Generic filters
Exact matches only
Search in title
Search in content
Filter by Categories
PHP Script
Easy Digital Downloads
MainWP WordPress Manager
Ultimate Member
Themify Themes

WP Cerber Security Pro v9.3 - WordPress Antispam & Malware Scan

WP Cerber Security Pro Nulled is protected WordPress from hacker assaults, spam, trojans, and malware. Limits the amount of login attempts using the login form, XML-RPC / REST API calls, or utilizing auth cookies, which mitigates brute-force attacks. Tracks user and bad actor behavior with customizable email, mobile, and desktop notifications. Spammers are stopped using a specific anti-spam engine. Google reCAPTCHA is used to safeguard the registration, contact, and comment forms. IP Access Lists are used to restrict access. An powerful malware scanner and integrity checker is used to monitor the website’s integrity. WordPress’s security is reinforced by a set of customizable security rules and advanced security algorithms.


WP Cerber Security Pro screenshot

Features: WP Cerber Security Pro – WordPress Antispam & Malware Scan

  • When logging in by IP address or full subnet, limit the number of login attempts.
  • Logins made via login forms, XML-RPC calls, or auth cookies are tracked.
  • Allow or deny access using IP Access Lists using a single IP, IP range, or subnet.
  • Create a unique login URL (rename wp-login.php).
  • Cerber’s anti-spam engine safeguards contact and registration forms.
  • Automatically identifies spam comments and either transfers them to the trash or rejects them entirely.
  • From a single dashboard, you can manage many WP Cerber instances.
  • WordPress Two-Factor Authentication.
  • Users, bots, hackers, and other questionable activity are all recorded.
  • WordPress security scanner checks the integrity of files, plugins, and themes.
  • With email notifications and reports, it keeps track of file modifications and new files.
  • With a set of customizable filters, you may get mobile and email notifications.
  • Sessions manager for advanced users
  • Security for wp-login.php, wp-signup.php, and wp-register.php.
  • If a visitor is not logged in, the wp-admin (dashboard) is hidden.
  • When an intruder IP tries to log in with a non-existent or forbidden username, it is immediately blocked.
  • Restriction user registration or login to usernames that match REGEX patterns.
  • Use your own role-based security policies to restrict access to the WP REST API.
  • Completely disable access to the WordPress REST API.
  • Access to XML-RPC is restricted (block access to XML-RPC including Pingbacks and Trackbacks).
  • Feeds should be disabled (block access to the RSS, Atom and RDF feeds).
  • White IP Access lists can be used to restrict access to XML-RPC, REST API, and feeds by an IP address or an IP range.
  • Mode for only authorized users
  • A user account can be blocked.
  • Turn off the automatic redirection to the hidden login page.
  • Stop enumerating users (blocks access to author pages and prevents user data leaks via REST API).
  • Blocks IP subnet class C in advance.
  • Anti-spam: reCAPTCHA is used to defend the WordPress login, registration, and comment forms.
  • WooCommerce and WordPress forms with reCAPTCHA.
  • For WordPress comment forms, an invisible reCAPTCHA is used.
  • A Citadel mode designed for large brute force strikes.
  • Play nice with fail2ban by logging unsuccessful attempts to syslog or a custom log file.
  • Filter and check actions based on IP address, user, username, or specific activity.
  • Filter activities and save them as a CSV file.
  • Reporting: Receive weekly reports by email at the addresses you provide.
  • Limit login attempts works on a site/server that is protected by a reverse proxy.
  • Be alerted by push notifications on your mobile device.
  • The automation plugin’s trigger and action.
  • Defending against denial-of-service (DoS) attacks (CVE-2018-6389).

Changelog: WP Cerber Security Pro – WordPress Antispam & Malware Scan

= v9.3 = 
* This is a bug fix and code optimization version
* Fixed: Unable to remove a blocked IP network class C (with an asterisk) from the list of locked out IP addresses by clicking the "Remove" link on the Lockouts tab.
* Fixed: "Fatal error: Uncaught Error: Cannot use object of type WP_Error as array in … /cerber-common.php on line 4634". The bug occurs if the PHP constant WP_ACCESSIBLE_HOSTS is defined and it does not contain ''.

