Content Security Policy (CSP) Levels

Description: Controls how strict CSP is applied across frontend/admin (Pro features may be dimmed in UI). How it works: csp_level, csp_level_frontend, and csp_level_admin determine whether CSP is off, report-only, balanced, strict, or custom. How to access / configure: WP Admin → AegisShield → Security Headers → CSP. Choose CSP level for frontend and admin. Save changes and test critical pages. Recommended setting: Start with Report-Only (Pro) to collect violations, then move to Balanced/Strict after tuning.

HTTP Strict Transport Security (HSTS)

Description: Forces browsers to use HTTPS for your site, reducing downgrade and cookie hijacking risks. How it works: When enable_hsts is on, AegisShield sends the Strict-Transport-Security header so browsers remember to use HTTPS. How to access / configure: WP Admin → AegisShield → Security Headers. Enable HSTS. Confirm your site is fully HTTPS first, then Save Changes. Recommended setting: Enable only after confirming HTTPS is permanent and working across all subpages.

Enable Security Headers

Description: Master switch for applying configured security headers. How it works: The sec_headers enabled setting controls whether AegisShield injects headers on outgoing responses. How to access / configure: WP Admin → AegisShield → Security Headers. Toggle “Enabled”. Save changes. Recommended setting: Enable in production; disable temporarily only for debugging header conflicts.

Basic Header Management

Description: Adds key HTTP security headers to reduce browser-based attacks. How it works: Security Headers applies configured headers on responses and helps prevent clickjacking, MIME sniffing, and referrer leakage. How to access / configure: WP Admin → AegisShield → Security Headers. Enable Security Headers. Save changes and test your site in an incognito window. Recommended setting: Enable on all sites; start with a balanced profile before moving to strict CSP.

Description: Stores the API key used for vulnerability lookups when Patchstack is selected (Pro). How it works: hardening_vuln_patchstack_key is used to authenticate vulnerability data requests. How to access / configure: WP Admin → AegisShield → Hardening → Vulnerabilities tab. Enter Patchstack API key. Save and run a check. Recommended setting: Use a dedicated key and rotate it if compromised.

Vulnerability Scan Source

Description: Selects which vulnerability intelligence source is used for checks (Pro). How it works: hardening_vuln_source determines how vulnerability data is fetched/compared against installed plugins/themes. How to access / configure: WP Admin → AegisShield → Hardening → Vulnerabilities tab. Choose the source. Save and run a vulnerability check. Recommended setting: Use the most reputable data source available in your setup; run checks after updates.

Description: Controls how aggressively role-risk analysis evaluates and flags capabilities. How it works: hardening_role_risk_mode selects the analysis profile used to compute role risk and recommendations. How to access / configure: WP Admin → AegisShield → Hardening → Roles tab. Select risk mode. Save and rerun the analysis. Recommended setting: Use a stricter mode on production sites with multiple admins.

Description: Analyzes role capabilities and highlights risky permissions (Pro). How it works: The role-risk tab evaluates capability sets, flags elevated permissions, and stores results in hardening_role_risk_results. How to access / configure: WP Admin → AegisShield → Hardening → Roles tab. Run role risk analysis. Review results and adjust roles if needed. Recommended setting: Minimize administrator accounts; ensure editors/authors don’t have dangerous capabilities.

Hardening Changes Logged

Description: Records hardening setting changes in the Activity Log (Pro). How it works: When hardening settings are saved, AegisShield emits audit events so you can track who changed protections and when. How to access / configure: WP Admin → AegisShield → Activity Log. Filter for Hardening events. Review changes after maintenance windows. Recommended setting: Enable Activity Log retention sufficient to audit hardening changes (30–90 days).

Description: Requires at least one symbol in passwords (when enforcement is enabled). How it works: password_require_symbol adds a symbol check to password validation. How to access / configure: WP Admin → AegisShield → Hardening → Password Policy. Enable symbol requirement. Save changes. Recommended setting: Enable for admins; consider optional for lower roles to reduce support burden.

News & Events

Categories: AegisShield
Content Security Policy (CSP) Levels
read more
Categories: AegisShield
HTTP Strict Transport Security (HSTS)
read more
Categories: AegisShield
Enable Security Headers
read more
Categories: AegisShield
Basic Header Management
read more
Categories: AegisShield
Patchstack API Key
read more
Categories: AegisShield
Vulnerability Scan Source
read more
Categories: AegisShield
Role Risk Mode
read more
Categories: AegisShield
Role Risk Analyzer
read more
Categories: AegisShield
Hardening Changes Logged
read more
Categories: AegisShield
Require Symbols
read more

keep updated & don’t miss anything!

We regularly develop new plugins and release them for free because they’re solutions we trust and use ourselves.

By entering your email, you agreed to our Privacy Policy and Terms & Conditions

Frequently Asked Questions

Support Docs

Ticketing System

csp admin level strict frontend pro report balanced description controls applied across features may dimmed works determine whether off custom access configure aegisshield security headers choose save changes test critical pages recommended setting start collect violations move tuning

Powered by Aegisify Links

2026 - Aegisify.com - Everything Your WordPress Site Needs, One Platform. One Price.

Privacy Policy * Terms of Use * Free Plugin Disclaimer * End User License Agreement