Здравствуйте.

Подскажите, пожалуйста, хотим проверять целостность сайта через Сканер безопасности. У нас есть плагины и темы, которые мы сами разрабатываем и устанавливаем на сайт, мы их не выкладываем в официальном репозитории WordPress.

Загрузили на странице архивы плагинов и тем, но теперь не видим возможности перезалить их, т.е. мы внесли изменения в код, хотим перезалить архив, а такой кнопки нет.

Можно ли добавить такую возможность или как решить проблему?

• This topic was modified 3 months, 1 week ago by nsity.
• This topic was modified 3 months, 1 week ago by nsity.

I’ve been trying to solve this problem for sometime and it took a ridiculous amount of time to realize that WP Cerber was setting cookies because they are created using random characters for both the name and the content. (the first red flag).

Once I narrowed that down, I tried adding STYXKEY_ as a prefix thinking mistakenly that would tell the CDN to ignore the cookies but as other users found ANY cookies that aren’t explicitly excluded from the CDN (like google analytics) make the cache fail because it is expecting that cookies are being used to provide different content.

I was finally able to resolve this (fingers crossed) because of this answer here:

There is no way we (SiteGround) can ignore cookie session and cache such pages. Basically, you are disabling our caching mechanism on all pages. Opening a cookie session for anything but to display user-speciffic content is a bad idea really.

WP Cerber does not use its cookies as session identifiers or anything specific to a user. Cookies are just cookies and they are used for many reasons not related to sessions.

So, to make WP Cerber compatible with Siteground’s caching system, you need to disable
“Protect comment form with bot detection engine” and “Protect all forms on the website with bot detection engine” in the anti-spam settings.

I disabled all the anti-spam settings, cleared the cache, reloaded the page a few times, and was finally able to get cache HIT.

We have been hearing from multiple vendors over the past few weeks that they are receiving fatal error messages (“There has been a critical error on this website”) upon submitting the application form on our Apply Page (https://urbancraftuprising.com/apply). We’ve gone back and forth with the form developer as well as our host and both have determined that it’s due to the WP Cerber plugin that we have installed on our site.

I’m reluctant to remove or disable the plugin because I can see from the logs that it is keeping out multiple hacker attempts/bogus logins to our site on a daily basis. Are there any settings I can tweak to prevent this from happening and allow our vendors to apply successfully?

This isn’t happening with every vendor who tries to apply, but we get 1-2 emails per day about this from different people, even while the majority of our vendors are able to successfully apply.

• Sometimes the maintenance cron “wp cerber” stops, either because of a system failure or a database error.
• Suggested solution: have the plugin check, if the cron are working correctly. and an option to restart all cron.

I am having trouble loading Elementor and when I disable WP Cerber (free), Elementor loads. But I cannot figure out what settings I might need to update to eliminate the conflict. Has anyone else had this issue? Solutions?

Hi,

The monthly report shows the previous month, not the month just ended.

For example, the report sent on August 1st shows: 1 June 2024 – 30 June 2024 instead of 1 Juilly 2024 – 31 Juilly 2024.

Version used: WP Cerber v9.6.2

Cordialement.

On configurations:

WP Cerber Security 8.7
WordPress version 6.5.5
PHP version 8.2.20
Web ServerApache/2.4.59 (Debian)

This error occurs periodically:

[Jul 02, 09:34:47] PHP Fatal error:? Uncaught ValueError: strpos(): Argument #3 ($offset) must be contained in argument #1 ($haystack) in /var/www/html/wp-content/plugins/wp-cerber/common.php:240
? ? ? ? Stack trace:
? ? ? ? strpos(”, ‘/’, 2) /var/www/html/wp-content/plugins/wp-cerber/common.php:240
? ? ? ? crb_parse_site_url() /var/www/html/wp-content/plugins/wp-cerber/cerber-request.php:60
? ? ? ? CRB_Request::parse_site_url() /var/www/html/wp-content/plugins/wp-cerber/cerber-request.php:153
? ? ? ? CRB_Request::is_script(‘/wp-cron.php’) /var/www/html/wp-content/plugins/wp-cerber/common.php:919
? ? ? ? cerber_is_wp_cron() /var/www/html/wp-content/plugins/wp-cerber/nexus/cerber-nexus.php:46
? ? ? ? nexus_init() /var/www/html/wp-content/plugins/wp-cerber/cerber-load.php:95
? ? ? ? require_once(‘/var/www/html/w…’) /var/www/html/wp-content/plugins/wp-cerber/wp-cerber.php:190
? ? ? ? include_once(‘/var/www/html/w…’) /var/www/html/wp-content/mu-plugins/aaa-wp-cerber.php:41
? ? ? ? include_once(‘/var/www/html/w…’) /var/www/html/wp-settings.php:442
? ? ? ? require(‘/var/www/html/w…’) /var/www/html/wp-admin/setup-config.php:33
? ? ? ? {main}
? ? ? ? ? thrown in /var/www/html/wp-content/plugins/wp-cerber/common.php on line 240

Hi guys!

I have created a new URL login path from WP Cerber, it worked just fine. However, at the time I logged out and access the new path, entering the correct username and password and hitting “Log in”, it redirects me to somewhere else. Below the URL login path, and the redirection created once I hit the log in button. Any ideas?

https://tavano-team-sandbox-2-80c867.ingress-daribow.ewp.live/tav-log-in/

https://tavano-team-sandbox-2-80c867.ingress-daribow.ewp.live/tav-log-in/?redirect_to=https%3A%2F%2Ftavano-team-sandbox-2-80c867.ingress-daribow.ewp.live%2Fwp-admin%2F&reauth=1

I am using WP Cerber 9.6.2.

In the notification settings, when clicking the test of “Send notification when a new version of a plugin is available“, I get the message :

“No updates found. It seems outgoing Internet connections are not allowed on your website.“

The first statement is indeed correct, since all the plugins are up to date.
The seconds statement is incorrect, since outgoing Internet connections are allowed on my website. Outgoing Internet connections are working : I am getting a notification email when clicking the test for “Send notification if the number of active lockouts above x”.

Is this a bug ?

I have scanned my client site with Wordfence and am getting this alert for WP CERBER. Is there a vulnerability with the plugin? It is up to date, by the way. PLEASE ADVISE:

The Plugin “WP Cerber Security, Anti-spam & Malware Scan” has been removed from www.ads-software.com but is still installed on your site.

Type: Plugin Removed

Details:?Your site is still using this plugin, but it is not currently available on www.ads-software.com. Plugins can be removed from www.ads-software.com for various reasons. This can include benign issues like a plugin author discontinuing development or moving the plugin distribution to their own site, but some might also be due to security issues. In any case, future updates may or may not be available, so it is worth investigating the cause and deciding whether to temporarily or permanently replace or remove the plugin.

Is there a way to export the results of an integrity scan?

Hello,

I don’t know anything about the WP Cerber Security plugin but I have a client who is using WooCommerce and WP Affiliates. He tells me that he received an email from an affiliate stating that “A friend is trying to place an order in the states with my referral link and code but gets this message ‘We’re sorry, you are not allowed to proceed'”
The link is “https://theultrahuman.net/affiliate/Beth%40bfit-thewrightway.com/“

I tried some other WP Affiliate links and the same thing happens. However, if the Affiliate link does not contain the “%40” in the url, it works fine.

Does anybody know why this would occur? Just for your info, the client said that these links were working until just recently.

Thanks

Admin dashboard page (/wp-admin/admin.php?page=cerber-security) was not loading.

