Security Architecture
Deep-dive explanation of the plugin security defenses, data leakage prevention, and validation layers.
1. Credentials Protection & Encapsulation
Our architectural design prioritizes the protection of high-privilege credentials like API tokens. The plugin implements strict safeguards to protect this sensitive data:
No Credentials Logging
The plugin API client and notification handler are designed to never output, print, or log credentials in transient errors, debug dumps, or administrator emails.
Obscured Admin Fields
Settings fields containing Cloudflare Account IDs and API Tokens are rendered as password input types, preventing credentials visibility on browser screens.
Constants Integration
By defining settings inside wp-config.php using constants, you avoid writing credentials to the database options table entirely, mitigating SQL injection leaks.
2. Access Control Layers
Authorization verification is enforced at 5 different logical checkpoints to block privilege escalation attacks:
- Menu Page Registration: The page registration restricts visibility to users holding the
manage_optionscapability. - Page Render Guard: Before outputting settings or diagnostic forms, the plugin explicitly executes
current_user_can( 'manage_options' )to deny access to unauthorized sessions. - Settings API Validation: The sanitization filter verifies inputs before saving values to database parameters.
- AJAX Request Handlers: Every background diagnostic action enforces capability checks and returns JSON errors on invalid sessions.
- Explicit AJAX Registrations: The plugin does NOT register public-facing
wp_ajax_nopriv_actions, locking AJAX endpoints to logged-in administrators.
3. Locked IP Data Flow Mappings
This flowchart represents the journey of a blocked IP from lockout detection to edge blocking:
Step 1: Local WordPress Lockout
WP Cerber Security detects intrusion attempts and locks out the source IP address.
Step 2: Action Hook Interception
The plugin listens to cerber_ip_locked, capturing the IP address and lockout reason.
Step 3: Verification & Local Cache Check
Sanitizer validates the IP format. The system checks database transients to avoid duplicate API requests.
Step 4: Cloudflare API Request
API Client queries Cloudflare's Account IP list, appending the IP if it does not already exist.
Step 5: Edge Mitigation Active
Cloudflare Firewall intercepts and drops all network requests from the IP before reaching your origin server.