frequently asked questions
(No Gimmicks, No CC,No Commitment, Free Features, Stay Free If You Prefer!)
Description: Apply pre-built security profiles such as Relaxed / Balanced / Strict (Pro).
How it works: Profiles set multiple header values together, making it easier to adopt best-practice defaults.
How to access / configure:
- WP Admin → AegisShield → Security Headers → Profiles (Pro).
- Select a profile.
- Save and test key site pages.
Recommended setting: Start with Balanced; move to Strict after CSP violations are addressed.
- Reduces common WordPress attack surface (headers, hardening, login protection)
- Adds observability (activity logging + login attempts + file integrity baselines)
- Adds incident-oriented tooling (malware workflows like incremental scan / incidents / profiles / scheduler tabs in UI)
- Provides safer DB admin utilities (notably DB prefix management with a “don’t forget the internal keys” phase)
Description: Lets you control how many words render large and medium to balance the cloud’s visual hierarchy.
How it works: AegisLink assigns the top N words to Large and the next N words to Medium; the rest render Small.
How to access / enable: WP Admin → AegisLink → Word Cloud → How many words per size → Save Defaults.
Recommended setting: 10 large and 20 medium is a solid starting point; adjust to match your page length and layout.
Feature
Rule actions: Log / Block / Allow
Description
Choose enforcement action per rule.
How it works
AegisWAF applies this capability inside the WAF Rules module. The engine evaluates configuration, applies matching (path/method/tokens/counters/providers), then records evidence into the event log and executes the configured enforcement action when conditions are met.
How to access / Enable or disable
- Access: AegisWAF → WAF Settings (Rules section)
- Enable/Disable: Use the module toggle/switch on this screen (or the relevant category toggle) to enable/disable.
Recommended setting
Start conservative (LOG or Challenge) for new deployments; tighten to Block once you confirm low false positives.
Feature
Firewall returns blank page — When blocking at the firewall layer, return a simple blank/fast response instead of a friendly error page.
How it works
Bots learn from rich error pages; a minimal response is faster and reveals less information while still stopping abusive traffic.
How to access / enable
- WP Admin → AegisSpamGuard → Settings
- Firewall section
- Toggle “Firewall returns blank page” ON/OFF.
Recommended setting
Recommended: ON for public sites.
It’s faster and less informative to bots while still being safe for humans (humans rarely see firewall blocks).
Why you need this
Admins who care about performance and reducing bot feedback loops benefit from this.
Additional information
Description: Enforces password complexity requirements by role (Pro).
How it works: When enabled, AegisShield validates new passwords against configured rules (length and character requirements) and rejects weak passwords.
How to access / configure:
- WP Admin → AegisShield → Hardening → Password Policy.
- Enable strong password enforcement.
- Configure requirements and Save Changes.
Recommended setting: Enforce for administrators and editors at minimum; require 12+ characters with mixed classes.
Description: Blocks or penalizes login attempts for usernames that do not exist, reducing user enumeration and brute-force noise.
How it works: If block_unknown_user is enabled, AegisShield can treat unknown usernames as hostile and deny/lock faster.
How to access / configure:
- WP Admin → AegisShield → Login Guard.
- Enable “Block unknown user” (if shown) and Save Changes.
Recommended setting: Enable on most sites; keep it off only if you rely on custom auth flows that probe usernames.
Description: Adds a Share button on WooCommerce single product pages (when enabled) so customers can share a clean short URL.
How it works: The integration checks for a mapped short link for the product and outputs a share control when available.
How to access / enable: WP Admin → AegisLink → ShortURL Links → Settings → enable WooCommerce Share Button.
Recommended setting: Enable after you bulk-generate product short links so most products immediately have share-ready URLs.
Description
Checks heading usage quality.
How it works
Scans content for heading tags/blocks.
How to access / enable
Aegis Score.
Recommended setting
One H3; use H4 sections.
Feature
Action mode: FREE forced to LOG; PRO can use Log / Block / Challenge / Rate Limit
Description
Global action mode / enforcement policy.
How it works
AegisWAF applies this capability inside the WAF Rules module. The engine evaluates configuration, applies matching (path/method/tokens/counters/providers), then records evidence into the event log and executes the configured enforcement action when conditions are met.
How to access / Enable or disable
- Access: AegisWAF → WAF Settings (Rules section)
- Enable/Disable: Use the module toggle/switch on this screen (or the relevant category toggle) to enable/disable.
Recommended setting
Start conservative (LOG or Challenge) for new deployments; tighten to Block once you confirm low false positives.
Description: Run Now triggers a manual health check run for immediate results.
How it works: AegisLink executes the health check handler and updates the stored run summary.
How to access / enable: WP Admin → AegisLink → Tools & Licensing → Health Checks → Run Now.
Recommended setting: Use after big site changes (migrations, product cleanup) to quickly refresh health statuses.
Description: Central location for global settings, licensing status, and update checks.
How it works: This page surfaces license state, update availability, and links to module settings so admins can manage the plugin lifecycle.
