gioni

WP Cerber blocks such requests and shows the “404 Not Found” page as an additional “security through obscurity” layer. You can customize the WP Cerber’s behavior in such cases by using the setting “Access to prohibited locations”.

You’re welcome!

It’s a bug in our new SMTP code v. 9.5.6. We’ve spotted it too and just released an update v. 9.5.7 that brings a fix.

Your documentation suggests this is only effective when a custom login page has been set, in which case maybe this option should only be selectable once the custom login is set?

No. It’s because a website admin can use another plugin to create a custom login URL.

Also completely on-topic, the configuration item earlier in the list “Processing wp-login.php authentication requests” gives a drop-down of possible values which you explain clearly in your docs, but there is no mention of the previous one (only in this page)

They are not directly related. If “Requests to wp-login.php are strictly prohibited” is enabled, WP Cerber blocks an IP address after any request to wp-login.php. This indeed prevents anyone from being authorized. However, the primary aim of this feature is to block malicious IP addresses in a more proactive and aggressive manner. It assumes that a website doesn’t have any links to wp-login.php. Regrettably, this is not always true as some developers still hard-code wp-login.php into their themes and plugins.

You can safely ignore the warning. I suspect it’s a bug. We will check it and fix it in the next release.

Hi! Thanks for reporting the issue. We will check it and fix it in the next release.

Hi! WP Cerber does not inherently block access to website pages, including the homepage, because there is no such functionality in its code. The issue is likely caused by a plugin conflict. It means there’s an incompatible plugin on your website and so you might not be able using WP Cerber. Its zero-trust approach to website security is not a good fit for your current website configuration.

From what user it has to be?

You can also enable “Disable PHP error displaying” on the Hardening tab.

Try to enable “Use White IP Access List” either in the Anti-spam settings OR in the Traffic Inspector settings.

We are happy with our customers regardless of us being or not being on the repo. Some day the plugin will be returned. There is no relation to Wordfence, it’s about things that are not allowed to talk about.

You can safely ignore these messages. They are caused by invalid data originating from another plugin. In the next version, we will address and mitigate these messages. To remove them in the meantime, add the following line to your wp-config.php file, placing it after the <?php tag.

@ini_set('display_errors', 0);

What is the version of WP Cerber?

Hi! Please get all information on enabling 2FA for the administrators’ accounts in this article: https://wpcerber.com/two-factor-authentication-for-wordpress/

Hi! There could be many possible reasons for such behavior. Try to enable “Safe mode” on the “Anti-spam and bot detection settings” page.