{"kb_updated":1739607598,"version":"9.6.6.8","azoth":{"activity":{"1":{"kb_desc":"","kb_action":"","kb_sts":"","kb_tags":"","kb_url":"","kb_desc.hash":"da39a3ee5e6b4b0d3255bfef95601890afd80709","kb_action.hash":"da39a3ee5e6b4b0d3255bfef95601890afd80709"},"2":{"kb_desc":"","kb_action":"","kb_sts":"","kb_tags":"","kb_url":"","kb_desc.hash":"da39a3ee5e6b4b0d3255bfef95601890afd80709","kb_action.hash":"da39a3ee5e6b4b0d3255bfef95601890afd80709"},"3":{"kb_desc":"The user account was deleted either manually by the website administrator or automatically by WP Cerber. WP Cerber deletes accounts created during attempts to gain unauthorized access using illegitimate admin accounts.","kb_action":"","kb_sts":"","kb_tags":"","kb_url":"","kb_desc.hash":"47ffdb2ad0f2c06067f2970070d729841a7a7c2c","kb_action.hash":"da39a3ee5e6b4b0d3255bfef95601890afd80709"},"6":{"kb_desc":"","kb_action":"","kb_sts":"","kb_tags":"","kb_url":"","kb_desc.hash":"da39a3ee5e6b4b0d3255bfef95601890afd80709","kb_action.hash":"da39a3ee5e6b4b0d3255bfef95601890afd80709"},"7":{"kb_desc":"This event occurred because an incorrect password was used when attempting to log into your website or user authentication cookies had expired. While failed logins are common and can occur simply because of user error, repeated failures from the same IP address may indicate a brute-force attack attempt. WP Cerber monitors these failures and block malicious IP addresses to mitigate brute-force attacks.","kb_action":"","kb_sts":"","kb_tags":"login, authentication, authorization","kb_url":"https:\/\/wpcerber.com\/troubleshooting-login-issues\/","kb_desc.hash":"e35865ca25c8c23c738711758a63468e32f9b20e","kb_action.hash":"da39a3ee5e6b4b0d3255bfef95601890afd80709"},"15":{"kb_desc":"WP Cerber marked this comment as spam because its content or submission method triggered spam filter or bot detection algorithms.","kb_action":"If legitimate, non-spam comments are being blocked, this may indicate false positives, often caused by a conflict with your active theme. In such cases, enabling safe AJAX mode in the anti-spam settings can resolve the issue.","kb_sts":["botssafe"],"kb_tags":"","kb_url":"","kb_desc.hash":"7dce3d263067dd92b0b477c1fc8c329bf90c7b78","kb_action.hash":"d16e6b35bb05b884bd99effe05e4b63cf33961a8"},"17":{"kb_desc":"WP Cerber blocked this form submission because its content or submission method triggered spam filter or bot detection algorithms.","kb_action":"WP Cerber might mistakenly block legitimate requests if they appear similar to spam submissions generated by bots. If this request is legitimate, it's recommended to configure an anti-spam exception for this location. For POST requests originating from a trusted web service, consider whitelisting its IP address or configuring a header-based exception.","kb_sts":["botsnoauth","botswhite","botswhite_header"],"kb_tags":"","kb_url":"https:\/\/wpcerber.com\/wordpress\/anti-spam\/","kb_desc.hash":"45fab80589670898ef7547df310e185200b353a4","kb_action.hash":"126da7dd7c407cd8276f75587df596a08a1ef6cf"},"50":{"kb_desc":"The IP address tried to get access to a critical URL on your website that is strictly prohibited and known to be targeted by automated attacks. This includes critical admin locations, the built-in registration URL, and the default login and signup PHP scripts. You can disable this behavior in WP Cerber settings.","kb_action":"If this block affects a legitimate user, consider whitelisting the trusted IP address or the trusted network to which the IP address belongs.","kb_sts":["wplogin"],"kb_tags":"","kb_url":"","kb_desc.hash":"bc98918d06dcd3e0c3fc10042d1ccabf5a896ea6","kb_action.hash":"fab7aa84cd38bb717141465fb7314db0ef576c0d"},"51":{"kb_desc":"A user or a computer tried to log in with a username (login) that doesn't exist on your WordPress site. Attempts like this are often signs of a brute-force attack, where an attacker or an automated computer script guesses usernames to gain unauthorized access. WP Cerber stops these attempts and blocks suspicious IP addresses. It's also possible that a legitimate user made a typo when entering their username in the login form.","kb_action":"","kb_sts":"","kb_tags":"","kb_url":"https:\/\/wpcerber.com\/wordpress-login-security\/","kb_desc.hash":"adc538b86ff20aa676bde5a77da01fc9928e1255","kb_action.hash":"da39a3ee5e6b4b0d3255bfef95601890afd80709"},"52":{"kb_desc":"This login attempt was blocked because the username (login) matches one of the prohibited usernames configured in the WP Cerber settings.