I’ve been a fan of WP Cerber for a good while now - it’s been my go-to plugin outside the usual WordPress directory picks. But, I’ve got to say, I’m starting to have second thoughts. Remember when WP Cerber left the WordPress directory? I was cool with that, thinking it’d be a short-term thing. But here we are, and it’s still not back. Plus, the updates seem a bit slower lately, and the WordPress plugin forum is pretty quiet - kinda worrying, to be honest. But, on the bright side, I stumbled upon this new support forum, which seems like a right place to get some insights. Talking with a few buddies, I’ve noticed that WP Cerber doesn’t get the same love it used to. Honestly, I’ve been defending it left and right, but even I’m starting to look around for other options.
So, what’s the deal? Any chance WP Cerber will make a comeback in the WordPress directory? Got any timelines or updates on this? I really want to stick around, but I need to know what’s happening.
In 2023, we released 10 updates aimed at improving the performance and security of WP Cerber. We also launched our own software repository to ensure an uninterrupted update process for the plugin and introduced bug bounty program with monetary reward, encouraging engineers to assist in strengthening WP Cerber’s security by identifying and reporting potential vulnerabilities. A couple of weeks ago, we launched this WP Cerber support forum to communicate with our customers openly and without censorship, a level of interaction that is not always possible on wordpress.org forums. Moreover, the embarrassingly outdated wordpress.org forum platform, reminiscent of the 90s, does not facilitate productive discussions. The final straw for my patience was the blocking of my account on wordpress.org plugin forum without any notification. We are now physically unable to respond to users there.
Can any plugin author on wordpress.org offer the same level of dedication and confidence in their creations?
I understand the convenience and some trust that comes with being in the WordPress directory, and that’s why we’re planning a return. However, our vision for WP Cerber extends beyond just being a part of the WordPress directory. We’re working diligently to ensure that WP Cerber continues to meet the needs of our clients for a secure and efficient plugin. The primary distribution platform is, and will remain, our own repository, guaranteeing uninterrupted service for our clients.
We’re planning for a return in 2024. However, it’s important to note that while this is on our agenda, our highest priority is elsewhere – on the continuous development and enhancement of the professional version of WP Cerber.
Our team and I are dedicated to the continuous development of the plugin, making it more user-friendly and ensuring its effectiveness in protecting WordPress sites in the modern digital landscape, where cyber criminals are using new AI-based tools to create viruses and mount sophisticated attacks on websites.
For the latest updates regarding WP Cerber, please visit our official website, the only official source for news: https://wpcerber.com/main/
I really don’t understand why many people thinks anything on the wordpress directory is security safe. I have used many plugins from their that had major vunerabilities discovered by people outside of wordpress. I have used many plugins that are not on the wordpress directory that are fantastic with fantastic support, including Cerber Security.
Glad to hear you’ve had a great experience with WP Cerber. We work hard to keep it reliable and responsive to new threats. By the way, you can share you opinion on WP Cerber here: https://talk.wpcerber.com/c/feedback/9
Not all WordPress plugins are created equal. You hit the nail on the head saying that being in the wordpress.org directory doesn’t automatically make a plugin safe. There are awesome non-directory WordPress plugins. Some incredible plugins with millions of users never make it to the wordpress.org plugin directory, but they’re still top-notch in quality and success.
Speaking about plugin security, it’s important to acknowledge the progress made by the moderators at wordpress.org plugin directory. These days, they’re doing a great job at filtering out unsafe plugins, which marks a significant improvement from the past.
Hello there, this is an important message (and announce) for WP Cerber. I’m using your plugin since 6 years on more than 37 differents websites !
It’s not easy to explain to my customers that’s a security plugin with the “security issue” message on Wordpress.org…
But i’m fighting for you, WP Cerber is a great plugin with a lot of features that prevent to install many and many differents security plugins.
AND the free version is realy powerfull and contains a lot of features.
Thank you for making this plugin alive and updated, i’m exciting to know that it will be released again on Wordpress.org. That will give a new visibility for this great plugin, and i expect more and more users .
