• The problem
    When trying to access non-existant .php file, Cerber provides this ‘Forbidden page’ to visitors:

    https://imgur.com/s0M32In (2nd mirror)

    This forbidden page message is very hostile. The ‘hand gesture’ and the words ‘suspiciously’ make it feel very hostile to visitors.

    False positives will happen to users with positive intent, that is for sure. You never see this kind of hostility from the most popular websites (Google, Amazon etc.). This kind of hostility is unnecessary and unprofessional. When communicating (for example by displaying messages) to visitors, we need to always assume positive intent from the visitors and be friendly in our tone. We should not be accusing or hostile in our messages to visitors.

    The solution
    Give plugin users the possibility to customize the ‘Forbidden page’.

    Change the code of forbidden_page() function (in cerber-load.php) to this:

    function cerber_forbidden_page() {
    	$wp_cerber = get_wp_cerber();
    	$sid       = strtoupper( $wp_cerber->getSessionID() );
    	status_header( '403' );
    	header( 'HTTP/1.0 403 Access Forbidden', true, 403 );
    
    	 $error_title = translate("We're sorry, you are not allowed to proceed", 'wp-cerber');
       $error_html = <<<EOF
    	  <!DOCTYPE html>
        <html style="height: 100%;">
        <head>
            <meta charset="UTF-8">
            <title>403 Access Forbidden</title>
            <style>
                @media screen and (max-width: 800px) {
                    body > div > div > div div {
                        display: block !important;
                        padding-right: 0 !important;
                    }
    
                    body {
                        text-align: center !important;
                    }
                }
            </style>
        </head>
        <body style="height: 90%;">
        <div style="display: flex; align-items: center; justify-content: center; height: 90%;">
            <div style="background-color: #eee; width: 70%; border: solid 3px #ddd; padding: 1.5em 3em 3em 3em; font-family: Arial, Helvetica, sans-serif;">
                <div style="display: table-row;">
                    <div style="display: table-cell; font-size: 150px; color: red; vertical-align: top; padding-right: 50px;">
                        ✋
                    </div>
                    <div style="display: table-cell; vertical-align: top;">
                        <h1 style="margin-top: 0;">$error_title</h1>
                        <p>Your request looks suspiciously similar to automated requests from spam posting software or it has been denied by a security policy configured by the website administrator.</p>
                        <p>If you believe you should be able to perform this request, please let us know.</p>
                        <p style="margin-top: 2em;">
                        <pre style="color: #777">SID: $sid</pre>
                        </p>
                    </div>
                </div>
            </div>
        </div>
        </body>
        </html>
    EOF;
    
    	$error_html=apply_filters('customize_cerber_forbiddenpage', $error_html);
    	echo $error_html;
    
    	cerber_traffic_log();  // do not remove!
    	exit;
    }

    This way users can use custom Must Use plugin (wp-content/mu-plugins) to hook into this filter. Example custom Must Use plugin would be:

    wp-content/mu-plugins/CerberForbiddenPageChanger.php

    <?php
    
    /**
     * Plugin Name: CerberForbiddenPageChanger
     * Description: This plugin customizes the Cerber Security plugin's Forbidden page by hooking into 'customize_cerber_forbiddenpage' filter
     * Version: 0.1
     */
    
    function my_custom_cerber_forbidden_page() {
      $custom_error_html = '<body>' . PHP_EOL .
                           'My error message here.' . PHP_EOL .
                           '</body>';
    
      return $custom_error_html;
    }
    add_filter('customize_cerber_forbiddenpage', 'my_custom_cerber_forbidden_page');
    
    ?>
    • This topic was modified 5 years, 4 months ago by kysymysteke. Reason: Added image link
    • This topic was modified 5 years, 4 months ago by kysymysteke. Reason: 2nd mirror for the image
Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter kysymysteke

    (@kysymysteke)

    Any updates on this?

    Great that you have new version 8.5, but unfortunately it seems that there has been no changes to this.

    Plugin Author gioni

    (@gioni)

    We’ve replied to your email address that you’ve submitted with the contact us form.

    I agree with this. How can we fix this and make the message more polite with an option to contact us an alternative way?

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘‘Forbidden page’ needs to be customizable’ is closed to new replies.