Install & Activate

Where: Plugins → Add New → Upload Plugin (then AegisSpamGuard menu appears)

Installs AegisSpamGuard into WordPress Admin so it can score and control spam across your selected surfaces. After activation, review policy thresholds and enable the protection modes you need.

Dashboard

Where: WP Admin → AegisSpamGuard → Dashboard

Use the Dashboard for quick visibility into recent activity and to jump into key configuration and review areas.

Dashboard overview (At a glance counters)

Overview:

Dashboard overview (At a glance counters) — The Dashboard gives you a real-time snapshot of what AegisSpamGuard has scored and how it responded (Allowed, Challenged, Held, Blocked).

How it works:

AegisSpamGuard records every scored event in the Spam Log and aggregates summary counts on the Dashboard so you can confirm protection is active without digging through rows.

Where to find it:

1. WP Admin → AegisSpamGuard → Dashboard
2. Review the “At a glance” tiles (Last 24 hours: events scored, blocked, held, challenged).

Recommended settings:

Recommended: Review daily for the first week, then weekly.

Early monitoring helps you tune allow/deny rules and weights quickly and prevents false positives from going unnoticed.

Why it matters:

Admins need fast visibility to confirm protection is working, measure attack volume, and spot changes after configuration updates.

Configure button (jump to key Settings)

Overview:

Configure (Protection mode) — The Configure button is a shortcut to the Settings page where you control thresholds, modules, and enforcement behavior.

How it works:

It takes you directly to the configuration that determines how scores map to Allow/Challenge/Hold/Block and which signals are active.

Where to find it:

1. WP Admin → AegisSpamGuard → Dashboard
2. In “Protection mode”, click “Configure”.

Recommended settings:

Recommended: Set thresholds first before enabling aggressive modules.

Thresholds define your policy; tuning them early prevents over-blocking when additional signals are enabled.

Why it matters:

Admins use this to quickly adjust policy without hunting through menus.

Open Spam Log button (review decisions)

Overview:

Open Spam Log — Opens the Spam Log so you can review scored events, reasons, and actions taken.

How it works:

The Spam Log is your audit trail: every event includes its score, the action taken, and the reasons/signals that contributed.

Where to find it:

1. WP Admin → AegisSpamGuard → Dashboard
2. In “Last 7 days”, click “Open Spam Log” (or top-right “View Log”).

Recommended settings:

Recommended: Review Held + Challenged items first.

These bands are where the best tuning happens—allowlist real users, deny confirmed spam, and train if ML is enabled.

Why it matters:

Admins need the log to validate accuracy, resolve false positives, and prove the plugin is working.

Firewall counters (blocked before WordPress loads)

Overview:

Firewall counters — Shows how many requests were stopped early by the Spam Firewall (today, last 7 days, total).

How it works:

When Firewall pre-check is enabled, AegisSpamGuard evaluates bot-like traffic early and can challenge or block before normal page processing, reducing server load.

Where to find it:

1. WP Admin → AegisSpamGuard → Dashboard
2. Review “Firewall counters”.
3. Click “View Firewall” to open the Firewall log stream.

Recommended settings:

Recommended: Enable firewall after you’ve configured allowlists and thresholds.

Firewall is powerful; correct allowlisting prevents accidental friction for trusted services and users.

Why it matters:

Admins use this to demonstrate performance and protection value—blocking bots early reduces CPU and unwanted traffic.

Cleanup impact (legacy spam scanning results)

Overview:

Cleanup impact — Summarizes the results of your last Cleanup run (e.g., suspicious comments flagged) and links you to the Cleanup tool.

How it works:

Cleanup scans existing database items in safe batches, re-scores them, and lets you choose actions like Report-only, Move to Spam, or Delete.

Where to find it:

1. WP Admin → AegisSpamGuard → Dashboard
2. In “Cleanup impact”, click “Open Cleanup”.

Recommended settings:

Recommended: Run Report-only first, then Move to Spam.

Report-only validates the scan before making changes; Move to Spam is safer than delete until you confirm accuracy.

Why it matters:

Admins often inherit sites with years of spam—Cleanup makes it fast and safe to get the database back under control.

Why AegisSpamGuard avoids CAPTCHA

Overview:

Why we don’t use CAPTCHA — Explains the UX and security rationale for score-based protection instead of CAPTCHA challenges.

How it works:

AegisSpamGuard focuses on behavior + content + identity scoring to stop spam while keeping forms accessible and conversion-friendly.

Where to find it:

1. WP Admin → AegisSpamGuard → Dashboard
2. Scroll to “Why we don’t use CAPTCHA” panel.

Recommended settings:

Recommended: Use score-based Challenge/Hold instead of CAPTCHA for most sites.

CAPTCHA increases friction and can reduce conversions; score-based challenges are softer and easier on real users.

Why it matters:

Admins need a clear explanation they can share with clients and stakeholders about why protection is strong without CAPTCHA.

Spam Log & Decisions

Where: WP Admin → AegisSpamGuard → Spam Log

The Spam Log is your audit trail and tuning workspace. Review events, understand why they were scored, and correct decisions with one-click or bulk actions.

Spam Log overview (cards, filters, and reasons)

Overview:

Spam Log — The Spam Log is the heart of AegisSpamGuard: it lists every scored event with the action taken and the reasons behind the score.

How it works:

Each event stores a normalized event type (comment/form/registration/checkout/review/rest/search/post), a fingerprint, and a breakdown of signal points so you can audit and tune.

Where to find it:

1. WP Admin → AegisSpamGuard → Spam Log

Recommended settings:

Recommended: Start by filtering to Held and Challenged.

That’s where you’ll find borderline events that teach you what to allowlist or denylist.

Why it matters:

Admins need visibility and control—transparent reasons turn anti-spam from a black box into an operator dashboard.