Please let us know about this come back on WP.org, it’s very important for your users.
Regards
Hi, I’m also a WP Cerber fan! There are two primary reasons why WP Cerber was removed from the WordPress.org repository:
Violation of the GPL License Policy:
The GPL license is a crucial pillar of the WordPress ecosystem. It ensures that plugins are free to use and distribute.
However, there were concerns that WP Cerber violated this license by:
Using geo-blocking to restrict downloads of the free plugin in certain countries.
Offering premium features that were not compatible with the GPL license.
(I suspect that being available in many countries also brought in a lot of questions from people using the free plugin (just like me) who didn’t know what they were doing, had many questions, and they had to answer these without a revenue model.)
Unresolved Security Issues:
In 2022, several security issues were identified in WP Cerber.
Despite repeated requests from the WordPress security team to address these issues, the plugin creator failed to do so.
This posed a significant risk to the security of WordPress sites using the plugin.
To my knowledge, the security issues were indeed related to old WP Cerber versions that were not present in the new ones. So, why respond if the problem is already resolved? MEANWHILE, Wordfence and Sucuri are not entirely correct, such as writing files and logs in incorrect locations and posing a high security risk themselves (as Sucuri does) or executables as Wordfence does in their wordfence-waf.php, …but yes, they prefer writing that they are safe, but in practice, it’s a different story. They are certainly good plugins but with more vulnerabilities in my eyes. But I think it’s because other plugins show fewer issues to work with them (due to a lack of security rules, making the workability of plugins easier but read again at the cost of workability). Worse, I find that the WordPress repository removes plugins that haven’t been maintained for 6 years but are still state of the art today (because, in my opinion, paid versions would rather see them removed they report) and others that are 10 years outdated with no further development are still in there. I think the WordPress repository, if they want to have a good revenue model for the future, need to handle it better to be taken seriously by professionals. This starts with a good policy on the free plugins offered where security is naturally top priority, in combination with functionality. Good websites will slowly become professional. And not that they throw in the towel because they get hacked easily multiple times without realizing it! Consequences of the Removal:
WP Cerber is no longer available for download or installation via the WordPress.org repository.
Existing users of the plugin can continue to use it, and they still perform updates. Additionally, you can always download an installation via their website, so no problem there.
Thank you for your input, but none of the listed accusations apply to WP Cerber.
Geo-blocking accusation: wrong.
The claim about “using geo-blocking to restrict downloads of the free plugin in certain countries” is unclear, but there are no restrictions on downloading the plugin. Anyone can download and install WP Cerber by following the instructions here: https://wpcerber.com/installation/.
Premium features and GPL compliance: no violation.
The GPL license governs the distribution of code but does not restrict the nature of features. Plugins can offer premium features while remaining fully compatible with the GPL. WP Cerber’s professional version features are no exception and adhere fully to GPL requirements.
Unresolved security issues: none.
The claim that WP Cerber failed to address security vulnerabilities is incorrect. All reported issues were resolved in subsequent updates. If you believe you’ve discovered a new issue, you’re welcome to report it through our bug bounty program. You will receive a monetary reward for it.
Commitment to security: above and beyond.
We are deeply committed to maintaining a secure and trustworthy approach to website protection. That’s why, unlike many other plugins in the repository, WP Cerber actively maintains a bug bounty program with monetary rewards to encourage the responsible disclosure of vulnerabilities and ensure the security of the plugin. Read more here: https://wpcerber.com/bug-bounty-program/
P.S. My take on the plugin repository policies
I have serious concerns about the inconsistent and seemingly arbitrary application of plugin guidelines on the WordPress.org plugin repository. Decisions is shrouded in a lack of transparency, leaving plugin developers and users alike in the dark. The removal of WP Cerber feels less like a genuine effort to uphold security or compliance standards and more like an exercise in selective enforcement. If the goal was to confuse and alienate developers while undermining user trust, the wordpress.org plugin repository team is certainly on the right track.