WP Cerber Security - All Versions & Changelog

v9.7.4

LatestVerified Safe

Released May 29, 20261.2 MB

Added

Timestamps in the fail2ban log now follow the operating system timezone instead of UTC, so fail2ban can correctly evaluate failed login attempts on servers using a non-UTC timezone.
Added the constant CERBER_LOG_TIMEZONE to force an explicit timezone identifier for the fail2ban log when automatic detection cannot determine the system timezone.

Improved

Hostnames written to the fail2ban log on failed login attempts are now sanitized to strip log-forging characters, allow only hostname-safe characters, and keep each entry on a single well-formed line.
WP Cerber's admin interface now uses WordPress's --wp-admin-theme-color custom property instead of hardcoded accent colors, aligning tabs, focus states, and changelog callouts with the selected admin color scheme.
The Tools / License page now shows localized, non-contradictory notices for empty, malformed, invalid, expired, or temporarily unverifiable license keys.
Refactored database operations with the new CRB_Database and CRB_Query_Builder classes for more consistent query execution, transactions, safe value quoting, and validation.
Added the Revalt result/error type as an internal foundation for more consistent operation results, diagnostic chains, and error logging.
Traffic Inspector now validates decoded JSON request payloads and captures decoding errors for more reliable request logging.
Sensitive-field masking and request-field preparation now use stricter validation, normalization, and escaping before database insertion.
Admin notices emitted by WP Cerber are now rendered through crb_purify_message(), which allows only a defined set of HTML elements and attributes.

View v9.7.4 compatibility & scan details

v9.7.3

Verified Safe

Released April 24, 20261.1 MB

Improved

Plugin settings that accept REGEX patterns are now validated for syntax errors when an administrator saves settings, helping detect invalid patterns before they cause configuration problems.
The Readiness widget now detects when required PHP functions are disabled even if a required extension is installed, and they provide more precise diagnostic messages.

Fixed

Translation updates no longer attempt to download non-existent locales, which prevents the misleading error message Updating translations for WP Cerber Security (haz)… Download failed. Not Found.
Regular expression patterns in the Traffic Inspector setting "Do not log these locations" now work correctly when they contain forward slashes, so matching requests are excluded from logging as intended.
A minor bug that could cause the server error log message preg_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated.

v9.7

File unavailableVerified Safe

Released February 28, 20261.1 MB

Added

Implemented a "System Readiness" dashboard widget that surfaces configuration and environment issues impacting security and stability, with quick links to relevant settings and documentation.

Improved

Enforced stricter Content-Security-Policy (CSP) measures in the plugin admin area by adding additional security directives.
Enhanced the detection of obfuscated malicious JavaScript to better identify hidden security threats.
More efficient analysis of suspicious requests by the firewall, resulting in better performance and fewer false positives.
Implemented batch processing and timestamp formatting for spam comment cleanup to improve performance and prevent resource issues.

v9.6.11

Verified Safe

Released December 24, 20251.3 MB

Added

Added detection of AI bots and LLM scrapers (OpenAI, Claude, Meta, Apple, etc.) to easily identify AI-driven traffic in logs and alerts.

Improved

Browser detection now provides better accuracy in the logs, triage, and email notifications.
Enhanced precision in identifying mobile OS and their versions, including better support for iOS and Android.
Better detection of service agents (PayPal, Stripe) and automation tools (curl, Python, Wget) for more efficient analysis of background requests.
Localization and translation logic has been rebuilt for better translation quality in non-English languages.

v9.6.10

File unavailableVerified Safe

Released December 24, 20252.2 MB

Other

Important: WP Cerber now requires PHP 7.4 or newer to run, with PHP 8.x recommended for optimal performance and security.

Improved

Optimized email alert links and admin navigation, improved handling of admin URLs for Cerber.Hub sites, and refined escaping in rare edge cases.

Fixed

When a user entered a wrong password in the login form, the message showing how many login attempts remained would disappear.
When the site was restricted to logged-in users only, the custom message above the login form would disappear after a user entered a wrong password.

WP Cerber Security Version History

v9.7.4

v9.7.3

v9.7

v9.6.11

v9.6.10

More from Premium Plugins

Wp Rocket

Astra Pro Addon For Astra Theme

Rank Math SEO Pro (Business)

Advanced Custom Fields Pro

WP Mail SMTP Pro

Updraftplus – Backup/Restore (All Add Ons Included)

Related Security Plugins

Elementor Pro (no Library Kit)

Gravity Forms

More from Premium Plugins

Wp Rocket

Astra Pro Addon For Astra Theme

Rank Math SEO Pro (Business)

Advanced Custom Fields Pro

WP Mail SMTP Pro

Updraftplus – Backup/Restore (All Add Ons Included)

Related Security Plugins

Elementor Pro (no Library Kit)

Gravity Forms

Elementor Pro (Pro templates included)

Yoast Wordpress Seo Premium

Slider Revolution

Woocommerce Smart Coupons