Quick filter pills (All / Blocked / Held / Challenged / Allowed)

Overview:

Quick filter pills — Lets you instantly filter the Spam Log by action band so you can focus on what matters.

How it works:

AegisSpamGuard assigns a policy action from the final score (Allow/Challenge/Hold/Block). The pills filter the log view without changing stored data.

Where to find it:

1. WP Admin → AegisSpamGuard → Spam Log
2. Click a pill: All, Blocked, Held, Challenged, or Allowed.

Recommended settings:

Recommended: Check Held daily; check Blocked weekly.

Held is where legitimate users may be waiting; Blocked is useful for trend review and firewall brag stats.

Why it matters:

This helps admins triage quickly and keeps review time short.

Card rows + expandable event details

Overview:

Card rows (compact summary + expandable body) — Each log entry shows a compact summary row and expands to reveal full details, reasons, and next actions.

How it works:

The summary focuses on what you need at a glance (score, action, type, timestamp). Expanding reveals signal breakdown, actor info (privacy-safe), payload excerpt, and evidence.

Where to find it:

1. WP Admin → AegisSpamGuard → Spam Log
2. Click an event card to expand/collapse details.

Recommended settings:

Recommended: Expand Held/Challenged events before deciding.

Reviewing details prevents accidental denies and helps you build accurate allow/deny rules.

Why it matters:

Admins need fast scanning and deep diagnostics in one place—cards make the log readable like a real app, not a raw table.

Bulk action bar (Allow / Block / Train)

Overview:

Bulk actions — Select multiple log events and apply one action (Allow, Block, Train as spam, Train as not spam) in one click.

How it works:

AegisSpamGuard updates local reputation (allow/deny), optionally updates ML training data, and records the admin action so future scoring improves.

Where to find it:

1. WP Admin → AegisSpamGuard → Spam Log
2. Select multiple event checkboxes
3. Choose an action in the bulk bar and apply.

Recommended settings:

Recommended: Bulk-Allow known good campaigns; Bulk-Block obvious spam waves.

Bulk actions save time during spikes and help your local model and rules converge faster.

Why it matters:

Admins often face bursts—bulk tools make cleanup and learning practical on busy sites.

One-click actions on an event (Allow / Block / Train Spam / Train Not Spam)

Overview:

One-click actions — Each event includes fast actions so you can immediately correct mistakes and improve future detection.

How it works:

Allow adds positive reputation and can add to allowlist; Block adds negative reputation and can add to denylist; Train updates the local ML tables if enabled.

Where to find it:

1. WP Admin → AegisSpamGuard → Spam Log
2. Open an event card
3. Click the action you want: Allow, Block, Train Spam, or Train Not Spam.

Recommended settings:

Recommended: Use Allow for false positives and Block for confirmed spam; train only when you’re confident.

Training improves the model—but only if the labels are accurate.

Why it matters:

Admins need rapid controls to keep legitimate users flowing while tightening defenses.

“What happened?” sidebar (score breakdown per signal)

Overview:

What happened? (score breakdown) — Explains exactly how the score was calculated and which signals contributed points.

How it works:

The sidebar lists signal groups, their configured weights, and awarded points (e.g., honeypot hit, too-fast submit, velocity exceeded, disposable email). This is the transparency advantage over black-box spam tools.

Where to find it:

1. WP Admin → AegisSpamGuard → Spam Log
2. Open an event card
3. Open the “What happened?” panel (score breakdown).

Recommended settings:

Recommended: Use this panel before changing weights.

It shows you whether you should adjust thresholds, enable/disable a module, or add an allow/deny rule instead.

Why it matters:

Admins need explainability to safely tune protection without guesswork.

Firewall (Pre-check)

Where: WP Admin → AegisSpamGuard → Firewall

Optional firewall pre-check blocks or responds to abusive traffic before WordPress loads, reducing CPU burn and preventing common POST spam patterns.

Firewall log stream (dedicated pre-check log)

Overview:

Firewall log stream — A dedicated log stream for firewall pre-checks so you can report “blocked X bots before WordPress loaded.”

How it works:

Firewall logging is separate from submission events. It records early actions like CHALLENGE/BLOCK/ALLOW with minimal data (privacy-safe) so you can measure edge protection.

Where to find it:

1. WP Admin → AegisSpamGuard → Firewall

Recommended settings:

Recommended: Enable firewall logging when Firewall pre-check is ON.

It gives you proof-of-value metrics and helps debug if a legitimate client gets challenged.

Why it matters:

Admins benefit from a clear separation between ‘traffic blocked at the edge’ and ‘spam submission attempts’.

Spam firewall pre-check (early bot filtering)

Overview:

Spam firewall pre-check — Evaluates unauthenticated traffic early and can challenge or block suspicious requests before templates load.

How it works:

The firewall applies lightweight checks such as allow/deny rules, velocity by fingerprint, and bot-like header patterns. It can return a blank block page to reduce CPU usage and discourage crawlers.

Where to find it:

1. WP Admin → AegisSpamGuard → Settings
2. Open the Firewall section
3. Toggle “Spam firewall pre-check” ON/OFF.

Recommended settings:

Recommended: ON for high-traffic sites; start with conservative thresholds.

Early filtering reduces server load, but conservative thresholds avoid impacting real visitors.

Why it matters:

Admins use firewall mode to stop noisy bot traffic and keep the site responsive.

Firewall ‘blank page’ response (bot-unfriendly block)

Overview:

Firewall returns blank page — When blocking at the firewall layer, return a simple blank/fast response instead of a friendly error page.

How it works:

Bots learn from rich error pages; a minimal response is faster and reveals less information while still stopping abusive traffic.

