, mobile and desktop notifications.
Stops spam: activates Cerber anti-spam engine and Google reCAPTCHA to protect registration, contact and comments forms.
Advanced malware scanner, integrity checker and file monitor.
Hardening WordPress with a set of security rules and sophisticated security algorithms.

Features you will love

Limit login attempts when logging in by IP address or entire subnet.
Monitors logins made by login forms, XML-RPC requests or auth cookies.
Permit or restrict access by White IP Access list and Black IP Access List with a single IP, IP range or subnet.
Create Custom login URL (rename wp-login.php).
Cerber antispam engine for protecting any contact form. Automatically detects and moves spam comments to trash or deny it completely.
Log users, bots, hacker and other suspicious activities.
Verify the integrity of all WordPress files, plugins and themes.
Monitor file changes and new files.
Cool notifications with powerful event filters.
Hide wp-login.php, wp-signup.php and wp-register.php from possible attacks.
Hide wp-admin (dashboard) when a user isn’t logged in.
Immediately block an IP or a subnet when attempting to log in with non-existent or prohibited username.
Restrict user registration or login with a username matching REGEX patterns.
Disable WP REST API or restrict access with your own security rules
Disable XML-RPC (block access to the XML-RPC interface including Pingbacks and Trackbacks)
Disable feeds (block access to the RSS, Atom and RDF feeds)
Restrict access to XML-RPC, REST API and feeds by White IP Access list by an IP address or an IP range.
Disable automatic redirection to the login page.
Stop user enumeration (block access to pages like /?author=n and user REST API)
Proactively blocks IP subnet class C for intruder’s IP.
Anti-spam: reCAPTCHA to protect WordPress login, register and comment forms.
reCAPTCHA for WooCommerce & WordPress forms.
Invisible reCAPTCHA for WordPress comments forms
Citadel mode for massive brute force attack.
Play nice with fail2ban: write failed attempts to the syslog or a custom log file.
Filter out and inspect activities by IP address, user, username or a particular activity.
Filter out activities and export them to a CSV file.
Reporting: get weekly reports to specified email addresses.
Limit login attempts works on a site/server behind a reverse proxy.
Get notifications by email or via mobile push notifications.
Trigger and action for the jetFlow.io automation plugin.
Protection against (DoS) attacks (CVE-2018-6389).

Limit login attempts done right

By default, WordPress allows unlimited login attempts through the login form, XML-RPC or by sending special cookies. This allows passwords to be cracked with relative ease via brute force attack.

WP Cerber blocks intruders by IP or subnet from making further attempts after a specified limit on retries is reached, making brute force attacks or distributed brute force attacks from botnets impossible.

You will be able to create a Black IP Access List or White IP Access List to block or allow logins from a particular IP address, IP address range or a subnet any class (A,B,C).

Moreover, you can create your Custom login page and forget about automatic attacks to the default wp-login.php, which takes your attention and consumes a lot of server resources. If an attacker tries to access wp-login.php they will be blocked and get a 404 Error response.

Malware scanner

Cerber Security Scanner is a sophisticated and extremely powerful tool that thoroughly scans every folder and inspects every file on a website for traces of malware, trojans, backdoors, changed and new files.

Integrity checker

The scanner checks if all WordPress folders and files match what exist in the official WordPress core repository, compares your plugins and themes with what are in the official WordPress repository and alerts you to any changes. As with scanning free plugins and themes, the scanner scans and verifies commercial plugins and themes that are installed manually.

Automated recurring scans and email reporting

Cerber Security Scanner allows you to easily configure your schedule for automated recurring scanning. Once the schedule is configured the scanner will automatically perform the scan of the website and send a email report with results of the scan.

Log, filter out and export activities

WP Cerber tracks time, IP addresses and usernames for successful and failed login attempts, logins, logouts, password changes, blocked IP and actions taken by itself. You can export them to a CSV file.

Limit login attempts reinvented

You can hide WordPress dashboard (/wp-admin/) when a user isn’t logged in. If a user isn’t logged in and they attempt to access the dashboard by requesting /wp-admin/, WP Cerber will return a 404 Error.

