Title: Obsyde Aegis
Author: obsyde
Published: <strong>April 28, 2026</strong>
Last modified: April 28, 2026

---

Search plugins

![](https://ps.w.org/obsyde-aegis/assets/icon-256x256.png?rev=3517177)

# Obsyde Aegis

 By [obsyde](https://profiles.wordpress.org/obsyde/)

[Download](https://downloads.wordpress.org/plugin/obsyde-aegis.1.0.1.zip)

 * [Details](https://wordpress.org/plugins/obsyde-aegis/#description)
 * [Reviews](https://wordpress.org/plugins/obsyde-aegis/#reviews)
 *  [Installation](https://wordpress.org/plugins/obsyde-aegis/#installation)
 * [Development](https://wordpress.org/plugins/obsyde-aegis/#developers)

 [Support](https://wordpress.org/support/plugin/obsyde-aegis/)

## Description

Obsyde Aegis protects your WordPress site with enterprise-grade security monitoring.
The plugin intercepts every request, checks it against known attack signatures, 
and blocks threats in real time. Local protection runs unconditionally — no account
required. When connected to the optional Obsyde dashboard service, detected events
are additionally reported for centralised monitoring, geo maps, and AI-powered analysis.

**Key Features:**

 * **Real-time local threat detection** — SQL injection, XSS, path traversal, remote
   code execution, and 50+ attack patterns. Works without any account.
 * **WordPress-specific protection** — wp-login.php brute force detection, xmlrpc.
   php abuse blocking, REST API user enumeration prevention. Works without any account.
 * **Automated IP blocking** — Local pattern-match blocks and (optionally) a curated
   blocklist synced from the Obsyde platform
 * **Community threat intelligence** — 44,000+ known malicious IPs from 8 free intelligence
   sources (via the optional Obsyde sync), updated every 6 hours
 * **Centralised dashboard (optional)** — When an Obsyde API key is configured, 
   view all security data on obsyde.com with real-time alerts, geo maps, and AI 
   analysis
 * **Zero performance impact** — Pattern matching runs in under 5ms; no external
   API calls during page load (reporting is batched via WP-Cron)
 * **Cloudflare compatible** — Proper IP detection behind Cloudflare, nginx, and
   other reverse proxies

**How It Works:**

 1. Install and activate the plugin — local firewall protection starts immediately
 2. The plugin intercepts every HTTP request before WordPress processes it
 3. Requests are checked against local attack signatures and (if an API key is configured)
    the synced Obsyde blocklist
 4. Threats are blocked with a 403 response
 5. If an Obsyde API key is configured, events are batched and sent to your dashboard
    every 60 seconds; the Obsyde blocklist syncs every 5 minutes. Without a key, local
    protection still runs — events are just not reported externally.

**Protection Levels:**

 * **Low** — Block known attacks only
 * **Medium** — Block attacks and suspicious patterns (recommended)
 * **High** — Aggressive blocking including empty User-Agent rejection
 * **Paranoid** — Maximum protection (may cause false positives)

### External services

This plugin provides local firewall protection that runs entirely in your WordPress
installation and does not require any external service.

When you choose to connect the plugin to the optional Obsyde dashboard service by
entering an API key, the plugin communicates with the Obsyde API at https://obsyde.
com/api/v1/plugin/ for centralised threat monitoring. This service is provided by
Obsyde Ltd.

**What data is sent, when, and why:**

 * **Threat events** — When the local firewall blocks a request, an event containing
   the attacker’s IP address, a UTC timestamp, the attack type (e.g. “sqli_probe”),
   severity, HTTP method, request path (truncated to 2048 characters), and User-
   Agent string (truncated to 512 characters) is queued. Once per minute (via WP-
   Cron) any queued events are POSTed in a single batch to `/plugin/events`. This
   lets the Obsyde dashboard display, analyse, and correlate threats across all 
   of your sites.
 * **Blocklist sync** — Once every 5 minutes (via WP-Cron) the plugin sends a GET
   request to `/plugin/blocklist` to retrieve the current curated list of malicious
   IPs. No site data is sent in this request; only the site API key identifies the
   request.
 * **Heartbeat** — Once every 5 minutes (via WP-Cron) the plugin sends a POST request
   to `/plugin/heartbeat` containing your WordPress version, PHP version, and plugin
   version so the Obsyde dashboard can show whether the site is reachable and up
   to date.
 * **Connection test** — When you click the “Test Connection” button in the settings,
   a single GET request is sent to `/plugin/config` to verify your API key.

**No data is sent to any external service until you configure an API key.** If you
remove the API key or deactivate the plugin, no further external communication occurs.