Stack trace:
2024/05/11 04:11:06 [error] 11111#11111: *3089252 FastCGI sent in stderr: "PHP message: PHP Fatal error:  Uncaught Error: Object of class __PHP_Incomplete_Class could not be converted to string in /wp-content/plugins/wp-cerber/cerber-common.php:724
  thrown in /home/example/public_htm" while reading upstream, client: xx.xx.203.xx, server: example.com, request: "GET /wp-admin/admin.php?page=cerber-security HTTP/2.0", upstream: "fastcgi://127.0.0.1:80042", host: "example.com", referrer: "example.com /wp-admin/admin.php?page=cerber-traffic&tab=ti_settings"
#8 {main}
#7 /wp-admin/admin.php(259): do_action()
#6 /wp-includes/plugin.php(517): WP_Hook->do_action()
#5 /wp-includes/class-wp-hook.php(348): WP_Hook->apply_filters()
#4 /wp-includes/class-wp-hook.php(324): cerber_render_admin_page()
#3 /wp-content/plugins/wp-cerber/admin/cerber-dashboard.php(5888): cerber_show_admin_page()
#2 /wp-content/plugins/wp-cerber/admin/cerber-dashboard.php(163): cerber_issue_monitor()
#1 /wp-content/plugins/wp-cerber/cerber-common.php(805): {closure}()
#0 /wp-content/plugins/wp-cerber/cerber-common.php(724): implode()

Reporting here just in case you want to fix it.

Fixed by switching back to version 9.5.4 (have not tested with other versions). Also disabled cerber updates until fixed.

Regards.

Hi, it looks like this issue was reported about 2 years ago here and marked as resolved so it looks like a possible regression.

WordPress 6.5.2
WP Cerber 9.0
PHP 8.1.24
MySQL 8.0.36
LiteSpeed web server, Linux

[18-Apr-2024 23:24:57 UTC] PHP Fatal error: Uncaught TypeError: mysqli_real_escape_string(): Argu
ment #1 ($mysql) must be of type mysqli, null given in /home/domains/mydomain.com/
public_html/wp-content/plugins/wp-cerber/cerber-common.php:2477

We are seeing this currently. This is legit request and we need to exluded all such request
/checkout/?_redirect_to_payment=173532&_redirect_hash=46a7190436

HTTP 403 Forbidden

Setting up cookiebot plugin and there is a section that you update for various plugins that you are using that set cookies – when I enable and click SAVE I get an error 403 page – and on checking cerber logs I can see that its blocked the server IP address due to

Form submission denied?IP address is locked out
/wp-admin/admin-ajax.php

when clicking 3 dots it takes me to

Spam form submission denied
WP Cerber processed this request according to this setting
Protect other forms [ manage ]

But even after I have switched OFF that settings its directing me to and whitelisting the server IP address – its still giving me a error 403?

Do I maybe ned to wait for the lock out to pass even though I removed teh locked out IP address?

How can I get this to work – as cerber needs to allow my to update the cookiebot plugin screens to be compliant with GDPR / Google consents etc

Anyone else come up against thsi and can assist?

thank you
Sarah

One of the plugin causes error 401.

When our plugin sends a request to the POST /wp-json/pressidium-cookie-consent/v1/consent endpoint, your installation responds with a 401 Unauthorized error.

{
? ? “code”: “rest_authentication_error”,
? ? “message”: “Sorry, you do not have permission to make REST API requests.”,
? ? “data”: {
? ? ? ? “status”: 401
? ? }
}

In this case, what parameter to enter in allow these namespace – in bottom Hardening section of the plugin? To make above work…

As I disabled rest api for non admins.

We are seeing IP address with our Hosting Name in traffic inspector but plugin shows “Spam form submission denied” in front of that entry. This can create problems? What are these entries from host?

Hello, I have WP Cerber Security installed on 2 of my sites and the setup is incidental but for the past month, off and on, I get a notice that one if the sites is experiencing an technical issue. It seems that a visitor has access to the wp-admin/about.php page but it dies with the error “There has been a critical error on this website. Please check your site admin email inbox for instructions.”(You have to see text in console) When I disable WP Cerber Security and test, I’m redirected to the login page as I should. This is the case on the other site https://winir.org/wp-admin/about.php with WP Cerber Security enabled. Any idea where this conflict might be coming from?

Thanks

Hi,

I’m using WP Cerber on that site an cannot reach https://www.backgeist.de/wp-admin/ anymore.