Where to find it:

1. WP Admin → AegisSpamGuard → Settings
2. Firewall section
3. Toggle “Firewall returns blank page” ON/OFF.

Recommended settings:

Recommended: ON for public sites.

It’s faster and less informative to bots while still being safe for humans (humans rarely see firewall blocks).

Why it matters:

Admins who care about performance and reducing bot feedback loops benefit from this.

Firewall velocity threshold (10-minute burst control)

Overview:

Firewall velocity threshold — Limits rapid repeat hits from the same fingerprint within a rolling time window at the firewall layer.

How it works:

If a visitor or bot hits too many pages quickly, AegisSpamGuard can challenge or block before WordPress performs heavier work.

Where to find it:

1. WP Admin → AegisSpamGuard → Settings
2. Firewall section
3. Set the “Firewall velocity threshold (10m)” value.

Recommended settings:

Recommended: Start conservative (higher number), then tighten.

You don’t want to block legitimate users browsing quickly; tune after watching the Firewall log.

Why it matters:

Admins use this to stop aggressive crawlers, scrapers, and flood behavior.

Allow/Deny Lists

Where: WP Admin → AegisSpamGuard → Allow/Deny

Create explicit allow and deny rules for known-safe sources and known-bad sources. Rules can match IP/CIDR, hashed email/domain, phrases, and URLs.

Allow/Deny lists overview

Overview:

Allow/Deny lists — Create rules that always allow trusted sources or always block known spam sources.

How it works:

Rules are applied during scoring and (where applicable) during firewall checks. This gives you deterministic control over outcomes regardless of signal noise.

Where to find it:

1. WP Admin → AegisSpamGuard → Allow/Deny

Recommended settings:

Recommended: Add allow rules for your team/testing IPs and block repeat offenders.

Lists provide immediate control and reduce reliance on heuristic scoring alone.

Why it matters:

Admins need deterministic overrides—especially on business-critical forms and checkout.

Allow/Deny by IP and CIDR ranges

Overview:

IP / CIDR rules — Allow or block specific IP addresses or CIDR ranges (e.g., ***********/24).

How it works:

CIDR support lets you handle office networks, known providers, or abusive subnets efficiently while keeping the rules list short.

Where to find it:

1. WP Admin → AegisSpamGuard → Allow/Deny
2. Add a rule for an IP or CIDR range
3. Choose Allow or Deny and save.

Recommended settings:

Recommended: Allowlist trusted office/VPN IPs; deny only when you have repeated confirmed abuse.

Over-blocking IP ranges can affect legitimate users (mobile carriers and shared networks).

Why it matters:

Admins use IP rules to quickly stop persistent offenders and protect internal workflows.

Allow/Deny by email hash / domain

Overview:

Email/domain rules — Allow or block submissions by email domain or hashed email identity.

How it works:

AegisSpamGuard can hash email values (privacy-safe). Domain rules are useful for blocking disposable domains or allowing trusted corporate domains.

Where to find it:

1. WP Admin → AegisSpamGuard → Allow/Deny
2. Add a rule for an email domain (e.g., example.com) or email identity
3. Choose Allow or Deny and save.

Recommended settings:

Recommended: Block known disposable domains; allow your own business/customer domains.

Domain rules are high-signal and low maintenance.

Why it matters:

Admins reduce spam registrations and fake leads by controlling email quality.

Allow/Deny by phrases and URLs

Overview:

Phrase/URL rules — Allow or block content that matches specific phrases or URL patterns commonly used in spam.

How it works:

Phrase rules are checked against normalized message content. URL rules help you block known spam destinations or suspicious shorteners.

Where to find it:

1. WP Admin → AegisSpamGuard → Allow/Deny
2. Add a phrase or URL rule
3. Choose Allow or Deny and save.

Recommended settings:

Recommended: Start with Deny rules for repeated spam campaigns you see in the log.

Targeted phrase/URL rules stop waves immediately with low false positive risk.

Why it matters:

Admins often see repeating spam templates—phrase/URL rules shut them down fast.

Policy & Signals

Where: WP Admin → AegisSpamGuard → Dashboard

Tune how scoring translates into decisions (Allow/Challenge/Hold/Block), and adjust the signals that influence scoring so protection matches your site’s risk and audience.

False positive protection (Hold instead of Block)

Overview:

False positive protection — When enabled, events that would normally be blocked are instead held for review (unless you explicitly deny them).

How it works:

AegisSpamGuard still scores and classifies events, but it chooses a safer enforcement action to protect real users while you tune thresholds and allowlists.

Where to find it:

1. WP Admin → AegisSpamGuard → Dashboard
2. In “Protection mode”, toggle “False positive protection” ON/OFF.

Recommended settings:

Recommended: ON during initial deployment and on business/commerce sites.

Holding suspicious events avoids losing legitimate leads/orders while you calibrate scoring.

Why it matters:

This reduces risk on production sites where a single blocked registration or checkout can cost revenue.

Policy thresholds (Allow / Challenge / Hold / Block bands)

Overview:

Policy thresholds — Defines how a score (0–100) maps to actions: Allow, Challenge, Hold, or Block.

How it works:

AegisSpamGuard produces a risk score from signals and applies your thresholds to decide enforcement. This keeps decisions consistent and easy to tune.

Where to find it:

1. WP Admin → AegisSpamGuard → Settings
2. Open “Policy thresholds”
3. Set Allow/Challenge/Hold max scores and save.

Recommended settings:

Recommended defaults: Allow 29, Challenge 59, Hold 79.

These are balanced defaults that reduce false positives while still giving strong protection via Hold/Challenge bands.

Why it matters:

Admins need predictable policy bands to match business risk tolerance.

Min seconds to submit (fast-submit bot signal)

Overview:

Min seconds to submit — Adds score if a form submits too quickly after page load, which is a common bot pattern.