Massive botnet brute force attack? That’s no longer a problem. Citadel mode will automatically be activated for awhile and prevent your site from making further attempts to log in with any username.

Cerber antispam engine

Anti-spam and anti-bot protection for contact, registration, comments and other forms.
Cerber antispam and bot detection engine now protects all forms on a website. No reCAPTCHA is needed.
It’s compatible with virtually any form you have. Tested with Caldera Forms, Gravity Forms, Contact Form 7, Ninja Forms, Formidable Forms, Fast Secure Contact Form, Contact Form by WPForms.

Anti-spam protection: invisible reCAPTCHA for WooCommerce

WooCommerce login form
WooCommerce register form
WooCommerce lost password form

Anti-spam protection: invisible reCAPTCHA for WordPress

WordPress login form
WordPress register form
WordPress lost password form
WordPress comment form

Documentation & Tutorials

Übersetzungen

Czech, thanks to Hrohh
Deutsche, thanks to mario, Mike and Daniel
Dutch, thanks to Jos Knippen and Bernardo
Français, thanks to hardesfred
Norwegian (Bokmål), thanks to Eirik Vorland
Portuguese (Portugal), thanks to Helderk
Portuguese (Brazil), thanks to Felipe Turcheti
Polski, thanks to Wojciech Górski
Spanish, thanks to Ismael Murias and leemon
Український, thanks to Nadia
Русский, thanks to Yui
Italian, thanks to Francesco Venuti
Swedish, thanks to Fredrik Näslund

Thanks to POEditor.com for helping to translate this project.

There are some semi-similar security plugins you can check out: Login LockDown, Login Security Solution,
BruteProtect, Ajax Login & Register, Lockdown WP Admin, Loginizer,
BulletProof Security, SiteGuard WP Plugin, All In One WP Security & Firewall, Brute Force Login Protection

Another reliable plugins from the trusted author

Plugin Inspector reveals issues with installed plugins

Checks plugins for deprecated WordPress functions, known security vulnerabilities, and some unsafe PHP functions

Translate sites with Google Translate Widget

Make your website instantly available in 90+ languages with Google Translate Widget. Add the power of Google automatic translations with one click.
1. If you want to test out plugin’s features, do this from another computer and remove that computer’s network from the White Access List. Cerber is smart enough to recognize „the boss“.
2. If you’ve set up the Custom login URL and you use some caching plugin like W3 Total Cache or WP Super Cache, you have to add a new Custom login URL to the list of pages not to cache.
3. Read this if your website is under CloudFlare

Deutsche
Schützt vor Ort gegen Brute-Force-Attacken. Umfassende Kontrolle der Benutzeraktivität. Beschränken Sie die Anzahl der Anmeldeversuche durch die Login-Formular, XML-RPC-Anfragen oder mit Auth-Cookies. Beschränken Sie den Zugriff mit Schwarz-Weiß-Zugriffsliste Zugriffsliste. Track Benutzer und Einbruch Aktivität.

Français
Protège site contre les attaques par force brute. Un contrôle complet de l’activité de l’utilisateur. Limiter le nombre de tentatives de connexion à travers les demandes formulaire de connexion, XML-RPC ou en utilisant auth cookies. Restreindre l’accès à la liste noire accès et blanc Liste d’accès. L’utilisateur de la piste et l’activité anti-intrusion.

Український
Захищає сайт від атак перебором. Обмежте кількість спроб входу через запити ввійти форми, XML-RPC або за допомогою авторизації в печиво. Обмежити доступ з чорний список доступу і список білий доступу. Користувач трек і охоронної діяльності.

What does „Cerber“ mean?

Cerber is derived from the name Cerberus. In Greek and Roman mythology, Cerberus is a multi-headed dog with a serpent’s tail, a mane of snakes, and a lion’s claws. Nobody can bypass this angry dog. Now you can order WP Cerber to guard the entrance to your site too.