It says “The requested URL was not found on this server.” But wp-admin IS on the server.

Any idea what happened here? Did I do any settings wrong?

Many thanks in advance

I say “Same for whois.arin.net”, but that doesn’t seem to work.
My hosting provider put port 43 open for IPv4 and IPv6 with TCP.
They tried to reproduce in Word press with WP Cerber, but still there is a network error but now for whois.arin.net

What can be the problem ?

When adding IP’s to the blacklist I get the error:
Network error: Connection refused (WHOIS server: whois.iana.org).
The whois.iana.org is live and in my security plugins the firewall looks well.
So why am I refused ?

Hi, My Gravity forms does not work properly with WP Cerber activeted since WP Cerber block a request ( upload image) I Followed your instruction :

– Seen the Request URI in the Live Traffic : “/?gf_page=e7a6d015ddef783”
– Copied it in a REGEX way in the Query whitelist : “{\/?gf_page=e7a6d015ddef783}”
I’m still blocked.

Please could you advise me about what did I do wrong ?

WP Cerber version 9.5.4 has broken the live preview functionality in Appearance > Customize. My client is complaining about not being able to see his updates before publishing. Is this something you are aware of happening? Can it be fixed? Thanks.

I’m asking for help with the plugin Wp-Cerber, and how to change the lock-out message. Thank You, Nick

Is it possibile to fix this issue?

The function automatically gets back the REMOTE_ADDR tha is uncorrect for me.
if ( ! empty( $_SERVER[‘REMOTE_ADDR’] ) ) {
$remote_ip = $_SERVER[‘REMOTE_ADDR’];
}

You can fix this by adding a filter at line 662 in wp-plugins/wp-cerber/cerber-common.php.

FROM:
return $remote_ip;

TO:

return apply_filters(‘cerber_remote_ip’, $remote_ip);

Best Regards.

I got a mail from wordpress.

Howdy!WordPress has a built-in feature that detects when a plugin or theme causes a fatal error on your site, and notifies you with this automated email.In this case, WordPress caught an error with one of your plugins, WP Cerber Security, Anti-spam & Malware Scan.

Error Details

An error of type E_ERROR was caused in line 661 of the file /webpagespots.com/wp-content/plugins/wp-cerber/cerber-lab.php. Error message: Uncaught TypeError: implode(): Argument #2 ($array) must be of type ?array, string given in /webpagespots.com/wp-content/plugins/wp-cerber/cerber-lab.php:661
Stack trace: 0 /webpagespots.com/wp-content/plugins/wp-cerber/cerber-lab.php(661): implode() 1 /webpagespots.com/wp-content/plugins/wp-cerber/admin/cerber-tools.php(374): lab_status() 2 /webpagespots.com/wp-content/plugins/wp-cerber/admin/cerber-dashboard.php(5925): cerber_show_diag() 3 /webpagespots.com/wp-content/plugins/wp-cerber/admin/cerber-dashboard.php(179): {closure}() 4 /webpagespots.com/wp-content/plugins/wp-cerber/admin/cerber-dashboard.php(5697): cerber_show_admin_page() 5 webpagespots.com/wp-includes/class-wp-hook.php(324): cerber_render_admin_page() 6 /webpagespots.com/wp-includes/class-wp-hook.php(348): WP_Hook->apply_filters() 7 /webpagespots.com/wp-includes/plugin.php(517): WP_Hook->do_action() 8 /webpagespots.com/wp-admin/admin.php(259): do_action() 9 {main}

thrown

WPCerber is the best security tool and it’s sad that it was eliminated from WP store. How can we influence or help WP admins to reconsider bringing this plugin back to store?

When on the Cerber dashboard, under Users’ Activity, I see many instances of “Logged Out” events for my account with my server’s hostname and an IP address of something like “3700:7c99:…” (long string) and not my computer IP address. Each has the black square next to it.

Does anyone know what could be causing this?

