Posted By Gregory

I’m getting “Probing for vulnerable PHP code”

If you encounter a problem getting multiple events “Probing for vulnerable PHP code” with a particular URL and this behavior affects some legitimate website functionality, this article helps you to solve this issue quickly. Usually, you can come across this situation if you use a poorly designed WordPress plugin or your active WordPress theme adds malformed links to the public pages of your website. On a rare occasion, it can happen if a website has been moved from an old set of plain PHP pages to WordPress.

The solution is easy: you can permit requests to a specific URL to bypass Traffic Inspector security rules.

Note: you don’t need to do anything about it if the blocked requests are generated by Googlebot or other crawlers and indexing bots. Why? Because lockouts do not affect crawling and indexing normal website pages.

How to exclude requests from inspection

To exclude requests to a specific URL from inspection, use the Request whitelist setting field that is located on the Traffic Inspector Settings admin page.

You need to specify a query string without the website domain and query string parameters (GET parameters). In other words, you need to take a piece of the URL that starts right after the domain name and ends on a question mark if it’s present. You can specify as many exceptions (one per line) as you need.

Take a look at this example. For instance, you need to exclude from inspection all requests with legitimate URL like this: In this case you need to add the following string: /some-path/some-script.php to the Request whitelist field.

Traffic Inspector Whitelist for WordPress

Request whitelist supports regular expressions, one pattern per line. To specify a REGEX pattern, enclose a whole line in two { } braces. For instance to exclude all requests to all pages with the .shtml extension use this string: {.+\.shtml$} and to exclude all requests to old website pages with the .php extension use this string: {.+\.php$}

Note: to specify the slash / character in a REGEX expression, you need to escape it with the backslash \ this way: \/

Alternatively, you can permit all requests from a particular IP address. Do this in two simple steps:

  1. Add an IP address you trust to the White IP Access List
  2. Go to the Traffic Inspector Settings page and enable Use White IP Access List

Why you get “Probing for vulnerable PHP code”

A request has been inspected, identified as harmful for WordPress by the plugin’s firewall. So it’s denied by Traffic Inspector.

See other tips: Traffic Inspector and logging how to

What’s the Cerber Security, anyway? It’s a complete security solution for WordPress which is evolved from a simple yet effective limit login attempts plugin.

Last posts from WordPress security blog

I'm a team lead in Cerber Tech. I'm a software & database architect, WordPress - PHP - SQL - JavaScript developer. I started coding in 1993 on IBM System/370 (yeah, that was amazing days) and today software engineering at Cerber Tech is how I make my living. I've taught to have high standards for myself as well as using them in developing software solutions.

View Comments
There are currently no comments.