Security Overview
The security manager can whitelist a token/IP, enforce token and IP rates, limit length, match blocked words/IPs, detect patterns/behavior, score severity, block at a threshold, and flag the local log.
Security checks run before the plugin sends an accepted message to OpenAI. A whitelist can bypass checks; otherwise SmartSite evaluates IP blocks, rate, length, blocked phrases, automated content patterns, and token-based behavior. Detected reasons carry severity scores and can be logged, flagged, or blocked according to the configured action and threshold.
First, keep the master security system enabled. The useful result comes later when you save before using security tester, then review flagged conversations, because configuration values matter only when their effect can be seen in retrieval, a generated reply, visitor access, or the connected service.
What this feature does and when to use it
Section titled “What this feature does and when to use it”Use the dashboard to reduce abuse and create review evidence while keeping false positives manageable.
Use this feature in the following situations:
- You are preparing a public launch and need a layered baseline against abuse and unexpected cost.
- You are reviewing why a message was allowed, flagged, or denied.
- You need to tune a false positive without disabling unrelated protections.
Where to find it
Section titled “Where to find it”Before you begin
Section titled “Before you begin”- SmartSite Assistant is installed and activated.
- You are signed in with an account that can manage WordPress options.
Set it up step by step
Section titled “Set it up step by step”- Keep the master security system enabled.
- Review current defaults before editing.
- Test token/IP rate and message length with safe inputs.
- Add narrowly scoped blocked words or IP entries only when required.
- Review automated detection patterns and severity weights.
- Choose threshold/action based on testing.
- Save before using Security Tester, then review Flagged Conversations.
Fields, controls, and important values
Section titled “Fields, controls, and important values”Security controls protect the service and its visitors; they are not a method for teaching the AI better answers. Limits and detections can stop or flag risky input before or around processing, while logs support review. Settings that are too strict can block legitimate questions, so the goal is a tested balance that preserves useful conversations without exposing cost, data, or actions unnecessarily.
| Field, control, or status | What SmartSite Assistant does with it | How to use it and why it matters |
|---|---|---|
| Master enabled | Default on; gates the security checks. | “Master enabled” controls whether this part of the workflow runs or appears. Its effect on responses depends on the feature—some switches change available knowledge or tools, while others only change presentation or protection—so perform the page-specific test. |
| Whitelist | Exact token or IP match bypasses all checks. | “Whitelist” defines an audience or assistant scope, not permission to disclose sensitive information. Keep the scope as narrow as practical, test one allowed and one denied case, and enforce real authorization inside every data-returning tool. |
| Severity defaults | Low 1, Medium 3, High 5, Critical 10. | “Severity defaults” is meaningful only with its stated unit and the behavior it triggers. Compare representative traffic before and after a change, because a lower threshold often acts sooner without making the AI itself more accurate. |
| Automated threshold/action | Default threshold 10 and action Flag. | Interpret “Automated threshold/action” with the unit, range, and default shown beside it. Change one boundary at a time and test just below and above it; tighter numbers may protect cost or safety but can also remove legitimate context or activity. |
| Logging | Flags below the blocking threshold are still attached to allowed turns; blocked attempts are also logged. | “Logging” contributes this safeguard or review signal: Flags below the blocking threshold are still attached to allowed turns; blocked attempts are also logged. It does not improve a permitted answer; it changes whether activity continues, is flagged, or remains available for investigation. |
How to confirm it is working
Section titled “How to confirm it is working”After saving Security Overview, repeat the final test with clean context. That distinction matters because WordPress can store a valid value even when remote processing, access rules, caching, or delivery prevents it from influencing the real experience.
Practical example
Section titled “Practical example”Keep a critical jailbreak score at 10 with threshold 10 so a matched default jailbreak pattern reaches the configured action.
Recommended practice
Section titled “Recommended practice”- Change one part of Security Overview at a time and keep a short record of the previous value and test result.
- Include ordinary near-matches in every test so protection is not tuned only against deliberately obvious abuse.
Important warnings
Section titled “Important warnings”Common problems and focused checks
Section titled “Common problems and focused checks”| Problem | What to check and what to do next |
|---|---|
| Security Overview is missing or does not match this guide. | Confirm the plugin is active and the account can manage WordPress options. Reproduce the exact message safely and identify the matching limit, pattern, score, address, or whitelist entry. |
| A change on Security Overview does not produce the expected result. | Keep the exact notice and test case, then review the browser console and WordPress/PHP log. Reproduce the exact message safely and identify the matching limit, pattern, score, address, or whitelist entry. |
Screen reference
Section titled “Screen reference”- Capture
- Show the Security dashboard summary and configuration navigation with default threshold/severity cards visible, no conversation content.
- Show
- Master state, rate/length summaries, threshold/action, severity weights, Flagged Conversations link
- Viewport
- Desktop, 1440 × 900
- Annotate
- Use numbered callouts only for controls referenced in the procedure.
- Redact
- OpenAI keys, tokens, secrets, personal information, private URLs, IP addresses, and conversation text