frequently asked questions
(No Gimmicks, No CC,No Commitment, Free Features, Stay Free If You Prefer!)
Description: Enables dynamic XML sitemap generation for your WordPress site.
Logic: When enabled, AegisSitemap generates sitemap endpoints on-demand and updates them automatically when content changes.
Access: WP Admin → AegisSitemap → Sitemap → Enable Sitemap.
Recommendation: Always enabled on live websites.
Description: Controls whether CSP is built from presets, custom lists, or a guided builder (Pro).
How it works: builder_mode defines how directives are assembled, which sources are included, and whether extra directives are appended.
How to access / configure:
- WP Admin → AegisShield → Security Headers → CSP Builder.
- Select Builder Mode.
- Save changes.
Recommended setting: Use the guided builder first; move to custom directives only if you understand CSP well.
Description: Defines who receives file integrity/monitor alerts.
How it works: AegisShield sends alert emails to the configured recipients list when email events match your thresholds.
How to access / configure:
- WP Admin → AegisShield → File Integrity → Email Settings.
- Enter recipient email(s) (comma-separated).
- Save changes.
Recommended setting: Use a dedicated security inbox and add a backup recipient for redundancy.
Feature
IP / CIDR blocklist enforcement (PRO-only)
Description
Block specific IPs/CIDRs.
How it works
AegisWAF applies this capability inside the Bot Control module. The engine evaluates configuration, applies matching (path/method/tokens/counters/providers), then records evidence into the event log and executes the configured enforcement action when conditions are met.
How to access / Enable or disable
- Access: AegisWAF → Bot Control
- Enable/Disable: Use the module toggle/switch on this screen (or the relevant category toggle) to enable/disable.
Recommended setting
Start conservative (LOG or Challenge) for new deployments; tighten to Block once you confirm low false positives.
Description: Controls the path prefix used to generate short URLs (example: “go” makes /go/your-slug).
How it works: AegisLink registers rewrite rules based on this prefix and flushes when changed.
How to access / enable: WP Admin → AegisLink → ShortURL Links → Settings → Short Link Prefix → Save Settings.
Recommended setting: Keep it short and memorable: go, l, r, or link.
Feature
Spam firewall pre-check — Evaluates unauthenticated traffic early and can challenge or block suspicious requests before templates load.
How it works
The firewall applies lightweight checks such as allow/deny rules, velocity by fingerprint, and bot-like header patterns. It can return a blank block page to reduce CPU usage and discourage crawlers.
How to access / enable
- WP Admin → AegisSpamGuard → Settings
- Open the Firewall section
- Toggle “Spam firewall pre-check” ON/OFF.
Recommended setting
Recommended: ON for high-traffic sites; start with conservative thresholds.
Early filtering reduces server load, but conservative thresholds avoid impacting real visitors.
Why you need this
Admins use firewall mode to stop noisy bot traffic and keep the site responsive.
Additional information
Description
Exclude specific posts/URLs from sitemap.
How it works
Removes excluded IDs/paths during generation.
How to access / enable
Sitemap → Exclusions.
Recommended setting
Exclude noindex pages.
Description
Suggests internal links to related content.
How it works
Matches keywords/title/taxonomy terms against other posts.
How to access / enable
Linking Assistant tab.
Recommended setting
Link to cornerstone pages first.
Description: Groups let you organize short links into structured categories like Affiliates, Partners, or Products.
How it works: AegisLink assigns hierarchical group terms to each short link for filtering and reporting.
How to access / enable: WP Admin → AegisLink → ShortURL Links → Manage → Groups (comma-separated) → Save.
Recommended setting: Use Groups for high-level organization (Products, Categories, Campaigns).
Description
Caps suggestions to avoid overwhelm.
How it works
Limits number of suggestions per post/run.
How to access / enable
Linking Assistant settings.
Recommended setting
Start with 5–10.
Feature
Core event logging (engine / managed_rule / heuristic / api_shield / bot_control / ddos_shield / endpoint_policy)
Description
Core logging stream across modules.
How it works
AegisWAF applies this capability inside the Logging & Evidence module. The engine evaluates configuration, applies matching (path/method/tokens/counters/providers), then records evidence into the event log and executes the configured enforcement action when conditions are met.
How to access / Enable or disable
- Access: AegisWAF → Logs / Attack Story
- Enable/Disable: Use the module toggle/switch on this screen (or the relevant category toggle) to enable/disable.
Recommended setting
Start conservative (LOG or Challenge) for new deployments; tighten to Block once you confirm low false positives.
Feature
WPForms protection — Injects JS proof and scores WPForms submissions to stop form spam without CAPTCHAs.
How it works
Uses WPForms hooks to add a proof token and then validates it during submission. Missing/invalid proofs add score; combined with other signals, this stops headless bots.
How to access / enable
- WP Admin → AegisSpamGuard → Settings
- Enable JS proof for forms.
- Ensure WPForms is active; AegisSpamGuard auto-integrates.
Recommended setting
Recommended: JS proof ON + honeypot ON.
This combination is low-friction but high-signal on modern bot traffic.
Why you need this
If a WPForms form breaks, add the action/path to allowlists (if you enabled generic AJAX/admin-post protection).
Additional information
Description
Explains what a fix changes and why it matters.
How it works
Each fix includes target field + impact summary.
How to access / enable
SEO Ops Center → Fix Details.
Recommended setting
Prefer high impact / low risk first.
Feature
Enable Bot Control (front requests + REST requests enforcement)
Description
Master switch for bot controls.