= v9.2 =
* New: Custom login error message. If showing the default WordPress login error message is disabled, you can optionally specify your own login error message. Available in the professional version.
* New: Custom password reset error message. If showing the default WordPress password reset error message is disabled, you can optionally specify your own password reset error message. Available in the professional version.
* Improved: Implemented Content-Security-Policy HTTP header as an extra layer of protection for the WP Cerber admin pages.
* Fixed A critical XSS vulnerability.
* Fixed: Fatal error "Call to a member function is_block_editor() on null" that occurs when attempting to load any admin page (starting with /wp-admin/) by an unauthorized request. The bug only occurs if the two following settings are configured as: "Disable dashboard redirection" is enabled and "Display 404 page" is set to "Use 404 template from the active theme".
* Fixed: No country flags are shown in some log rows while viewing WP Cerber logs on the managed website via Cerber.Hub.
* Fixed: The file viewer doesn't show the content of a file while viewing the results of a scan on the managed website via Cerber.Hub.

= v9.1 =
* New: A new feature that prevents exposing user’s first name, last name, and ID via an HTTP request with a username (login) in an author_name parameter.
* New: A new user status report while viewing the user activity/requests log.
* Improved: When renders admin pages, WP Cerber uses the language selected on the user profile.
* Improved: Improved the speed of rendering of the "Users" admin page. Reduced the number of HTTP requests if some columns on the page are hidden.
* Improved: Implemented support for rate limiting when the scanner retrieves checksum data from remote servers.
* Fixed: A bug that allows an attacker to bypass the "Stop user enumeration" feature if it’s enabled.
* Fixed: A bug that produces incorrect messages in the server error log when the WordPress database connection is lost.
* Fixed: A bug with not escaping comments in the IP access lists entries.

= v9.0 =
* New: Different [alerts]( can be sent through different channels. You can select delivering notifications through Pushbullet and email simultaneously, Pushbullet only, or email only. The settings are configured on a per-alert basis in the alert creation form.
* New: Implemented a new "Message format" feature and setting. You can reduce the number of links in WP Cerber’s messages or disable them completely to prevent sending sensitive data.
* New: Implemented separate rate limiting settings for email and [Pushbullet notifications](
* New: Lockout notifications and appropriate threshold can be enabled for Pushbullet and emails separately.
* New: Email reports and alerts can be sent via a separate SMTP server configured in the WP Cerber settings.
* New: Implemented masking IP addresses and usernames (logins) in emails and mobile alerts.
* New: Disabling login language switcher. If enabled, removes language switcher on the standard WordPress login page introduced in WordPress 5.9.
* Improved: If WP Cerber is unable to load its saved settings from the website database, it uses hard-coded default values.
* Improved: If you have configured the [list of prohibited usernames]( (logins) and the username of an existing user is among prohibited ones, the user is now shown as BLOCKED on the "Users" admin page, user edit page, Activity tab, and Live Traffic tab.
* Improved: When multiple email addresses are specified for notifications, each email will be sent separately. No multiply recipients in a single email are used anymore.
* Improved: The subjects of alerts now contain corresponding event labels.
* Improved: The subject of WP Cerber’s emails have been unified. It begins with website name in square brackets plus the "WP Cerber" string.
* Improved: All test alerts and messages manually sent from the WP Cerber admin dashboard now contain *** TEST MESSAGE *** in the subject.
* Improved: Displaying detailed information about PHP generated by phpinfo(). A new link is on the Diagnostic tab in the System Info section.
* Fixed: An issue with multiple "IP blocked" in the log if the reason for a lockout is changing.
* Fixed: An issue with "Site title" containing apostrophes.

