New shortcode to display WP Cerber’s cookies

Using the new shortcode you can display a list of browser cookies set by WP Cerber. See several examples below. All attributes are optional. You can use any combination of them.

Deferred rendering of the custom login page

If it is enabled, the active WordPress plugins can execute their code to alter the custom login page before WP Cerber. WP Cerber’s code is invoked and executed after those plugins. This new feature can help you if you need to solve plugin compatibility issues. Read more here.

Minor changes

• The scanner: the file status “Local file doesn’t exist” changed to “File is missing” and got a popup explanation.
• The style of the scanner email reports has been improved.

Bug fixes

• Fixed bug with displaying the status of an IP address on the Activity and Live Traffic admin pages: if an IP address is locked out (blocked), the red square icon is not displayed in the log row.
• Fixed bug: if the name of a commercial plugin contains a special HTML symbol like ampersand, it cannot be uploaded to verify the integrity of the plugin.

Those cookies allow WP Cerber to distinct logged in users and non-logged in visitors as well as search engine bots and spammers. Based on the set of cookies in a request, WP Cerber restricts access to protected areas, the login form, and the WordPress dashboard.

What data cookies contain

Cookies contain randomly generated alphanumeric values. No personal data is used.

How many cookies WP Cerber sets

The number is random and in general, it depends on the plugin configuration. Usually, it’s 2 to 6 cookies.

How to identify cookies set by WP Cerber

If an applicable privacy law or a user consent policy requires you to list cookies, specify the unique cookies’ prefix in the plugin settings, and use it as a unique cookies identifier.

Cookie prefix

You can specify any alphanumeric prefix for WP Cerber cookies you need. For instance “alpha_”. The configuration setting is located on the Main Settings admin page in the “Site-specific settings” section.

Displaying WP Cerber cookies on a website page

To get your website fully compliant with GDPR, you might need to display all cookies on a cookie consent page. Using a WordPress shortcode you can display a list of browser cookies set by WP Cerber. See several examples below. All attributes are optional. You can use any combination of them.

No user consent is necessary

You don’t need to obtain user consent because WP Cerber’s cookies are strictly necessary and no natural person is associated with the cookies.

How to be in compliance with data privacy laws

The features below give you full control of personal data if it was logged by WP Cerber and help your organization to be in compliance with data privacy laws such as GDPR in Europe or CCPA in California.

Exporting personal data
Deleting personal data

To start using a personal data erase feature in WP Cerber, you need to enable it in the plugin settings. Go to the User Policies admin page and click the Global tab. Scroll to the Personal Data section. Click Enable data erase. If the privacy law under what personal data on your website is being processed threats IP addresses as personal data (like GDPR does), you need to enable “Delete user sessions data when users data is erased”. You should do that because WordPress stores users’ IP addresses in a session record which is created when a user logs into a website. The standard WordPress erase tool doesn’t delete these IP addresses.

Using the WordPress Erase Personal Data tool

Once you’ve enabled the erase feature, you can use the WordPress Erase Personal Data tool which is located under the Tools / Erase Personal Data menu.

What data is deleted

Once a request to delete personal data has been added and processed by a website admin, WP Cerber finds a WordPress user with the email address provided in the request. If the user is found, all the entries in the Cerber’s log relating to the user are deleted when you click the Erase Personal Data button. If “Delete user sessions data when users data is erased” is enabled, all user sessions will be terminated and all sessions data will be deleted as well.

How to empty WP Cerber’s log tables

There is an alternative way that enables you to completely erase all data in the log tables, read more: How to clean up the activity and live traffic logs

How to block a user

Once you’ve erased the personal data of a user, you can block the user to prevent them from logging in and processing their personal data again.

Recommended settings for GDPR

Enable both settings: “Enable data erase” and “Terminate user sessions”.

What versions of software you need

The tool described above is available since WordPress 4.9.6 and WP Cerber 8.5.8

Does WP Cerber plugin process personal data in a cloud?

The WP Cerber plugin doesn’t send to or process personal data in any cloud. We take your privacy, privacy your users and our reputation very seriously. We’re a firm believer that any personal data or sensitive technical information cannot be processed or stored on our servers.

What’s next

Exporting personal data
WP Cerber’s cookies explained

To start using a personal data export feature in WP Cerber, you need to enable it in the plugin settings. Go to the User Policies admin page and click the Global tab. Scroll to the Personal Data section. Click Enable data export and select what type of data from the Cerber’s logs you want to be included in the export files. You have to configure these settings before processing export requests and creating export files. Keep in mind that these export files are available to download by anyone who has a download link.

Using the WordPress Export Personal Data tool

Once the export is enabled, you can use the WordPress Export Personal Data tool which is located under the Tools / Export Personal Data menu. All personal data will be included in the export file automatically. If personal data were logged, a file will contain two non-empty sections: “Activity log” and “Traffic log”.

What data is exported

Once a request to export personal data has been added and processed by a website admin, WP Cerber finds a WordPress user with the email address provided in the request. If the user is found, all the entries in the Cerber’s log relating to the user are included in the export file. If there is no WordPress user associated with the email address in the request, no data are included in the export file.

The type and amount of data to be included in the export file are depend on the plugin’s settings. You need to configure them depending on under what law (such as GDPR in Europe or CCPA in California) personal data on your website is being processed.

Also, note that if the logging of requests is disabled in the Traffic Inspector settings, nothing from the requests log is included in an export file. As well as submitted form fields are not included if saving request fields is disabled.

The format of the data

The export file is generated and compressed to a ZIP archive by WordPress. All entries that are generated by WP Cerber have the JSON format, which is universal and can be read or/and decoded with easy. This format is used because the personal data export feature is limited by WordPress to using plain text only. In case you need to get an export file in the CSV format, you need to use the WP Cerber Export feature instead, read more below.

Recommended settings for GDPR

You need to enable all settings in the Personal Data section.

Troubleshooting

If you see the following error when you click Download Personal Data on the Tools / Export Personal Data admin page, reload the page using the F5 key on PC or Command + R keys on Mac.

An error occurred while attempting to export personal data. Exporter index is out of range.

An alternative way to export user-related data

Is using the Export feature on the Activity tab and Live Traffic page.

What versions of software you need

The tool described above is available since WordPress 4.9.6 and WP Cerber 8.5.8

Does WP Cerber plugin process personal data in a cloud?

The WP Cerber plugin doesn’t send to or process personal data in any cloud. We take your privacy, privacy your users and our reputation very seriously. We’re a firm believer that any personal data or sensitive technical information cannot be processed or stored on our servers.