Disable the 404 Page on some .php files

When the "Block 404 requests on PHP files" module in the "Firewall" tab is enabled, it redirects people who try to access hidden or malicious PHP files to a 404 page error not found.

Whether the file exists on your server or not, they will never get any info about it, only a 404 page.

It may happen that you need to keep access to some specific .php urls on a site.

Example : A site formerly with .php urls (https://example.com/my-great-article.php) indexed by Google but under WordPress now with rewritten urls (https://example.com/my-great-article)

In order to avoid losing SEO, it is necessary that these .php urls do not become 404 but are redirected to their new url with a rule in .htaccess like this:
Redirect 301 /my-great-article.php/ /https://example.com/my-great-article/

Since SecuPress v2.1 we have added a filter hook named secupress.plugins.ban_404.bypass to bypass the blocking on urls of your choice. In FTP in the functions.php file of your child theme, or in plugin add the filter this way:

add_filter( 'secupress.plugins.ban_404.bypass', function( $result, $url ) {
if ( ( 'https://example.com/my-great-article.php' === $url ) ) {
		return true;
	return $result;
}, 10, 2 );