\r\n\r\nProhibited usernames are typically common usernames like \"admin\" or \"administrator\" which are used in brute-force attacks to gain unauthorized access. WP Cerber automatically blocks login attempts with these usernames to eliminate the risk of unauthorized access by guessing login credentials.","kb_action":"If this behavior affects a legitimate user, consider updating the list of prohibited usernames.","kb_sts":["prohibited"],"kb_tags":"login, prohibited","kb_url":"https:\/\/wpcerber.com\/using-list-of-prohibited-logins\/","kb_desc.hash":"7137807b005781e14192198b6663637b12f3befb","kb_action.hash":"d38013853fb93031772b117ca6b8c3306120f114"},"53":{"kb_desc":"The login attempt was blocked because it failed preliminary security checks. This means WP Cerber or a third-party security system detected something unusual or prohibited about the request. As a result, the attempt was rejected before any user authentication was attempted.","kb_action":"Click the username to view detailed information about the user, including account status, recent activity, and security-related events associated with this user.","kb_sts":"","kb_tags":"","kb_url":"https:\/\/wpcerber.com\/troubleshooting-login-issues\/","kb_desc.hash":"dbae5ea679c1e76bc5a7097d840f5190b550327a","kb_action.hash":"8d58e811d146dc9616a3bbf5dbc2dbb87d37ed06"},"55":{"kb_desc":"WP Cerber identified this request as an attempt to pinpoint flawed software, improper security settings, server misconfigurations, or to uncover known vulnerabilities within your site's software. Such probing is a tactic commonly used by attackers seeking entry points to inject malicious code or gain unauthorized access. WP Cerber proactively detects and blocks these suspicious activities, thereby preventing potential security breaches and ensuring your site remains secure.","kb_action":"If legitimate users or trusted IP addresses are affected, consider configure exceptions in the Traffic Inspector settings. For requests originating from a trusted external web service, consider whitelisting its IP address or configuring a header-based exception.","kb_sts":["tienabled","tiipwhite","tiwhite","tiwhite_header"],"kb_tags":"","kb_url":"https:\/\/wpcerber.com\/traffic-inspector-in-a-nutshell\/","kb_desc.hash":"ae1d0dc12f2c28a963ab2c4c437a505ed79fdcaf","kb_action.hash":"7f1f9b15fa4ff45d34b38d55b1a9bc587097c58e"},"70":{"kb_desc":"","kb_action":"","kb_sts":"","kb_tags":"","kb_url":"","kb_desc.hash":"da39a3ee5e6b4b0d3255bfef95601890afd80709","kb_action.hash":"da39a3ee5e6b4b0d3255bfef95601890afd80709"},"71":{"kb_desc":"An attempt to access your WordPress's XML-RPC API was denied by WP Cerber. The XML-RPC API is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism, allowing remote computers to execute commands on your website. However, it's also a common target for attackers due to its powerful capabilities. \r\n\r\nWP Cerber restricts access to this API as a security measure to prevent unauthorized attempts at exploiting it, which could include brute-force attacks, DDoS attacks, and other malicious activities aimed at gaining unauthorized access or disrupting services.","kb_action":"If legitimate requests to the XML-RPC API are denied, consider whitelisting the trusted IP address or the trusted network to which the IP address belongs.","kb_sts":["xmlrpc"],"kb_tags":"","kb_url":"","kb_desc.hash":"54032fad789201bbb50697c6a8a8bc76c370ea43","kb_action.hash":"789c712a7d285a7d17b9cc150ad8bf379fc6cc60"},"74":{"kb_desc":"An attempt to update a user’s role was blocked by WP Cerber because the user didn’t have the required permissions, the update request failed authentication, or the IP address was flagged as