{"id":298136,"date":"2026-04-28T09:35:16","date_gmt":"2026-04-28T09:35:16","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/obsyde-aegis\/"},"modified":"2026-04-28T09:37:16","modified_gmt":"2026-04-28T09:37:16","slug":"obsyde-aegis","status":"publish","type":"plugin","link":"https:\/\/nn.wordpress.org\/plugins\/obsyde-aegis\/","author":23477433,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.0.1","stable_tag":"1.0.1","tested":"6.9.4","requires":"6.0","requires_php":"8.0","requires_plugins":null,"header_name":"Obsyde Aegis","header_author":"Obsyde Ltd","header_description":"Enterprise-grade website security monitoring. Real-time threat detection, automated IP blocking, community threat intelligence, and AI-powered analysis. Local firewall works without an account; centralised monitoring is an optional add-on service.","assets_banners_color":"","last_updated":"2026-04-28 09:37:16","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/obsyde.com\/products","header_author_uri":"https:\/\/obsyde.com","rating":0,"author_block_rating":0,"active_installs":0,"downloads":50,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.1":{"tag":"1.0.1","author":"obsyde","date":"2026-04-28 09:37:16"}},"upgrade_notice":[],"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3517177,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3517177,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.1"],"block_files":[],"assets_screenshots":[],"screenshots":[],"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[1174,1184,5603,600,18199],"plugin_category":[54],"plugin_contributors":[261260],"plugin_business_model":[],"class_list":["post-298136","plugin","type-plugin","status-publish","hentry","plugin_tags-firewall","plugin_tags-malware","plugin_tags-monitoring","plugin_tags-security","plugin_tags-waf","plugin_category-security-and-spam-protection","plugin_contributors-obsyde","plugin_committers-obsyde"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/obsyde-aegis\/assets\/icon-128x128.png?rev=3517177","icon_2x":"https:\/\/ps.w.org\/obsyde-aegis\/assets\/icon-256x256.png?rev=3517177","generated":false},"screenshots":[],"raw_content":"<!--section=description-->\n<p>Obsyde Aegis protects your WordPress site with enterprise-grade security monitoring. The plugin intercepts every request, checks it against known attack signatures, and blocks threats in real time. Local protection runs unconditionally \u2014 no account required. When connected to the optional Obsyde dashboard service, detected events are additionally reported for centralised monitoring, geo maps, and AI-powered analysis.<\/p>\n\n<p><strong>Key Features:<\/strong><\/p>\n\n<ul>\n<li><strong>Real-time local threat detection<\/strong> \u2014 SQL injection, XSS, path traversal, remote code execution, and 50+ attack patterns. Works without any account.<\/li>\n<li><strong>WordPress-specific protection<\/strong> \u2014 wp-login.php brute force detection, xmlrpc.php abuse blocking, REST API user enumeration prevention. Works without any account.<\/li>\n<li><strong>Automated IP blocking<\/strong> \u2014 Local pattern-match blocks and (optionally) a curated blocklist synced from the Obsyde platform<\/li>\n<li><strong>Community threat intelligence<\/strong> \u2014 44,000+ known malicious IPs from 8 free intelligence sources (via the optional Obsyde sync), updated every 6 hours<\/li>\n<li><strong>Centralised dashboard (optional)<\/strong> \u2014 When an Obsyde API key is configured, view all security data on obsyde.com with real-time alerts, geo maps, and AI analysis<\/li>\n<li><strong>Zero performance impact<\/strong> \u2014 Pattern matching runs in under 5ms; no external API calls during page load (reporting is batched via WP-Cron)<\/li>\n<li><strong>Cloudflare compatible<\/strong> \u2014 Proper IP detection behind Cloudflare, nginx, and other reverse proxies<\/li>\n<\/ul>\n\n<p><strong>How It Works:<\/strong><\/p>\n\n<ol>\n<li>Install and activate the plugin \u2014 local firewall protection starts immediately<\/li>\n<li>The plugin intercepts every HTTP request before WordPress processes it<\/li>\n<li>Requests are checked against local attack signatures and (if an API key is configured) the synced Obsyde blocklist<\/li>\n<li>Threats are blocked with a 403 response<\/li>\n<li>If an Obsyde API key is configured, events are batched and sent to your dashboard every 60 seconds; the Obsyde blocklist syncs every 5 minutes. Without a key, local protection still runs \u2014 events are just not reported externally.