This service’s terms and privacy policy:

 * Terms of service: https://obsyde.com/terms
 * Privacy policy: https://obsyde.com/privacy

## Installation

 1. Upload the `obsyde-aegis` folder to `/wp-content/plugins/`
 2. Activate the plugin through the Plugins menu — local firewall protection begins
    immediately
 3. (Optional) Go to Settings > Obsyde Aegis to enable centralised reporting
 4. (Optional) Enter your API key — get one at [obsyde.com/dashboard/sites/new](https://obsyde.com/dashboard/sites/new)
 5. (Optional) Click “Test Connection” to verify
 6. Choose your protection level

## FAQ

### Do I need an Obsyde account?

No. The plugin’s local firewall — pattern matching, brute-force detection, User-
Agent checks — works unconditionally after activation with no account, no API key,
and no external communication.

An Obsyde account is only needed if you want the additional centralised dashboard
features: cross-site threat reporting, the community-intelligence blocklist sync,
geo maps, and AI threat analysis. Those are optional add-ons to the core local protection.

### Will this slow down my site?

No. The firewall check runs in under 5ms. No external API calls are made during 
page load — events are batched and sent via WP-Cron in the background (and only 
when an Obsyde API key is configured).

### Does it work with Cloudflare?

Yes. The plugin automatically detects the real visitor IP from Cloudflare’s CF-Connecting-
IP header.

### What happens if the Obsyde API is unavailable?

The plugin continues to block threats locally using its cached blocklist and pattern
matching. Events are queued and sent when the API is available again. Local protection
is never affected by API availability.

### Can I whitelist IPs?

Yes. Add trusted IPs to the whitelist in Settings > Obsyde Aegis. Whitelisted IPs
bypass all checks.

## Reviews

There are no reviews for this plugin.

## Contributors & Developers

“Obsyde Aegis” is open source software. The following people have contributed to
this plugin.

Contributors

 *   [ obsyde ](https://profiles.wordpress.org/obsyde/)

[Translate “Obsyde Aegis” into your language.](https://translate.wordpress.org/projects/wp-plugins/obsyde-aegis)

### Interested in development?

[Browse the code](https://plugins.trac.wordpress.org/browser/obsyde-aegis/), check
out the [SVN repository](https://plugins.svn.wordpress.org/obsyde-aegis/), or subscribe
to the [development log](https://plugins.trac.wordpress.org/log/obsyde-aegis/) by
[RSS](https://plugins.trac.wordpress.org/log/obsyde-aegis/?limit=100&mode=stop_on_copy&format=rss).

## Changelog

#### 1.0.1

 * Local firewall protection (pattern matching, brute-force detection, method filtering,
   User-Agent checks) now runs unconditionally without any account or API key required.
   Obsyde dashboard reporting remains an optional add-on service.
 * Inline `<style>` block on the 403 block page replaced with element-level style
   attributes (no `<style>` tag).
 * Settings-page `<script>` moved to a separate file at `assets/js/settings.js` 
   and enqueued via `wp_enqueue_script` with `wp_localize_script` supplying the 
   AJAX URL and nonce.
 * API key sanitization no longer uses `sanitize_text_field()` which could alter
   valid secrets — input is now trimmed and validated against the expected key format,
   with invalid submissions rejected via `add_settings_error()` without overwriting
   the stored key.
 * Documented the optional Obsyde external service in the readme (data flows, terms,
   privacy policy links).

#### 1.0.0

 * Initial release
 * Real-time threat detection with 50+ attack patterns
 * Automated IP blocking with blocklist sync
 * WordPress-specific protections (brute force, xmlrpc, user enumeration)
 * Background event reporting via WP-Cron
 * Admin settings page with connection testing
 * Cloudflare and reverse proxy IP detection

## Meta

 *  Version **1.0.1**
 *  Last updated **1 week ago**
 *  Active installations **Fewer than 10**
 *  WordPress version ** 6.0 or higher **
 *  Tested up to **6.9.4**
 *  PHP version ** 8.0 or higher **
 * Tags
 * [firewall](https://wordpress.org/plugins/tags/firewall/)[malware](https://wordpress.org/plugins/tags/malware/)
   [monitoring](https://wordpress.org/plugins/tags/monitoring/)[security](https://wordpress.org/plugins/tags/security/)
   [WAF](https://wordpress.org/plugins/tags/waf/)
 *  [Advanced View](https://wordpress.org/plugins/obsyde-aegis/advanced/)

## Ratings

No reviews have been submitted yet.

[Your review](https://wordpress.org/support/plugin/obsyde-aegis/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/obsyde-aegis/reviews/)

## Contributors

 *   [ obsyde ](https://profiles.wordpress.org/obsyde/)

## Support

Got something to say? Need help?

 [View support forum](https://wordpress.org/support/plugin/obsyde-aegis/)