| 开发者 | obsyde |
|---|---|
| 更新时间 | 2026年4月28日 17:37 |
| PHP版本: | 8.0 及以上 |
| WordPress版本: | 6.9 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
obsyde-aegis folder to /wp-content/plugins/No. The plugin's local firewall — pattern matching, brute-force detection, User-Agent checks — works unconditionally after activation with no account, no API key, and no external communication. An Obsyde account is only needed if you want the additional centralised dashboard features: cross-site threat reporting, the community-intelligence blocklist sync, geo maps, and AI threat analysis. Those are optional add-ons to the core local protection.
No. The firewall check runs in under 5ms. No external API calls are made during page load — events are batched and sent via WP-Cron in the background (and only when an Obsyde API key is configured).
Yes. The plugin automatically detects the real visitor IP from Cloudflare's CF-Connecting-IP header.
The plugin continues to block threats locally using its cached blocklist and pattern matching. Events are queued and sent when the API is available again. Local protection is never affected by API availability.
Yes. Add trusted IPs to the whitelist in Settings > Obsyde Aegis. Whitelisted IPs bypass all checks.
<style> block on the 403 block page replaced with element-level style attributes (no <style> tag).<script> moved to a separate file at assets/js/settings.js and enqueued via wp_enqueue_script with wp_localize_script supplying the AJAX URL and nonce.sanitize_text_field() which could alter valid secrets — input is now trimmed and validated against the expected key format, with invalid submissions rejected via add_settings_error() without overwriting the stored key.