How it works
AegisWAF applies this capability inside the Bot Control module. The engine evaluates configuration, applies matching (path/method/tokens/counters/providers), then records evidence into the event log and executes the configured enforcement action when conditions are met.
How to access / Enable or disable
- Access: AegisWAF → Bot Control
- Enable/Disable: Use the toggle on this screen to turn it ON or OFF, then click Save.
Recommended setting
Start conservative (LOG or Challenge) for new deployments; tighten to Block once you confirm low false positives.
Description: Adds a Share button on WooCommerce single product pages (when enabled) so customers can share a clean short URL.
How it works: The integration checks for a mapped short link for the product and outputs a share control when available.
How to access / enable: WP Admin → AegisLink → ShortURL Links → Settings → enable WooCommerce Share Button.
Recommended setting: Enable after you bulk-generate product short links so most products immediately have share-ready URLs.
Description
Prevents overwriting existing AegisSEO values during import.
How it works
Skips posts that already have AegisSEO meta set.
How to access / enable
Migration Wizard → Safe Mode → Run.
Recommended setting
Enable Safe Mode on production sites.
Feature
Inspection scope: Cookies
Description
Enable cookie inspection during rule evaluation.
How it works
AegisWAF applies this capability inside the WAF Rules module. The engine evaluates configuration, applies matching (path/method/tokens/counters/providers), then records evidence into the event log and executes the configured enforcement action when conditions are met.
How to access / Enable or disable
- Access: AegisWAF → WAF Settings (Rules section)
- Enable/Disable: Use the module toggle/switch on this screen (or the relevant category toggle) to enable/disable.
Recommended setting
Start conservative (LOG or Challenge) for new deployments; tighten to Block once you confirm low false positives.
Feature
JS Challenge Token support (challenge + TTL settings)
Description
Challenge token flow to gate suspicious traffic.
How it works
AegisWAF applies this capability inside the WAF Rules module. The engine evaluates configuration, applies matching (path/method/tokens/counters/providers), then records evidence into the event log and executes the configured enforcement action when conditions are met.
How to access / Enable or disable
- Access: AegisWAF → WAF Settings (Rules section)
- Enable/Disable: Use the module toggle/switch on this screen (or the relevant category toggle) to enable/disable.
Recommended setting
Use 10–30 minutes TTL for normal browsing; shorter TTL for high-risk endpoints.
Description: Detects suspicious code patterns commonly used by malware (obfuscation, eval chains, backdoors).
How it works: The heuristic engine analyzes file contents and assigns suspicion based on signatures and indicators.
How to access / configure:
- WP Admin → AegisShield → Malware Scan.
- Run a scan.
- Review the report for suspect indicators and file paths.
Recommended setting: Treat PHP files in uploads as high risk; verify against known-good sources.
Feature
False positive protection — When enabled, events that would normally be blocked are instead held for review (unless you explicitly deny them).
How it works
AegisSpamGuard still scores and classifies events, but it chooses a safer enforcement action to protect real users while you tune thresholds and allowlists.
How to access / enable
- WP Admin → AegisSpamGuard → Dashboard
- In “Protection mode”, toggle “False positive protection” ON/OFF.
Recommended setting
Recommended: ON during initial deployment and on business/commerce sites.
Holding suspicious events avoids losing legitimate leads/orders while you calibrate scoring.
Why you need this
This reduces risk on production sites where a single blocked registration or checkout can cost revenue.
Additional information
Feature
Min seconds to submit — Adds score if a form submits too quickly after page load, which is a common bot pattern.
How it works
AegisSpamGuard tracks a timestamp/token on supported forms and compares it to submission time. Faster-than-human submits get a score bump.
How to access / enable
- WP Admin → AegisSpamGuard → Settings
- Site-wide protection / Behavior section (varies by build)
- Set “Min seconds to submit”.
Recommended setting
Recommended: 3 seconds default; use 5+ for longer forms.
Longer forms take time; raising this reduces false positives on multi-field forms.
Why you need this
Admins use this to catch automated submissions that bypass simple honeypots.
Additional information
Description: Smart Links supports up to 100 keyword rules per site to keep processing predictable on shared hosting.
How it works: The admin UI limits rows and the stored option keeps the map manageable.
How to access / enable: WP Admin → AegisLink → Keyword Links → Smart Links section.
Recommended setting: Stay under 100 and prioritize your most valuable internal link targets.
Feature
Phrase/URL rules — Allow or block content that matches specific phrases or URL patterns commonly used in spam.
How it works
Phrase rules are checked against normalized message content. URL rules help you block known spam destinations or suspicious shorteners.
How to access / enable
- WP Admin → AegisSpamGuard → Allow/Deny
- Add a phrase or URL rule
- Choose Allow or Deny and save.
Recommended setting
Recommended: Start with Deny rules for repeated spam campaigns you see in the log.
Targeted phrase/URL rules stop waves immediately with low false positive risk.
Why you need this
Admins often see repeating spam templates—phrase/URL rules shut them down fast.
Additional information
Description
Choose post types included in sitemap.
How it works
Uses sitemap_post_types setting when generating URLs.
How to access / enable
Sitemap → Post Types.
Recommended setting
Include public content only.
Description: Lets you control how many words render large and medium to balance the cloud’s visual hierarchy.
How it works: AegisLink assigns the top N words to Large and the next N words to Medium; the rest render Small.
How to access / enable: WP Admin → AegisLink → Word Cloud → How many words per size → Save Defaults.
Recommended setting: 10 large and 20 medium is a solid starting point; adjust to match your page length and layout.