WP Cerber Security PRO 9.6.4 NULLED

= 9.6.4 =
New: WP Cerber continuously monitors IP detection issues and provides diagnostic messages. If IP detection fails due to configuration or server settings, the details of the issue are displayed to assist in troubleshooting.
Improved: When valid proxy headers are missing, WP Cerber falls back to the standard $_SERVER['REMOTE_ADDR'] variable to extract IP addresses.
Improved: If the PHP constant [CERBER_IP_KEY](https://wpcerber.com/wordpress-ip-address-detection/) is configured but does not provide valid IP address, WP Cerber switches to fallback methods for IP detection.
Improved: The Sessions page now marks users with enforced [2FA](https://wpcerber.com/two-factor-authentication-for-wordpress/) using a green "2FA" label. A solid label indicates successful verification, while an outlined one means verification is pending.
Improved: WP Cerber’s cookies in the "Live Traffic" log are highlighted in green under "Server Response Cookies". Their values are now properly decoded for easier analysis.
Improved: REGEX patterns for [URL exceptions](https://wpcerber.com/antispam-exception-for-specific-http-request/) no longer require escaped slashes. Existing patterns are automatically updated during the upgrade.
Improved: 2FA PIN emails now include the recipient’s first and last name along with their email address. This change helps improve email deliverability.
Improved: Enhanced storage of 2FA session data prevents its misuse as an attack vector in compromised WordPress databases.
Improved: 2FA login forms have been improved for full compatibility with WordPress installations in sub-folders, particularly on web servers with sub-optimal configurations.
Improved: Database operations are optimized to leverage the latest PHP-compatible technologies. Performance on modern servers is improved.

= 9.6.3 =
New: The integrity scanner now monitors installed plugins and notifies you if any have been abandoned, helping you maintain site security.
New: The integrity scanner also monitors for changes in plugin ownership and alerts you, so you can assess the new developer's credibility and make informed decisions.
Improved: The plugin settings interface now dynamically adapts to your specific web server environment, displaying only relevant options to streamline the configuration process.
Improved: Translations are now loaded from WP Cerber's bundled folder, ensuring more accurate and up-to-date translations for non-English sites.
Fixed: Saving settings for one WP Cerber add-on could reset another add-on's settings to default values.
Fixed: The integrity scanner might attempt to recover files even when recovery options are disabled.
Fixed: A bug that affected the rendering of WP Cerber’s admin dashboard when WordPress encountered email-sending issues.

= 9.6 =
New: You can control the amount of sign-in attempt details that are shown in 2FA email messages. You can also disable this section completely.
Improved: You can have individual 2FA email configuration for each role on your WordPress and configure per-user settings as well.
Improved: A new "Login Security" section on the user edit page in the [professional version of WP Cerber](https://my.wpcerber.com/ps/).
Improved: New status for activity log entries: "Access denied by plugin settings." It indicates that a given request is denied based on settings within the WP Cerber configuration.
Breaking changes: The feature to use a separate user email address for receiving 2FA codes is available in the [professional version of WP Cerber only](https://my.wpcerber.com/ps/).
Fixed: A fatal PHP error occurs when "Data Shield" is enabled, and a plugin tries to change WordPress settings without loading pluggable PHP functions: "Uncaught Error: Call to undefined function wp_get_current_user() in /wp-cerber/cerber-common.php:1820"

= 9.5.8 =
New: Mitigating excessive use of the WordPress password reset form. Whenever WP Cerber detects multiple attempts to reset password for non-existing users, the IP address gets blocked.
Fixed: Erroneous events "Password reset request denied" are logged to the Activity log.
Fixed: If WP Cerber is unable to create its diagnostic log, it produces the software error "PHP Fatal error: Uncaught ValueError: Path cannot be empty in".
Fixed: When browsing plugin updates on the Dashboard / Updates page, no details about the last release of WP Cerber is shown in the pop-up window.

= 9.5.6 =
New: WP Cerber now sends 2FA verification codes via SMTP. If an SMTP server is set up in the WP Cerber settings, it will be used to send these codes.
New: Implemented a backup method for sending emails via an SMTP server. If an attempt to send an email through the SMTP server fails, WP Cerber will resort to using the default WordPress mailer.
New: Email error reporting has been introduced. If an error occurs while WP Cerber is sending an email, the error details are captured and shown as a warning on the WP Cerber dashboard.
Improved: If your website crashes and displays the WordPress message "There has been a critical error on this website", WP Cerber captures and logs fatal PHP errors.
Improved: WP Cerber now identifies and shows the name, version and author of a plugin or a theme that produced PHP errors.
Improved: All users with prohibited usernames (logins) are marked with the red label "PROHIBITED" on the Users admin page.
Improved: The limits on the maximum length of SMTP setting fields have been increased from 28 characters to 64.
Fixed: If HTTP redirection is set to handle attempts to access protected areas, and WP Cerber blocks an intruder's IP address, no email alerts are sent even if lockout alerting is enabled.

