When was WP Cerber Security v9.8 released?

WP Cerber Security version 9.8 was released on June 12, 2026. You can download it from GPLCoffee along with its full changelog and compatibility details.

What is the download size of WP Cerber Security v9.8?

The WP Cerber Security v9.8 package is 1.2 MB.

What WordPress version does WP Cerber Security v9.8 require?

WP Cerber Security v9.8 requires WordPress 5.8 or higher, tested up to WordPress 6.9.

What PHP version does WP Cerber Security v9.8 need?

WP Cerber Security v9.8 requires PHP 7.4 or higher.

Is WP Cerber Security v9.8 safe to download?

WP Cerber Security v9.8 has been scanned with VirusTotal and came back clean. The full scan report is linked from the version page.

Release v9.8

WP Cerber Security v9.8

Latest version

What's new in v9.8

WP Cerber Security v9.8 was released on June 12, 2026. Defends WordPress against hacker attacks, spam, trojans, and malware. See the full changelog below and compare with the complete version history.

Release details

Released June 12, 2026

1.2 MB

File available

Changelog

Improved

Renamed the "White IP Access List" and "Black IP Access List" terms to "Allowed IP Access List" and "Blocked IP Access List" across the admin UI for clearer access-control terminology.
Client IP address detection now converts IPv4-mapped IPv6 addresses to standard IPv4 notation in proxy and IPv6 environments. ACL entries using mapped IPv6 notation no longer match these normalized client IP addresses.
Client IP address detection no longer falls back to the `HTTP_CLIENT_IP` header when the `X-Forwarded-For` proxy header is empty or does not contain a valid address.
The integrity scanner now records detailed database error information in the log when diagnostic logging is enabled in the settings.

Fixed

Geolocation data for IPv6 addresses is now cached correctly, so country names appear immediately in the Activity log and Traffic log instead of being re-fetched from the geolocation service on each view, which previously caused extra AJAX requests and a noticeable delay.
Eliminated the `ERROR 1062` ("Duplicate entry") messages that the IPv6 geolocation caching bug wrote to the server error log on each IPv6 lookup.
If more than one IPv6 range or IPv6 network defined in IP Access Lists, the Traffic and Activity logs could display comments or labels belonging to a different IPv6 Access List entry, for example showing the label "IP whitelisted" for a request that was actually denied. The logs now show details that match the Access List entry involved.
Database operations now compatible with WordPress table prefixes starts with a digit, such as `123_`. This resolves a regression introduced by the stricter database operation validation in WP Cerber 9.7.4, where affected sites could fail to run integrity scanner.