= v8.9.6 =
* New: A new [alert creation dialog with a set of new alert settings]( enables you to create alerts with new limits: an expiration time, the maximum number of alerts allowed to send, and optional rate-limiting. The alert conditions can include the URL of a request now.
* New: Deleting of [WordPress application passwords]( is logged now.
* New: Ability to monitor [anti-spam](, reCAPTCHA, and several other setting-specific events using links on the settings pages.
* Improved: Meaningful and actionable messages on the log screens if no activity has been found in the logs using a given search filter.
* Improved: If a WP Cerber feature requires a newer version of WordPress, such a feature will not be shown in the plugin admin interface anymore.
* Fixed: A fatal PHP error occurs while logging in on a version of WordPress older than 5.5 and a user has more than one active session.
* Fixed: A fatal PHP error occurs while using the reset password form on a version of WordPress older than 5.4.
* Fixed: While opening the Tools admin page, a PHP error might occur on some web servers.
* Fixed: While rendering the Activity tab, depending on the activities logged, the PHP warning can be logged in the server error log.
* Fixed: When [managing WP Cerber on a remote website via Cerber.Hub](, the admin page footer incorrectly displays the version of WP Cerber installed on the main website.
* Fixed: If the Site Title of a website contains some special characters like apostrophes, the subject of [email alerts and notifications]( contains such characters in encoded form.

= v8.9.5 =
* New: A new setting for [WP Cerber's anti-spam engine]( "Disable bot detection engine for IP addresses in the White IP Access List".
* New: A new setting for [the reCAPTCHA module]( "Disable reCAPTCHA for IP addresses in the White IP Access List".
* Improved: Logging all user session terminations including those that occurred when an admin manually terminate user sessions or [block users](
* Improved: If a user session has been terminated by a website admin, the admin’s name is logged and shown in the Activity log.
* Improved: Logging all user password changes including those made on the edit user admin page, and the WooCommerce edit account page.
* Improved: Logging [application passwords]( changes.
* Improved: New status labels in the Activity log: "reCAPTCHA verified" is shown when a user solves reCAPTCHA successfully
* Improved: New status labels in the Activity log: "Logged out everywhere" is shown when a user has completely logged out on all devices and of all locations.
* Improved: Failed reCAPTCHA verifications are logged with form submission events they are linked to.
* Improved: A new event is logged: "Password reset request denied". With possible statuses "reCAPTCHA verification failed", "User blocked by administrator", "Username is prohibited".
* Improved: Handling reset of user passwords is improved to support changes in the WordPress core.
* Fixed: A cookie-related bug that causes a fatal software error if a user has been deleted or their password has been changed in the WordPress dashboard by the website administrator while the user is being logged in.
* Fixed: A bug with the WordPress lost password (reset password) form that prevents displaying error messages to a user.
* Fixed: When the [limit on the number of allowed concurrent user sessions]( is set to one, an attempt to log in with the user name and incorrect password terminates the existing session of the user.

= v8.9.3 =
Improved: The scanner: now checksums generated using manually uploaded ZIP archives have priority over the remote ones.
Improved: You can configure exceptions for WP Cerber's anti-spam by disabling its code on selected WordPress pages.
Improved: New diagnostic messages were added for better troubleshooting issues with ZIP archives uploaded in the scanner.
Fixed: A vulnerability that affects WP Cerber's two-factor authentication (2FA) mechanism.
Fixed: A bug that prevents uploading ZIP archives on the scan results page if the filename contains multiple dots.
Fixed: Fixed admin message "Error: Sorry, that username is not allowed." which is wrongly displayed on the user edit page while updating users with prohibited usernames.
Fixed: Not detecting malformed REST API requests with a question mark in this format: /wp-json?

* New: File system analytics. It's generated based on the results of the last full integrity scan.
* New: Logging user deletions. The user’s display name and roles are temporarily stored until all log entries related to the user are deleted.
* New: Faster export with a new date format for CSV log export.
* New: Ability to disable adding the website administrator's IP address to the White IP Access List upon WP Cerber activation.
* Improved: Handling the creation of new users by WooCommerce and membership plugins.
* Improved: Handling user registrations with prohibited emails.
* Improved: Handling secure Cerber‘s cookies on websites with SSL encryption enabled.
* Improved: The performance of the integrity checker and malware scanner on huge websites with a large number of files.
* Fixed: Loading the default plugin settings has no effect. Now it’s fixed and moved from the admin sidebar to the Tools admin page.
* [Read more](

⭐Similar Suggestion: Wordfence Security Premium – WordPress Security Plugin

Download WP Cerber Security Pro v9.3 Nulled Free

Note: Maybe you need to unzip before installing plugin. We do not give any guarantee if any theme/plugin contains virus. Please check on Virustotal before using it on localhost.