malicious.","kb_action":"","kb_sts":"","kb_tags":"","kb_url":"","kb_desc.hash":"aff83ff1e23188b7e6093427f649282407be6ee9","kb_action.hash":"da39a3ee5e6b4b0d3255bfef95601890afd80709"}},"status":{"10":{"kb_desc":"","kb_action":"","kb_sts":"","kb_tags":"","kb_url":"","kb_desc.hash":"da39a3ee5e6b4b0d3255bfef95601890afd80709","kb_action.hash":"da39a3ee5e6b4b0d3255bfef95601890afd80709"},"13":{"kb_desc":"The request was denied because the IP address was temporarily blocked from accessing your website. This lockout typically results from too many suspicious requests, failed login attempts, or attempts to scan your website for breaches and vulnerabilities, among other malicious activities that triggered WP Cerber's security policies. You can find the exact reason for blocking the IP address in the activity log or on the Lockout tab.","kb_action":"","kb_sts":"","kb_tags":"","kb_url":"","kb_desc.hash":"7947ed0ceffa3128f8f9a05f336ee4704e80889f","kb_action.hash":"da39a3ee5e6b4b0d3255bfef95601890afd80709"},"18":{"kb_desc":"","kb_action":"","kb_sts":"","kb_tags":"","kb_url":"","kb_desc.hash":"da39a3ee5e6b4b0d3255bfef95601890afd80709","kb_action.hash":"da39a3ee5e6b4b0d3255bfef95601890afd80709"},"29":{"kb_desc":"This user account was manually blocked by a website administrator and cannot sign in until the block is removed on the user edit page.","kb_action":"","kb_sts":"","kb_tags":"","kb_url":"https:\/\/wpcerber.com\/how-to-block-wordpress-user\/","kb_desc.hash":"b0779f014ec16d72735081d87e3484db4807cf82","kb_action.hash":"da39a3ee5e6b4b0d3255bfef95601890afd80709"},"33":{"kb_desc":"The user attempting this action does not have the required role or capabilities to complete it.","kb_action":"Check the user role and permissions, or adjust the relevant WP Cerber settings if needed.","kb_sts":"","kb_tags":"","kb_url":"","kb_desc.hash":"3782bc610d32bcc05a7aa54798ee38035e6e1f78","kb_action.hash":"fb78884164a5681ac292a75d12af84976552ee0e"},"34":{"kb_desc":"This means the request was blocked by WP Cerber because it lacked authentication data, such as cookies or access tokens, indicating the user was not logged in or had not provided valid credentials. Authentication cookies may have also expired.","kb_action":"","kb_sts":"","kb_tags":"","kb_url":"","kb_desc.hash":"4c78d4add307ae9b95c45279cdaf791c656f2d39","kb_action.hash":"da39a3ee5e6b4b0d3255bfef95601890afd80709"},"40":{"kb_desc":"It indicates that WordPress had detected and cleared expired, corrupted or altered cookies associated with a user's session. In the context of a WordPress website, cookies are used to manage session information, including authentication details. Those user cookies are verified for every user request sent to your website. While this event can indicate a potential security threats, it's not always a sign of a malicious attempt. Sometimes, it can be triggered by benign issues like browser glitches or outdated session data.","kb_action":"","kb_sts":"","kb_tags":"","kb_url":"","kb_desc.hash":"46897ade88457af3c69d94d3922747a2d8c6e70b","kb_action.hash":"da39a3ee5e6b4b0d3255bfef95601890afd80709"},"55":{"kb_desc":"Another plugin or third-party security system blocked the login attempt before authentication. This action was taken based on its security policies or configured rules for analyzing the login request.","kb_action":"If this behavior is not what you expect, check the settings of any security plugins you're using, especially those that manage user logins or enforce login security checks.","kb_sts":"","kb_tags":"","kb_url":"","kb_desc.hash":"c50dc30e86472f02be6e5e3ffa0d3f52af0ed2f6","kb_action.hash":"f0afbb2bd975675b883c27c09e4f26c3bba192df"},"502":{"kb_desc":"","kb_action":"","kb_sts":"","kb_tags":"","kb_url":"","kb_desc.hash":"da39a3ee5e6b4b0d3255bfef95601890afd80709","kb_action.hash":"da39a3ee5e6b4b0d3255bfef95601890afd80709"}},"reason":{"701":{"kb_desc":"The IP address was blocked because it exceeded the maximum number of login attempts set in the plugin settings. This block is typically indicative of a brute-force attack, where an attacker tries various login and password combinations to gain unauthorized access. To mitigate