Aegisify Help Center

How can we help you?
Help Center2026-02-16T06:52:30+00:00

User Guide

User Guide

User Guide

User Guide

User Guide

User Guide

User Guide

User Guide

frequently asked questions

(No Gimmicks, No CC,No Commitment, Free Features, Stay Free If You Prefer!)

What is Aegis Shield Security?2025-12-13T23:17:26+00:00

A WordPress security plugin built to run efficiently on shared hosting, providing defensive controls, hardening, monitoring/logging, security header enforcement, malware/integrity tooling, login protection, and database tools from inside WP Admin.

External disposable list URL2026-01-13T00:54:52+00:00

Feature

External disposable list URL — Optionally fetch a disposable email domain list from a URL (requires external calls).

How it works

If enabled, AegisSpamGuard downloads a list periodically and caches it. This improves coverage beyond the built-in local list.

How to access / enable

  1. WP Admin → AegisSpamGuard → Settings
  2. Identity module settings
  3. Set external list URL and enable the toggle.

Recommended setting

Recommended: Leave OFF if “No external calls” is ON; otherwise enable only from trusted sources.

External lists can add coverage but introduce network dependency—use only if you trust the source and caching works on your host.

Why you need this

Use caching intervals to reduce bandwidth and avoid timeouts.

Additional information

REST abuse protection2026-01-13T00:54:52+00:00

Feature

REST request abuse protection — Scores suspicious REST requests to reduce spam and automated abuse of WordPress endpoints.

How it works

The engine inspects request context, headers, and patterns. Depending on your configuration, it can apply scoring and rate-limit or block abusive requests.

How to access / enable

  1. WP Admin → AegisSpamGuard → Settings
  2. Enable REST protection (if available).
  3. Tune firewall/velocity thresholds for best results.

Recommended setting

Recommended: Enabled on public sites with heavy bot traffic.

REST endpoints are commonly probed; early scoring and rate-limiting reduces load and abuse.

Why you need this

Admins protect site performance and reduce automated scanning noise.

Additional information

Max Login Attempts2026-01-13T03:03:26+00:00

Description: Sets how many failed login attempts are allowed before a lockout triggers.

How it works: Login Guard increments a counter on failed authentication and locks out when the counter reaches max_attempts.

How to access / configure:

  1. WP Admin → AegisShield → Login Guard.
  2. Find “Max Attempts”.
  3. Set the value and Save Changes.

Recommended setting: Use 3–5 for most sites; use 3 if the site is frequently attacked.

Extended Retention2025-12-13T22:35:28+00:00

FREE: Not available.

PRO: Available.

What it does: Retains logs for long-term forensics.

How to use it properly: Enable for compliance or long-term investigations.

Scan Directories Selection2026-01-13T03:03:26+00:00

Description: Choose which directories are included in malware scanning.

How it works: scan_dirs/directories settings determine which paths are traversed during a scan for performance and relevance.

How to access / configure:

  1. WP Admin → AegisShield → Malware Scan.
  2. Select directories to scan.
  3. Save (if applicable) and run scan.

Recommended setting: Always include plugins and themes; include uploads on sites that allow uploads or have been compromised before.

Enable Robots.txt Management2026-01-13T01:16:47+00:00

Description: Enables robots.txt control inside WordPress.

Logic: Robots rules are generated dynamically and served virtually or physically.

Access: WP Admin → AegisSitemap → Robots → Enable Robots.

Recommendation: Enable unless managed externally.

Setup Wizard: Social Profiles (Master List)2026-01-12T23:35:54+00:00

Description

Stores social profile URLs for schema and social meta defaults.

How it works

Saves social profiles and outputs sameAs links in schema.

How to access / enable

Setup Wizard → Social URLs → Save.

Recommended setting

Only add profiles you actively maintain.

ShortURL Actions: Delete2026-01-13T00:42:26+00:00

Description: Delete removes the short link so the slug no longer resolves on your site.

How it works: AegisLink deletes the short link post after nonce verification to prevent accidental or malicious deletion.

How to access / enable: WP Admin → AegisLink → ShortURL Links → Manage → Delete.

Recommended setting: Only delete if you never want the short URL used again; otherwise change the target instead.

