not at the cleanup layer
Aegis governs every REST API request, login attempt, and form submission before WordPress executes. A 12-step fail-fast gate — the first rule that fires wins.
Every REST request passes through a deterministic gate at rest_authentication_errors priority 99. One exit per request.
Core is free forever. Intelligence adds adaptive behavior scoring. Control Plane adds enterprise WAF and self-healing.
fail-fast gate at rest_authentication_errors priority 99. First rule that fires wins. Never processes all 12 steps if step 3 matches.
wp-login.php returns 404. Your real login URL is known only to you. Intercepted at plugins_loaded priority 1 — before any WordPress logic runs.
Layer 1: server-side random field. Layer 2: JS MutationObserver dynamic injection. Layer 3: timing + proof-of-work + behavior score.
20+ known scanner User-Agents blocked. sqlmap, Nikto, Masscan, Python-requests, and more. Zero false positives on legitimate crawlers.
30+ automatic REST bypasses. WooCommerce, Elementor, Contact Form 7, Yoast, Jetpack — all pass through without configuration.
Last 500 events. Filter by type, IP, or date. Daily cron pruning. Structured JSON storage. Never grows unbounded.
5 signal types. 10-minute rolling window with score decay. Redis-backed atomic increment. Score is a single integer — cheap to read, cheap to write.
fastcgi_finish_request() releases the PHP worker before sleep(3). The attacker waits 3 seconds. Your server serves other requests normally.
PHP Reflection reads permission_callback source. Classifies every registered REST route: MISSING, PUBLIC, OPEN, or AUTH_CHECK. Cached 1 hour.
Pure PHP RFC 6238 — no external service. Google Authenticator compatible. 8 recovery codes stored hashed. OTP screen via Ghost Login URL.
Cloudflare-first: CF-IPCountry header, zero DB overhead. Binary IP map fallback (~1.5MB). Block or allowlist by country code. Cached 10 min per IP.
SQL injection, XSS, path traversal, null byte, object injection, RFI. Patterns compiled once at init. Detect or block mode. Never reveals which pattern matched.
Every security solution today is passive — it protects WordPress from attackers. None protect themselves. Aegis does both.
On every admin page load, Aegis hashes its own critical files and compares against a stored baseline. Hash mismatch → immediate safe mode + alert.
Dead code paths act as traps. Any call to these functions in a pattern impossible in legitimate execution triggers immediate lockdown. Passive — costs nothing until triggered.
Queen, Hive, Colony, Drone, Nectar — five modules that mutually verify each other on a randomized pulse interval (4h ± 90min jitter). Unpredictable to attackers who study the codebase.
Cryptographically signed heartbeat every 5 minutes. If the heartbeat is absent — something suppressed cron or deactivated Aegis — a self-restore sequence triggers. Dead man's switch.
Critical functions verify the call stack before executing. A function called directly — bypassing the WordPress lifecycle — detects the anomaly and refuses to execute.
Every instruction between modules carries an HMAC signature and a 5-second timestamp window. Replay attacks are impossible. Message injection is detected instantly.
| Feature | Elpadoro Aegis | Wordfence | iThemes Security | WP Cerber |
|---|---|---|---|---|
| 12-step fail-fast REST gate | ✓ | — | — | — |
| Ghost Login URL (plugins_loaded @1) | ✓ | — | ✓ | ✓ |
| Behavior scoring + adaptive tarpit | ✓ | — | — | — |
| Self-defending boot integrity | ✓ | — | — | — |
| Route intelligence (Reflection) | ✓ | — | — | — |
| Three-layer honeypot | ✓ | — | ✓ | ✓ |
| 30+ plugin auto-bypass | ✓ | — | — | — |
| OWASP-compliant 403 responses | ✓ | ✓ | ✓ | ✓ |
| Free, no artificial limits | ✓ | — | — | ✓ |
Core covers most sites. Intelligence adds adaptive protection. Control Plane is built for agencies and high-traffic infrastructure.
Complete REST protection, login security, and anti-spam. No limitations.
Adaptive protection — behavior scoring, route intelligence, TOTP, geo-blocking.
Enterprise orchestration — WAF, integrity monitoring, deception, conflict detection.