Content Guard Pro categorizes detected issues into three severity levels. Understanding these helps you prioritize your security response.

Severity Overview #

Critical Severity #

Critical findings represent the highest threat level and require immediate attention.

What Triggers Critical #

• External Scripts: Non-allowlisted script tags loading from unknown domains
• External Iframes: Non-allowlisted iframe tags embedding external content
• Reputation Hits: URLs flagged by Google Safe Browsing or PhishTank
• Cryptocurrency Miners: Known cryptojacking services
• JavaScript URIs: Links that execute code when clicked
• PHP Code Patterns: Dangerous functions like eval, exec, shell_exec
• SVG with Scripts: SVG images containing executable code

Critical Finding Examples #

The plugin flags content like:

• Script tags pointing to unfamiliar external domains
• Iframe embeds from non-allowlisted sources
• Links with javascript: protocol that could steal data
• References to known crypto mining services

Response #

1. Do not publish if found before publishing
2. Quarantine immediately if already published
3. Investigate source – how did this get into content?
4. Check other content – infection may be widespread
5. Review user accounts – possible compromised credentials

Suspicious Severity #

Suspicious findings indicate likely problems that need investigation but may not be immediately dangerous.

What Triggers Suspicious #

• URL Shorteners: Services like bit.ly, t.co, goo.gl
• Hidden Content with Links: Elements using CSS hiding containing external URLs
• Obfuscation: Base64 encoding, character code conversions, string building
• SEO Spam Keywords: Pharmaceutical, gambling, adult content terms
• Inline Event Handlers: Attributes like onclick, onerror, onload
• Dynamic Writing: Methods that inject content at runtime
• Meta Refresh Redirects: Automatic page redirects
• JavaScript Redirects: Location manipulation in scripts

Suspicious Finding Examples #

The plugin flags content like:

• Shortened URLs that mask the true destination
• Content hidden with CSS (display:none, visibility:hidden) containing external links
• Encoded strings that decode to executable code
• Clusters of pharmaceutical or gambling keywords

Response #

1. Review the content – is this intentional?
2. Check the destination – where do links actually go?
3. Quarantine if unsure – better safe than sorry
4. Add to allowlist if legitimate (e.g., your marketing URL shortener)

Review Severity #

Review findings are potential concerns worth checking but often legitimate.

What Triggers Review #

• Anomalous Link Profiles: Unusual external/internal link ratio
• Serialized PHP Objects: May be legitimate plugin data
• Academic Spam Phrases: Could be false positive on educational content
• Low-confidence Pattern Matches: Partial matches or edge cases
• Financial Terms: In some contexts, legitimate business content

Review Finding Examples #

The plugin flags content like:

• Pages with unusually high ratios of external links (15+ external vs 2 internal)
• Serialized data strings that could be plugin configuration
• Educational content that happens to mention essay writing services

Response #

1. Evaluate context – is this content type expected?
2. Check source – who created this content?
3. Ignore if legitimate – mark as ignored to prevent repeat alerts
4. Report false positive – helps improve detection accuracy

Severity and Confidence Relationship #

Severity is determined by both the threat type and confidence score:

See Confidence Scores Explained for details on how scores are calculated.

Filtering by Severity #

In Findings List #

1. Go to Content Guard Pro → Findings
2. Use the Severity dropdown filter
3. Select Critical, Suspicious, Review, or All
4. Click Filter

In Email Alerts #

Configure which severities trigger emails:

1. Go to Content Guard Pro → Settings
2. Find Email Severity Threshold
3. Choose: Critical only, Suspicious and above, or All findings