such attacks, WP Cerber automatically blocks IP addresses that surpass the configured threshold.","kb_action":"If this block is affecting legitimate users too often, you need to adjust the login attempt thresholds in WP Cerber's settings or consider whitelisting the trusted IP address or the trusted network to which the IP address belongs.","kb_sts":["limit_attempts","aggressive"],"kb_tags":"limit,login","kb_url":"https:\/\/wpcerber.com\/wordpress-login-security\/","kb_desc.hash":"21e2781d47096ad6e3b05bd615788a5fb77bfba3","kb_action.hash":"f01883d7bc4533100c057360c0520172c4825b69"},"702":{"kb_desc":"The IP address was blocked due to an attempt to access a URL on your website that is strictly prohibited and known to be targeted by automated attacks. This includes critical admin locations, the built-in registration URL, and the default login and signup PHP scripts. You can disable this behavior in WP Cerber settings.","kb_action":"If this block affects a legitimate user, consider whitelisting the trusted IP address or the trusted network to which the IP address belongs.","kb_sts":["wplogin"],"kb_tags":"","kb_url":"","kb_desc.hash":"c5ce7d73a8739163ad75021e7b80f7a5c57a9a78","kb_action.hash":"fab7aa84cd38bb717141465fb7314db0ef576c0d"},"703":{"kb_desc":"This IP address was blocked after trying to log in with a username (login) that doesn't exist on your WordPress site. Attempts like this are often signs of a brute-force attack, where an attacker is guessing usernames to gain unauthorized access. WP Cerber stops these attempts and block suspicious IP addresses. It's also possible a legitimate user made a typo when entering their username in the login form.","kb_action":"You can disable this behavior in WP Cerber settings or consider whitelisting the trusted IP address or the trusted network to which the IP address belongs.","kb_sts":["limitwhite","nonusers"],"kb_tags":"login, username","kb_url":"","kb_desc.hash":"09f7864572cfe9306e23040cc8d13d6ecd147893","kb_action.hash":"34775796723e0a121c07c43211e3792f4e51a2f9"},"704":{"kb_desc":"The IP address was blocked due to an attempt to log into your WordPress using a username (login) that is prohibited in WP Cerber settings. Prohibited usernames are typically common usernames like \"admin\" or \"administrator\" which are used in brute-force attacks to gain unauthorized access. WP Cerber automatically blocks login attempts with these usernames to eliminate the risk of unauthorized access by guessing login credentials.","kb_action":"If this block affects a legitimate user, consider updating the list of prohibited usernames.","kb_sts":["prohibited"],"kb_tags":"prohibited, login, username","kb_url":"https:\/\/wpcerber.com\/using-list-of-prohibited-logins\/","kb_desc.hash":"13dcf84d6cbf6f2dbd83126c4f64347bb53fa00c","kb_action.hash":"c46fed647098c2d5bc13a4c5aa41a9fbeb3592de"},"705":{"kb_desc":"The IP address was blocked because it exceeded the maximum number of failed attempts at solving reCAPTCHA. Excessive failed attempts typically indicate bot activity, as bots may repeatedly submit forms without successfully completing the reCAPTCHA challenge. This security measure helps protect your site from spam and abuse by blocking traffic that appears to be generated by bots. However, legitimate users might occasionally struggle with reCAPTCHA due to a cluttered or confusing layout on the form, leading to multiple failed attempts.","kb_action":"If legitimate users are affected by this block, consider reviewing the layout of the webpage that contains the protected form and checking the reCAPTCHA settings. Check WP Cerber settings and ensure the validity of the site key and site secrets provided by Google for your website. Additionally, you can disable reCAPTCHA for logged-in users or consider whitelisting the trusted IP address or the trusted network to which the IP address belongs.","kb_sts":["sitekey","secretkey","recaplimit"],"kb_tags":"reCAPTCHA, atnti-spam, spam","kb_url":"https:\/\/wpcerber.com\/how-to-setup-recaptcha\/","kb_desc.hash":"9c52bf391877e8d8babb81cc5f1e7740d739a3de","kb_action.hash":"232ed83953ae5ea3344d5178c69769c420866a07"},"706":{"kb_desc":"The IP address was blocked due to excessive spam requests. This typically includes numerous spam comments or form submissions generated by spam bots. WP Cerber's anti-spam mechanism is designed to identify and block such excessive activity to protect your site from spam.