How to access / configure:
- WP Admin → AegisShield → Settings, License & Updates.
- Review license status and update status.
- Apply updates and re-check dashboard health.
Recommended setting: Enable automatic updates only if you have backups and a staging workflow; otherwise update during maintenance windows.
Feature
WPForms protection — Injects JS proof and scores WPForms submissions to stop form spam without CAPTCHAs.
How it works
Uses WPForms hooks to add a proof token and then validates it during submission. Missing/invalid proofs add score; combined with other signals, this stops headless bots.
How to access / enable
- WP Admin → AegisSpamGuard → Settings
- Enable JS proof for forms.
- Ensure WPForms is active; AegisSpamGuard auto-integrates.
Recommended setting
Recommended: JS proof ON + honeypot ON.
This combination is low-friction but high-signal on modern bot traffic.
Why you need this
If a WPForms form breaks, add the action/path to allowlists (if you enabled generic AJAX/admin-post protection).
Additional information
Description: Connects AegisShield to your license to unlock Pro features and receive updates.
How it works: The license page validates your license key/domain with the licensing service and enables Pro-only UI and update metadata when active.
How to access / configure:
- WP Admin → AegisShield → Settings, License & Updates (or License).
- Enter your license key and activate.
- Confirm Pro indicators show as enabled.
Recommended setting: Activate on exactly one domain per license; keep the license email consistent with your purchase email.
Description: Controls when file-monitor events send emails (e.g., off, high-only, all).
How it works: email_mode decides whether change events are grouped/suppressed or immediately emailed depending on severity and chosen mode.
How to access / configure:
- WP Admin → AegisShield → File Integrity → Email Settings.
- Select Email Mode.
- Save changes and test with a controlled file change.
Recommended setting: Use High-only mode to prevent alert fatigue.
Description
Default archive meta description template.
How it works
Uses desc_archive; term description may be used.
How to access / enable
Global SEO → Titles & Meta → Archive Meta Description Template.
Recommended setting
Write category descriptions for top categories.
Feature
IP / CIDR Blocklist
Description
Blocklist of IPs/CIDRs.
How it works
AegisWAF applies this capability inside the Geo & ASN Protection module. The engine evaluates configuration, applies matching (path/method/tokens/counters/providers), then records evidence into the event log and executes the configured enforcement action when conditions are met.
How to access / Enable or disable
- Access: AegisWAF → Bot Control (Geo/ASN) / API Shield (if exposed)
- Enable/Disable: Use the module toggle/switch on this screen (or the relevant category toggle) to enable/disable.
Recommended setting
Start conservative (LOG or Challenge) for new deployments; tighten to Block once you confirm low false positives.
Description: Controls XML-RPC behavior to reduce abuse while keeping compatibility when needed.
How it works: disable_xmlrpc_behavior determines whether XML-RPC is allowed, partially restricted, or denied with an error page.
How to access / configure:
- WP Admin → AegisShield → Hardening.
- Locate XML-RPC behavior dropdown.
- Choose the desired behavior and Save Changes.
Recommended setting: Use “Allow core XML‑RPC but restrict dangerous methods” when compatibility is needed; otherwise deny XML‑RPC on sites that don’t use it.
FREE: Not available.
PRO: Available.
What it does: Retains logs for long-term forensics.
How to use it properly: Enable for compliance or long-term investigations.
Description: ShortURL Links is a self-hosted short-link system that creates clean short URLs on your own domain and redirects to long target URLs.
How it works: It uses a WordPress custom post type to store links, registers a rewrite route using your prefix, and redirects on the front-end with optional click tracking.
How to access / enable: WP Admin → AegisLink → ShortURL Links.
Recommended setting: Use ShortURL Links for ecommerce products, campaigns, and share-friendly URLs.
Description
Checks title length for SERP best practices.
How it works
Counts characters and flags too short/long.
How to access / enable
Aegis Score.
Recommended setting
50–60 chars.
Description: A dashboard preview of recent alert-worthy events and notifications.
How it works: When alert rules are enabled (Pro), the dashboard can show a preview of what would be emailed or flagged.
How to access / configure:
- WP Admin → AegisShield → Dashboard.
- Review “Alert Center preview”.
- Open Activity Log / Alerts for full history.
Recommended setting: Configure alert rules to notify only on high-risk events to avoid alert fatigue.
Description: Controls the path prefix used to generate short URLs (example: “go” makes /go/your-slug).
How it works: AegisLink registers rewrite rules based on this prefix and flushes when changed.
How to access / enable: WP Admin → AegisLink → ShortURL Links → Settings → Short Link Prefix → Save Settings.
Recommended setting: Keep it short and memorable: go, l, r, or link.
Description
Keeps schema generation lightweight.
How it works
Uses stored options/meta and minimal runtime queries.
How to access / enable
Automatic.
Recommended setting
Avoid overly complex rules.
Description
Central operations view for SEO health and quick actions.
How it works
Aggregates key checks, recent activity, and shortcuts.
How to access / enable
AegisSEO → SEO Ops Center.
Recommended setting
Review weekly.