Help
Posted By Gregory

I’m getting “Probing for vulnerable PHP code”


If you encounter a problem getting multiple events “Probing for vulnerable PHP code” with a particular URL and this behavior affects some legitimate website functionality, this article helps you to solve this issue quickly.

Usually, you can come across this situation if you use a WordPress plugin with flawed code or your active WordPress theme adds malformed links to the public pages of your website. On a rare occasion, this can happen if your website has been moved from a set of old PHP pages to WordPress, and you have some redirect rules that redirect visitors and search engines to new website pages.

There are two ways to solve this issue with easy

  1. You can permit requests to a specific URL to bypass Traffic Inspector security rules.
  2. You can permit requests from all whitelisted IP addresses to bypass Traffic Inspector security rules.

Note: you don’t need to do anything if blocked requests are generated by Googlebot or other crawlers and indexing bots. Why? Because those lockouts do not affect crawling and indexing normal website pages.

How to exclude requests from inspection by URL

To exclude requests to a specific URL from inspection, use the Request whitelist setting field that is located on the Traffic Inspector Settings admin page.

In this field, you need to enter a request string without any website domain and any query string parameters (GET parameters). In other words, you need to take a piece of the URL that starts right after the website domain name and ends on a question mark if it’s present. You can specify as many exceptions (one per line) as you need.

Take a look at this example. For instance, you need to exclude from inspection all requests with legitimate URL like this: https://wpcerber.com/some-path/some-script.php?something=123. In this case, you need to add the following string: /some-path/some-script.php to the Request whitelist field.

Traffic Inspector Whitelist for WordPress

Request whitelist supports regular expressions, one pattern per line. To specify a REGEX pattern, enclose a whole line in two { } braces.

For instance to exclude all requests to all pages with the .shtml extension use this string: {.+\.shtml$} and to exclude all requests to old website pages with the .php extension use this string: {.+\.php$}

Note: to specify the slash / character in a REGEX expression, you have to escape it with the backslash \ this way: \/

How to exclude requests from inspection by IP address

Instead of whitelisting a specific URL, you can permit and exclude from inspection all requests from a specific IP address or network. You can do this in two simple steps:

  1. Add an IP address you trust to the White IP Access List
  2. Go to the Traffic Inspector Settings page and enable Use White IP Access List

Why you get “Probing for vulnerable PHP code”

A request has been inspected and identified as harmful for WordPress by Cerber’s web application firewall (WAF) called Traffic Inspector.

See other tips: Traffic Inspector and logging how to

What’s the WP Cerber Security, anyway? It’s a complete and always improving security solution for WordPress which is evolved from a simple yet effective limit login attempts plugin.

Last posts from WordPress security blog


I'm a team lead in Cerber Tech. I'm a software & database architect, WordPress - PHP - SQL - JavaScript developer. I started coding in 1993 on IBM System/370 (yeah, that was amazing days) and today software engineering at Cerber Tech is how I make my living. I've taught to have high standards for myself as well as using them in developing software solutions.

View Comments
There are currently no comments.