frequently asked questions
(No Gimmicks, No CC,No Commitment, Free Features, Stay Free If You Prefer!)
Description: Prevents editing plugin/theme files from the WordPress editor to reduce post-compromise abuse.
How it works: Hardening sets the relevant WordPress constant/behavior so attackers can’t use the built-in editor to plant code.
How to access / configure:
- WP Admin → AegisShield → Hardening.
- Enable “Disable file editing”.
- Save changes.
Recommended setting: Enable on production sites; do code changes via SFTP/Git instead.
FREE: Not available.
PRO: Available.
What it does: Adds context to scan results.
How to use it properly: Monitor trends.
Feature
Managed Rule categories (always available): SQLi / XSS / Path Traversal
Description
Core OWASP categories.
How it works
AegisWAF applies this capability inside the WAF Rules module. The engine evaluates configuration, applies matching (path/method/tokens/counters/providers), then records evidence into the event log and executes the configured enforcement action when conditions are met.
How to access / Enable or disable
- Access: AegisWAF → WAF Settings (Rules section)
- Enable/Disable: Use the module toggle/switch on this screen (or the relevant category toggle) to enable/disable.
Recommended setting
Start conservative (LOG or Challenge) for new deployments; tighten to Block once you confirm low false positives.
Feature
Dashboard overview (At a glance counters) — The Dashboard gives you a real-time snapshot of what AegisSpamGuard has scored and how it responded (Allowed, Challenged, Held, Blocked).
How it works
AegisSpamGuard records every scored event in the Spam Log and aggregates summary counts on the Dashboard so you can confirm protection is active without digging through rows.
How to access / enable
- WP Admin → AegisSpamGuard → Dashboard
- Review the “At a glance” tiles (Last 24 hours: events scored, blocked, held, challenged).
Recommended setting
Recommended: Review daily for the first week, then weekly.
Early monitoring helps you tune allow/deny rules and weights quickly and prevents false positives from going unnoticed.
Why you need this
Admins need fast visibility to confirm protection is working, measure attack volume, and spot changes after configuration updates.
Additional information
Description
Outputs Person identity schema when site type is Person.
How it works
Uses person_name and social profiles.
How to access / enable
Schema + Setup identity.
Recommended setting
Use for personal sites.
Feature
Attack Story Narrative analysis generation (incident-style explanation)
Description
Narrative incident summaries.
How it works
AegisWAF applies this capability inside the Logging & Evidence module. The engine evaluates configuration, applies matching (path/method/tokens/counters/providers), then records evidence into the event log and executes the configured enforcement action when conditions are met.
How to access / Enable or disable
- Access: AegisWAF → Logs / Attack Story
- Enable/Disable: Use the module toggle/switch on this screen (or the relevant category toggle) to enable/disable.
Recommended setting
Start conservative (LOG or Challenge) for new deployments; tighten to Block once you confirm low false positives.
Description
Imports meta descriptions into AegisSEO post meta.
How it works
Maps other plugin meta to _aegisseo_description.
How to access / enable
Migration Wizard → Import Descriptions.
Recommended setting
Run once, then review key pages.
Feature
Spam firewall pre-check — Evaluates unauthenticated traffic early and can challenge or block suspicious requests before templates load.
How it works
The firewall applies lightweight checks such as allow/deny rules, velocity by fingerprint, and bot-like header patterns. It can return a blank block page to reduce CPU usage and discourage crawlers.
How to access / enable
- WP Admin → AegisSpamGuard → Settings
- Open the Firewall section
- Toggle “Spam firewall pre-check” ON/OFF.
Recommended setting
Recommended: ON for high-traffic sites; start with conservative thresholds.
Early filtering reduces server load, but conservative thresholds avoid impacting real visitors.
Why you need this
Admins use firewall mode to stop noisy bot traffic and keep the site responsive.
Additional information
Description: Exports your entire short link library to CSV for backups or agency workflows.
How it works: AegisLink queries all short links and outputs key fields including groups, tags, and UTM settings.
How to access / enable: WP Admin → AegisLink → ShortURL Links → Import/Export → Export.
Recommended setting: Export before large migrations or bulk changes so you can recover quickly if needed.
Description: Analytics provides reporting on short link usage so you can see what’s working.
How it works: AegisLink queries the clicks table to summarize clicks, trends, referrers, and user agents.
How to access / enable: WP Admin → AegisLink → ShortURL Links → Analytics.
Recommended setting: Use analytics to identify your top shared products and which channels drive clicks.
Description: Sets the minimum required password length when strong password enforcement is enabled.
How it works: password_min_length is checked during password set/reset and weak passwords are rejected.
How to access / configure:
- WP Admin → AegisShield → Hardening → Password Policy.
- Set minimum length.
- Save changes.
Recommended setting: Use 12+ for admins; 10+ for lower roles if needed.
Description
Flags posts missing meta description.
How it works
Checks description meta and fallback behavior.
How to access / enable
Issues & Fixes → Missing Description.
Recommended setting
Custom for top pages.
Feature
PRO UX: Dim + upsell pattern
Description
PRO-only controls appear dimmed with an upgrade CTA in FREE mode.