Screenshots

The Dashboard: Recently recorded important security events and recently locked out IP addresses.
WordPress activity log with filtering, export to CSV and powerful notifications. You can see what's going on right now, when an IP reaches the limit of login attempts and when it was blocked.
Activity log filtered by login and specific type of activity. Export it or click Subscribe to be notified with each event.
Detailed information about an IP address with WHOIS information.
These settings allows you to customize the plugin according to your needs.
White and Black IP access lists allow you to restrict access from a particular IP address, network or IP range.
Hardening WordPress: disable REST API, XML-RPC and stop user enumeration.
Powerful email, mobile and browser notifications for WordPress events.
Stop spammer: visible/invisible reCAPTCHA for WooCommerce and WordPress forms - no spam comments anymore.
You can export and import security settings and IP Access Lists on the Tools screen.
Beautiful widget for the WP dashboard to keep an eye on things. Get quick analytic with trends over last 24 hours.
WP Cerber adds four new columns on the WordPress Users screen: Date of registration, Date of last login, Number of failed login attempts and Number of comments. To get more information just click on the appropriate link.

Installation

Installing the WP Cerber Security & Antispam plugin is the same as other WordPress plugins.

Install the plugin through Plugins > Add New > Upload or unzip plugin package into wp-content/plugins/.
Activate the WP Cerber through the Plugins > Installed Plugins menu in the WordPress admin dashboard.
The plugin is now active and has started protecting your WordPress with default settings.
Make sure, that you’ve got a notification letter to your site admin email.
It’s advised to enable Standard mode for the „Load security engine“ setting.
Read carefully: Getting Started Guide

Important notes

Before enabling invisible reCAPTCHA, you must obtain separate keys for the invisible version. How to enable reCAPTCHA.
If you want to test out plugin’s features, do this on another computer (or incognito browser window) and remove computer IP address or network from the White Access List. Cerber is smart enough to recognize „the boss“.
If you’ve set up the Custom login URL and you use some caching plugin like W3 Total Cache or WP Super Cache, you have to add the new Custom login URL to the list of pages not to cache.
Read this if your website is under CloudFlare
If you use the Jetpack plugin or another plugin that needs to connect to wordpress.com, you need to unlock XML-RPC. To do that go to the Hardening tab, uncheck Disable XML-RPC, and click the Save changes button.

The following steps are optional but they allow you to reinforce the protection of your WordPress.

Fine tune Limit login attempts settings making them more restrictive according to your needs
Configure your Custom login URL and remember it (the plugin will send you an email with it).
Once you have configured Custom login URL, check ‚Immediately block IP after any request to wp-login.php‘ and ‚Block direct access to wp-login.php and return HTTP 404 Not Found Error‘. Don’t use wp-admin to log in to your WordPress dashboard anymore.
If your WordPress has a few experienced users, check ‚Immediately block IP when attempting to log in with a non-existent username‘.
Specify the list of prohibited usernames (logins) that legit users will never use. They will not be permitted to log in or register.
Configure mobile and browser notifications via Pushbullet.
Obtain keys and enable invisible reCAPTCHA for password reset and registration forms (WooCommerce supported too).

FAQ

Can I use the plugin with CloudFlare?

Yes. WP Cerber settings for CloudFlare.

Is WP Cerber Security compatible with WordPress multisite mode?

Yes. All settings apply to all sites in the network simultaneously. You have to activate the plugin in the Network Admin area on the Plugins page. Just click on the Network Activate link.

Is WP Cerber Security compatible with bbPress?

Yes. Compatibility notes.

Is WP Cerber Security compatible with WooCommerce?

Completely.

Is reCAPTCHA for WooCommerce free feature?

Yes. How to set up reCAPTCHA for WooCommerce.

Are there any incompatible plugins?

The following plugins can cause some issues: Ultimate Member, WPBruiser {no- Captcha anti-Spam}, Plugin Organizer, WP-SpamShield.
The Cerber Security plugin won’t be updated to fix any issue or conflict related to them, you should decide and stop using one or all of them.
Read more: https://wpcerber.com/compatibility/.

Can I change login URL (rename wp-login.php)?

Yes, easily. How to rename wp-login.php

Can I hide the wp-admin folder?

Yes, easily. How to hide wp-admin and wp-login.php from possible attacks

Can I rename the wp-admin folder?

