WP Cerber Security Version History

New: Implemented a "System Readiness" dashboard widget that surfaces configuration and environment issues impacting security and stability, with quick links to relevant settings and documentation.
Improved: Enforced stricter Content-Security-Policy (CSP) measures in the plugin admin area by adding additional security directives.
Improved: Enhanced the detection of obfuscated malicious JavaScript to better identify hidden security threats.
Improved: More efficient analysis of suspicious requests by the firewall, resulting in better performance and fewer false positives.
Improved: Implemented batch processing and timestamp formatting for spam comment cleanup to improve performance and prevent resource issues.
Improved: Refactored database operations to use stricter identifier validation, improving SQL safety and compliance with MySQL standards.
Improved: Updated HTTP header validation methods used for whitelisting requests in the anti-spam engine and traffic firewall settings. These settings now support entries with an empty value after the colon.
Improved: Added exception logging and enhanced error handling to the continuous code quality assurance process.
Improved: File handling operations are now more fault-tolerant with the implementation of explicit permission checks and thread-safe file locks.
Changed: To prevent accidental movement dashboard widgets can now be reorganized using drag-and-drop via their headings only.
Compatibility: Refactored code to address deprecated features and ensure compatibility with PHP 8.5.
Fixed: A minor bug where escaped HTML tags were not properly handled when rendering the settings pages user interface.
Fixed: A minor bug that caused the server error log message: preg_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated in /wp-cerber/cerber-common.php:4267.
Fixed: A minor bug that caused the server error log message: preg_match(): Passing null to parameter #2 ($subject) of type string is deprecated.
Fixed: A minor bug that caused the server error log message: Undefined array key "REQUEST_METHOD".
Fixed: A minor bug that caused the server error log message: preg_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated.
Fixed: A minor bug that caused the server error log message: Undefined array key "HTTP_HOST".

New: Added detection of AI bots and LLM scrapers (OpenAI, Claude, Meta, Apple, etc.) to easily identify AI-driven traffic in logs and alerts.
Improved: Browser detection now provides better accuracy in the logs, triage, and email notifications.
Improved: Enhanced precision in identifying mobile OS and their versions, including better support for iOS and Android.
Improved: Better detection of service agents (PayPal, Stripe) and automation tools (curl, Python, Wget) for more efficient analysis of background requests.
Improved: Localization and translation logic has been rebuilt for better translation quality in non-English languages.
Improved: Optimized server security by rewriting .htaccess rules to mitigate CVE-2018-6389.

Important: WP Cerber now requires PHP 7.4 or newer to run, with PHP 8.x recommended for optimal performance and security.
Improved: Optimized email alert links and admin navigation, improved handling of admin URLs for Cerber.Hub sites, and refined escaping in rare edge cases.
Bug fix: When a user entered a wrong password in the login form, the message showing how many login attempts remained would disappear.
Bug fix: When the site was restricted to logged-in users only, the custom message above the login form would disappear after a user entered a wrong password.