How it works
AegisWAF applies this capability inside the License module. The engine evaluates configuration, applies matching (path/method/tokens/counters/providers), then records evidence into the event log and executes the configured enforcement action when conditions are met.
How to access / Enable or disable
- Access: AegisWAF → License, Matrix and Settings
- Enable/Disable: Use the module toggle/switch on this screen (or the relevant category toggle) to enable/disable.
Recommended setting
Start conservative (LOG or Challenge) for new deployments; tighten to Block once you confirm low false positives.
Description: Maintains a closed/blocked list of known malicious signatures or file identifiers.
How it works: closed_list can be used to prioritize or automatically flag known-bad items during scans.
How to access / configure:
- WP Admin → AegisShield → Malware Scan → Advanced.
- Review or update closed list (if exposed).
- Save changes.
Recommended setting: Keep defaults; only add items if you have verified malicious samples.
Description: Prevents very long phrases/words from dominating the visual layout.
How it works: Words longer than this length are excluded so the cloud stays balanced.
How to access / enable: WP Admin → AegisLink → Word Cloud → Word selection → Max length → Save Defaults.
Recommended setting: 32 is a safe default; reduce if you see overly long technical terms crowding the output.
Feature
Enable WordPress protection layer (master switch)
Description
Master switch for WP protection layer.
How it works
AegisWAF applies this capability inside the API Shield module. The engine evaluates configuration, applies matching (path/method/tokens/counters/providers), then records evidence into the event log and executes the configured enforcement action when conditions are met.
How to access / Enable or disable
- Access: AegisWAF → API Shield
- Enable/Disable: Use the toggle on this screen to turn it ON or OFF, then click Save.
Recommended setting
Start conservative (LOG or Challenge) for new deployments; tighten to Block once you confirm low false positives.
Description: The Keyword Word Cloud shortcode generates a clean, SEO-friendly keyword frequency cloud from your content using real HTML text (not a canvas image).
How it works: It extracts words from content, applies length limits, then renders words in size buckets (large/medium/small) for readability and a professional “word cloud” look.
How to access / enable: WP Admin → AegisLink → Word Cloud. Copy the shortcode block and paste it into a page, post, or builder shortcode element.
Recommended setting: Start with defaults and only tweak limits and font sizes if your pages are unusually long or short.
Description: Records failed login attempts to help identify attacks and targeted accounts.
How it works: Each failed login writes an event with timestamp, username (if provided), and IP address to support investigations.
How to access / configure:
- WP Admin → AegisShield → Login Guard.
- Review the recent failed login activity section/chart.
- Cross-check with Activity Log for related events.
Recommended setting: Watch for repeated attempts on admin accounts; consider enforcing MFA for administrators (Pro).
Description: Controls how aggressively role-risk analysis evaluates and flags capabilities.
How it works: hardening_role_risk_mode selects the analysis profile used to compute role risk and recommendations.
How to access / configure:
- WP Admin → AegisShield → Hardening → Roles tab.
- Select risk mode.
- Save and rerun the analysis.
Recommended setting: Use a stricter mode on production sites with multiple admins.
FREE: Not available.
PRO: Available.
What it does: Runs automated scans.
How to use it properly: Schedule off-peak.
Description: Suggestions help you discover related content to link to from a specific post or page.
How it works: AegisLink extracts keywords from the page title + categories/tags, then performs a WP search query and returns candidate links.
How to access / enable: WP Admin → AegisLink → Keyword Links → Select a Page or Post → Load Suggestions.
Recommended setting: Use suggestions as a starting point; choose only the links that make editorial sense.
Description: Quick visibility into the latest scan results across Integrity and Malware scanning.
How it works: AegisShield stores the last scan report/meta and surfaces a summary so you can confirm scans are happening and whether findings exist.
How to access / configure:
- WP Admin → AegisShield → Dashboard.
- Locate “Last Scan” panels for Integrity and Malware.
- Click into each module for full findings and actions.
Recommended setting: Run a full Malware Scan after any major update or suspicious behavior; review Integrity changes weekly.
Description: Stores your license key to unlock and validate PRO status where applicable.
How it works: AegisLink saves the key locally and can check license status against the licensing system.
How to access / enable: WP Admin → AegisLink → Tools & Licensing → License → Save License.
Recommended setting: Only install licenses on production domains and keep your key private.
Feature
Managed Rules: Path Traversal category toggle
Description
Enable/disable traversal managed rules.
How it works
AegisWAF applies this capability inside the WAF Rules module. The engine evaluates configuration, applies matching (path/method/tokens/counters/providers), then records evidence into the event log and executes the configured enforcement action when conditions are met.
How to access / Enable or disable
- Access: AegisWAF → WAF Settings (Rules section)
- Enable/Disable: Use the toggle on this screen to turn it ON or OFF, then click Save.
Recommended setting
Start conservative (LOG or Challenge) for new deployments; tighten to Block once you confirm low false positives.
Description
Sort issues by type/status/priority.
How it works
Applies query filters when listing issues.
How to access / enable
Issues page filters.
Recommended setting
Fix indexing blockers first.