Short Link Field: Target URL validation2026-01-13T00:42:26+00:00

Description: Target URL must be a valid http(s) URL to prevent broken redirects.

How it works: AegisLink validates that the URL begins with http:// or https:// before saving.

How to access / enable: WP Admin → AegisLink → ShortURL Links → Manage → Target URL → Save.

Recommended setting: Always use the canonical URL you want users to reach (final destination).

Trust existing users older than N days2026-01-13T00:54:52+00:00

Feature

Trust users older than N days — Applies a trust boost to accounts older than a configurable age, reducing false positives for established users.

How it works

Older accounts are statistically lower risk; this setting lets you encode that into scoring.

How to access / enable

  1. WP Admin → AegisSpamGuard → Settings
  2. Trust settings section
  3. Set “Trust existing user if older than N days”.

Recommended setting

Recommended: 7–14 days for most sites.

A week is enough to separate drive-by spam from normal members without granting immediate trust to new signups.

Why you need this

Admins improve UX for established users while keeping defenses strong for new accounts.

Additional information

Bulk Create Source Types: Taxonomies / Terms (Term Bulk Generator)2026-01-13T00:42:26+00:00

Description: Generate short links for categories, tags, and custom taxonomies (including WooCommerce product_cat and product_tag).

How it works: AegisLink queries terms with get_terms(), resolves targets with get_term_link(), and builds slugs from the term slug with optional prefixes.

How to access / enable: WP Admin → AegisLink → ShortURL Links → Bulk → Terms/Taxonomy section → Generate.

Recommended setting: Use prefixes like cat- or tag- if you have overlapping slugs across taxonomies.

Failed Login Logging2026-01-13T03:03:26+00:00

Description: Records failed login attempts to help identify attacks and targeted accounts.

How it works: Each failed login writes an event with timestamp, username (if provided), and IP address to support investigations.

How to access / configure:

  1. WP Admin → AegisShield → Login Guard.
  2. Review the recent failed login activity section/chart.
  3. Cross-check with Activity Log for related events.

Recommended setting: Watch for repeated attempts on admin accounts; consider enforcing MFA for administrators (Pro).

Issues: Missing Title2026-01-12T23:35:54+00:00

Description

Flags posts missing SEO title.

How it works

Checks title meta and template output conditions.

How to access / enable

Issues & Fixes → Missing Title.

Recommended setting

Use templates + override key pages.

Core Checksum Baselines2026-01-13T03:03:26+00:00

Description: Builds a baseline of known-good file checksums to detect unexpected changes.

How it works: AegisShield records checksums for monitored paths; later scans compare current checksums against baseline to detect modifications.

How to access / configure:

  1. WP Admin → AegisShield → File Integrity.
  2. Run the baseline/scan to initialize monitoring.
  3. Review results for unexpected changes.

Recommended setting: Create a fresh baseline right after a clean install and after major updates you trust.

Role-Based MFA Enforcement2026-01-13T03:03:26+00:00

Description: Enforces MFA for selected WordPress roles (Pro).

How it works: On login, AegisShield checks the user’s role against the enforced list and requires MFA if applicable.

How to access / configure:

  1. WP Admin → AegisShield → Login Guard → MFA (Pro).
  2. Enable enforcement and select roles.
  3. Save changes and notify users.

Recommended setting: Enforce at least for administrators and editors; expand to authors on content-heavy sites.

SEO Ops Center: Rollback Support2026-01-12T23:35:54+00:00

Description

Allows reverting SEO changes applied from operations.

How it works

Uses history/events to restore previous meta values.

How to access / enable

SEO Ops Center → Rollback/History.

Recommended setting

Rollback when outcomes worsen.

Retention days setting (auto-delete older logs) + manual cleanup button2026-01-12T23:30:46+00:00

Feature

Retention days setting (auto-delete older logs) + manual cleanup button

Description

Retention controls and cleanup.

How it works

AegisWAF applies this capability inside the Logging & Evidence module. The engine evaluates configuration, applies matching (path/method/tokens/counters/providers), then records evidence into the event log and executes the configured enforcement action when conditions are met.

How to access / Enable or disable

  • Access: AegisWAF → Logs / Attack Story
  • Enable/Disable: Use the module toggle/switch on this screen (or the relevant category toggle) to enable/disable.