\r\n\r\nIf you see legitimate users are affected, this often indicates false positives, usually due to a conflict with another plugin, commonly a caching plugin. In such cases you need to clear the cache in the caching plugin. Additionally, you can disable WP Cerber’s anti-spam for logged-in users.","kb_action":"For POST requests originating from a trusted web service, consider whitelisting its IP address or configuring a header-based exception.","kb_sts":["botssafe","botsnoauth","botswhite","botswhite_header"],"kb_tags":"anti-spam, bots","kb_url":"https:\/\/wpcerber.com\/antispam-exception-for-specific-http-request\/","kb_desc.hash":"caeff64d2302baf8996e6dd22a81615506bc5eb1","kb_action.hash":"00ac047677448ab9e42aea77215b9db7cdb37fb4"},"707":{"kb_desc":"This IP address was blocked due to the detection of wide range of suspicious activities, identified through continuous monitoring of the security log. Such activities may include unauthorized login and registration attempts, violations of security policies, probing for vulnerabilities, scanning for breaches, and attempts to upload malicious files or submit spam requests. By proactively analyzing the security log, WP Cerber ensures such behaviors are swiftly detected and mitigated to safeguard your site.","kb_action":"","kb_sts":"","kb_tags":"","kb_url":"","kb_desc.hash":"a8bed2b104299400d5a13be6ef505b1fecf4513b","kb_action.hash":"da39a3ee5e6b4b0d3255bfef95601890afd80709"},"708":{"kb_desc":"This IP address was blocked because it was scanning your website for vulnerable code. This behavior involves making specific requests aimed at identifying flawed software, improper security settings, server misconfigurations, or discovering known vulnerabilities within your site's software. Such probing is a common tactic used by attackers to find entry points for injecting malicious code or gaining unauthorized access. WP Cerber detects and blocks these suspicious activities to prevent potential security breaches, keeping your site safe.","kb_action":"If legitimate users or trusted IP addresses are affected, consider configure exceptions in the Traffic Inspector settings. For requests from trusted external web services, consider whitelisting the corresponding IP address or configuring HTTP header-based exceptions.","kb_sts":["tienabled","tiipwhite","tiwhite","tiwhite_header"],"kb_tags":"firewall, request","kb_url":"https:\/\/wpcerber.com\/wordpress-probing-for-vulnerable-php-code\/","kb_desc.hash":"8fd9f88ec54efff165b52059638608633f3c2a0b","kb_action.hash":"212f96163ee0a2f2c121a8e54c7cb670b2401740"},"709":{"kb_desc":"The IP address was blocked because it tried to submit a request containing suspicious code. When someone or another computer sends a request containing POST or GET fields to your website, WP Cerber scans those fields for signs of malware, JavaScript, PHP scripts and other similar executable code. This protective measure is crucial in preventing the execution of unauthorized code, which could lead to data breaches, site defacement, or other security incidents. If you believe this block is a false positive, consider reviewing the Traffic Inspector settings.","kb_action":"If legitimate users or trusted IP addresses are affected, you need to configure exceptions in the Traffic Inspector settings. For requests from trusted external web services, consider whitelisting the corresponding IP address or configuring HTTP header-based exceptions.","kb_sts":["tienabled","tiipwhite","tiwhite","tiwhite_header"],"kb_tags":"firewall, request, malware, traffic inspector","kb_url":"https:\/\/wpcerber.com\/firewall-http-requests-are-being-blocked\/","kb_desc.hash":"860ff98490f2ec83b860950c8bb33c3198328f10","kb_action.hash":"b12e57fb7c4a1589807b1c86d75f74a73f1c95fb"},"710":{"kb_desc":"The IP address