Help
Posted By Gregory

Configuring exceptions for the anti-spam engine


Usually, you need to configure anti-spam exceptions if you use a technology that communicates with your website by submitting forms or sending POST requests programmatically. In such cases, WP Cerber can block legitimate requests because it can recognize them as generated by bots. This leads to false positives, which you can see on the Activity tab. Such log entries are marked as Spam form submission denied.

How to exclude requests from inspection

All anti-spam exceptions are configured on the Anti-spam admin page.

To exclude a specific request (form submission) from inspection by the anti-spam engine, you need to specify a request path and, optionally, a query string (request parameters) in the Query whitelist setting field.

If a request URI starts with or equals any of the specified strings, it will no be inspected and blocked.

To create complex rules, you can use REGEX expressions. Please see further details below.

Some examples

Exception #1 Permits any requests with the Request URI that starts with the specified string e.g. /ps/wc-ajax=whatever_till_the_end

Exception #2 Permits any requests if the Request URI matches the specified REGEX pattern e.g. /file-upload.php?user_id=23432

Anti-spam for WordPress exceptions

Anti-spam for WordPress – configuring exceptions

How to identify the Request URI

Go to the Live Traffic admin page. Find a legitimate request you need to whitelist and take its Request URI from the Request column. If your Request URI contains dynamic GET parameters like on the screenshot below, you may need to use a REGEX expression.

Request URIs on the Live Traffic page in the WordPress dashboard

Request URI on the Live Traffic page in the WordPress dashboard

Regular expressions

Query whitelist supports regular expressions, one pattern per line. To be excluded from inspection, the Request URI must match the whole REGEX pattern.

To specify a REGEX pattern, enclose a whole line in two { } braces. For instance, to exclude requests to a file-upload.php script with a numerical GET parameter user_id containing any number, specify this string:

{\/file-upload\.php\?user_id=\d+$}

Note: to specify the slash / character in a REGEX expression, you need to escape it with backslash \ this way: \/

WordPress anti-spam settings

WordPress anti-spam settings

See also: How to stop spam user registrations on your WordPress

Have any questions?

If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered here: G2.COM/WPCerber.


I'm a software engineer and team lead at Cerber Tech. I started coding in 1993 on IBM System/370 and today software engineering at Cerber Tech is how I make my living.

View Comments
There are currently no comments.