Skip to content

Flagged Conversations and Whitelisting

Flagged Conversations summarizes total, severity distribution, recent activity, and the underlying logged turn. Dismissal clears its flagged state; blocking adds the exact IP to the blocklist.

The flagged queue is where a person reviews the evidence produced by security rules. Dismiss changes only the row’s flagged state; it does not delete the conversation. Block IP adds the exact address to the blocklist and turns IP blocking on. Whitelists have the opposite and much broader effect: an exact token or IP bypasses every security check.

The practical starting point is to filter the queue and open one flagged record. Continue through the workflow until you add an exact token/ip whitelist only for a justified test or trusted source, then review it regularly, then use the field notes below to understand which choices affected AI output and which only changed delivery, access, or presentation.

Use the queue for human moderation and rule tuning, not automatic conclusions about a visitor.

Use this feature in the following situations:

  • You are classifying a flagged message as a true positive, false positive, or unresolved case.
  • A confirmed source should be blocked by exact IP after considering shared-address risk.
  • A controlled test identity needs a temporary, documented bypass and subsequent removal.
WordPress locationWordPress Dashboard → AI Website Chat → Security → Flagged Conversations
  • SmartSite Assistant is installed and activated.
  • You are signed in with an account that can manage WordPress options.
  1. Filter the queue and open one flagged record.
  2. Review prompt/response only in an authorized private environment.
  3. Inspect reason, severity, score, channel, time, and surrounding context.
  4. Classify true positive, false positive, or needs investigation.
  5. Dismiss a false positive; this retains the log row.
  6. Block IP only when the exact address is an appropriate control.
  7. Add an exact token/IP whitelist only for a justified test or trusted source, then review it regularly.

This screen helps a human understand why conversations were flagged and decide whether a trusted token or address should bypass future checks. That decision changes security handling, not response quality. Whitelisting can restore legitimate conversations that were being interrupted, but it also removes every security check for an exact match and should therefore remain rare.

Fields, controls, and important values
Field, control, or statusWhat SmartSite Assistant does with itHow to use it and why it matters
Dismiss Clears is_flagged on the log row; it does not delete the conversation. “Dismiss” changes or removes the exact local state described in the middle column. Confirm the scope and preserve any required sanitized evidence first; a WordPress deletion does not by itself prove that OpenAI, Meta, or another destination removed its copy.
Block IP Adds the exact logged IP and enables IP blocking. Pause before using “Block IP”: identify which records, source, or status will disappear and whether the action can be reversed. Afterward, check both the admin screen and the visitor workflow instead of relying on the success notice alone.
Token whitelist Exact token match bypasses all security checks. Add an exact visitor token only after proving that a trusted test or internal workflow is being falsely interrupted. That token then bypasses every security check, so whitelisting restores conversation flow at the cost of losing those protections.
IP whitelist Exact string match bypasses all checks; CIDR whitelist is not implemented. Reserve exact-address bypass for stable, trusted infrastructure where the client IP is known to be detected correctly. Shared offices, mobile networks, and changing addresses make IP exceptions broader and less predictable than they first appear.
Summary periods Includes total/by-severity plus last 24 hours and 7 days. “Summary periods” is meaningful only with its stated unit and the behavior it triggers. Compare representative traffic before and after a change, because a lower threshold often acts sooner without making the AI itself more accurate.

Judge Flagged Conversations and Whitelisting where its effect is actually consumed—by the administrator, visitor, model, or connected service. The expected result above is more useful than a green badge because it describes the behavior the configuration was meant to produce.

Dismiss a false positive caused by a support article discussing “SQL injection,” then narrow the pattern instead of whitelisting the visitor permanently.

  • Change one part of Flagged Conversations and Whitelisting at a time and keep a short record of the previous value and test result.
  • Include ordinary near-matches in every test so protection is not tuned only against deliberately obvious abuse.
Common problems and focused checks
ProblemWhat to check and what to do next
Flagged Conversations and Whitelisting is missing or does not match this guide. Confirm the plugin is active and the account can manage WordPress options. Reproduce the exact message safely and identify the matching limit, pattern, score, address, or whitelist entry.
A change on Flagged Conversations and Whitelisting does not produce the expected result. Keep the exact notice and test case, then review the browser console and WordPress/PHP log. Reproduce the exact message safely and identify the matching limit, pattern, score, address, or whitelist entry.
Flagged Conversations and Whitelisting
Capture
Show a fictional flagged record with prompt, response, token, and IP fully obscured while severity/reason and action buttons remain visible.
Show
Summary cards, filters, severity/reason/score, Dismiss, Block IP
Viewport
Desktop, 1440 × 900
Annotate
Use numbered callouts only for controls referenced in the procedure.
Redact
OpenAI keys, tokens, secrets, personal information, private URLs, IP addresses, and conversation text