Configuring exceptions for the anti-spam engine
Usually, you need to configure anti-spam exceptions if you use a technology that communicates with your website by submitting forms or sending POST requests programmatically. In such cases, WP Cerber can block legitimate requests because it can recognize them as generated by bots. This leads to false positives, which you can see on the Activity tab. Such log entries are marked as Spam form submission denied.
How to exclude specific requests from inspection
All anti-spam exceptions are configured on the Anti-spam admin page.
To exclude a specific request (form submission) from inspection by the anti-spam engine, you need to specify a request path and, optionally, a query string (request parameters). Configure your exceptions in the Exclude these locations from scanning for spam setting field.
If the request URI starts with or equals any of the specified strings, it is not inspected by the anti-spam engine and so the request is not blocked.
To configure complex anti-spam exceptions, you can use REGEX expressions. Please see the details below.
Some examples
Exception #1 Permits any requests with the Request URI that starts with the specified string e.g. /ps/wc-ajax=whatever_till_the_end
Exception #2 Permits any requests if the Request URI matches the specified REGEX pattern e.g. /file-upload.php?user_id=23432
How to identify the Request URI
Go to the Live Traffic admin page. Find a legitimate request you need to whitelist and take its Request URI from the Request column. If your Request URI contains dynamic GET parameters like in the screenshot below, you may need to use a REGEX expression.
Regular expressions
ou can specify a REGEX pattern in the Exclude these locations from scanning for spam setting field, one pattern per line. The entire Request URI is analyzed to match a REGEX pattern. You can view the full URI of a request on the Traffic Inspector log page.
To specify a REGEX pattern, enclose a whole line in two { } braces. For instance, to exclude requests to a file-upload.php script with a numerical GET parameter user_id
containing any number, specify this string:
{\/file-upload\.php\?user_id=\d+$}
Note: to specify the slash / character in a REGEX expression, you need to escape it with backslash \ this way: \/
How to disable anti-spam on a selected page
To avoid conflicts with third-party forms loaded from an external source and processed on a third-party website, you can configure exceptions for WP Cerber’s anti-spam by disabling its code on selected pages of your website. The list of pages is specified with a PHP constant CERBER_DISABLE_SPAM_FILTER. This constant should be defined in the wp-config.php file. Use a comma-separated string with page (post) IDs. If the list is configured, you see the list of pages on the WP Cerber anti-spam settings admin page. Here is an example of the list definition.
define(
'CERBER_DISABLE_SPAM_FILTER','3, 45');
You need to use this feature if you have HubSpot forms on your website.
See also: How to stop spam user registrations on your WordPress
Have any questions?
If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered on the community forum.
Spotted a bug or glitch?
We’d love to fix it! Share your bug discoveries with us here: Bug Report.