Spam form submission denied / Bot detected /wp-admin/admin-ajax.php

General Support
1

I am unsure what and why this is happening

We are askingf or everyone to be logged into the website and also asking people to reset their password

but so many are getting locked out - with RID and when inspecting that I see

IP blocked Excessive spam activity detected
Spam form submission denied Bot detected
/wp-admin/admin-ajax.php
Spam form submission denied Bot detected
/wp-admin/admin-ajax.php
Password changed
/my-account/lost-password/
Password reset requested
/my-account/lost-password/
cescagarton@hotmail.com
Spam form submission denied Bot detected
/wp-admin/admin-ajax.php
Spam form submission denied Bot detected
/wp-admin/admin-ajax.php
Spam form submission denied Bot detected
/wp-admin/admin-ajax.php

so it seems that they are being detected as a BOT first - then a password reset and a login and they are locked out …

Can someone explain why the /wp-admin/admin-ajax.php is shwoing as a BOT and why it keeps displaying ?

We don’t have any additional login features etc plain woo and wordpress

I have removed - Protect all forms on the website with bot detection engine - for now as that seemed to make things worse

do I make /wp-admin/admin-ajax.php from Exclude these locations from scanning for spam - seems a worrying thing to do

but this happens with a good 20% of customers?

Looking to work out what and why and then of course how to resolve - as customers just see “locked out” message rather than anything meaningful

Thank you
Sarah

2

Hi Sarah,

The issue seems to be WP Cerber aggressively detecting /wp-admin/admin-ajax.php as bot activity, which affects password resets and logins. This happens because WP Cerber’s anti-spam engine is blocking form submissions, causing legitimate users to get locked out.

Adjust lockout thresholds:

  • Increase “Threshold for Lockouts” (e.g., from 3 to 6 attempts).
  • Reduce ban time (e.g., from 60 mins → 15 mins).

/wp-admin/admin-ajax.php" is a sensitive file often targeted by bots. WP Cerber’s anti-spam engine is powerful, so adjust its settings carefully. Test as a normal user (without a whitelisted IP) and monitor the logs in real time to see what is being blocked.

Disable excessive form protection:

  • WP Cerber → Hardening → Form Protection → Disable “Protect all forms on the website with bot detection engine”.
  • Alternatively, enable Google reCAPTCHA instead.

Exclude critical paths from spam checks:

  • Go to WP Cerber → Anti-Spam → Exclusions and add
  • /wp-admin/admin-ajax.php
    /my-account/lost-password/
    /my-account/

Be careful with this option: excluding or disabling the anti-spam filter means that connections will only be filtered based on WP Cerber’s engine rules.

Since admin and user logs are heavily used by WordPress for login and WooCommerce, fine-tuning WP Cerber is necessary to balance strong security with proper access. Depending on the project, it requires some testing to find the right configuration

There is no actual error, but rather a configuration that does not align well with user behavior. Adjusting the settings slightly to be more flexible should help improve accessibility without compromising security.

3

Thank you very much for a detailed but simple to understand reply

and yes I knew Cerber was doing what it should but I was not sure how to calm it down somewhat!

I have made a few tweaks and will monitor

thank you