WP Cerber Security PRO 9.6.7 NULLED

= 9.5 =
New: Get an email notification whenever a new version of a plugin is available.
New: An additional option for [granting access to users’ data via REST API](https://wpcerber.com/restrict-access-to-wordpress-rest-api/) for selected user roles.
New: An additional option for [sending activity alerts](https://wpcerber.com/wordpress-notifications-made-easy/). Email alerts can be sent to an email address you have on your WordPress account.
Improved: WP Cerber now permanently stores users’ last login data (IP address, time, user’s country) for all users. [The data can be erased by website admin](https://wpcerber.com/delete-personal-data/).
Improved: To prevent having insecure plugin configuration, WP Cerber validates required HTTP headers before enabling [the behind a proxy mode](https://wpcerber.com/wordpress-ip-address-detection/) in the WP Cerber settings.
Fixed: A specially formatted request can bypass the disabled redirection from a /wp-admin/ locations to the [custom login page](https://wpcerber.com/how-to-rename-wp-login-php/).
Fixed: The [integrity scanner](https://wpcerber.com/wordpress-security-scanner/) labels a file as "File is missing" if the folder containing the file is on the "Directories to exclude" list.
Fixed: After clicking "Apply" on the "Screen Options" on the [Cerber.Hub](https://wpcerber.com/manage-multiple-websites/) admin page, a blank page is displayed.

= 9.4 =
New: In addition to weekly reporting, WP Cerber can be configured to generate and send monthly activity reports once a month.
New: Weekly activity reports now can be generated either for the last 7 days or the previous calendar week.
New: Redirecting requests to a specified URL instead of generating a 404 page when attempting to access prohibited locations on a website.
New: The "Remember Me" checkbox on the WordPress login form can be disabled.
Improved: No access to author archives via any possible URLs if "Block access to user pages via their usernames" is enabled.
Improved: The default period of weekly reports is the previous calendar week.
Fixed: If WordPress is installed in a subfolder and the custom login page is configured, submitting the password reset form doesn’t redirect users to the page with a success message showing "Not Found" instead.
Fixed: If the custom login page is configured, disabling the login language switcher has no effect on the login form and the language switcher is still displayed.
Fixed: On some multi-site WordPress installations, WP Cerber can produce warning messages about using undefined UPLOADBLOGSDIR constant
Fixed: If the access lists contain IPv6 addresses and the Activity log contains entries with IPv6 addresses, viewing those entries causes PHP warnings "undefined property: stdClass::$comments".
Fixed: If Pushbullet mobile notifications are enabled and the list of available devices contains inactive (removed) devices, WP Cerber produces PHP notices "Undefined index: nickname" while parsing the list.

= 9.3.2 =
* Improved: Every locked-out IP address on the "Lockout" tab has a link to check its suspicious activity in the Activity log.
* Improved: The activity log provides more details on [two-factor authentication (2FA)](https://wpcerber.com/two-factor-authentication-for-wordpress/) events with several new statuses that are logged if an attempt to log in using 2FA was aborted.
* Improved: The activity log provides more details when a user was forcefully logged out (user session has been terminated) due to a restriction.
* Fixed minor vulnerability: If WordPress is installed in a subfolder and [access to WordPress REST API has been blocked on the "Hardening" tab](https://wpcerber.com/restrict-access-to-wordpress-rest-api/), a bad actor can get access to REST API by using a specially formatted request.
* Fixed minor bug: Multiple duplicate notifications are sent via email and [Pushbullet](https://wpcerber.com/wordpress-mobile-and-browser-notifications-pushbullet/) if an IP address is permanently getting blocked due to multiply consequent malicious requests and the notification limit is set to 0.

= 9.2.2 =
* This release does not bring new features or critical updates. Some parts of the plugin code have been refactored to be in compliance with new wordpress.org plugin guidelines and requirements. If you have updated WP Cerber from the version 9.0, please check the [WP Cerber release history](https://wpcerber.com/security/releases/) to see all the changes and new features introduced in the previous versions 9.1 and 9.2.

= 9.2 =
* New: Custom login error message. If showing the default WordPress login error message is disabled, you can optionally specify your own login error message. Available in the professional version.
* New: Custom password reset error message. If showing the default WordPress password reset error message is disabled, you can optionally specify your own password reset error message. Available in the professional version.
* Improved: Implemented Content-Security-Policy HTTP header as an extra layer of protection for the WP Cerber admin pages.
* Fixed A critical XSS vulnerability.
* Fixed: Fatal error "Call to a member function is_block_editor() on null" that occurs when attempting to load any admin page (starting with /wp-admin/) by an unauthorized request. The bug only occurs if the two following settings are configured as: "Disable dashboard redirection" is enabled and "Display 404 page" is set to "Use 404 template from the active theme".
* Fixed: No country flags are shown in some log rows while viewing WP Cerber logs on the managed website via Cerber.Hub.
* Fixed: The file viewer doesn't show the content of a file while viewing the results of a scan on the managed website via Cerber.Hub.