Centrora Secuirty 4.4.0 released

We are delighted to announce that Centrora Security 4.4.0 is released today, core changes include the following:

= 4.4.0 =
* Added: Backup function for database and files for the whole WordPress and Joomla website
* Added: File permission function to change the file permissions of the system
* Fixed: Virus Cronjob cannot be completed in some servers
* Added: Added email for the virus scanning cronjob when the scanning is completed
* Fixed: In Windows server, the IP cannot be added into the database
* Fixed: MainWP addon conflict

File Permissions
File Permissions
Website Backup function
Website Backup function

Enjoy the better security solution for your Joomla and WordPress websites.

Read More

What’s new in Centrora Security 4.3.8?

Centrora Security 4.3.8 is released, what’s new? You will find the virus scanner has more functions. Multi-threads and single threads scanning is available now. The difference of the two scanning method mainly is the former is faster, but may consumes more resources of the server at a specific time. If your server has limited resources, you can use the single-thread scanning method.

Centrora Security 4.3.8 Virus Scanner
Centrora Security 4.3.8 Virus Scanner

Moreover, you now can directly clean, delete, backup or restore all detected files in the scanner report.

Scanner Report in 4.3.8
Scanner Report in 4.3.8

More and more functions will be avaiable in future release! Hope you all enjoy it!

Since 4.3.0, we have made the following changes

= 4.3.8 =
* Fixed: Scanning specific path not working properly on some servers

= 4.3.7 =
* Improved: adjusted maximum threshold function to block an IP address so it will block the IP once it exceeds the threshold instead of blocking the IP in the next time
* Fixed: Fixed Autoloader not working when the firewall is activated globally in the php environment where local php configuration is not allowed
* Added: Added single thread scanning function so the scanning can be performed on some servers with strict database connection requirements.
* Added: Backup, Clean, Delete function in scanning report
* Fixed: Scanning specific path not working properly on some servers

= 4.3.6 =
* Improved: Improved virus scanner
* Added: Added CURL method to download the update package
* Added: Added Backup, Clean, Backup Clean function for virus scanning report
* Added: Added Activation with Activation code function for premium services

= 4.3.5 =
* Added: Added highlight of the virus scanner report
* Improved: Enhance the firewall function to ignore json format request variables

= 4.3.4 =
* Improved: Forced display_errors to be disabled when running the Centrora Firewall for all instances
* Improved: MainWP Extension to support some commercial MainWP addons

= 4.3.3 =
* Improved: Improved MainWP Extension so it checks if the extension is enabled in the Child websites

= 4.3.2 =
* Improved: Changed MainWP Class loaded inside wordpress backend

= 4.3.1 =
* Improved: Improved virus scanner so it can scan a larger amount of files in the system
* Improved: Improved virus scanner for cronjob virus scanning functions
* Fixed: Fixed the Composer class has been declared in some Joomla websites
* Added: Added MainWP Extensions Support
* Improved: Minor CSS style improvement to enhance the UI

Read More

Troubleshooting: Joomla Fabrik Component Conflict

If you are using the Fabrik Component and encounter the following error in the browser console:

This indicates the Fabrik Component System plugin is causing the conflicts with Centrora Security.

To resolve this, please open this file


Find the following lines:

Add the following codes to the plugin

This will sort out the issue.

Read More

Centrora Security Basic Firewall Explanations

Enable Stop Forum Spam Scanning

This will check if the IP address being scanned or the email address being scanned have been detected as spammers from the Stop Forum Spam website.

Block blacklisted methods (Trace / Delete / Track)

Every time a client attempts to connect to your server, it sends a message indicating the type of connection it wishes to make. There are many different types of request methods recognized by Apache. The two most common methods are GET and POST requests, which are required for “getting” and “posting” data to and from the server. In most cases, these are the only request methods required to operate a dynamic website. Allowing more request methods than are necessary increases your site’s vulnerability. Here we are blocking delete and head because they are unecessary, and also blocking trace and track because they violate the same-origin rules for clients. (Reference: Perishable Press)

Checks Malicious User Agent

Blocking hundreds of the worst bots can ensure open-access for normal traffic, major search engines (Google, Bing, et al), good browsers (Chrome, Firefox, Opera, et al), and everyone else. Blocking malicious user agent can help you avoid traffics that are known to be associated with malicious activity

Checks Basic DoS Attacks

This helps prevent your website against the HTTP Flood Attacks at the web application level. Massive crawling / scanning tools, HTTP Flood tools can be detected and blocked if it exceeds the defined thresholds / number of visits to your website in a specific time.

Checks Basic Remote File Inclusion

Remote File Inclusion (RFI) is a type of vulnerability most often found on websites. It allows an attacker to include a remote file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation.

Checks Basic Direct File Inclusion

Direct File Inclusion / Local File Inclusion (LFI) is similar to a Remote File Inclusion vulnerability except instead of including remote files, only local files i.e. files on the current server can be included. The vulnerability is also due to the use of user-supplied input without proper validation. (Reference: WikiPedia)

Checks Basic Javascript Injection

JavaScript injection is a nifty little technique that allows you to alter a sites contents without actually leaving the site. This can be very useful when say, you need to spoof the server by editing some form options. This includes I. Injection Basics, II. Cookie Editing and III. Form Editing

Checks Basic Database SQL Injection

SQL injection is a technique where malicious users can inject SQL commands into an SQL statement, via web page input. Injected SQL commands can alter SQL statement and compromise the security of a web application.

Detect Directory Traversal

A directory traversal (or path traversal) consists in exploiting insufficient security validation / sanitization of user-supplied input file names, so that characters representing “traverse to parent directory” are passed through to the file APIs. (Reference: WikiPedia)

Block Queries longer than 255 characters

Queries that are more than 255 characters long can use a lot of resources and slow your site down for legitimate users.  Usually queries longer than 255 characters have “eval” or “base64″ methods in it. This is very likely that the codes are looking for a way to inject script on your site that could create a backdoor, launch spam or some other malicious activity.

Read More

New Affiliate Portal Page Released

Banner Creation

We are happy to announce that a new affiliate portal page with affiliate banner design tool is released for your convenience to promote our security products. To use the new function, just simply log in our Affiliate Page, select a subscription plan and banner size you like, and the banner codes will be generated to function in your website.

Please note that we offer 35% commission on recurring purchase base,  get your money now.

Read More

New Subscription Packages are Released

Centrora Security Subscription Packages

To meet your diversified needs for web protection and help you manage your subscription plans, we have set up two new subscription package:

Buy one get one free sale is on going for Developer Package.


Read More