preloader

WP Cerber plugin review and common issues

WP Cerber is used for hardening login, scanning files, and blocking common attacks. In most cases, it fits business sites better than a custom build done too early. A common issue is that firewall rules block valid users or admin actions. This usually happens when strict rules create false positives on custom sites. It can save time, but it still needs testing on a staging site before major changes go live. From experience, WP Cerber works best when you keep the setup focused and avoid overlapping plugins.

WP Cerber plugin review and common issues
Official Plugin Page ↗ Get Help With This Plugin

What is WP Cerber plugin?

WP Cerber is a WordPress security plugin specializing in malware scanning, login security, and anti-spam. It distinguishes itself from Wordfence and Sucuri through its two-component scanning architecture: a local scanner that checks files on your server, and a remote scanner that checks your site from outside (as a visitor would see it). This combination gives more complete coverage — the remote scan can detect injected content that only appears in the browser-rendered output rather than in raw files.

WP Cerber’s anti-spam feature uses its own reCAPTCHA-free approach to block spam registrations and form submissions without relying on Google services. This is a meaningful feature for privacy-conscious sites that want spam protection without GDPR-sensitive third-party scripts.

Login security includes login attempt limiting, custom login URL, IP allowlisting, login time restrictions (only allow logins during business hours), and country-based access control. The traffic inspection feature logs and allows investigation of all requests to the site, similar to Wordfence’s Live Traffic view.

WP Cerber has a free version at WordPress.org that covers anti-spam, basic login protection, and traffic inspection. The paid Cerber Security plan ($99/year) unlocks advanced scanning, malware cleanup, additional hardening rules, and multi-site management. The plugin is well-documented and maintained by a small team with a long track record of consistent updates.

Need Help With WP Cerber Setup, Troubleshooting, or Customization?

Need help with WP Cerber? Whether you are dealing with errors, broken functionality, styling problems, plugin conflicts, or advanced customization, we can help you fix the issue and get the plugin working properly on your WordPress site.

Get WP Cerber Expert Help

Key Features

  • Two-component scanning: local file scan + remote site scan
  • Anti-spam without Google reCAPTCHA (no third-party dependencies)
  • Login attempt limiting and custom login URL
  • Login time restrictions by time of day or day of week
  • Country-based access control

Pros & Cons

Pros

  • Two-component (local + remote) scanning provides more complete coverage
  • Anti-spam without Google reCAPTCHA is a privacy advantage
  • Login time restrictions is an unusual but useful feature

Cons

  • Smaller community than Wordfence
  • Some advanced features require the paid plan

Free vs Premium

Free version covers anti-spam, login protection, traffic inspection, and basic hardening. Cerber Security paid plan ($99/year) adds advanced malware scanning, one-click quarantine and cleanup, additional hardening, and multi-site management.

Common Problems & Fixes

Why is WP Cerber blocking legitimate user logins?

WP Cerber can block logins based on IP, country, time of day, or login attempt limits. If a legitimate user is blocked, check the Cerber dashboard → Flagged IPs to see why the IP was blocked. Add the IP to the allowlist in Settings → Allowlist. Also verify that login time restrictions are not preventing logins during valid business hours if that feature is enabled.

Why is WP Cerber's anti-spam feature blocking legitimate contact form submissions?

WP Cerber’s anti-spam uses behavioral analysis to detect bots. Occasionally, legitimate users on slow connections or with unusual browsing patterns are flagged. Check the anti-spam logs in Cerber → Anti-Spam to see what submissions were blocked and why. You can adjust the anti-spam sensitivity or allowlist specific email addresses if needed.

Why is WP Cerber traffic inspection showing a high volume of blocked requests?

A high volume of blocked requests is normal on any public WordPress site — bots continuously scan for vulnerabilities. WP Cerber’s traffic log shows you these attempts. Review the top blocked IPs and consider adding persistent repeat offenders to the blocklist. A spike in blocked requests from new IP ranges may indicate a targeted scan — monitor over 24 hours before taking action.

Customization & Developer Notes

How do I restrict WordPress admin access to specific countries in WP Cerber?

Go to WP Cerber → Settings → Country Rules. You can allow access to specific countries (whitelist mode) or block access from specific countries (blacklist mode). Apply rules to the login page, admin area, REST API, or XML-RPC independently. This is useful for sites with a geographically specific user base.

Can WP Cerber restrict logins to specific hours of the day?

Yes. WP Cerber → Settings → Login Hours lets you configure which hours logins are permitted. Outside those hours, login attempts are blocked regardless of credentials. This is a useful feature for internal team sites where logins outside business hours would be suspicious.

Frequently Asked Questions

Does WP Cerber include two-factor authentication?

WP Cerber includes two-factor authentication via TOTP authenticator apps in its paid plan. The free version does not include 2FA — if 2FA is needed on the free tier, use a dedicated 2FA plugin like WP 2FA alongside WP Cerber.

How does WP Cerber's remote scanner work?

The remote scanner connects to your site from Cerber’s external servers and checks the publicly visible page output for injected content, malicious scripts, and blacklisting status. This complements the local file scanner, which checks raw files on the server. Together they catch malware that appears only in rendered output as well as malware in files.

Is WP Cerber compatible with WooCommerce?

Yes. WP Cerber has WooCommerce-aware settings that exclude cart, checkout, and account pages from login restrictions and anti-spam processing that would interfere with standard WooCommerce functionality.

Does WP Cerber work on Nginx servers?

WP Cerber works on Nginx. Some features that rely on .htaccess rules (like custom login URL via .htaccess) require PHP-level implementation on Nginx servers rather than web server configuration, but WP Cerber handles this transparently for most features.

Need a WP Cerber Developer?

Find a vetted WordPress developer specializing in WP Cerber. From setup and configuration to custom WP Cerber development — get expert help on WPWizzy.
Get a Free Estimate

Ready to hire your WordPress developer?

WPWizzy connects you with vetted freelance WordPress developers from the Codeable network — the top 2% of WordPress experts worldwide, , you can get a free no-obligation project estimate before hiring. Every developer is carefully screened, backed by Codeable’s satisfaction guarantee, and rated by real clients based on completed WordPress projects.

Pick one option and we’ll take you to the right next step.

After submitting your request, up to three WordPress developers may review your project and ask a few questions to better understand the issue.
This step helps us define the scope of work and provide an accurate estimate. Most projects receive a response within 24 hours.
Providing a few key details about your website or the problem will help us respond faster. There is no obligation to proceed with the project.