How it works:

AegisSpamGuard tracks a timestamp/token on supported forms and compares it to submission time. Faster-than-human submits get a score bump.

Where to find it:

1. WP Admin → AegisSpamGuard → Settings
2. Site-wide protection / Behavior section (varies by build)
3. Set “Min seconds to submit”.

Recommended settings:

Recommended: 3 seconds default; use 5+ for longer forms.

Longer forms take time; raising this reduces false positives on multi-field forms.

Why it matters:

Admins use this to catch automated submissions that bypass simple honeypots.

Velocity window + limit (burst submissions control)

Overview:

Velocity controls — Detects burst submissions from the same fingerprint (IP/session/user agent + payload patterns).

How it works:

AegisSpamGuard tracks how many submissions happen within a rolling window. If the limit is exceeded, it adds points and may trigger Challenge/Hold/Block depending on your thresholds.

Where to find it:

1. WP Admin → AegisSpamGuard → Settings
2. Set “Velocity window (seconds)” and “Velocity limit (submissions per window)”.
3. Save changes.

Recommended settings:

Recommended: Window 600 seconds and limit 5 to start.

This catches spam floods without punishing normal users; tune down only if you see heavy bot bursts.

Why it matters:

Admins need burst controls to stop rapid spam waves and protect performance.

Honeypot field (invisible bot trap)

Overview:

Honeypot field — Adds a hidden field to supported forms; bots that fill it get a heavy score increase.

How it works:

Real users don’t see the field, but many bots autofill all inputs. A filled honeypot is a high-confidence signal and should heavily influence scoring.

Where to find it:

1. WP Admin → AegisSpamGuard → Settings
2. Challenges/Forms section (varies by build)
3. Toggle honeypot ON/OFF.

Recommended settings:

Recommended: ON for all forms.

It’s low friction, high signal, and rarely impacts real users.

Why it matters:

Admins want strong spam reduction without user-visible challenges—honeypots deliver that.

JS proof token (anti-replay + bot proof)

Overview:

JS proof token — Uses a lightweight JavaScript-generated proof token so non-browser bots are penalized, and replay is reduced.

How it works:

A one-time nonce/token is created per form/session; missing or invalid proofs add score. This helps stop headless/bot POSTs that skip executing JS.

Where to find it:

1. WP Admin → AegisSpamGuard → Settings
2. Challenges/Forms section (varies by build)
3. Toggle “JS proof token” ON/OFF.

Recommended settings:

Recommended: ON for forms.

It improves detection without forcing CAPTCHAs; bots that don’t run JS get flagged.

Why it matters:

Admins get better protection with minimal UX cost.

Progressive delay (Challenge band forms only)

Overview:

Progressive delay challenge — Applies a small, increasing delay only when an event falls into the Challenge band—primarily for forms—to discourage bots while keeping UX reasonable.

How it works:

Instead of blocking, AegisSpamGuard can slow suspicious submissions. Higher Challenge scores receive higher delay within your configured min/max range.

Where to find it:

1. WP Admin → AegisSpamGuard → Settings
2. Modules & signal groups
3. Enable “Progressive delay” and set min/max milliseconds.

Recommended settings:

Recommended: ON with 150ms min / 1800ms max.

This is usually invisible to humans but costly for bots attempting high-volume submissions.

Why it matters:

Admins reduce spam throughput without hard rejects, which helps conversions.

Content intelligence: link volume + shorteners + spam patterns

Overview:

Content intelligence — Scores content based on link volume, suspicious TLDs, URL shorteners, and common spam patterns/markup.

How it works:

The engine extracts URLs and normalizes text. More links, known shorteners, and spam keywords increase points—especially when combined with other signals.

Where to find it:

1. WP Admin → AegisSpamGuard → Settings
2. Modules & signal groups
3. Ensure “Content intelligence” is enabled.

Recommended settings:

Recommended: ON for most sites.

Form spam is heavily content-driven; this catches campaigns that bypass behavioral signals.

Why it matters:

Admins need content checks to stop SEO spam, affiliate spam, and copy/paste spam templates.

Disposable email detection (local-first)

Overview:

Disposable email domains — Detects and scores disposable/temporary email domains to reduce fake leads and spam registrations.

How it works:

The engine checks the email domain against a local list (and optionally a fetched list if you enable it) and adds score if it matches.

Where to find it:

1. WP Admin → AegisSpamGuard → Settings
2. Identity module settings
3. Enable disposable detection options if present.

Recommended settings:

Recommended: ON (local list), external list OFF unless you enable external calls.

Local lists are privacy-first and stable; external lists can improve coverage but require outbound HTTP.

Why it matters:

Admins improve lead quality and reduce fraudulent signups.

Optional MX checks (email existence signal)

Overview:

Domain MX checks — Optionally checks if the email domain has valid MX records (cached) to detect obviously fake addresses.

How it works:

If enabled, AegisSpamGuard performs a DNS lookup and caches results so the check is fast after the first run. Failed MX can add points or trigger Challenge/Hold depending on policy.

Where to find it:

1. WP Admin → AegisSpamGuard → Settings
2. Identity module settings
3. Toggle “Enable MX checks” ON/OFF.

Recommended settings:

Recommended: OFF on shared hosting unless you verify DNS performance; enable after testing.

DNS lookups can be slow or blocked in some environments—test first to avoid latency.

Why it matters:

Admins who rely on email deliverability and quality can use this to reduce fake signups.

Similarity to known spam (site-local reputation)

Overview:

Similarity to known spam — Scores new submissions by comparing them to spam previously blocked on your site.

How it works:

AegisSpamGuard stores fingerprints and patterns from blocked events and checks similarity within a lookback window. Similar messages get points even if they change slightly.

