Traffic Inspector in a nutshell
Traffic Inspector is a specialized request inspection algorithm that acts as an additional protection layer for your WordPress commonly known as firewall
Traffic Inspector constantly screens all suspicious requests and blocks them before they can harm a website. This security algorithm is enabled by default and in the vast majority of cases requires no configuration. It is improved based on the knowledge we get during analyzing attempts to break-in and hacker attacks in our Cerber Lab.
If Traffic Inspector is enabled, the plugin filter out and inspects potentially harmful requests only. Those are included form submissions, requests with GET and POST parameters, requests to PHP scripts. The plugin doesn’t inspect ordinary requests like a normal visitor browser does or search engine crawlers do. That’s why traffic inspection does not slow down website performance or affects your website’s SEO ranking and indexation in a way.
The plugin doesn’t inspect admin dashboard requests as well as WordPress cron and WP CLI requests.
If the plugin detects a malicious or a possible harmful request, the IP will be blocked, the execution of the request will be aborted and the 403 Access Forbidden response will be generated. The event will be logged to the Activity log and if the traffic logging is not disabled, to the traffic log.
How to exclude a request from inspection?
Sometimes, especially when you have a customized WordPress environment, you might need to permit access to a particular PHP script without inspection by the plugin. In this case, if the plugin recognizes and marks a legitimate request as “Probing for vulnerable PHP code”, you have to specify an exception.
Read more: I’m getting “Probing for vulnerable PHP code”.
Alternatively, you can permit all requests from a particular IP address:
- Add an IP address you trust to the White IP Access List
- Go to the Traffic Inspector Settings page and enable Use White IP Access List
Live traffic view and logging
Traffic Inspector not only inspects suspicious HTTP requests but also can optionally log them, so you can inspect them manually. It uses a carefully crafted high performance logging engine.
Is it possible that the logging slows down website performance? In rare circumstances it’s possible on a free hosting with slow database if the logging All traffic is enabled, Ignore search engine crawlers is disabled and Saving requests fields is enabled.
The most optimal and recommended logging mode is Smart.
What traffic is logged when Smart logging mode is enabled?
- All logged in (authorized) users requests
- If a particular activity has been detected and logged to the Activity log.
- Requests with non-default, WordPress GET parameters
- Form submissions (POST requests)
- XML-RPC and REST API requests
- Any request that generates an error HTTP code (400 and higher)
- Search requests
- Requests to a PHP script that doesn’t exist or loads WP environment programmatically.
Note: the plugin doesn’t log standard admin dashboard requests including scheduled tasks (/wp-cron.php) and AJAX requests (/wp-admin/admin-ajax.php).
How to disable traffic logging
To completely turn off the logging set Logging mode to Logging disabled.
How to disable Traffic Inspector
To completely turn off the inspection go to the Traffic Inspector Settings page and disable Enable traffic inspection. Note: it’s not recommended, you just turn off an essential protection layer for your WordPress. If you come across some issue with some php script, use the Request whitelist setting as described above.
How to exclude passwords or any other sensitive information from logging
The Cerber Security plugin always masks the password field on the default WordPress login form and the following form fields: ‘pwd’, ‘pass’, ‘password’. If you’ve enabled saving form fields to the log (Save request fields is enabled) and you use a plugin that generates the login page like some membership plugins do, you have to add the name of the password field(s) to the Mask these form fields field on the Traffic Inspector settings page. Before saving to the WordPress DB these fields are filled with asterisks and sensitive data are not saved. That prevents user passwords compromising in case of any data leaking.
How to delete all Traffic Inspector log records
To completely delete all Traffic Inspector log records you need to manually clean up just one table in the WordPress DB. That’s easy. Go to the Tools / Diagnostic admin page. In the Database info section find the following title: Table: cerber_traffic, rows: xxxx. Click the Delete all rows button next to it. Note: this operation cannot be rolled back.
Check out other WordPress security How to’s
Last posts from WordPress security blog
- The size of database is big and it keeps growing April 16, 2019
- WP Cerber Security 8.2 April 15, 2019
- WP Cerber Security 8.1 March 6, 2019
- How to protect WordPress effectively: a must-do list March 1, 2019
- WP Cerber Security 8.0 February 20, 2019