frequently asked questions
(No Gimmicks, No CC,No Commitment, Free Features, Stay Free If You Prefer!)
Description: A guided interface to enroll users into MFA (QR, email, or backup codes depending on configuration).
How it works: The UI walks users through generating/confirming a second factor and stores the enrollment state upon successful verification.
How to access / configure:
- WP Admin → AegisShield → Login Guard → MFA.
- Click “Enroll” for your account.
- Follow the prompts to complete setup and save backup codes.
Recommended setting: Require admins to enroll; store backup codes in a password manager.
Feature
Email/domain rules — Allow or block submissions by email domain or hashed email identity.
How it works
AegisSpamGuard can hash email values (privacy-safe). Domain rules are useful for blocking disposable domains or allowing trusted corporate domains.
How to access / enable
- WP Admin → AegisSpamGuard → Allow/Deny
- Add a rule for an email domain (e.g., example.com) or email identity
- Choose Allow or Deny and save.
Recommended setting
Recommended: Block known disposable domains; allow your own business/customer domains.
Domain rules are high-signal and low maintenance.
Why you need this
Admins reduce spam registrations and fake leads by controlling email quality.
Additional information
Feature
Card rows (compact summary + expandable body) — Each log entry shows a compact summary row and expands to reveal full details, reasons, and next actions.
How it works
The summary focuses on what you need at a glance (score, action, type, timestamp). Expanding reveals signal breakdown, actor info (privacy-safe), payload excerpt, and evidence.
How to access / enable
- WP Admin → AegisSpamGuard → Spam Log
- Click an event card to expand/collapse details.
Recommended setting
Recommended: Expand Held/Challenged events before deciding.
Reviewing details prevents accidental denies and helps you build accurate allow/deny rules.
Why you need this
Admins need fast scanning and deep diagnostics in one place—cards make the log readable like a real app, not a raw table.
Additional information
Description: Controls how often the File Monitor checks for new/changed files.
How it works: interval determines the periodic monitoring cadence so AegisShield can detect bursts of changes quickly.
How to access / configure:
- WP Admin → AegisShield → File Integrity → File Monitor.
- Set the monitoring interval (minutes).
- Save changes.
Recommended setting: 15 minutes is a solid default; use 30–60 minutes on shared hosting if needed.
Description: Controls XML-RPC behavior to reduce abuse while keeping compatibility when needed.
How it works: disable_xmlrpc_behavior determines whether XML-RPC is allowed, partially restricted, or denied with an error page.
How to access / configure:
- WP Admin → AegisShield → Hardening.
- Locate XML-RPC behavior dropdown.
- Choose the desired behavior and Save Changes.
Recommended setting: Use “Allow core XML‑RPC but restrict dangerous methods” when compatibility is needed; otherwise deny XML‑RPC on sites that don’t use it.
Description
Outputs WebSite schema.
How it works
Builds WebSite node with sitename/home URL.
How to access / enable
Schema tab.
Recommended setting
ON.
Description: Records hardening setting changes in the Activity Log (Pro).
How it works: When hardening settings are saved, AegisShield emits audit events so you can track who changed protections and when.
How to access / configure:
- WP Admin → AegisShield → Activity Log.
- Filter for Hardening events.
- Review changes after maintenance windows.
Recommended setting: Enable Activity Log retention sufficient to audit hardening changes (30–90 days).
Description: Add custom directives to CSP when you need advanced control (Pro).
How it works: builder_extra_directives and builder_extra_mode append additional CSP rules beyond the guided fields.
How to access / configure:
- WP Admin → AegisShield → Security Headers → CSP Builder.
- Enter extra directives.
- Save and test.
Recommended setting: Only use if you understand CSP; validate directives to avoid breaking the site.
FREE: Not available.
PRO: Available.
What it does: Changes WP DB prefix safely.
How to use it properly: Always preview first.
Description: Sets how many failed login attempts are allowed before a lockout triggers.
How it works: Login Guard increments a counter on failed authentication and locks out when the counter reaches max_attempts.
How to access / configure:
- WP Admin → AegisShield → Login Guard.
- Find “Max Attempts”.
- Set the value and Save Changes.
