Skip to content

Automated Detection, Behavior, and Scoring

Automated detection combines pattern matches and behavioral transients into severity flags, sums their configured scores, and applies the selected action when the score reaches the threshold.

Automated detection looks for jailbreak phrases, abuse or code-like patterns, configured content patterns, rapid messages, and repeated messages. Each match records a category and severity; the configured severity weight contributes to the total score. Reaching the threshold selects the automated action, but lower-scoring detections can still be flagged and stored for review.

First, keep automated detection enabled and review threshold 10/action flag. The useful result comes later when you run benign, boundary, and known-test phrases; review the exact flags/scores in flagged conversations, because configuration values matter only when their effect can be seen in retrieval, a generated reply, visitor access, or the connected service.

Use it to flag or block high-confidence patterns while measuring ordinary-language false positives.

Use this feature in the following situations:

  • You need default jailbreak and abuse detection before exposing the widget publicly.
  • A flagged conversation needs to be explained in terms of category, severity, score, and threshold.
  • You need to tune rapid/repetition behavior or a pattern that causes false positives.
WordPress locationWordPress Dashboard → AI Website Chat → Security → Configuration
  • SmartSite Assistant is installed and activated.
  • You are signed in with an account that can manage WordPress options.
  1. Keep automated detection enabled and review threshold 10/action Flag.
  2. Review default jailbreak patterns and Critical severity.
  3. Review abuse/code-injection patterns and High severity.
  4. Review content flag patterns and Medium severity.
  5. Keep behavioral detection enabled and inspect rapid/repetition settings.
  6. Save before testing.
  7. Run benign, boundary, and known-test phrases; review the exact flags/scores in Flagged Conversations.

Automated detection combines configured content and behavior signals into a severity score. It does not make a permitted answer more accurate; it decides whether a message continues, is recorded for review, or is blocked. Careful patterns and thresholds reduce risky traffic, while broad patterns can prevent the AI from answering normal technical or sensitive-topic questions.

Fields, controls, and important values
Field, control, or statusWhat SmartSite Assistant does with itHow to use it and why it matters
Enable Automated Detection Turns pattern/behavior analysis and threshold evaluation on or off. It is enabled by default. Keep this on when the configured pattern, behavior, severity, and threshold checks should run for messages. Turning it off bypasses this automated evaluation while retaining the saved patterns and scoring configuration.
Automated threshold Total severity score at which the selected automated action is evaluated. Default 10; UI range 1–100. Set the total severity score that must be reached before the selected automated action is evaluated. Lowering it makes combinations of weaker signals act sooner; test ordinary questions to avoid flagging legitimate language.
Automated action Flag and Warn both allow the request and record a flag; Block denies it when the score reaches the threshold. Default Flag. Choose the outcome applied at or above the threshold. Flag and Warn both allow the request and record flags; choose Block only when a matching request should be denied.
Automated block message Visitor-facing message returned only when the automated action is Block and the threshold is reached. Write the visitor notice used only when the action is Block and the score reaches the threshold. Explain that the request cannot be processed without revealing patterns, scores, or instructions that help bypass detection.
Jailbreak detection Matches the configured jailbreak phrase/pattern list. Enabled by default with Critical severity. Keep this on to compare messages with the administrator-maintained jailbreak pattern list and add the configured Critical signal when matched. Test the actual phrases because this is pattern matching, not a general guarantee against prompt manipulation.
Jailbreak patterns One phrase or supported /regex/ pattern per line for prompt-manipulation attempts. Enter one literal phrase or supported slash-delimited regular expression per line. Use narrow patterns, test expected matches and harmless near-matches, and avoid broad expressions that can classify normal visitor questions as jailbreak attempts.
Abuse / code-injection detection Checks default abuse/code-like patterns and a high special-character ratio. Enabled by default with High severity. Keep this on to apply the built-in abuse, code-like, and high-special-character checks with High severity. Review flagged examples because legitimate technical websites may receive normal questions containing code or symbols.
Content flag patterns Checks the administrator-maintained content pattern list. Enabled by default with Medium severity. Use this administrator-maintained list for site-specific content signals that should add Medium severity. Add precise terms or patterns and verify them with sanitized tests; this list is separate from blocked words and does not alone block a request.
Behavioral detection Tracks rapid and repeated messages by visitor token. Enabled by default with Medium severity. Keep this on to evaluate rapid and repeated activity associated with the visitor token. It adds a Medium signal when configured behavior triggers; it does not establish the visitor’s identity or replace token/IP rate limiting.
Rapid-message count Number of messages that triggers the rapid behavior signal. Default 5; allowed 2–50. Set how many messages inside the rapid-message window produce the behavioral signal. A lower count detects bursts sooner but can catch legitimate visitors who send several short corrections or follow-up questions.
Rapid-message window Seconds used for the rapid-message behavior check. Default 10; allowed 3–120. Set the number of seconds in which the rapid-message count is evaluated. A longer window makes the same count easier to reach, so test the pace of a normal multi-question conversation before tightening it.
Repeated-message count Number of matching/repeated messages that triggers the repetition signal. Default 3; allowed 2–20. Set how many matching or repeated messages produce the repetition signal. Keep it high enough to permit an accidental resend, then test exact repeated input with awareness that the comparison uses the fixed history period.
Repetition history The implementation compares repetition within a hardcoded five-minute history. Treat five minutes as a fixed implementation behavior rather than an editable field. When reproducing repetition results, keep tests inside that period or wait until it expires before expecting a fresh history.
Severity weights Default numeric scores are Low 1, Medium 3, High 5, and Critical 10; these values are summed for the message. Use these four scores to understand how several signals add toward the automated threshold. Raising a severity weight makes every matching signal in that class more influential, so calculate representative combinations before saving changes.

After saving Automated Detection, Behavior, and Scoring, repeat the final test with clean context. That distinction matters because WordPress can store a valid value even when remote processing, access rules, caching, or delivery prevents it from influencing the real experience.

A Critical jailbreak match scores 10 by default and reaches the default threshold even without other signals.

  • Change one part of Automated Detection, Behavior, and Scoring at a time and keep a short record of the previous value and test result.
  • Include ordinary near-matches in every test so protection is not tuned only against deliberately obvious abuse.
Common problems and focused checks
ProblemWhat to check and what to do next
A low-score message is still flagged. The threshold controls the automated action, not whether detected flags are logged.
Warn does not display a distinct warning. This is current implementation behavior; choose Block for denial or Flag for review.
Automated Detection, Behavior, and Scoring is missing or does not match this guide. Confirm the plugin is active and the account can manage WordPress options. Reproduce the exact message safely and identify the matching limit, pattern, score, address, or whitelist entry.
A change on Automated Detection, Behavior, and Scoring does not produce the expected result. Keep the exact notice and test case, then review the browser console and WordPress/PHP log. Reproduce the exact message safely and identify the matching limit, pattern, score, address, or whitelist entry.
Automated Detection, Behavior, and Scoring
Capture
Show automated detection controls with all categories, severity choices, threshold 10, and behavior defaults visible.
Show
Jailbreak/abuse/content/behavior toggles, patterns, severities, rapid/repeat values, threshold, action
Viewport
Desktop, 1440 × 900
Annotate
Use numbered callouts only for controls referenced in the procedure.
Redact
OpenAI keys, tokens, secrets, personal information, private URLs, IP addresses, and conversation text