WP Cerber Security ProProtected WordPress from hackers, spam, Trojans, and malware.Use login forms, XML-RPC/REST API calls, or use authentication cookies to limit the number of login attempts, thereby mitigating brute force attacks.Track user and bad actor behavior with customizable email, mobile, and desktop notifications. Block spammers with a specific anti-spam engine.Google reCAPTCHA is used to secure registration, contact and comment forms. IP access lists are used to restrict access.Powerful malware scanner and integrity checker for monitoring website integrity.A set of customizable security rules and advanced security algorithms enhance WordPress security.
Demo: HTTPS://Pace Wu Erbuer.com/
Features: WP Cerber Security Pro – WordPress Antispam & Malware Scan
- Limit the number of login attempts when logging in via IP address or full subnet.
- Track logins via login forms, XML-RPC calls, or authentication cookies.
- Allow or deny access by using IP access lists for individual IPs, IP ranges, or subnets.
- Create a unique login URL (rename wp-login.php).
- Cerber's anti-spam engine protects contacts and registration forms.
- Automatically identify spam comments and move them to the trash or reject them outright.
- From a single control screen you can manage many WP Cerber cases.
- WordPress two-factor authentication.
- Users, bots, hackers, and other suspicious activities are all logged.
- WordPress security scanners check the integrity of files, plugins and themes.
- With email notifications and reports, it keeps track of file changes and new files.
- With a set of customizable filters, you may receive mobile and email notifications.
- Session manager for advanced users
- Security of wp login. php, wp-register. php and wp registration. php.
- If the guest is not logged in, the wp-admin (dashboard) will be hidden.
- When an intruder IP tries to log in with a non-existent or banned username, it is blocked immediately.
- Restrict users from registering or logging in to usernames that match the REGEX pattern.
- Use your own role-based security policies to restrict access to the WP REST API.
- Disable access to the WordPress REST API completely.
- Access to XML-RPC is restricted (access to XML-RPC is blocked, including Pingbacks and Trackbacks).
- Feeds should be disabled (block access to RSS, Atom and RDF feeds).
- White IP access lists can be used to restrict access to XML-RPC, REST APIs, and feeds by IP address or IP range.
- Mode for authorized users only
- User accounts can be blocked.
- Turn off automatic redirection to hidden login page.
- Stop enumerating users (blocks access to author pages and prevents exposing user data via REST API).
- Block IP subnet class C in advance.
- Anti-spam: reCAPTCHA is used to defend the WordPress login, registration, and comment forms.
- WooCommerce and WordPress forms with reCAPTCHA.
- For the WordPress comment form, an invisible reCAPTCHA is used.
- Citadel mode designed for large brute force strikes.
- Play with fail2ban by logging unsuccessful attempts to syslog or a custom log file.
- Filter and inspect actions based on IP address, user, username, or specific activity.
- Filter activities and save them as a CSV file.
- Reporting: Receive weekly reports by email at the addresses you provide.
- Restricting login attempts works for sites/servers protected by reverse proxies.
- Receive alerts via push notifications on your mobile device.
- jet stream. Triggers and actions for io automation plugins.
- Defense against Denial of Service (DoS) attacks (CVE-2018-6389).
Changelog: WP Cerber Security Pro – WordPress Antispam & Malware Scan
= v8.9.5 = * New: A new setting for [WP Cerber's anti-spam engine](https://wpcerber.com/antispam-for-wordpress-contact-forms/): "Disable bot detection engine for IP addresses in the White IP Access List". * New: A new setting for [the reCAPTCHA module](https://wpcerber.com/how-to-setup-recaptcha/): "Disable reCAPTCHA for IP addresses in the White IP Access List". * Improved: Logging all user session terminations including those that occurred when an admin manually terminate user sessions or [block users](https://wpcerber.com/how-to-block-wordpress-user/). * Improved: If a user session has been terminated by a website admin, the admin’s name is logged and shown in the Activity log. * Improved: Logging all user password changes including those made on the edit user admin page, and the WooCommerce edit account page. * Improved: Logging [application passwords](https://wpcerber.com/wordpress-application-passwords-how-to/) changes. * Improved: New status labels in the Activity log: "reCAPTCHA verified" is shown when a user solves reCAPTCHA successfully * Improved: New status labels in the Activity log: "Logged out everywhere" is shown when a user has completely logged out on all devices and of all locations. * Improved: Failed reCAPTCHA verifications are logged with form submission events they are linked to. * Improved: A new event is logged: "Password reset request denied". With possible statuses "reCAPTCHA verification failed", "User blocked by administrator", "Username is prohibited". * Improved: Handling reset of user passwords is improved to support changes in the WordPress core. * Fixed: A cookie-related bug that causes a fatal software error if a user has been deleted or their password has been changed in the WordPress dashboard by the website administrator while the user is being logged in. * Fixed: A bug with the WordPress lost password (reset password) form that prevents displaying error messages to a user. * Fixed: When the [limit on the number of allowed concurrent user sessions](https://wpcerber.com/limiting-concurrent-user-sessions-in-wordpress/) is set to one, an attempt to log in with the user name and incorrect password terminates the existing session of the user. = v8.9.3 = Improved: The scanner: now checksums generated using manually uploaded ZIP archives have priority over the remote ones. Improved: You can configure exceptions for WP Cerber's anti-spam by disabling its code on selected WordPress pages. Improved: New diagnostic messages were added for better troubleshooting issues with ZIP archives uploaded in the scanner. Fixed: A vulnerability that affects WP Cerber's two-factor authentication (2FA) mechanism. Fixed: A bug that prevents uploading ZIP archives on the scan results page if the filename contains multiple dots. Fixed: Fixed admin message "Error: Sorry, that username is not allowed." which is wrongly displayed on the user edit page while updating users with prohibited usernames. Fixed: Not detecting malformed REST API requests with a question mark in this format: /wp-json? v8.6.5 * New: File system analytics. It's generated based on the results of the last full integrity scan. * New: Logging user deletions. The user’s display name and roles are temporarily stored until all log entries related to the user are deleted. * New: Faster export with a new date format for CSV log export. * New: Ability to disable adding the website administrator's IP address to the White IP Access List upon WP Cerber activation. * Improved: Handling the creation of new users by WooCommerce and membership plugins. * Improved: Handling user registrations with prohibited emails. * Improved: Handling secure Cerber‘s cookies on websites with SSL encryption enabled. * Improved: The performance of the integrity checker and malware scanner on huge websites with a large number of files. * Fixed: Loading the default plugin settings has no effect. Now it’s fixed and moved from the admin sidebar to the Tools admin page. * [Read more](https://wpcerber.com/wp-cerber-security-8-6-5/)