Recommended setting: Use 3–5 for most sites; use 3 if the site is frequently attacked.
Feature
Sensitivity mode: balanced / strict (signature pack selection)
Description
Select rule pack sensitivity.
How it works
AegisWAF applies this capability inside the WAF Rules module. The engine evaluates configuration, applies matching (path/method/tokens/counters/providers), then records evidence into the event log and executes the configured enforcement action when conditions are met.
How to access / Enable or disable
- Access: AegisWAF → WAF Settings (Rules section)
- Enable/Disable: Use the module toggle/switch on this screen (or the relevant category toggle) to enable/disable.
Recommended setting
Start conservative (LOG or Challenge) for new deployments; tighten to Block once you confirm low false positives.
Feature
IP / CIDR rules — Allow or block specific IP addresses or CIDR ranges (e.g., ***********/24).
How it works
CIDR support lets you handle office networks, known providers, or abusive subnets efficiently while keeping the rules list short.
How to access / enable
- WP Admin → AegisSpamGuard → Allow/Deny
- Add a rule for an IP or CIDR range
- Choose Allow or Deny and save.
Recommended setting
Recommended: Allowlist trusted office/VPN IPs; deny only when you have repeated confirmed abuse.
Over-blocking IP ranges can affect legitimate users (mobile carriers and shared networks).
Why you need this
Admins use IP rules to quickly stop persistent offenders and protect internal workflows.
Additional information
Description: Blocks directories from crawler access.
Logic: Disallow rules are generated for each defined path.
Access: WP Admin → AegisSitemap → Robots → Excluded Directories.
Recommendation: Block admin, search, and temporary paths.
Feature
Visual Intelligence: Bot Control trend chart (24h/7d)
Description
Time-series visualization of Bot Control events.
How it works
AegisWAF applies this capability inside the Logging & Evidence module. The engine evaluates configuration, applies matching (path/method/tokens/counters/providers), then records evidence into the event log and executes the configured enforcement action when conditions are met.
How to access / Enable or disable
- Access: AegisWAF → Logs / Attack Story
- Enable/Disable: Use the module toggle/switch on this screen (or the relevant category toggle) to enable/disable.
Recommended setting
Start conservative (LOG or Challenge) for new deployments; tighten to Block once you confirm low false positives.
Feature
Managed Rule categories (always available): SQLi / XSS / Path Traversal
Description
Core OWASP categories.
How it works
AegisWAF applies this capability inside the WAF Rules module. The engine evaluates configuration, applies matching (path/method/tokens/counters/providers), then records evidence into the event log and executes the configured enforcement action when conditions are met.
How to access / Enable or disable
- Access: AegisWAF → WAF Settings (Rules section)
- Enable/Disable: Use the module toggle/switch on this screen (or the relevant category toggle) to enable/disable.
Recommended setting
Start conservative (LOG or Challenge) for new deployments; tighten to Block once you confirm low false positives.
Description: Adds a Share button on WooCommerce single product pages (when enabled) so customers can share a clean short URL.
How it works: The integration checks for a mapped short link for the product and outputs a share control when available.
How to access / enable: WP Admin → AegisLink → ShortURL Links → Settings → enable WooCommerce Share Button.
Recommended setting: Enable after you bulk-generate product short links so most products immediately have share-ready URLs.
Feature
Rule “Contains (all)” matching (one token per line; ALL must match)
Description
All-tokens matching condition.
How it works
AegisWAF applies this capability inside the WAF Rules module. The engine evaluates configuration, applies matching (path/method/tokens/counters/providers), then records evidence into the event log and executes the configured enforcement action when conditions are met.
How to access / Enable or disable
- Access: AegisWAF → WAF Settings (Rules section)
- Enable/Disable: Use the module toggle/switch on this screen (or the relevant category toggle) to enable/disable.
Recommended setting
Start conservative (LOG or Challenge) for new deployments; tighten to Block once you confirm low false positives.
Feature
Max REST body size (bytes) enforcement (413 if exceeded; 0 disables)
Description
Body size enforcement for REST.