was blocked because it tried to upload a file containing suspicious code to your website. When somebody submits a form or another computer sends a request containing files, WP Cerber scans submitted files for signs of malware, scripts, and other harmful code. This protective measure is crucial in preventing the execution of unauthorized code, which could lead to data breaches, site defacement, or other security incidents. If you believe this block is a false positive, consider reviewing the Traffic Inspector settings.","kb_action":"If legitimate users or trusted IP addresses are affected, you need to configure exceptions in the Traffic Inspector settings. For requests from trusted external web services, consider whitelisting the corresponding IP address or configuring HTTP header-based exceptions.","kb_sts":["tienabled","tiipwhite","tiwhite","tiwhite_header"],"kb_tags":"firewall, request, malware, traffic inspector, uploads, upload, file","kb_url":"https:\/\/wpcerber.com\/firewall-http-requests-are-being-blocked\/","kb_desc.hash":"5f1449e33645d3938bbd694c83e7ca9da325d15a","kb_action.hash":"b12e57fb7c4a1589807b1c86d75f74a73f1c95fb"},"711":{"kb_desc":"The IP address was blocked due to a high number of erroneous requests, which are requests that the web server is unable to process, often resulting in error codes starting from HTTP code 400 and above. While some errors could be harmless, stemming from broken links in website menus, others, particularly those triggering server-side errors (HTTP codes 500 and above), might signal attempts by attackers to exploit the server. These could be aimed at extracting sensitive information from error messages or overloading the server with excessive traffic.","kb_action":"If trusted IP addresses are regularly being blocked, adjust the \"Error shielding mode\" to \"Maximum compatibility\" within the Traffic Inspector settings. Similarly, if legitimate users are frequently blocked, consider enabling the \"Ignore logged-in users\" option.","kb_sts":["tierrmon","tierrnoauth"],"kb_tags":"","kb_url":"","kb_desc.hash":"606bbff83eb594b8c70cd30f3d897a5fe95bef25","kb_action.hash":"a7df91029722c4d7f1f004e1b51f12d6c56962f2"},"721":{"kb_desc":"This IP address was blocked because it exceeded the maximum number of attempts allowed for entering the Two-Factor Authentication (2FA) code. This limit is a critical security measure to prevent attackers from brute-forcing the 2FA form and guessing the 2FA code, thereby safeguarding your users' accounts against unauthorized access. This protection ensures that even if a password is compromised, the additional layer of security provided by 2FA remains effective.","kb_action":"","kb_sts":"","kb_tags":"2fa, Two-Factor Authentication","kb_url":"https:\/\/wpcerber.com\/two-factor-authentication-for-wordpress\/","kb_desc.hash":"20bfdcf072b63f05dd1ee422c91481be8c70f1a1","kb_action.hash":"da39a3ee5e6b4b0d3255bfef95601890afd80709"},"725":{"kb_desc":"The IP address was blocked because it exceeded the maximum number of allowed attempts to reset a password using the password reset form. Limiting the number of password reset attempts serves two important purposes: it helps protect user accounts from being compromised through brute-force attempts to guess valid usernames and prevents the abuse of the password reset form, which can be targeted by attackers looking to overwhelm or exploit the web server. This security measure ensures the integrity and safety of user accounts and maintains the overall health of your website.","kb_action":"","kb_sts":"","kb_tags":"","kb_url":"","kb_desc.hash":"e13fe4362ab935d2abe9fdde4cf9ab08b561eef9","kb_action.hash":"da39a3ee5e6b4b0d3255bfef95601890afd80709"}},"settings":{"ds_4acc":{"kb_desc":"","kb_action":"","kb_sts":"","kb_tags":"","kb_url":"","kb_desc.hash":"da39a3ee5e6b4b0d3255bfef95601890afd80709","kb_action.hash":"da39a3ee5e6b4b0d3255bfef95601890afd80709"},"nologinhint_msg":{"kb_desc":"","kb_action":"","kb_sts":"","kb_tags":"","kb_url":"","kb_desc.hash":"da39a3ee5e6b4b0d3255bfef95601890afd80709","kb_action.hash":"da39a3ee5e6b4b0d3255bfef95601890afd80709"}}}}