Where to find it:

1. WP Admin → AegisSpamGuard → Settings
2. Content module settings
3. Enable similarity and set lookback + threshold.

Recommended settings:

Recommended: ON with 30-day lookback and ~0.72 threshold to start.

This catches evolving spam campaigns while reducing false positives by requiring high similarity.

Why it matters:

Admins benefit because spam waves usually reuse templates—similarity detection breaks that advantage.

Local ML (Naive Bayes) and training workflow

Overview:

Local ML (Naive Bayes) — A lightweight local classifier that learns from your site’s own spam vs not-spam decisions.

How it works:

Tokens are normalized (URLs/emails/numbers become special tokens). Training updates a local DB table so ML becomes one signal in your score, not the entire decision.

Where to find it:

1. WP Admin → AegisSpamGuard → Settings
2. Enable “Local ML” (if present) and set ML weight.
3. Go to Spam Log → select events → Train Spam / Train Not Spam.

Recommended settings:

Recommended: ON with a modest weight (e.g., 8–15 points).

Keeping ML as a small signal prevents model drift from overpowering strong deterministic signals like honeypot or deny rules.

Why it matters:

Admins get site-specific learning without sending data to a cloud service.

Privacy & Data Handling

Where: WP Admin → AegisSpamGuard →

Control what data is stored (IP modes), how identifiers are hashed, whether external lookups are permitted, and how long events are retained.

Per-site salt for email hashing

Overview:

Per-site salted email hashing — Hashes email identities with a unique per-site salt so stored identifiers can’t be reused across sites.

How it works:

The salt is generated on activation and used when computing email_hash. This improves privacy while still allowing allow/deny and reputation features.

Where to find it:

1. WP Admin → AegisSpamGuard → Settings
2. Privacy defaults
3. Ensure per-site hashing is enabled (default).

Recommended settings:

Recommended: Keep enabled (default).

It protects user privacy and still allows consistent per-site identity reputation.

Why it matters:

Admins can stay privacy-forward (and GDPR-friendly) without sacrificing control.

IP handling mode (store / anonymize / hash / off)

Overview:

IP handling mode — Controls how IP addresses are stored and used in logs and rules: full store, anonymize, hash, or disable IP storage entirely.

How it works:

AegisSpamGuard can still function with reduced IP storage by relying more on fingerprinting and content/behavior signals. Hash/anonymize modes preserve privacy while supporting rate limiting and reputation.

Where to find it:

1. WP Admin → AegisSpamGuard → Settings
2. Privacy defaults
3. Set “IP handling mode”.

Recommended settings:

Recommended: Hash or Anonymize for most sites; Store only if you need strict IP auditing.

Hash/anonymize reduces personal data footprint while keeping anti-abuse effectiveness.

Why it matters:

Admins need flexibility to match privacy policy requirements and regional compliance.

No external calls mode (privacy-first master toggle)

Overview:

No external calls (master toggle) — Disables outbound HTTP calls so the plugin runs fully local-first.

How it works:

When enabled, AegisSpamGuard skips external disposable list fetches, external reputation, and optional geo providers that require downloads/calls (depending on your configuration).

Where to find it:

1. WP Admin → AegisSpamGuard → Settings
2. Privacy defaults
3. Enable “No external calls”.

Recommended settings:

Recommended: ON for strict privacy / offline environments.

This ensures no data leaves the site and removes network dependency.

Why it matters:

Admins with privacy constraints or locked-down hosting can still run strong anti-spam without SaaS.

Geo/ASN provider options (local DB / optional MaxMind with caching)

Overview:

Geo/ASN providers — Lets you choose how geo and ASN enrichment works (local-first with caching; optional MaxMind where configured).

How it works:

Geo/ASN enrichment can add context for rules (country/ASN allow/deny). Caching prevents repeated lookups and keeps performance stable.

Where to find it:

1. WP Admin → AegisSpamGuard → Settings
2. Geo / ASN defaults
3. Choose provider and cache behavior (if available).

Recommended settings:

Recommended: Keep Geo/ASN OFF unless you need geo rules; enable only after confirming hosting performance.

Geo lookups are optional—don’t add complexity unless you’ll use the rules.

Why it matters:

Admins running targeted geo restrictions or seeing country-based spam benefit from this optional layer.

External disposable list URL

Overview:

External disposable list URL — Optionally fetch a disposable email domain list from a URL (requires external calls).

How it works:

If enabled, AegisSpamGuard downloads a list periodically and caches it. This improves coverage beyond the built-in local list.

Where to find it:

1. WP Admin → AegisSpamGuard → Settings
2. Identity module settings
3. Set external list URL and enable the toggle.

Recommended settings:

Recommended: Leave OFF if “No external calls” is ON; otherwise enable only from trusted sources.

External lists can add coverage but introduce network dependency—use only if you trust the source and caching works on your host.

Why it matters:

Use caching intervals to reduce bandwidth and avoid timeouts.

Retention & purge (data minimization)

Overview:

Log retention and purge — Automatically purges old log entries to reduce database bloat and minimize stored data.

How it works:

A scheduled cleanup removes events older than your retention window. This keeps performance stable on shared hosting.

Where to find it:

1. WP Admin → AegisSpamGuard → Settings
2. Privacy / retention section (if present)
3. Set retention days and save.

Recommended settings:

Recommended: 30–90 days depending on traffic.

Most tuning and audits happen in the first few weeks; keeping 1–3 months is usually enough without bloating the DB.

Why it matters:

If you are investigating an incident, temporarily increase retention.

Coverage Modes

Where: WP Admin → AegisSpamGuard →

Choose where protection applies: generic Any POST, search forms, comments, registration, WooCommerce, REST endpoints, and trust policies for known users.

Any POST / Any Form mode (generic protection)

Overview:

Generic POST / Any Form protection — Protects unknown theme forms and unsupported plugins by scoring front-end POST submissions even without an adapter.