= 9.5.5 =
New: WP Cerber now supports establishing outgoing network connections via a proxy server that is configured for WordPress.
Improved: File operations and error handling in the WP Cerber scanner have been enhanced. Any unsuccessful file recoveries are displayed in the scan results.
Improved: If a file recovery requires creating missing folders, the scanner create them.
Improved: To prevent altering source files, the scanner recovery folders are emptied before starting a scan.
Improved: When email notifications for new versions of installed plugins are enabled, you will receive an alert as soon as either WP Cerber or WordPress detects an update.
Improved: You can enable automatic updates for WP Cerber in the main plugin settings now.
Fixed: If a file is missing, the scanner does not recover it.

= 9.5 =
New: Get an email notification whenever a new version of a plugin is available.
New: An additional option for [granting access to users’ data via REST API](https://wpcerber.com/restrict-access-to-wordpress-rest-api/) for selected user roles.
New: An additional option for [sending activity alerts](https://wpcerber.com/wordpress-notifications-made-easy/). Email alerts can be sent to an email address you have on your WordPress account.
Improved: WP Cerber now permanently stores users’ last login data (IP address, time, user’s country) for all users. [The data can be erased by website admin](https://wpcerber.com/delete-personal-data/).
Improved: To prevent having insecure plugin configuration, WP Cerber validates required HTTP headers before enabling [the behind a proxy mode](https://wpcerber.com/wordpress-ip-address-detection/) in the WP Cerber settings.
Fixed: A specially formatted request can bypass the disabled redirection from a /wp-admin/ locations to the [custom login page](https://wpcerber.com/how-to-rename-wp-login-php/).
Fixed: The [integrity scanner](https://wpcerber.com/wordpress-security-scanner/) labels a file as "File is missing" if the folder containing the file is on the "Directories to exclude" list.
Fixed: After clicking "Apply" on the "Screen Options" on the [Cerber.Hub](https://wpcerber.com/manage-multiple-websites/) admin page, a blank page is displayed.

= 9.4 =
New: In addition to weekly reporting, WP Cerber can be configured to generate and send monthly activity reports once a month.
New: Weekly activity reports now can be generated either for the last 7 days or the previous calendar week.
New: Redirecting requests to a specified URL instead of generating a 404 page when attempting to access prohibited locations on a website.
New: The "Remember Me" checkbox on the WordPress login form can be disabled.
Improved: No access to author archives via any possible URLs if "Block access to user pages via their usernames" is enabled.
Improved: The default period of weekly reports is the previous calendar week.
Fixed: If WordPress is installed in a subfolder and the custom login page is configured, submitting the password reset form doesn’t redirect users to the page with a success message showing "Not Found" instead.
Fixed: If the custom login page is configured, disabling the login language switcher has no effect on the login form and the language switcher is still displayed.
Fixed: On some multi-site WordPress installations, WP Cerber can produce warning messages about using undefined UPLOADBLOGSDIR constant
Fixed: If the access lists contain IPv6 addresses and the Activity log contains entries with IPv6 addresses, viewing those entries causes PHP warnings "undefined property: stdClass::$comments".
Fixed: If Pushbullet mobile notifications are enabled and the list of available devices contains inactive (removed) devices, WP Cerber produces PHP notices "Undefined index: nickname" while parsing the list.

= 9.3.2 =
* Improved: Every locked-out IP address on the "Lockout" tab has a link to check its suspicious activity in the Activity log.
* Improved: The activity log provides more details on [two-factor authentication (2FA)](https://wpcerber.com/two-factor-authentication-for-wordpress/) events with several new statuses that are logged if an attempt to log in using 2FA was aborted.
* Improved: The activity log provides more details when a user was forcefully logged out (user session has been terminated) due to a restriction.
* Fixed minor vulnerability: If WordPress is installed in a subfolder and [access to WordPress REST API has been blocked on the "Hardening" tab](https://wpcerber.com/restrict-access-to-wordpress-rest-api/), a bad actor can get access to REST API by using a specially formatted request.
* Fixed minor bug: Multiple duplicate notifications are sent via email and [Pushbullet](https://wpcerber.com/wordpress-mobile-and-browser-notifications-pushbullet/) if an IP address is permanently getting blocked due to multiply consequent malicious requests and the notification limit is set to 0.