Posted By Gregory

I’m getting “Probing for vulnerable PHP code”

During its normal operations, the WP Cerber’s firewall inspects all incoming requests to your website and blocks suspicious and harmful ones. It’s normal to see requests marked as “Probing for vulnerable PHP code”. Nowadays they occur regularly and mean the firewall recognized a request as malicious and denied it. You can see them when bots and cybercriminals scan your website for breaches and vulnerabilities in plugins and themes.

On rare occasions, the firewall might erroneously block legitimate requests. If you encounter a problem getting multiple events “Probing for vulnerable PHP code” with a particular URL and this behavior affects some website functionality, this article helps you to solve this issue quickly.

Usually, you might come across this situation if you use a WordPress plugin with flawed code, or your active WordPress theme adds malformed links to the public pages of your website. On a rare occasion, this can happen if your website has been moved from a set of old PHP pages to WordPress, and you have some redirect rules that redirect visitors and search engines to new website pages.

There are two easy ways to solve this issue

  1. You can permit requests to a specific URL to bypass Traffic Inspector security rules.
  2. You can permit requests from the whitelisted IP addresses to bypass Traffic Inspector security rules.

Note: you don’t need to do anything if those blocked requests are generated by Googlebot or other crawlers and indexing bots. Why? Because those lockouts do not affect crawling and indexing normal website pages.

How to exclude requests from inspection by specifying an URL

To exclude requests to a specific URL on your website from inspection, use the Request whitelist setting field that is located on the Traffic Inspector Settings admin page.

In this field, you need to enter a request string without any website domain and any query string parameters (GET parameters). In other words, you need to take a piece of the URL that starts right after the website domain name and ends on a question mark if it’s present. You can specify as many exceptions (one per line) as you need.

Take a look at this example. For instance, you need to exclude from inspection all requests with a legitimate URL like this: In this case, you need to add the following string: /some-path/some-script.php to the Request whitelist field.

Traffic Inspector Whitelist for WordPress

Request whitelist supports regular expressions, one pattern per line. To specify a REGEX pattern, enclose a whole line in two { } braces.

For instance to exclude all requests to all pages with the .shtml extension use this string: {.+\.shtml$} and to exclude all requests to old website pages with the .php extension use this string: {.+\.php$}

Note: to specify the slash character / in a REGEX expression, you have to escape it with the backslash \ this way: \/

How to exclude requests from inspection by a whitelisted IP address

Instead of whitelisting a specific URL, you can permit and exclude from inspection all requests from a specific IP address or network. You can do this in two simple steps:

  1. Add an IP address you trust to the White IP Access List
  2. Go to the Traffic Inspector Settings page and enable Use White IP Access List

Why you see “Probing for vulnerable PHP code”

A request has been inspected and identified as harmful for WordPress by Cerber’s web application firewall (WAF) called Traffic Inspector.

What’s the WP Cerber Security, anyway? It’s a complete and always improving security solution for WordPress which is evolved from a simple yet effective limit login attempts plugin.

Last posts from WordPress security blog

I'm a team lead in Cerber Tech. I'm a software & database architect, WordPress - PHP - SQL - JavaScript developer. I started coding in 1993 on IBM System/370 (yeah, that was amazing days) and today software engineering at Cerber Tech is how I make my living. I've taught to have high standards for myself as well as using them in developing software solutions.

View Comments
There are currently no comments.