How it works:

The core guard runs early, skips wp-admin/REST/AJAX by default, avoids double-handling known adapters, then scores POST fields and enforces policy (block/hold; challenge can be enforced if configured).

Where to find it:

1. WP Admin → AegisSpamGuard → Settings
2. Site-wide protection
3. Enable “Protect all POST submissions (generic forms)” and save.

Recommended settings:

Recommended: ON with “Block on Challenge” ON while tuning.

Generic POST mode catches more vectors; blocking Challenge prevents bot floods until thresholds and allowlists are tuned.

Why it matters:

Admins with custom themes, bespoke forms, and niche plugins get protection without waiting for adapters.

Any POST mode include admin-ajax.php / admin-post.php allowlists

Overview:

AJAX & admin-post protection (allowlisted) — Optionally include admin-ajax.php and admin-post.php POST submissions in Generic POST mode using allowlisted actions/patterns.

How it works:

These endpoints are widely used by plugins; AegisSpamGuard keeps them OFF by default for safety and requires allowlists to avoid breaking legitimate features.

Where to find it:

1. WP Admin → AegisSpamGuard → Settings
2. Site-wide protection
3. Enable “Include admin-ajax.php” and/or “Include admin-post.php” only if you add allowlisted actions/paths.

Recommended settings:

Recommended: Leave OFF unless you know the exact actions you must protect.

Incorrect allowlists can break forms and AJAX features; turn on only after testing.

Why it matters:

Admins get ‘whole-site’ coverage while retaining safe defaults that don’t disrupt site functionality.

Search form protection (anti-SEO spam + CPU protection)

Overview:

Search form protection — Stops bots from abusing WordPress search by scoring suspicious queries and rate-limiting aggressive activity.

How it works:

The search term is scored; block/hold can return a 429 rate-limit response, and Challenge can apply a small delay to discourage automated scraping/search spam.

Where to find it:

1. WP Admin → AegisSpamGuard → Settings
2. Enable “Search form protection”.
3. Save changes.

Recommended settings:

Recommended: ON for public sites.

Search abuse can generate thousands of low-value pages and waste CPU; protection reduces that risk.

Why it matters:

Admins protect SEO and performance by preventing bot-driven search spam pages.

WordPress comment protection

Overview:

Comments spam protection — Scores and filters comment submissions with transparent reasons and action bands.

How it works:

Hooks into WordPress comment submission flow, normalizes the comment payload, computes a score from signals, then allows, challenges, holds, or blocks based on your policy.

Where to find it:

1. WP Admin → AegisSpamGuard → Settings
2. Ensure comment protection is enabled (default).
3. Optionally tune thresholds and content signals.

Recommended settings:

Recommended: Enabled.

Comments remain a common spam vector; keeping it enabled provides baseline protection even if you mostly care about forms.

Why it matters:

Admins need clean comment sections to protect SEO, trust, and moderation time.

Registration protection

Overview:

Registration spam protection — Stops fake account creation by scoring registrations and applying allow/hold/block logic.

How it works:

Hooks into registration validation; checks identity heuristics (disposable domains, MX optional), velocity, and reputation; then enforces policy.

Where to find it:

1. WP Admin → AegisSpamGuard → Settings
2. Enable registration protection (if toggle exists).
3. Tune identity signals and trust settings.

Recommended settings:

Recommended: Enabled with Hold for new sites.

Holding suspicious registrations prevents fake accounts while avoiding accidental blocks of legitimate users during early tuning.

Why it matters:

Admins reduce fake users, deliverability issues, and malicious activity from throwaway accounts.

WooCommerce protection

Overview:

WooCommerce checkout notes + orders spam protection — Scores WooCommerce checkout submissions and order notes to stop spam and fraud patterns.

How it works:

On checkout-related hooks, AegisSpamGuard analyzes fields and behavior signals; suspicious submissions can be challenged or held before completing workflows (depending on integration points).

Where to find it:

1. WP Admin → AegisSpamGuard → Settings
2. Enable WooCommerce protection (if available).
3. Review Held items after enabling.

Recommended settings:

Recommended: Enabled on stores.

Stores are a high-value target; adding this layer reduces bogus orders and spammy notes without CAPTCHAs.

Why it matters:

Admins protect revenue, reduce operational noise, and keep customer experience clean.

REST abuse protection

Overview:

REST request abuse protection — Scores suspicious REST requests to reduce spam and automated abuse of WordPress endpoints.

How it works:

The engine inspects request context, headers, and patterns. Depending on your configuration, it can apply scoring and rate-limit or block abusive requests.

Where to find it:

1. WP Admin → AegisSpamGuard → Settings
2. Enable REST protection (if available).
3. Tune firewall/velocity thresholds for best results.

Recommended settings:

Recommended: Enabled on public sites with heavy bot traffic.

REST endpoints are commonly probed; early scoring and rate-limiting reduces load and abuse.

Why it matters:

Admins protect site performance and reduce automated scanning noise.

Trust logged-in users

Overview:

Trust logged-in users — Reduces score or bypasses certain checks for authenticated users to minimize false positives.

How it works:

If enabled, the engine treats logged-in users as lower risk (configurable), which helps membership and community sites.

Where to find it:

1. WP Admin → AegisSpamGuard → Settings
2. Trust settings section
3. Toggle “Trust logged-in users”.

Recommended settings:

Recommended: ON for membership/community sites; OFF for open registrations with frequent compromised accounts.

Trusted sessions reduce friction for real users; turn off only if you see abuse from compromised accounts.

Why it matters:

Admins keep UX smooth for known users while still protecting public endpoints.

Trust WooCommerce customers

Overview:

Trust WooCommerce customers — Applies a trust boost to known customers to avoid blocking legitimate orders and support requests.

