Hi everyone,
We’ve released WP Cerber 9.7.4.
This is not a “big new feature” release. It is the kind of maintenance release we care a lot about: fewer assumptions, cleaner signals, and less ambiguity when your site is under pressure.
The most important change is in fail2ban logging. WP Cerber now writes failed-login timestamps using the operating system timezone, so WordPress and fail2ban read the same event in the same time context. That matters on servers where WordPress time and system time do not line up.
We also tightened how hostnames are written into the fail2ban log. Log-forging characters are stripped, only hostname-safe characters are allowed, and entries stay on a single well-formed line.
Traffic Inspector logging got stricter too. JSON request payloads are now validated when decoded, decoding errors are captured, sensitive-field masking has better validation, and request fields are escaped more consistently before database insertion.
Admin notices now go through a stricter rendering path as well. WP Cerber allows only the HTML it actually needs for its own notices, which keeps the output narrower and more predictable.
In short: WP Cerber 9.7.4 is about making security signals more precise.
If automatic updates are enabled for WP Cerber on your site, there is nothing you need to do. The update will be installed automatically when WordPress runs its normal plugin update cycle.