Recommended setting

Set 30 days retention for most sites; shorten to 7–14 days on small databases.

Disable File Editing2026-01-13T03:03:26+00:00

Description: Prevents editing plugin/theme files from the WordPress editor to reduce post-compromise abuse.

How it works: Hardening sets the relevant WordPress constant/behavior so attackers can’t use the built-in editor to plant code.

How to access / configure:

  1. WP Admin → AegisShield → Hardening.
  2. Enable “Disable file editing”.
  3. Save changes.

Recommended setting: Enable on production sites; do code changes via SFTP/Git instead.

Cleanup tools overview (safe batch scanning)2026-01-13T00:54:52+00:00

Feature

Cleanup tools — Scans existing comments and users in safe batches to identify and remove legacy spam without timeouts.

How it works

Cleanup uses the same engine scoring but runs with safe batching and can operate in report-only mode so you can validate before changing data.

How to access / enable

  1. WP Admin → AegisSpamGuard → Cleanup

Recommended setting

Recommended: Start with Report-only, then Move to Spam.

This prevents accidental deletions and lets you verify scoring on old content.

Why you need this

Admins often inherit spam-filled databases—Cleanup restores quality and reduces moderation workload.

Additional information

Post Meta Description Template2026-01-12T23:35:54+00:00

Description

Default description template for posts.

How it works

Uses desc_post; typically %%excerpt%% fallback.

How to access / enable

Global SEO → Titles & Meta → Post Meta Description Template.

Recommended setting

Use %%excerpt%% but ensure excerpt quality.

Behavioral scoring (PRO-only scoring + threshold enforcement)2026-01-12T23:30:46+00:00

Feature

Behavioral scoring (PRO-only scoring + threshold enforcement)

Description

Behavioral scoring enforcement.

How it works

AegisWAF applies this capability inside the Bot Control module. The engine evaluates configuration, applies matching (path/method/tokens/counters/providers), then records evidence into the event log and executes the configured enforcement action when conditions are met.

How to access / Enable or disable

  • Access: AegisWAF → Bot Control
  • Enable/Disable: Use the module toggle/switch on this screen (or the relevant category toggle) to enable/disable.

Recommended setting

Start conservative (LOG or Challenge) for new deployments; tighten to Block once you confirm low false positives.

ShortURL Actions: Edit2026-01-13T00:42:26+00:00

Description: Edit allows you to update a short link’s target, slug options, tracking, groups/tags, and UTMs.

How it works: AegisLink loads the existing short link post and updates metadata on save.

How to access / enable: WP Admin → AegisLink → ShortURL Links → Manage → Edit.

Recommended setting: Edit rather than delete when campaigns move; preserve history and analytics continuity where possible.

“Alerts only” filtering2026-01-12T23:30:46+00:00

Feature

“Alerts only” filtering

Description

Show only alert-triggering events.

How it works

AegisWAF applies this capability inside the Logging & Evidence module. The engine evaluates configuration, applies matching (path/method/tokens/counters/providers), then records evidence into the event log and executes the configured enforcement action when conditions are met.

How to access / Enable or disable

  • Access: AegisWAF → Logs / Attack Story
  • Enable/Disable: Use the module toggle/switch on this screen (or the relevant category toggle) to enable/disable.

Recommended setting

Start conservative (LOG or Challenge) for new deployments; tighten to Block once you confirm low false positives.

Action mode: FREE forced to LOG; PRO can use Log / Block / Challenge / Rate Limit2026-01-12T23:30:46+00:00

Feature

Action mode: FREE forced to LOG; PRO can use Log / Block / Challenge / Rate Limit

Description

Global action mode / enforcement policy.

How it works

AegisWAF applies this capability inside the WAF Rules module. The engine evaluates configuration, applies matching (path/method/tokens/counters/providers), then records evidence into the event log and executes the configured enforcement action when conditions are met.

How to access / Enable or disable

  • Access: AegisWAF → WAF Settings (Rules section)
  • Enable/Disable: Use the module toggle/switch on this screen (or the relevant category toggle) to enable/disable.

Recommended setting

Start conservative (LOG or Challenge) for new deployments; tighten to Block once you confirm low false positives.

Go to Top