How it works
AegisWAF applies this capability inside the API Shield module. The engine evaluates configuration, applies matching (path/method/tokens/counters/providers), then records evidence into the event log and executes the configured enforcement action when conditions are met.
How to access / Enable or disable
- Access: AegisWAF → API Shield
- Enable/Disable: Use the module toggle/switch on this screen (or the relevant category toggle) to enable/disable.
Recommended setting
Set a limit that fits your API use (e.g., 256KB–1MB). Use 0 only if absolutely necessary.
Description
Override or extend schema for a specific post.
How it works
Uses per-post metadata or rules.
How to access / enable
Edit Post → Schema section (if enabled).
Recommended setting
Only for special content.
Feature
WPForms protection — Injects JS proof and scores WPForms submissions to stop form spam without CAPTCHAs.
How it works
Uses WPForms hooks to add a proof token and then validates it during submission. Missing/invalid proofs add score; combined with other signals, this stops headless bots.
How to access / enable
- WP Admin → AegisSpamGuard → Settings
- Enable JS proof for forms.
- Ensure WPForms is active; AegisSpamGuard auto-integrates.
Recommended setting
Recommended: JS proof ON + honeypot ON.
This combination is low-friction but high-signal on modern bot traffic.
Why you need this
If a WPForms form breaks, add the action/path to allowlists (if you enabled generic AJAX/admin-post protection).
Additional information
Description: Enables periodic file monitoring that can detect and report changes between full scans.
How it works: The File Monitor module runs at a set interval and records change events that can feed the dashboard and alerts.
How to access / configure:
- WP Admin → AegisShield → File Integrity (or File Monitor subpanel).
- Enable File Monitor.
- Set interval and Save Changes.
Recommended setting: Enable with a 15-minute interval on most sites; increase interval if hosting resources are limited.
Feature
Bad User-Agent blocking (token contains match; blocks)
Description
Block known bad UA tokens.
How it works
AegisWAF applies this capability inside the Bot Control module. The engine evaluates configuration, applies matching (path/method/tokens/counters/providers), then records evidence into the event log and executes the configured enforcement action when conditions are met.
How to access / Enable or disable
- Access: AegisWAF → Bot Control
- Enable/Disable: Use the module toggle/switch on this screen (or the relevant category toggle) to enable/disable.
Recommended setting
Start conservative (LOG or Challenge) for new deployments; tighten to Block once you confirm low false positives.
Description: Controls which MFA methods users can use (e.g., authenticator app via QR, email codes).
How it works: AegisShield exposes allowed methods in the enrollment UI and validates codes using the selected method’s provider.
How to access / configure:
- WP Admin → AegisShield → Login Guard → MFA (Pro).
- Select allowed MFA methods.
- Save and test enrollment for a non-admin user.
Recommended setting: Allow authenticator + backup codes as primary; keep email MFA as fallback if needed.
Feature
Local ML (Naive Bayes) — A lightweight local classifier that learns from your site’s own spam vs not-spam decisions.
How it works
Tokens are normalized (URLs/emails/numbers become special tokens). Training updates a local DB table so ML becomes one signal in your score, not the entire decision.
How to access / enable
- WP Admin → AegisSpamGuard → Settings
- Enable “Local ML” (if present) and set ML weight.
- Go to Spam Log → select events → Train Spam / Train Not Spam.
Recommended setting
Recommended: ON with a modest weight (e.g., 8–15 points).
Keeping ML as a small signal prevents model drift from overpowering strong deterministic signals like honeypot or deny rules.
Why you need this
Admins get site-specific learning without sending data to a cloud service.
Additional information
Feature
Bot Control: Per-path threshold wildcard matching
Description
How wildcards (* and ?) match request paths for per-path limits.
How it works
AegisWAF applies this capability inside the Bot Control module. The engine evaluates configuration, applies matching (path/method/tokens/counters/providers), then records evidence into the event log and executes the configured enforcement action when conditions are met.
How to access / Enable or disable
- Access: AegisWAF → Bot Control
- Enable/Disable: Use the module toggle/switch on this screen (or the relevant category toggle) to enable/disable.
Recommended setting
Start conservative (LOG or Challenge) for new deployments; tighten to Block once you confirm low false positives.








