How to avoid blocking of legitimate requests
Protecting your website, during its normal operations, WP Cerber inspects all incoming requests to your website and blocks suspicious and harmful ones. On rare occasions, WP Cerber might erroneously block legitimate requests and prevents the website from functioning correctly.
If you see legitimate requests that are denied as “Probing for vulnerable code”, follow these steps: How to exclude requests from inspection by the Traffic Inspector firewall.
What part of WP Cerber can block those requests
WP Cerber has two security subsystems that screen and filter all inbound requests: the first one is a web application firewall called Traffic Inspector, and the second one is the Anti-spam engine.
How to identify which one of them
To find out the root cause of the issue, disable traffic inspection in the Traffic Inspector settings, and check if WP Cerber still blocks those requests. If requests are not blocked anymore, you need to turn on traffic inspection and adjust the Traffic Inspector settings as described here: How to exclude requests from inspection by Traffic Inspector.
If requests are still being blocked, turn on traffic inspection and disable “Protect registration form with bot detection engine” and “Protect all forms on the website with bot detection engine” on the Anti-spam settings page. Try to reproduce the issue and check if WP Cerber still blocks those requests. If requests are not blocked anymore, adjust anti-spam settings as described here: Configuring exceptions for the anti-spam engine.
An alternative way
First of all, enable traffic logging on the Traffic Inspector settings page. Then reproduce the issue and open the Live Traffic log page. Find legitimate requests that were blocked. Once you’ve found them check the reason why they were blocked. You should see one of these:
If you see Probing for vulnerable code, follow those steps: How to exclude requests from inspection by Traffic Inspector
If you see Spam form submission denied, follow those steps: Configuring exceptions for the antispam engine
Have any questions?
If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered here: G2.COM/WPCerber.