My Private Site Advanced AI Defense is a premium add-on that supercharges the basic AI protection in the free My Private Site plugin. It provides a comprehensive suite of tools to defend your website’s content against AI web crawlers and scrapers.
Some AI Defense features are incorporated in the core My Private Site plugin. This white paper discusses both the basic features included with the core plugin, and the extensive array of advanced features included with the Advanced AI Defense add-on.
Site owners get robust new options to control if and how AI systems can access and use their website content. The add-on integrates seamlessly into the My Private Site settings, appearing as an “AI Defense” section where you can configure everything with just a few clicks.
Key capabilities include an advanced content licensing system for AI (using the emerging RSL standard), meta tags to opt-out of AI training, granular blocking of known AI bots via robots.txt, and an active firewall to automatically shut out undesirable bots.
All these features are designed to protect your intellectual property, preserve site privacy, and even enable potential monetization or controlled sharing of your content in the AI era. Below we detail each major feature and its benefits.
AI content licensing with RSL
One headline feature of Advanced AI Defense is its integration of Really Simple Licensing (RSL) for AI. RSL is a new standard that lets site owners attach machine-readable licenses to their content, declaring how AI crawlers may or may not use that content.
In the plugin’s AI Defense settings, you can choose from a range of licensing templates that best fit your preferences for how AIs are permitted (or not permitted) to use your site data. The available RSL license templates include:
- Prohibit AI training: Completely forbid AI models from using your site content for training.
- Allow AI training without restrictions: Permit AI to use content freely, essentially an open use policy.
- Allow AI training with usage reporting and attribution: Permit use only if the AI or its operators provide proper attribution and report usage, ensuring transparency.
- Allow AI training with custom licensing agreement: Require AI companies to form a custom agreement (for example, contacting you via a provided URL) before using your content.
- Allow AI training with collective licensing agreement: Allow use as part of a collective or industry agreement (with a default license server URL provided for verification).
- Allow use through a Creative Commons license: Apply a specified Creative Commons license to your content for AI purposes (you can input which CC license URL).
- Allow use through an Open Source (OSI) license: Declare your content (or a portion of it) as open source for AI, by providing an OSI license URL and the site path it covers (e.g. a /code/ section).
After selecting a template, the plugin will display any additional fields needed. For example, if you choose Creative Commons, it prompts for a CC license URL, if you choose Open Source, it prompts for a license URL and content path; if you choose Custom, you’re prompted for a contact URL. This guided setup makes it easy to specify your terms without needing to touch any code or external files.
The core My Private Site plugin includes a simple on/off toggle that, when enabled, sets the license template to “prohibit AI training.” The Advanced AI Defense plugin adds the above wide range of licensing options and data configuration options.
How RSL benefits you
Once configured, the plugin automatically generates a machine-readable license statement in XML format reflecting your choices and embeds it into multiple channels of your site. It can insert your license rules into:
- Your robots.txt file: Any well-behaved AI crawler checking txt will see your content’s license terms.
- RSS/Atom feeds: The plugin can add a <link rel=”license”> or similar tag in your site’s feeds, with fine-grained control over which feeds (main feeds, category/tag feeds, author feeds, search results feeds) include it. This ensures that even if an AI scraper uses your RSS feed, it is notified of your licensing terms.
- HTTP headers: the plugin will send a Link: <license URL>; rel=”license” header with your pages when enabled. This means even a bot that fetches your pages directly will be informed, via the HTTP response, that your content is licensed and what the terms are.
All these insertions are controlled by simple checkboxes in the UI (“Add RSL to robots.txt”, “Add RSL to RSS feeds”, “Add RSL to HTTP headers”), so you can deploy your license notices wherever you see fit.
By spreading the license information widely, RSL makes your expectations explicit. You might, for example, explicitly forbid AI usage or allow it only if you receive attribution or compensation.
This brings transparency and control to how your content is used. In the long run, as AI companies begin to honor these licenses, you could even enjoy potential royalties or partnerships if you chose a permissive license with compensation terms.
Even if enforcement by crawlers isn’t universal yet (RSL is a new standard and compliance is voluntary), using RSL future-proofs your site by preparing it for an era of AI content negotiation.
It sends a clear message that your content has terms of use ****in the context of AI, which is a strong stance to take for your intellectual property rights.
NoAI and NoImageAI meta tags
Another powerful feature is the ability to embed NoAI and NoImageAI tags across your site. These are special meta tags (and corresponding HTTP headers) that signal to AI crawlers not to use your site’s content or images for AI training or data mining. This feature is included in the core My Private Site plugin, and is available to everyone for free.
My Private Site Advanced AI Defense provides a one-click checkbox to enable the NoAI meta tags. When activated, the plugin will automatically insert the appropriate <meta> tags in your site’s HTML and send X-Robots-Tag headers with values NoAI and NoImageAI for every page request.
