| Feature / Benefit | Free | Pro |
|---|---|---|
| Core & Dashboard | ||
| Lightweight security framework optimized for shared hosting | ✔ | ✔ |
| Zero-bloat design that avoids heavy scans and server overload | ✔ | ✔ |
| Central AegisShield dashboard with overall security status and quick links | ✔ | ✔ |
| One-click enable/disable for major security modules (Login Guard, FIM, Malware, etc.) | ✔ | ✔ |
| Safe WP-Cron scheduling (no external schedulers or heavy daemons) | ✔ | ✔ |
| License & Upgrades page to manage your AegisShield Pro license key | ✔ (view only) | ✔ (activate & manage) |
| Login Guard | ||
| Protects wp-login.php and login form against brute-force attacks | ✔ | ✔ |
| Configurable lockout after X failed login attempts per IP in Y minutes | ✔ | ✔ |
| Lockout duration setting to automatically unblock after a safe period | ✔ | ✔ |
| Invisible honeypot field to instantly block bots that fill hidden inputs | ✔ | ✔ |
| View currently locked-out IPs and manually unblock from the admin panel | ✔ | ✔ |
| Login activity logged into the Activity Log (successful & failed attempts) | ✔ (7-day history) | ✔ (extended history) |
| File Integrity Monitoring | ||
| Create baseline checksums of core and plugin files to detect tampering | ✔ | ✔ |
| Manual “Scan Now” file integrity scan with clean/changed status report | ✔ | ✔ |
| Scan history with ability to view past reports | ✔ (limited) | ✔ (extended) |
| Detect new, changed, or removed PHP/critical files in monitored paths | ✔ | ✔ |
| Ignore list to mark specific files or paths as safe so they don’t trigger alerts | ✔ (basic) | ✔ (advanced) |
| Include theme directories and additional custom paths in integrity scans | ✖ | ✔ |
| Automatic scheduled daily/weekly file integrity scans via WP-Cron | ✖ | ✔ |
| Email alerts when critical files are modified or suspicious changes are found | ✖ | ✔ |
| Malware & Suspicious Code Scanner | ||
| Manual malware scan focusing on uploads and plugin/theme folders | ✔ | ✔ |
| Heuristic detection of suspicious patterns (eval/base64, obfuscation, etc.) | ✔ (core rules) | ✔ (expanded rules) |
| List of suspicious files with brief reason/score for each finding | ✔ | ✔ (more detail) |
| “Mark as safe” / ignore options for files you trust to reduce noise | ✔ | ✔ (with better controls) |
| Malware scan results logged into the Activity Log for auditing | ✔ (7-day history) | ✔ (extended history) |
| Automatic scheduled malware scans (daily or weekly) | ✖ | ✔ |
| Email alerts when new suspicious or high-risk files are detected | ✖ | ✔ |
| Activity Log | ||
| Central activity log for security-relevant events (logins, role changes, plugins, etc.) | ✔ | ✔ |
| Filter logs by event type, date range, and basic parameters | ✔ (basic filters) | ✔ (advanced) |
| Configurable log retention with automatic cleanup | ✔ (up to 7 days) | ✔ (up to 90+ days) |
| Export activity logs to CSV/JSON for audits or external analysis | ✖ | ✔ |
| Webhook / integration hooks to push critical events into external tools | ✖ | ✔ (via hooks) |
| WordPress Hardening | ||
| Disable theme and plugin file editing from the WordPress dashboard | ✔ | ✔ |
| Disable XML-RPC endpoint to block common exploit and brute-force vectors | ✔ | ✔ |
| Block author enumeration (e.g. ?author=1) to prevent user enumeration attacks | ✔ | ✔ |
| Hide WordPress version from front-end output to reduce targeted exploits | ✔ | ✔ |
| Force strong passwords for higher-risk roles (admin/editor, etc.) | ✖ | ✔ |
| Force HTTPS/SSL for wp-admin to keep login and admin traffic encrypted | ✖ | ✔ |
| Additional advanced hardening checks and recommendations | ✖ | ✔ |
| Security Headers | ||
| Send safe default headers (X-Frame-Options, X-Content-Type-Options, X-XSS-Protection, Referrer-Policy) | ✔ | ✔ |
| Toggle security headers on/off with a simple UI switch | ✔ | ✔ |
| Enable HTTP Strict Transport Security (HSTS) with SSL-aware safety checks | ✖ | ✔ |
| Content-Security-Policy (CSP) presets (None / Basic / Strict) for advanced mitigation | ✖ | ✔ |
| Separate header control for front-end vs. admin area | ✖ | ✔ |
| Vulnerability Checks | ||
| Detect when WordPress core, plugins, or themes are out of date | ✔ | ✔ |
| Remote vulnerability intelligence via Pro API (known CVEs, severity, fixed versions) | ✖ | ✔ |
| Email alert when a critical vulnerability is discovered on your site stack | ✖ | ✔ |
| Database Tools | ||
| Database table overview (name, size, engine, rows) for quick health check | ✔ | ✔ |
| Manual safe “Optimize Now” for core tables | ✔ | ✔ |
| Warning when DB prefix is still the default wp_ value | ✔ | ✔ |
| Weekly scheduled optimization of tables via WP-Cron | ✖ | ✔ |
| Growth monitoring for large or rapidly expanding tables with email alerts | ✖ | ✔ |
| DB prefix manager and guided tools to safely change table prefix | ✖ | ✔ |
| Export database health summary and table list to CSV | ✖ | ✔ |
| Notifications & Email Alerts | ||
| Basic critical notifications sent to the main site admin email | ✔ (limited) | ✔ (enhanced) |
| Configure multiple recipient email addresses for security alerts | ✖ | ✔ |
| Per-event notification controls (choose which events send email) | ✖ | ✔ |
| Licensing & Pro Management | ||
| View “What You Get With Pro” and Pro feature descriptions inside the plugin | ✔ | ✔ |
| Enter and activate AegisShield Pro license key to unlock premium features | ✖ | ✔ |
| De-activate or move your Pro license between sites | ✖ | ✔ |
Aegis Securitycmoua408@gmail.com2026-01-10T04:58:49+00:00