<\/li>\n<\/ol>\n\n<p><strong>Protection Levels:<\/strong><\/p>\n\n<ul>\n<li><strong>Low<\/strong> \u2014 Block known attacks only<\/li>\n<li><strong>Medium<\/strong> \u2014 Block attacks and suspicious patterns (recommended)<\/li>\n<li><strong>High<\/strong> \u2014 Aggressive blocking including empty User-Agent rejection<\/li>\n<li><strong>Paranoid<\/strong> \u2014 Maximum protection (may cause false positives)<\/li>\n<\/ul>\n\n<h3>External services<\/h3>\n\n<p>This plugin provides local firewall protection that runs entirely in your WordPress installation and does not require any external service.<\/p>\n\n<p>When you choose to connect the plugin to the optional Obsyde dashboard service by entering an API key, the plugin communicates with the Obsyde API at https:\/\/obsyde.com\/api\/v1\/plugin\/ for centralised threat monitoring. This service is provided by Obsyde Ltd.<\/p>\n\n<p><strong>What data is sent, when, and why:<\/strong><\/p>\n\n<ul>\n<li><strong>Threat events<\/strong> \u2014 When the local firewall blocks a request, an event containing the attacker's IP address, a UTC timestamp, the attack type (e.g. \"sqli_probe\"), severity, HTTP method, request path (truncated to 2048 characters), and User-Agent string (truncated to 512 characters) is queued. Once per minute (via WP-Cron) any queued events are POSTed in a single batch to <code>\/plugin\/events<\/code>. This lets the Obsyde dashboard display, analyse, and correlate threats across all of your sites.<\/li>\n<li><strong>Blocklist sync<\/strong> \u2014 Once every 5 minutes (via WP-Cron) the plugin sends a GET request to <code>\/plugin\/blocklist<\/code> to retrieve the current curated list of malicious IPs. No site data is sent in this request; only the site API key identifies the request.<\/li>\n<li><strong>Heartbeat<\/strong> \u2014 Once every 5 minutes (via WP-Cron) the plugin sends a POST request to <code>\/plugin\/heartbeat<\/code> containing your WordPress version, PHP version, and plugin version so the Obsyde dashboard can show whether the site is reachable and up to date.<\/li>\n<li><strong>Connection test<\/strong> \u2014 When you click the \"Test Connection\" button in the settings, a single GET request is sent to <code>\/plugin\/config<\/code> to verify your API key.<\/li>\n<\/ul>\n\n<p><strong>No data is sent to any external service until you configure an API key.<\/strong> If you remove the API key or deactivate the plugin, no further external communication occurs.<\/p>\n\n<p>This service's terms and privacy policy:<\/p>\n\n<ul>\n<li>Terms of service: https:\/\/obsyde.com\/terms<\/li>\n<li>Privacy policy: https:\/\/obsyde.com\/privacy<\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload the <code>obsyde-aegis<\/code> folder to <code>\/wp-content\/plugins\/<\/code><\/li>\n<li>Activate the plugin through the Plugins menu \u2014 local firewall protection begins immediately<\/li>\n<li>(Optional) Go to Settings &gt; Obsyde Aegis to enable centralised reporting<\/li>\n<li>(Optional) Enter your API key \u2014 get one at <a href=\"https:\/\/obsyde.com\/dashboard\/sites\/new\">obsyde.com\/dashboard\/sites\/new<\/a><\/li>\n<li>(Optional) Click \"Test Connection\" to verify<\/li>\n<li>Choose your protection level<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"do%20i%20need%20an%20obsyde%20account%3F\"><h3>Do I need an Obsyde account?<\/h3><\/dt>\n<dd><p>No. The plugin's local firewall \u2014 pattern matching, brute-force detection, User-Agent checks \u2014 works unconditionally after activation with no account, no API key, and no external communication.