What these tags do
These tags serve as an industry-recognized opt-out mechanism for AI usage. For example, if an AI like OpenAI’s GPTBot or others encounter these tags on your site, the tags are meant to indicate that text content (with NoAI) and images (with NoImageAI) are not to be ingested or learned from.
This helps assert your content rights by clearly marking the content as off-limits for model training or dataset inclusion.
Benefits of NoAI tags
This feature is an immediate, broad-strokes defense: a privacy flag for AI, requiring no configuration beyond ticking a checkbox.
Even though, like any meta directive, compliance is voluntary, major players have expressed support for honoring these tags. For site owners, it’s a set it and forget it safeguard that complements the more granular RSL licensing.
Essentially, NoAI tags tell the world “Do not scrape or train on my content” in a machine-readable way. This can deter conscientious AI crawlers and bolster any legal or policy stance you have on content usage.
Because the core My Private Site plugin adds the directive at both the page metadata level and the HTTP header level, it maximizes visibility to various crawlers and bots. The result is that unwanted AI use of your text and images is discouraged at the very outset, giving you peace of mind that you’ve voiced non-consent in a standard format.
Granular AI bot blocking via robots.txt
While RSL licenses and NoAI tags provide notices and legal directives to AI crawlers, sometimes you just want to flat-out block certain bots from your site. Advanced AI Defense enables this through an easy robots.txt management interface. In the AI Defense settings, there’s a section titled “Disallow AI Bots in robots.txt”, where you can selectively disallow specific AI user-agents from crawling your site.
How it works
The plugin comes with a curated list of known AI and web scraping bots built-in, including many that the average site owner might not realize are accessing content.
You’ll see a checklist of bots like GPTBot, Anthropic ClaudeBot, Amazonbot, Applebot, PerplexityBot, and more, each with a brief description of who owns it or what it does. You can tick one, several, or “Select All” to block every bot on the list. When you hit save, the plugin will automatically insert the corresponding User-agent and Disallow: / rules into your site’s virtual robots.txt file for each selected bot. For example, if you select GPTBot, it will add a section in robots.txt that reads:
User-agent: GPTBot
Disallow: /
This example tells GPTBot it is not allowed to crawl any part of your site. You can mix and match. You might want to disallow OpenAI’s and Anthropic’s bots, but allow Google’s, depending on your content strategy. This granular control empowers you to manage 20 bots in one place.
The core My Private Site plugin includes the option to block OpenAI’s GPTBot, the key bot used by OpenAI for ChatGPT training.
Benefits
This feature gives you a “fine-toothed comb” for bot management. It’s great for site owners who have specific policies. For example, maybe you want to block data harvesters that are purely for AI training, but still allow benign crawlers that just index your site for search or archives.
The UI labels make it easy to identify each bot’s purpose (e.g., distinguishing between, say, OpenAI’s GPTBot used for training data, versus something like Applebot which might be used for Siri and general indexing).
With Advanced AI Defense, you can enforce those distinctions in seconds, without manually editing any files.
Server configuration considerations
On the technical side, the plugin smartly handles edge cases. It checks if you have a physical robots.txt file or if your server isn’t configured to serve WordPress’s virtual robots.txt, and it will display a warning and disable the feature in that case.
This prevents confusion by informing you why the option might not work until you resolve those issues (for example, removing a hard-coded robots.txt or updating Nginx rules). Once active, though, the changes are automatically reflected in your site’s robots.txt output.
Voluntary compliance
It’s worth noting that blocking via robots.txt is still a “polite” method. Compliant crawlers will obey it, but malicious scrapers might ignore it.
Still, many major AI bots (including OpenAI’s GPTBot) have publicly stated they will honor robots.txt rules. So this feature is an effective way to keep out those you don’t invite, using the standard web mechanism for excluding crawlers.
This tool is effectively your custom AI visitor blacklist, set with a few checkmarks.
Active AI Bot Defense firewall
Taking protection a step further, Advanced AI Defense introduces an anti-bot firewall. This is a far more aggressive measure against unwanted bots. Rather than just requesting they stay away via tags or robots.txt, it actively intercepts and blocks them at the server level.
When this feature is enabled for selected bots, your site will literally refuse to serve pages to those user agents, returning a 403 Forbidden error before any content is delivered.
How it works
The Active Defense Firewall interface is similar to the robots.txt section. You’ll see the same list of AI-related bots and can check off which ones you want to ban outright. Upon saving, the plugin takes immediate effect.
Internally, it hooks into WordPress very early in the page load process to inspect the incoming User-Agent string of each request. If it finds a match for one of your blocked bot signatures, the plugin will cut the request short.
The bot will get a 403 response and nothing more. The response is intentionally minimal (a “Forbidden” message with no content), and even includes an X-Robots-Tag: noindex header to ensure the denied response itself isn’t indexed anywhere.