This error is when I’m trying to use the user-switching feature of user-switch Plugin. It was working well until 9.5.8

[11-Dec-2023 12:48:13 UTC] PHP Fatal error: Uncaught TypeError: array_merge(): Argument #1 must be of type array, bool given in /var/www/clients/client4/web5/web/wp-content/plugins/wp-cerber/cerber-settings.php:1037
Stack trace: 0 /var/www/clients/client4/web5/web/wp-content/plugins/wp-cerber/cerber-settings.php(1037): array_merge() 1 /var/www/clients/client4/web5/web/wp-content/plugins/wp-cerber/cerber-settings.php(1098): cerber_get_role_policies() 2 /var/www/clients/client4/web5/web/wp-content/plugins/wp-cerber/cerber-common.php(1957): cerber_get_user_policy() 3 /var/www/clients/client4/web5/web/wp-content/plugins/wp-cerber/cerber-load.php(1258): crb_check_user_limits() 4 /var/www/clients/client4/web5/web/wp-content/plugins/wp-cerber/cerber-load.php(1147): cerber_restrict_auth() 5 /var/www/clients/client4/web5/web/wp-content/plugins/wp-cerber/cerber-load.php(1091): cerber_authenticate() 6 /var/www/clients/client4/web5/web/wp-includes/class-wp-hook.php(308): {closure}() 7 /var/www/clients/client4/web5/web/wp-includes/plugin.php(205): WP_Hook->apply_filters() 8 /var/www/clients/client4/web5/web/wp-includes/pluggable.php(616): apply_filters() 9 /var/www/clients/client4/web5/web/wp-includes/user.php(106): wp_authenticate() 10 /var/www/clients/client4/web5/web/wp-login.php(1241): wp_signon() 11 {main}

thrown in /var/www/clients/client4/web5/web/wp-content/plugins/wp-cerber/cerber-settings.php on line 1037
[11-Dec-2023 12:48:23 UTC] 'users'
[11-Dec-2023 12:48:23 UTC] 'settings_page_diagnostic_imaging_license'
[11-Dec-2023 12:48:30 UTC] PHP Fatal error: Uncaught TypeError: array_merge(): Argument #1 must be of type array, bool given in /var/www/clients/client4/web5/web/wp-content/plugins/wp-cerber/cerber-settings.php:1037
Stack trace: 0 /var/www/clients/client4/web5/web/wp-content/plugins/wp-cerber/cerber-settings.php(1037): array_merge() 1 /var/www/clients/client4/web5/web/wp-content/plugins/wp-cerber/cerber-settings.php(1098): cerber_get_role_policies() 2 /var/www/clients/client4/web5/web/wp-content/plugins/wp-cerber/cerber-load.php(3492): cerber_get_user_policy() 3 /var/www/clients/client4/web5/web/wp-includes/class-wp-hook.php(308): {closure}() 4 /var/www/clients/client4/web5/web/wp-includes/plugin.php(205): WP_Hook->apply_filters() 5 /var/www/clients/client4/web5/web/wp-includes/pluggable.php(987): apply_filters() 6 /var/www/clients/client4/web5/web/wp-content/plugins/user-switching/user-switching.php(1418): wp_set_auth_cookie() 7 /var/www/clients/client4/web5/web/wp-content/plugins/user-switching/user-switching.php(192): switch_to_user() 8 /var/www/clients/client4/web5/web/wp-includes/class-wp-hook.php(308): user_switching->action_init() 9 /var/www/clients/client4/web5/web/wp-includes/class-wp-hook.php(332): WP_Hook->apply_filters() 10 /var/www/clients/client4/web5/web/wp-includes/plugin.php(517): WP_Hook->do_action() 11 /var/www/clients/client4/web5/web/wp-settings.php(623): do_action() 12 /var/www/clients/client4/web5/web/wp-config.php(91): require_once('…') 13 /var/www/clients/client4/web5/web/wp-load.php(50): require_once('…') 14 /var/www/clients/client4/web5/web/wp-login.php(12): require('…') 15 {main}

thrown in /var/www/clients/client4/web5/web/wp-content/plugins/wp-cerber/cerber-settings.php on line 1037