<\/p>\n\n<p>An Obsyde account is only needed if you want the additional centralised dashboard features: cross-site threat reporting, the community-intelligence blocklist sync, geo maps, and AI threat analysis. Those are optional add-ons to the core local protection.<\/p><\/dd>\n<dt id=\"will%20this%20slow%20down%20my%20site%3F\"><h3>Will this slow down my site?<\/h3><\/dt>\n<dd><p>No. The firewall check runs in under 5ms. No external API calls are made during page load \u2014 events are batched and sent via WP-Cron in the background (and only when an Obsyde API key is configured).<\/p><\/dd>\n<dt id=\"does%20it%20work%20with%20cloudflare%3F\"><h3>Does it work with Cloudflare?<\/h3><\/dt>\n<dd><p>Yes. The plugin automatically detects the real visitor IP from Cloudflare's CF-Connecting-IP header.<\/p><\/dd>\n<dt id=\"what%20happens%20if%20the%20obsyde%20api%20is%20unavailable%3F\"><h3>What happens if the Obsyde API is unavailable?<\/h3><\/dt>\n<dd><p>The plugin continues to block threats locally using its cached blocklist and pattern matching. Events are queued and sent when the API is available again. Local protection is never affected by API availability.<\/p><\/dd>\n<dt id=\"can%20i%20whitelist%20ips%3F\"><h3>Can I whitelist IPs?<\/h3><\/dt>\n<dd><p>Yes. Add trusted IPs to the whitelist in Settings &gt; Obsyde Aegis. Whitelisted IPs bypass all checks.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.1<\/h4>\n\n<ul>\n<li>Local firewall protection (pattern matching, brute-force detection, method filtering, User-Agent checks) now runs unconditionally without any account or API key required. Obsyde dashboard reporting remains an optional add-on service.<\/li>\n<li>Inline <code>&lt;style&gt;<\/code> block on the 403 block page replaced with element-level style attributes (no <code>&lt;style&gt;<\/code> tag).<\/li>\n<li>Settings-page <code>&lt;script&gt;<\/code> moved to a separate file at <code>assets\/js\/settings.js<\/code> and enqueued via <code>wp_enqueue_script<\/code> with <code>wp_localize_script<\/code> supplying the AJAX URL and nonce.<\/li>\n<li>API key sanitization no longer uses <code>sanitize_text_field()<\/code> which could alter valid secrets \u2014 input is now trimmed and validated against the expected key format, with invalid submissions rejected via <code>add_settings_error()<\/code> without overwriting the stored key.<\/li>\n<li>Documented the optional Obsyde external service in the readme (data flows, terms, privacy policy links).<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release<\/li>\n<li>Real-time threat detection with 50+ attack patterns<\/li>\n<li>Automated IP blocking with blocklist sync<\/li>\n<li>WordPress-specific protections (brute force, xmlrpc, user enumeration)<\/li>\n<li>Background event reporting via WP-Cron<\/li>\n<li>Admin settings page with connection testing<\/li>\n<li>Cloudflare and reverse proxy IP detection<\/li>\n<\/ul>","raw_excerpt":"Real-time threat detection, automated IP blocking, and AI-powered security analysis.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/nn.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/298136","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nn.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/nn.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/nn.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=298136"}],"author":[{"embeddable":true,"href":"https:\/\/nn.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/obsyde"}],"wp:attachment":[{"href":"https:\/\/nn.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=298136"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/nn.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=298136"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/nn.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=298136"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/nn.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=298136"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/nn.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=298136"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/nn.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=298136"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}