Nope. It’s not possible and not recommended for compatibility reasons.

Can I hide the fact I use WordPress?

No. We strongly encourage you not to use any plugin that renames wp-admin folder to protect a website.
Beware of all plugins that hide WordPress folders or other parts of a website and claim this as a security feature.
They are not capable to protect your website. Don’t be silly, hiding some stuff doesn’t make your site more secure.

Can WP Cerber Security work together with the Limit Login Attempts plugin?

Nope. WP Cerber is a drop in replacement for that outdated plugin.

Can WP Cerber Security protect my site from DDoS attacks?

Nope. The plugin protects your site from Brute force attacks or distributed Brute force attacks. By default WordPress allows unlimited login attempts either through the login form or by sending special cookies. This allows passwords to be cracked with relative ease via a brute force attack. To prevent from such a bad situation use WP Cerber.

Is there any WordPress plugin to protect my site from DDoS attacks?

Nope. This hard task cannot be done by using a plugin. That may be done by using special hardware from your hosting provider.

What is the goal of Citadel mode?

Citadel mode is intended to block massive bot (botnet) attacks and also a slow brute force attack. The last type of attack has a large range of intruder IPs with a small number of attempts to login per each.

How to turn off Citadel mode completely?

Set Threshold fields to 0 or leave them empty.

What is the goal of using Fail2Ban?

With Fail2Ban you can protect site on the OS level with iptables firewall. See details here: https://wpcerber.com/how-to-protect-wordpress-with-fail2ban/

Do I need to use Fail2Ban to get the plugin working?

No, you don’t. It is optional.

Is WP Cerber Security compatible with other security plugins like WordFence, iThemes Security, Sucuri, NinjaFirewall, All In One WP Security & Firewall, BulletProof Security?

The plugin has been tested with WordFence and no issues have been noticed. Other plugins also should be compatible.

Can I use this plugin on the WP Engine hosting?

Yes! WP Cerber Security is not on the list of disallowed plugins.

Is the plugin compatible with Cloudflare?

Yes, read more: https://wpcerber.com/cloudflare-and-wordpress-cerber/

Does the plugin works on websites with SSL(HTTPS)

Absolutely!

It seems that old activity records are not removing from the activity log

That means that scheduled tasks are not executed on your site. In other words, WordPress cron is not working the right way.
Try to add the following line to your wp-config.php file:

define( ‚ALTERNATE_WP_CRON‘, true );

I’m unable to log in / I’m locked out of my site / How to get access (log in) to the dashboard?

There is a special version of the plugin called WP Cerber Reset. This version performs only one task. It resets all WP Cerber settings to their initial values (excluding Access Lists) and then deactivates itself.

To get access to your dashboard you need to copy the WP Cerber Reset folder to the plugins folder. Follow these simple steps.

Download the wp-cerber-reset.zip archive to your computer using this link: https://wpcerber.com/downloads/wp-cerber-reset.zip
Unpack wp-cerber folder from the archive.
Upload the wp-cerber folder to the plugins folder of your site using any FTP client or a file manager from your hosting control panel. If you see a question about overwriting files, click Yes.
Log in to your site as usually. Now WP Cerber is disabled completely.
Reinstall the WP Cerber plugin again. You need to do that, because WP Cerber Reset cannot work as a normal plugin.

Rezensionen

Excellent!

darkplatinum100

I was looking around on the plugin after a couple of weeks after installing it, and found several people from china have tried to probe for vunerable PHP code. They were denied. I have blacklisted them. Something else I have found with this plugin is that i can use the WHOIS feature to see exactly who the person is, where they live, their abused email address, phone number etc. This means if you don’t want to get in trouble, don’t try to hack websites.

Stop the Hackers in their tracks

chaptermaster

WP-Cyber has stopped over 20 hacker attacks in the last 4 days, making me and my website very happy.

Complete solution

gmaftei

One of the most comprehensive security solutions for WP! Thank you!

I’ve never taken the time to review a plugin before…until now

mcooi77

Hopefully this statement alone means something: I’ve never taken the time to review a plugin before…until now.

