Help
Posted By Gregory

Legitimate requests are being blocked


Protecting your website, during its normal operations, WP Cerber inspects all incoming requests to your website and blocks suspicious and harmful ones. On rare occasions, WP Cerber might erroneously block legitimate requests and prevents the website from functioning correctly.

If you see legitimate requests that are denied as “Probing for vulnerable code”,  follow these steps: How to exclude requests from inspection by the Traffic Inspector firewall.

What can block those requests

WP Cerbe has two security subsystems that screen and filter all inbound requests: the first one is a web application firewall which is called Traffic Inspector and the second one is Cerber’s Anti-spam engine.

How to identify which one of them

To find out the root cause of the issue, disable traffic inspection in the Traffic Inspector settings, and check if WP Cerber still blocks those requests. If requests are not blocked anymore, you need to turn on traffic inspection and adjust the Traffic Inspector settings as described here: How to exclude requests from inspection by Traffic Inspector.

If requests are still being blocked, turn on traffic inspection and disable “Protect registration form with bot detection engine” and “Protect all forms on the website with bot detection engine” on the Anti-spam settings page. Try to reproduce the issue and check if WP Cerber still blocks those requests. If requests are not blocked anymore, adjust anti-spam settings as described here: Configuring exceptions for the anti-spam engine.

An alternative way

First of all, enable traffic logging on the Traffic Inspector settings page. Then reproduce the issue and open the Live Traffic log page. Find legitimate requests that were blocked. Once you’ve found them check the reason why requests were blocked. You should see one of these:

If you see Probing for vulnerable code, follow those steps: How to exclude requests from inspection by Traffic Inspector

If you see Spam form submission denied, follow those steps: Configuring exceptions for the antispam engine

Have any questions?

If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered here: G2.COM/WPCerber.


I'm a team lead in Cerber Tech. I'm a software & database architect, WordPress - PHP - SQL - JavaScript developer. I started coding in 1993 on IBM System/370 (yeah, that was amazing days) and today software engineering at Cerber Tech is how I make my living. I've taught to have high standards for myself as well as using them in developing software solutions.

View Comments
There are currently no comments.