How it works:

When enabled, the engine checks user/customer status and reduces risk score or avoids harsh enforcement for trusted customers.

Where to find it:

1. WP Admin → AegisSpamGuard → Settings
2. Trust settings section
3. Toggle “Trust WooCommerce customers”.

Recommended settings:

Recommended: ON for stores.

Real customers should not see friction at checkout; trust reduces false positives where it matters most.

Why it matters:

Combine with allowlist rules for staff and service providers.

Trust existing users older than N days

Overview:

Trust users older than N days — Applies a trust boost to accounts older than a configurable age, reducing false positives for established users.

How it works:

Older accounts are statistically lower risk; this setting lets you encode that into scoring.

Where to find it:

1. WP Admin → AegisSpamGuard → Settings
2. Trust settings section
3. Set “Trust existing user if older than N days”.

Recommended settings:

Recommended: 7–14 days for most sites.

A week is enough to separate drive-by spam from normal members without granting immediate trust to new signups.

Why it matters:

Admins improve UX for established users while keeping defenses strong for new accounts.

Integrations

Where: WP Admin → AegisSpamGuard →

Enable deeper form integrations for popular builders so AegisSpamGuard can add fields/signals and score submissions reliably.

WPForms integration

Overview:

WPForms protection — Injects JS proof and scores WPForms submissions to stop form spam without CAPTCHAs.

How it works:

Uses WPForms hooks to add a proof token and then validates it during submission. Missing/invalid proofs add score; combined with other signals, this stops headless bots.

Where to find it:

1. WP Admin → AegisSpamGuard → Settings
2. Enable JS proof for forms.
3. Ensure WPForms is active; AegisSpamGuard auto-integrates.

Recommended settings:

Recommended: JS proof ON + honeypot ON.

This combination is low-friction but high-signal on modern bot traffic.

Why it matters:

If a WPForms form breaks, add the action/path to allowlists (if you enabled generic AJAX/admin-post protection).

Gravity Forms integration

Overview:

Gravity Forms protection — Adds JS proof and scoring to Gravity Forms submissions.

How it works:

Hooks into Gravity Forms validation; injects/validates proof token and scores content + behavior. Enforcement follows the same policy bands as other vectors.

Where to find it:

1. WP Admin → AegisSpamGuard → Settings
2. Enable JS proof for forms.
3. Ensure Gravity Forms is active; integration activates automatically.

Recommended settings:

Recommended: JS proof ON; progressive delay ON for Challenge band.

This reduces bot throughput while keeping real users unaffected.

Why it matters:

Review the Spam Log for ‘challenge’ decisions to tune thresholds.

AegisForm integration

Overview:

AegisForm protection — First-class protection for AegisForm submissions with JS proof and scoring.

How it works:

Because AegisForm is part of your ecosystem, AegisSpamGuard can integrate tightly: consistent tokens, clean event shapes, and shared UI/UX expectations.

Where to find it:

1. WP Admin → AegisSpamGuard → Settings
2. Enable JS proof + honeypot.
3. Ensure AegisForm is active; integration runs automatically.

Recommended settings:

Recommended: Keep enabled (default).

It gives your product suite a cohesive, premium ‘works together’ experience.

Why it matters:

If you rename form fields, AegisSpamGuard still scores generically via normalized payload.

Cleanup Tools

Where: WP Admin → AegisSpamGuard → Cleanup

Run safe, batch cleanup scans to identify and handle legacy spam in comments and user accounts.

Cleanup tools overview (safe batch scanning)

Overview:

Cleanup tools — Scans existing comments and users in safe batches to identify and remove legacy spam without timeouts.

How it works:

Cleanup uses the same engine scoring but runs with safe batching and can operate in report-only mode so you can validate before changing data.

Where to find it:

1. WP Admin → AegisSpamGuard → Cleanup

Recommended settings:

Recommended: Start with Report-only, then Move to Spam.

This prevents accidental deletions and lets you verify scoring on old content.

Why it matters:

Admins often inherit spam-filled databases—Cleanup restores quality and reduces moderation workload.

Cleanup: Comments scan (report / spam / delete)

Overview:

Comments cleanup — Re-scores existing comments and lets you apply actions: Report-only, Move to Spam, or Delete.

How it works:

The tool processes comments in batches to avoid shared-host issues. It can optionally skip logging (so cleanup doesn’t pollute live spam logs).

Where to find it:

1. WP Admin → AegisSpamGuard → Cleanup
2. Choose “Comments cleanup”
3. Run Report-only first, then choose Move to Spam or Delete.

Recommended settings:

Recommended: Move to Spam (safe default).

You can recover mistakes from Spam; deletion is permanent and should be used only after validation.

Why it matters:

Admins need to remove existing spam to improve SEO, trust, and site usability.

Cleanup: Users scan (spam accounts cleanup)

Overview:

Users cleanup — Re-scores existing user accounts to identify likely spam registrations and optionally remove them.

How it works:

Signals can include disposable domains, suspicious names, and other identity heuristics. The tool runs in safe batches.

Where to find it:

1. WP Admin → AegisSpamGuard → Cleanup
2. Choose “Users cleanup”
3. Run Report-only first, then apply removal if you confirm results.

Recommended settings:

Recommended: Report-only first; delete only confirmed spam accounts.

User deletion is sensitive—validate results carefully to avoid removing real customers.

Why it matters:

Admins stop fake accounts that can harm deliverability, SEO, and store analytics.

Portability & Multisite

Where: WP Admin → AegisSpamGuard →

Export/import your rules, weights, and thresholds, and manage multisite network defaults with per-site overrides.

JSON export/import (rules + weights + thresholds)

Overview:

Export/Import — Exports and imports your configuration as JSON (allow/deny lists, weights, thresholds, and key settings).

