WP Cerber Security Pro 9.6.7.3

Fixed: A fatal PHP error triggered by a conflict with InfiniteWP.
Fixed: A bug that prevented language translations from loading when the main website's language was set to English.
Fixed: An issue within Cerber.Hub where new client websites were incorrectly added to the main website with extraneous quotation marks in the client website URL and website name.
Improved: Cerber.Hub now renders client websites using the language specified in WP Cerber settings, allowing you to choose any language when managing a client website remotely.
Removed: The deprecated FILTER_SANITIZE_STRING constant, ensuring compatibility with modern PHP versions.

Important: The minimum required PHP version is now 7.3, with PHP 8.x recommended for optimal performance and security.
New: WP Cerber’s admin interface can now be displayed in any language independently of the site's language, with automatic translations available when enabled in settings.
New: The Live Traffic log now highlights 301 and 302 HTTP redirections and separately marks those triggered by WP Cerber for better visibility.
New: All redirections caused by WP Cerber are now always logged in Traffic Inspector when any logging level is enabled, improving security monitoring.
Improved: Database table update code has been optimized to reduce unnecessary SQL queries, improving performance and reducing server load.
Improved: SQL queries for WP Cerber’s admin pages are now cached in WordPress’s persistent object cache, reducing database requests and speeding up page loads.
Improved: Messages related to dates and versions have been refined for better clarity and consistency.
Improved: Duplicate log links in Activity Log pop-ups have been removed for a cleaner user experience.
Improved: WP Cerber cookies now use the SameSite=Strict attribute.
Fixed: A bug that caused repeated translation file update requests has been fixed. WP Cerber now correctly manages translation updates without failed requests.

New: Introduced automatic translation of the plugin interface and messages for non-English websites, powered by AI and delivered via the WP Cerber cloud.
Improved: Enhanced plugin interoperability by allowing third-party plugins to integrate with WordPress and WP Cerber's authentication, enforcing their rules during login attempts.
Improved: Enhanced compatibility with alternative WordPress directory structures, such as those used by Bedrock.
Improved: Refined error messages on WordPress and WooCommerce login/password reset forms for better compatibility with third-party plugins.
Improved: Streamlined error reporting by automatically logging PHP errors and displaying them in a developer-friendly format on the Diagnostic tab.
Fixed: Resolved incorrect Anti-spam settings links displayed in Activity log pop-up windows.
Fixed: Addressed missing translations for tab titles on WP Cerber admin pages for non-English websites.
Fixed: Resolved a fatal PHP error triggered when saving add-on settings.
Fixed: Corrected URL display in Activity and Traffic logs when WordPress is installed in a separate directory.
Fixed: Resolved an issue where CTRL + clicking a link failed to open it in a new window/tab.
Fixed: Repaired broken "View details" links on the WordPress Plugins admin page.
Other: Removed the obsolete "Cerber Security Cloud protocol" setting.

New: Dashboard widgets can now be rearranged using drag-and-drop, giving you full control over their placement.
New: Unused widgets can be disabled via the gear icon at the bottom of the page for a cleaner interface.
New: Added new widgets to the dashboard: Activity Breakdown, Top Offending IP Addresses, New Users, and Login Issues, providing deeper insights into site activity.
Improved: WP Cerber now leverages persistent WordPress cache like Redis to speed up some SQL-heavy requests on admin pages.
Improved: Permissions to block users have been updated, allowing any user with the edit_users or delete_users capability to block accounts. [How to block a WordPress user](https://wpcerber.com/how-to-block-wordpress-user/)
Improved: An inter-page overlay loader has been introduced to improve navigation on resource-intensive admin pages.
Compatibility: WordPress now checks for required PHP and WordPress versions before allowing an update to WP Cerber.
Compatibility: Added plugin headers "Requires PHP" and "Requires at least" to wp-cerber.php for better compatibility checks.
Compatibility: This is the final version supporting PHP 7.0, as the next release will require PHP 7.2.
Compatibility: Removed outdated CSS that previously supported older versions of Safari.
Fixed: Resolved issues with untranslated plural forms in some multilingual phrases.

