Feature
AJAX & admin-post protection (allowlisted) — Optionally include admin-ajax.php and admin-post.php POST submissions in Generic POST mode using allowlisted actions/patterns.
How it works
These endpoints are widely used by plugins; AegisSpamGuard keeps them OFF by default for safety and requires allowlists to avoid breaking legitimate features.
How to access / enable
- WP Admin → AegisSpamGuard → Settings
- Site-wide protection
- Enable “Include admin-ajax.php” and/or “Include admin-post.php” only if you add allowlisted actions/paths.
Recommended setting
Recommended: Leave OFF unless you know the exact actions you must protect.
Incorrect allowlists can break forms and AJAX features; turn on only after testing.
Why you need this
Admins get ‘whole-site’ coverage while retaining safe defaults that don’t disrupt site functionality.
Additional information