How it works:

This makes it easy to move a tuned configuration between sites or restore settings after testing.

Where to find it:

1. WP Admin → AegisSpamGuard → Settings
2. Find Export/Import section (if present)
3. Export JSON; to restore, import JSON and save.

Recommended settings:

Recommended: Export after initial tuning and before major changes.

A snapshot lets you roll back quickly if a change increases false positives.

Why it matters:

Admins managing multiple sites need fast, consistent configuration without redoing work.

Multisite network settings + per-site overrides

Overview:

Multisite controls — Supports network-wide defaults with per-site overrides so you can standardize protection across a multisite network.

How it works:

Network settings define baseline thresholds/modules; each site can override only what it needs (e.g., different aggressiveness for commerce vs blog sites).

Where to find it:

1. WP Network Admin → AegisSpamGuard → Settings (Network)
2. Configure global defaults
3. On an individual site, override settings as needed.

Recommended settings:

Recommended: Set conservative network defaults; override only for high-risk sites.

Conservative defaults reduce network-wide false positives while still providing meaningful protection everywhere.

Why it matters:

Admins running agencies or multisite installs need centralized control with safe flexibility.

Operations

Understand the scheduled tasks that keep protection and maintenance running, and verify WP‑Cron is healthy.

AegisSpamGuard: Scheduled tasks (WP‑Cron)

:

Description

AegisSpamGuard schedules background maintenance tasks using WP‑Cron.

How it works

Detected hook(s): asg_daily_cleanup. These run on WordPress cron events to handle routine maintenance and checks.

How to access / enable

WP‑Cron runs when your site receives traffic, or via a real cron job on managed hosts.

Recommended setting / best practice

On high-traffic sites, WP‑Cron is usually fine. On low-traffic sites, consider a real server cron for reliability.

Troubleshooting

If tasks don’t run, confirm WP‑Cron is enabled and review the plugin logs/options for last-run timestamps.

Security / privacy notes

Cron tasks run server-side; keep WordPress and plugins updated.

Data inventory (tables & options)

Where: WP Admin → AegisSpamGuard → Settings (varies by site)

This section documents what AegisSpamGuard stores on your site so you can review data-handling and retention choices.

AegisSpamGuard: Database tables created by the plugin

:

Description

AegisSpamGuard stores structured data in dedicated database tables for performance and reporting.

How it works

Detected table suffix(es): asg_events, asg_fingerprints, asg_firewall_events, asg_lists, asg_ml_tokens. Actual full names are prefixed with your site’s `$wpdb->prefix`.

How to access / enable

Tables are created/updated during activation or on first use depending on the module.

Recommended setting / best practice

Keep regular backups. If migrating, ensure these tables are included in your database export.

Troubleshooting

If tables are missing, deactivate/reactivate the plugin and check admin notices/logs.

Security / privacy notes

Database tables are not publicly accessible. Limit DB access and follow least-privilege for DB users.

AegisSpamGuard: Settings and stored options (inventory)

:

Description

AegisSpamGuard stores settings and operational state using WordPress options.

How it works

Detected option keys include: admin_email, asg_cleanup_last, asg_free_reg_optin, asg_free_reg_status, asg_license_email, asg_license_error, asg_license_expires, asg_license_expires_at, asg_license_key, asg_license_last_check....

How to access / enable

Most options are managed via the plugin’s settings pages; some are operational state (logs, caches, last-run stamps).

Recommended setting / best practice

Change settings using the plugin UI rather than editing options directly.

Troubleshooting

If settings don’t persist, check database permissions and object cache layers.

Security / privacy notes

Treat license keys and tokens as secrets; do not expose them in public exports.

Initial rollout checklist

1. Set policy thresholds conservatively (use Hold for medium confidence).
2. Enable core protections first (comments/registration/forms) before turning on firewall pre-check.
3. Submit realistic test traffic (contact form, checkout, registration) and verify events appear in the Spam Log.
4. Review Held and Blocked events daily for the first week; correct and train as needed.
5. Add Allow rules for known-safe sources (internal IPs, staff domains) and Deny rules for repeat offenders.
6. Set retention & purge to match your data-minimization goals.

Ongoing operations (weekly)

• Review Dashboard trends and Spam Log filters (Blocked/Held/Challenged) for drift.
• Export configuration before major tuning changes or site migrations.
• Verify scheduled tasks are running (especially on low-traffic sites).
• Run cleanup tools in small batches if you are addressing legacy spam.

Legitimate submissions are blocked or held

1. Open the event in Spam Log and review the score breakdown (“What happened?”).
2. Use Allow and/or Train Not Spam for false positives.
3. Add an Allow rule for the recurring safe attribute (IP/CIDR, domain, phrase, URL).
4. If the issue is timing/velocity related, relax Min seconds to submit or velocity limits for that form surface.

Users see a “blank page” when blocked

The firewall can respond with a bot-unfriendly blank page. If you need a friendlier response, adjust the firewall response settings and verify you are not blocking legitimate traffic at the firewall layer.

1. Temporarily switch uncertain traffic to Hold or Challenge while tuning.
2. Lower the firewall velocity sensitivity (or raise thresholds) if bursts are legitimate.

Nothing shows in the Spam Log

1. Confirm the protection mode is enabled for the surface you’re testing (e.g., comments, registration, Any POST).
2. Submit a test event again and check whether it is filtered by trust rules (logged-in users, customers, age-based trust).
3. Verify scheduled tasks are running if your site relies on WP‑Cron for maintenance operations.

Export/import did not apply expected rules

1. Confirm you imported the correct JSON package (rules + thresholds + weights).
2. On multisite, check whether network defaults are overriding per-site settings.
3. Re-test with a fresh submission and confirm the new policy thresholds are active.