Hobby-web developer here. Couldn’t figure out why I was randomly getting „Error Establishing Connection to Database“ after my site being up and running for 9 months. Quick Google search alerted my to the fact that I was probably under brute force attack. So I installed this plugin and

literally

within the first 4 minutes of having this plugin installed and getting it configured I received 3 different notifications of overseas IPs trying to brute-force my site.

Seriously. This is the only plugin I’ve taken time to review because IT’S WORTH MORE THAN 5 STARS!! And The dev. makes all the most useful features free for hobbyists like me. So grateful!

Under attack but shields are holding

NightL

One of my sites has been under attack over the last several days – I was layering up security but was uncomfortable and feeling it was only a matter of time before one of the automated attacks broke through.

Some highly supported plugins were still letting in attempts at various login entries – even with recaptcha and other detection/blocks in place.

Cerber is holding up against constant php vulnerability probes, attempts to access numerous files, and warding off login attempts before submit.

_____________________

I read the negative reviews and it appeared to me any criticisms of this plugin would have been easily avoided by going through the settings and reading the documentation.

incompatible with woocomerce

productordj

It block a lot of „add to cart“ or similar actions. With my own Ip, for example, it block me „add to the cart“ or any other form whe I use a chrome in anonym mode and dont block this when I use a normal tab.

It block a lot of other actions like newsletter form (sometimes to some user in some page) in a random way.

after lot of problem we desinstall it.

It work great in blogs or similar but give a lot of problems on ecommerce.

Lies alle 291 Rezensionen

Mitwirkende & Entwickler

„Cerber Security, Antispam & Malware Scan“ ist Open-Source-Software. Folgende Menschen haben an diesem Plugin mitgewirkt:

Gioni

„Cerber Security, Antispam & Malware Scan“ wurde in 6 Sprachen übersetzt. Danke an die Übersetzerinnen und Übersetzer für ihre Mitwirkung.

Übersetze „Cerber Security, Antispam & Malware Scan“ in deine Sprache.

Interessiert an der Entwicklung?

Durchstöbere den Code, sieh dir das SVN Repository an oder abonniere das Entwicklungsprotokoll per RSS.

Änderungsprotokoll

7.9.3

New: New settings for the Traffic Inspector firewall allow you to fine-tune its behavior. You can enable less or more restrictive firewall rules.
Update: Troubleshooting of possible issues with scheduled maintenance tasks has been improved.
Update: To make troubleshooting easier the plugin logs not only a lockout event but also logs and displays the reason for the lockout.
Update: Compatibility with ManageWP and Gravity Forms has been improved.
Update: The layout of the Activity and Live Traffic pages has been improved.
Bug fixed: The malware scanner wrongly prevents PHP files with few specific names in one particular location from being deleted after a manual scan or during the automatic malware removal.
Bug fixed: The number of email notifications might be incorrectly limited to one email per hour.
Read more

7.9

New: The plugin monitors suspicious requests that cause 4xx and 5xx HTTP errors and blocks IP addresses that aggressively generate such requests.
New: A set of WordPress navigation menu links. Login, logout, and register menu items can be automatically generated and shown in any WordPress menu or a widget.
New: Software error logging. A handy feature that logs PHP errors and shows them on Live Traffic page.
New: A new export feature for Traffic Inspector. It allows exporting all log entries or a filtered set from the log of HTTP requests.
Update: Multiple improvements to Traffic Inspector firewall algorithms. In short, the detection of obfuscated malicious SQL queries and injections has been improved.
Update: Improved handling of malformed requests to wp-cron.php.
Fix: The number of email notifications per hour can exceed the configured limit.
Read more

7.8.5

New: A new set of heuristics algorithms for detecting obfuscated malicious JavaScript code.
New: A new file filter on the Quarantine page lets to filter out quarantined files by the date of the scan.
New: The performance of the malware scanner has been improved. Now the scanner deletes all files in the website session and temporary folders permanently before the scan.
Update: If the plugin is unable to detect the remote IP address, it uses 0.0.0.0 as an IP.
Update: The antispam engine will never block the localhost IP
Update: Performance improvements for database queries related to the process of user authentication.
Update: Improved handling the plugin settings in a buggy or misconfigured hosting environment that could cause the plugin to reset settings to their default values.
Update: Translations have been updated. Thanks to Francesco, Jos Knippen, Fredrik Näslund, Slobodan Ljubic and MARCELHAP.
Fix: Fixed an issue with saving settings on the Hardening tab: „Unable to get access to the file…“
Read more

