New: You can define a more secure location of the protected WP Cerber directory by using a PHP constant.

Improved: JSON payload of REST API and other requests is decoded and saved to the "Live Traffic" log.

Improved: The "Form submissions" filter, located on the Live Traffic tab, filters out conventional form submissions and no longer includes REST API requests.

Improved: The activity export file now includes a new column, "By User," which contains the user ID of the user who initiated the row event.

Improved: The names of export files are now unified and include the website URL, making it easier to identify which website the file was downloaded from.

Improved: Prevent Jetpack’s Asset CDN from destroying the layout and style of WP Cerber admin pages.

* This is a bug fix and code optimization version

* Fixed: Unable to remove a blocked IP network class C (with an asterisk) from the list of locked out IP addresses by clicking the "Remove" link on the Lockouts tab.

* Fixed: "Fatal error: Uncaught Error: Cannot use object of type WP_Error as array in … /cerber-common.php on line 4634". The bug occurs if the PHP constant WP_ACCESSIBLE_HOSTS is defined and it does not contain 'downloads.wpcerber.com'.

* New: Custom login error message. If showing the default WordPress login error message is disabled, you can optionally specify your own login error message. Available in the professional version.

* New: Custom password reset error message. If showing the default WordPress password reset error message is disabled, you can optionally specify your own password reset error message. Available in the professional version.

* Improved: Implemented Content-Security-Policy HTTP header as an extra layer of protection for the WP Cerber admin pages.

* Fixed A critical XSS vulnerability.

* Fixed: Fatal error "Call to a member function is_block_editor() on null" that occurs when attempting to load any admin page (starting with /wp-admin/) by an unauthorized request. The bug only occurs if the two following settings are configured as: "Disable dashboard redirection" is enabled and "Display 404 page" is set to "Use 404 template from the active theme".

* Fixed: No country flags are shown in some log rows while viewing WP Cerber logs on the managed website via Cerber.Hub.

* Fixed: The file viewer doesn't show the content of a file while viewing the results of a scan on the managed website via Cerber.Hub.

* New: A new feature that prevents exposing user’s first name, last name, and ID via an HTTP request with a username (login) in an author_name parameter.

* New: A new user status report while viewing the user activity/requests log.

* Improved: When renders admin pages, WP Cerber uses the language selected on the user profile.

* Improved: Improved the speed of rendering of the "Users" admin page. Reduced the number of HTTP requests if some columns on the page are hidden.

* Improved: Implemented support for rate limiting when the scanner retrieves checksum data from remote servers.

* Fixed: A bug that allows an attacker to bypass the "Stop user enumeration" feature if it’s enabled.

* Fixed: A bug that produces incorrect messages in the server error log when the WordPress database connection is lost.

* Fixed: A bug with not escaping comments in the IP access lists entries.