This all happens automatically for all parts of your site. It covers regular page views, your RSS/Atom feeds, and even API endpoints. For instance, a blocked bot hitting the WordPress REST API will also be stopped with a 403 error, thanks to the plugin’s integration with the REST dispatch system. Even attempts on the login page or other admin pages from those user agents are prevented.
In short, it’s a comprehensive shield that drops traffic from bad actors before they can do anything on your site.
Benefits
The Active Defense Firewall is like having a bouncer at the door of your website specifically for known AI bots. It doesn’t rely on the bots to cooperate, like the sign on the door on the left would. It actively boots them out, like the guard in front of the door on the right would.
This can save your bandwidth and server resources since you’re not serving pages to entities you don’t want to admit. It also adds an extra layer of security. Even if a bot chooses to ignore your robots.txt or meta tags, it still can’t get in if it identifies itself in the usual way.
This goes well beyond polite request-based blocking by using server-level countermeasures. Essentially, the moment a disallowed bot tries to fetch anything, the bouncer forces compliance.
It’s important to acknowledge that this method relies on the User-Agent string. Sophisticated or truly malicious scrapers could impersonate a different agent (say, pretend to be a normal browser) to evade detection.
No plugin can fully prevent that without more advanced fingerprinting. However, most AI crawlers announce themselves properly (in part to abide by policies), and this firewall will stop those outright.
For the ones that don’t, you still have the other layers of defense, as well as the baseline My Private Site features requiring login for private content.
In essence, this Active Defense feature is your last line of defense, ensuring that even if an AI ignores your no access signs, your site is capable of physically locking them out. It’s an invaluable tool when you’re highly serious about preventing content scraping.
Seamless integration and ease of use
Despite its powerful features, Advanced AI Defense is designed to be user-friendly and integrate smoothly with your WordPress admin experience.
All configuration is done through the familiar My Private Site settings interface: specifically under a new “AI Defense” tab in the Site Privacy settings page.
If you’ve used My Private Site before, the layout will feel coherent: sections with descriptive headings, checkboxes, dropdowns, and save buttons just like other settings interfaces you’re used to.
Key aspects of the user interface and experience include the following.
At-a-glance status
The AI Defense tab provides a status banner that immediately tells you if AI defense features are active and how many measures you’ve deployed.
For example, if you’ve enabled some protections, it will show “AI Defense Active (X Defenses Deployed)” in a green banner. If you haven’t turned anything on, it will say “AI Defense Disabled”.
This is similar to the status indicators used elsewhere in My Private Site (like for site privacy status), giving you quick visual confirmation of your security stance.
Logical organization
Settings are grouped into clear subsections with explanatory text. There are subheadings for RSL (bot licensing features), NoAI tags, robots.txt disallow rules, and Active Defense firewall, each with a short description beneath it.
The language in the UI is approachable, not just developer jargon. For instance, it explains RSL as embedding license rules into various places and even mentions “potential royalties” in the description. The robots.txt section explicitly notes “your mileage may vary” because some scrapers ignore rules. This transparency helps set user expectations.
These friendly explanations mean that even non-technical site owners can understand what each feature does and why it might be useful.
One-Click Actions
Most features are toggled via simple checkboxes or multi-select lists. For example, enabling NoAI tags is just one checkbox. Selecting bots to block is a checklist with a “Select All/None” convenience button. There are dedicated Save buttons for the RSL settings, the NoAI tags, the bots list, etc., so you can change one section at a time and save just those settings.
Upon saving, you get a success message like “Options saved” to confirm changes. This granular saving approach lets you configure one area independently from another without mixing things up.
Compatibility Checks
As mentioned earlier, the UI will intelligently disable or warn you about settings that won’t work in certain server setups (like if robots.txt isn’t writable or served by WordPress). This prevents confusion.
The plugin basically guides you with “here’s something to fix in your setup if you want to use this feature.” This kind of polish in UX is a behind-the-scenes benefit that makes the power features as hassle-free as possible.
Final thoughts
In summary, My Private Site Advanced AI Defense brings enterprise-grade content protection features to WordPress in a way that’s accessible to everyday site owners.
You don’t need to be a tech expert to use it: but if you are technically inclined, you’ll appreciate the depth of protection operating behind the scenes. The combination of licensing, opt-out tags, selective blocking, and active firewall covers a full spectrum of defensive measures.
- Policy declaration: licensing terms that legit AI companies can respect and even build agreements upon.
- Opt-out signals: industry-standard tags to say “no” to data scraping.
- Polite access denial: standard robots.txt rules to bar entry to crawlers that play by the rules.
- Active denial: hard blocking for those that don’t play by the rules.
Each layer is configurable to your needs. This empowers you to strike the right balance between sharing content and protecting it.
Whether your goal is to completely shield your private site from AI eyes, or to allow AI utilization under strict terms that benefit you, Advanced AI Defense has you covered.
It’s a timely solution in an age where AI is hungry for data. It gives you the tools to stay in control of your content and how it’s used.
