PHP Injection Blocked

What It Means

This request attempted to manipulate PHP language features to attack your application.

Why It Matters

PHP injection attacks can exploit PHP-specific functions to execute arbitrary code on your server, read sensitive files, or take control of your application. Even non-PHP applications are targeted, as attackers often scan broadly without knowing what language a site uses.

Common Triggers

Requests containing PHP code patterns, references to PHP wrapper protocols (like php://input), or attempts to manipulate PHP configuration through request data. These are almost always automated scans.

What To Do

These blocks indicate automated scanning for PHP vulnerabilities. They are nearly always malicious and safe to leave blocked. No action is typically required.