Rules
View, customize, and tune the built-in risk detection rules that determine visitor trust scores.
Overview
Yaplet ships with 23 built-in security rules organized into five categories. Each rule detects a specific risk signal and carries a configurable weight that determines how much it affects a visitor's trust score. The Rules page lets you tune these weights to match your site's risk tolerance.
Rule Categories
Account Takeover
Rules that detect signs of session hijacking or credential misuse:
| Rule | Default Weight | What It Detects |
|---|---|---|
| Country changed mid-session | High (+20) | Visitor's country changed within 30 minutes |
| Device changed mid-session | Medium (+10) | Browser/device changed within 30 minutes |
| IP address changed mid-session | Medium (+10) | IP address changed within 30 minutes |
Behavior
Rules that analyze visitor activity patterns:
| Rule | Default Weight | What It Detects |
|---|---|---|
| Multiple countries | Medium (+10) | Accessed from 3+ different countries |
| Numerous IP addresses | Medium (+10) | Used 10+ distinct IP addresses |
| Multiple devices | Medium (+10) | Used 3+ distinct device/browser combinations |
| High rage clicks | Medium (+10) | 5+ rage clicks detected |
| High console errors | Medium (+10) | 10+ console errors triggered |
| High network errors | Medium (+10) | 10+ network request errors |
| Night-time activity | Medium (+10) | Activity between midnight and 5 AM UTC |
| Very short sessions | Medium (+10) | 3+ sessions with only a single event each |
| Dormant visitor (30 days) | Medium (+10) | Inactive for 30+ days, now active |
| Dormant visitor (90 days) | High (+20) | Inactive for 90+ days, now active |
| Brand new visitor | Positive (-20) | Account created today — reduces risk |
Bot Detection
Rules that identify automated or scripted access:
| Rule | Default Weight | What It Detects |
|---|---|---|
| Suspicious user agent | Extreme (+70) | Known bot, crawler, or automated tool signature in the user agent string |
| Suspicious URL pattern | High (+20) | Visits to common attack paths (e.g., /wp-admin, .env, phpinfo) |
IP Analysis
Rules based on IP reputation:
| Rule | Default Weight | What It Detects |
|---|---|---|
| Known bad IP range | Extreme (+70) | IP belongs to a known malicious range |
| TOR exit node | Extreme (+70) | IP is detected as a TOR exit node |
| VPN or proxy network | High (+20) | IP is flagged as a VPN or proxy |
| Hosting/datacenter ASN | Medium (+10) | IP belongs to hosting or datacenter infrastructure |
Blacklist
Rules for organizational bans:
| Rule | Default Weight | What It Detects |
|---|---|---|
| Blacklisted visitor | Extreme (+70) | Visitor was manually blacklisted by your team |
Customizing Rule Weights
Each rule's weight determines how much it contributes to lowering a visitor's trust score when triggered. You can adjust any rule to one of these severity levels:
| Level | Weight | Effect |
|---|---|---|
| Disabled | 0 | Rule is ignored — never triggers |
| Positive | -20 | Increases trust score (used for good signals) |
| Medium | +10 | Moderate risk reduction |
| High | +20 | Significant risk reduction |
| Extreme | +70 | Severe risk reduction — a single trigger can push a visitor into the danger zone |
Saving Changes
When you modify a rule weight, a save bar appears at the top of the page showing you have unsaved changes. Click Save changes to apply, or Reset to discard.
Practical Tips
- Disable "Night-time activity" if your audience is global — UTC-based night hours will flag legitimate users in other time zones
- Reduce "Multiple countries" weight if your users frequently travel or use VPNs
- Keep bot detection rules at Extreme — legitimate visitors almost never trigger these
- Leave "Brand new visitor" at Positive — new visitors should get a trust boost, not a penalty