7.8

New: An ignore list for the malware scanner.
New: Disabling execution of PHP scripts in the WordPress media folder helps to prevent offenders from exploiting security flaws.
New: Disabling PHP error displaying as a setting is useful for misconfigured servers.
New: English for the plugin admin interface. Enable it if you prefer to have untranslated, original admin interface.
New: Diagnostic logging for the malware scanner. Specify a particular location of the log file by using the CERBER_DIAG_DIR constant.
Update: The performance of malware scanning on a slow web server with thousands of issues and tens of thousands of files has been improved.
Update: PHP 5.3 is not supported anymore. The plugin can be activated and run only on PHP 5.4 or higher.
Fix: If a malicious file is detected on a slow shared hosting, the file can be shown twice in the results of the scan.
Fix: A possible issue with the short PHP syntax on old PHP versions in /wp-content/plugins/wp-cerber/common.php on line 1970
Read more

7.7

New: Automatic cleanup of malware and suspicious files. This powerful feature is available in the PRO version and automatically deletes trojans, viruses, backdoors, and other malware. Cerber Security Professional scans the website on an hourly basis and removes malware immediately.
Update: Algorithms of the malware scanner have been improved to detect obfuscated malware code more precisely for all types of files.
Update: Email reports for scheduled malware scans have been extended with useful performance numbers and a list of automatically deleted malicious files if you’ve enabled automatic malware removal and some files have been deleted.
Fix: A possible issue with uploading large JSON and CSV files. When Traffic Inspector scans uploaded files for malware payload, some JSON and CSV files might be erroneously identified as containing a malicious payload.
Fix: A possible Divi theme forms incompatibility. If you use the Divi theme (by Elegant Themes), you can come across a problem with submitting some forms.
Read more

7.6

New: The quarantine has got a separate admin page in the WordPress dashboard which allows viewing deleted files, restoring or deleting them.
New: Now the malware scanner and integrity checker supports multisite WordPress installations.
Fix: Once an address IP has been locked out after reaching the limit to the number of attempts to log in the „We’re sorry, you are not allowed to proceed“ forbidden page is being displayed instead of the normal user message „You have exceeded the number of allowed login attempts“.
Fix: PHP Notice: Only variables should be passed by reference in cerber-load.php on line 5377
Read more

7.5

New: Firewall algorithms have been improved and now inspect the contents of all files that are being tried to upload on a website.
New: The traffic logger can save headers, cookies and the $_SERVER variable for every HTTP request.
New: The scanner now scans installed plugins for known vulnerabilities. If you have enabled scheduled automatic scans you will be notified in a email report.
Update: A set of new malware signatures amd patterns have been added to detect malware submitted through a contact form as well as any HTTP request fields.
Update: Now the plugin inspects user sign ups (user registrations) on multisite WordPress installations and BuddyPress.
Update: The search for user activity, as well as enabling activity notifications, is improved.
Read more

7.2

New: Monitoring new and changed files.
New: Detecting malicious redirections and directives in .htaccess files.
New: Automated hourly and daily scheduled scans with flexible email reports.
Update: Added a protection from logging wrong time stamps on some misconfigured web servers.
Fix: Unexpected warning messages in the WordPress dashboard.
Fix: Some file status links on the scanner results page may not work.

7.0

Cerber Security Scanner: integrity checker, malware detector and malware removal tool.
New: a new setting for Traffic Inspector: Use White IP Access List.
Update: the redirection from /wp-admin/ to the login page is not blocked for a user that has been logged in once before.
Bug fixed: the limit to the number of new user registrations is calculated the way that allows one additional registration within a given period of time.
Read more

6.7.5

A new button View Activity has been added to the user edit page in the WordPress dashboard.
Miscellaneous code optimizations: performance of database routines and SQL queries are improved.
A new Swedish translation has been added. Thanks to Fredrik Näslund.
Bug fixed: The wildcard ... entry (all IPv4 addresses) to the Black IP Access List, doesn’t work as intended.

