Some legitimate HTTP requests are being blocked
Protecting your website, during its normal operations, WP Cerber inspects all incoming requests to the website and blocks suspicious and harmful ones. On rare occasions, WP Cerber might erroneously block legitimate requests and prevents the website from functioning correctly. If you see that WP Cerber’s security algorithms affect some website functionality, please follow the next steps.
What can cause those blocks
If you see legitimate requests that were denied as “Probing for vulnerable PHP code”, follow these steps: How to exclude requests from inspection by the Traffic Inspector firewall.
There are two security subsystems in the plugin that screen and filter all inbound requests: the web application firewall which is called Traffic Inspector and the WP Cerber’s Anti-spam engine. To find out the root cause of your issue, disable Traffic Inspector and check the behavior of the plugin with those requests. If requests are still being blocked, disable “Protect registration form with bot detection engine” and “Protect all forms on the website with bot detection engine” on the Antispam settings page.
If you identify the Traffic Inspector firewall as the cause: How to exclude requests from inspection by Traffic Inspector.
If you identify the Antispam engine as the cause: Configuring HTTP request exceptions for the antispam engine.
If disabling/enabling settings above doesn’t help or isn’t suitable for you
First of all, enable traffic logging on the Traffic Inspector settings page. Then check the Activity tab for those legitimate requests that were blocked. Once you’ve found them check the logged events. You should see one of these:
If you’re getting Probing for vulnerable PHP code, follow this: How to exclude requests from inspection by Traffic Inspector
If you’re getting Spam form submission denied, follow this: Configuring HTTP request exceptions for the antispam engine