New: WP Cerber continuously monitors IP detection issues and provides diagnostic messages. If IP detection fails due to configuration or server settings, the details of the issue are displayed to assist in troubleshooting.
Improved: When valid proxy headers are missing, WP Cerber falls back to the standard $_SERVER['REMOTE_ADDR'] variable to extract IP addresses.
Improved: If the PHP constant [CERBER_IP_KEY](https://wpcerber.com/wordpress-ip-address-detection/) is configured but does not provide valid IP address, WP Cerber switches to fallback methods for IP detection.
Improved: The Sessions page now marks users with enforced [2FA](https://wpcerber.com/two-factor-authentication-for-wordpress/) using a green "2FA" label. A solid label indicates successful verification, while an outlined one means verification is pending.
Improved: WP Cerber’s cookies in the "Live Traffic" log are highlighted in green under "Server Response Cookies". Their values are now properly decoded for easier analysis.
Improved: REGEX patterns for [URL exceptions](https://wpcerber.com/antispam-exception-for-specific-http-request/) no longer require escaped slashes. Existing patterns are automatically updated during the upgrade.
Improved: 2FA PIN emails now include the recipient’s first and last name along with their email address. This change helps improve email deliverability.
Improved: Enhanced storage of 2FA session data prevents its misuse as an attack vector in compromised WordPress databases.
Improved: 2FA login forms have been improved for full compatibility with WordPress installations in sub-folders, particularly on web servers with sub-optimal configurations.
Improved: Database operations are optimized to leverage the latest PHP-compatible technologies. Performance on modern servers is improved.

New: The integrity scanner now monitors installed plugins and notifies you if any have been abandoned, helping you maintain site security.
New: The integrity scanner also monitors for changes in plugin ownership and alerts you, so you can assess the new developer's credibility and make informed decisions.
Improved: The plugin settings interface now dynamically adapts to your specific web server environment, displaying only relevant options to streamline the configuration process.
Improved: Translations are now loaded from WP Cerber's bundled folder, ensuring more accurate and up-to-date translations for non-English sites.
Fixed: Saving settings for one WP Cerber add-on could reset another add-on's settings to default values.
Fixed: The integrity scanner might attempt to recover files even when recovery options are disabled.
Fixed: A bug that affected the rendering of WP Cerber’s admin dashboard when WordPress encountered email-sending issues.

New: Introduced an admin tool that provides clear explanations of security events in WP Cerber logs and security settings WP Cerber applied in processing requests.
New: Implemented settings for configuring header-based exceptions for WP Cerber’s anti-spam and firewall.
Improved: A new activity log event, "Comment marked as spam", to simplify spam comment management and related plugin settings.
Improved: A new quick filter, "Spam Events" on the Activity tab. It helps admins to easily view all spam-related events and actions taken by WP Cerber’s anti-spam.
Improved: WP Cerber now logs the reasons for blocking IP addresses with better accuracy making it simpler to discern the root cause of lockouts.
Improved: To mitigate plugin conflicts, implemented a dequeuing mechanism that removes conflicting JavaScript scripts loaded by other plugins on WP Cerber admin pages.
Improved: The layout of several WP Cerber admin settings pages and translations have been improved for better admin experience.
Improved: Refined the wording of WP Cerber plugin settings, improving clarity for a better understanding of the plugin’s behavior.
Fixed: A minor PHP bug "An error of type E_ERROR was caused in line 661 of the file /wp-cerber/cerber-lab.php."
Fixed: A minor PHP bug "PHP Warning: Undefined array key net_connection_ip in /wp-cerber/cerber-lab.php on line 330"

Fixed: An issue where you could not change the mode of two-factor authentication ([2FA](https://wpcerber.com/two-factor-authentication-for-wordpress/)) for a user if 2FA was previously enabled or completely disabled on the user profile page. This only happened if the license key for the professional version of WP Cerber had expired or was removed from a website.
Fixed: A bug that triggered a PHP fatal error: Uncaught TypeError: array_merge(): Argument #1 must be of type array, bool given in …/wp-cerber/cerber-settings.php:1037

New: You can control the amount of sign-in attempt details that are shown in 2FA email messages. You can also disable this section completely.
Improved: You can have individual 2FA email configuration for each role on your WordPress and configure per-user settings as well.
Improved: A new "Login Security" section on the user edit page in the [professional version of WP Cerber](https://my.wpcerber.com/ps/).
Improved: New status for activity log entries: "Access denied by plugin settings." It indicates that a given request is denied based on settings within the WP Cerber configuration.
Breaking changes: The feature to use a separate user email address for receiving 2FA codes is available in the [professional version of WP Cerber only](https://my.wpcerber.com/ps/).
Fixed: A fatal PHP error occurs when "Data Shield" is enabled, and a plugin tries to change WordPress settings without loading pluggable PHP functions: "Uncaught Error: Call to undefined function wp_get_current_user() in /wp-cerber/cerber-common.php:1820"

New: Mitigating excessive use of the WordPress password reset form. Whenever WP Cerber detects multiple attempts to reset password for non-existing users, the IP address gets blocked.
Fixed: Erroneous events "Password reset request denied" are logged to the Activity log.
Fixed: If WP Cerber is unable to create its diagnostic log, it produces the software error "PHP Fatal error: Uncaught ValueError: Path cannot be empty in".
Fixed: When browsing plugin updates on the Dashboard / Updates page, no details about the last release of WP Cerber is shown in the pop-up window.