6.7

New: Regular expressions are now available for the Traffic Inspector Request whitelist and Antispam Query whitelist.
Update: Antispam engine algorithms have been updated to improve AJAX requests handling and reduce false positives.
Update: Improved compatibility with WooCommerce, Formidable Forms, Gravity Forms and AJAX file upload.
Update: Any symbols other than letters, numbers, dashes and underscores are not permitted in Custom login URL anymore.
Bug fixed: The Safe antispam mode doesn’t work correctly on some website configurations. That may lead to false positives and erroneous spam form submission detection.
Read more

6.5

New: A new, advanced initialization mode which reinforces overall security performance.
New: Traffic Inspector’s algorithms detect and deny any attempt to upload executable files or an .htaccess file via any POST request.
New: A new setting to disable email notifications about new versions of the plugin.
New: Search in the traffic log improved. Search in the User agent string and filter out the HTTP method (GET/POST) are available.
Update: Performance of the logging subsystem is improved.
Update: In the Smart mode if a user is not logged in, all requests to the admin dashboard are logged.
Bug fixed: If a user tries to log in with an email address and an incorrect password, the „Invalid username“ message is shown.
Bug fixed: On a multisite installation with websites in subdirectories a user activation link doesn’t work.
Read more

6.2

New: Protection against (DoS) attacks that exploit recently discovered vulnerability (CVE-2018-6389).
New: The Traffic Inspector algorithm detects malformed and double extensions like .php.jpg more precisely.
New: The Access Lists now accept IPv6 addresses in any form and handle them in a shortened form. All existing IPs will be converted.
Bug fixed: If the WP REST API is blocked, a request with a specially malformed URL can bypass protection. Thanks to Tomasz Wasiak.
Bug fixed: An IPv4 range in the Access Lists might not work as expected, depending on server/site settings.

6.1

New: Traffic Inspector has got a Request White List setting.
New: An Activity filter for the Advanced search form on the Traffic Inspector page.
Bug fixed: Two reCAPTCHA widgets on login/registration forms.
Bug fixed: A legitimate IP address can be locked out by Traffic Inspector on a Windows hosting (server).

6.0

New: Traffic Inspector. It’s a specialized request inspection algorithm that performs inspection all suspicious incoming HTTP requests and block them before they can harm a website.
New: Traffic Inspector optionally logs all or just suspicious and malicious requests so you can inspect them.
New: Added ability to clean up Cerber’s DB tables.
New: If the web server has some issues and those issues can affect plugin functionality, they are shown on the Diagnostic page.
Added protection to prevent scheduled tasks from being executed multiple times an hour.
JavaScript antispam code is improved to eliminate excessive fields in GET requests.
To eliminate possible warning messages, the inet_pton() function has been replaced with filter_var().

5.9

New: You can add comments for new entries in the access lists
Improved compatibility with exotic hosting environments: now the plugin handles URLs with the MultiViews server option enabled.
Improved compatibility with caching plugins
Bug fixed: The plugin logs a logout event if the actual logout doesn’t happen
Read more

5.8.6

New: Regular expressions (REGEX) in the list of prohibited usernames.
New: Enable/disable weekly reports, a new setting to specify email addresses for weekly reports.
Improved compatibility with non-standard authentication processes, WooCommerce and exotic/outdated hosting environments.
Bug fixed: Some interface elements of WordPress Customizer might not work.
Read more

5.8

New: Now the plugin will send a brief security report (activity for past seven days) to specified email addresses.
Plugin admin interface pages: compatibility with screen readers has been improved.
REST API: the deprecated rest_enabled filter is used for WordPress older than 4.7.
Bug fixed: After updating the plugin to the 5.7 version some disabled checkboxes (and corresponding disabled settings) are set to their default, enabled states.
Bug fixed: An IP address in the white access list may be locked out as a suspicious IP.
Read more