WordPress.org

Tigrigna

Get WordPress
WordPress.org

Plugin Directory

Guard Dog

Guard Dog

By Adam Greenwell
Download

Description

Guard Dog is a comprehensive security plugin designed to protect your WordPress site from unauthorized access and brute-force attacks. With features like custom login URLs, two-factor authentication, and multiple CAPTCHA providers, Guard Dog provides enterprise-level security for any WordPress site.

Key Features:

  • Custom Login URLs – Hide your wp-admin and wp-login.php from attackers
  • Two-Factor Authentication (2FA) – TOTP-based authentication with recovery codes
  • Multiple CAPTCHA Providers – Support for Google reCAPTCHA v2/v3, hCaptcha, and Cloudflare Turnstile
  • Login Attempt Limiting – Prevent brute-force attacks with intelligent lockout
  • Access Control – IP-based whitelist/blacklist protection
  • Activity Monitoring – Comprehensive logging of security events
  • Temporary User Access – Create temporary WordPress users with time-limited, secure access
  • User Management – Advanced user permission controls

Why Choose Guard Dog?

  • Privacy-Focused – Multiple CAPTCHA options including privacy-first providers
  • WordPress.org Compliant – Built following WordPress coding standards
  • Enterprise-Ready – Scalable features suitable for any site size
  • User-Friendly – Intuitive interface with helpful documentation
  • Regular Updates – Actively maintained and updated

Perfect For:

  • Business websites requiring enhanced security
  • WordPress sites handling sensitive data
  • Multi-user sites with complex access requirements
  • Anyone wanting comprehensive protection without complexity

Additional Information

Support:
For support questions, please use the WordPress.org support forums.

Privacy:
Guard Dog respects user privacy and offers multiple privacy-focused CAPTCHA options. No data is transmitted to third parties except for CAPTCHA verification when enabled.

Security:
Guard Dog follows WordPress security best practices and undergoes regular security audits. All user input is sanitized and all output is escaped.

Third-Party Services

Guard Dog integrates with the following third-party services to provide CAPTCHA protection. These services are optional and only used when CAPTCHA features are enabled.

Google reCAPTCHA (v2 and v3)

What it is: Google’s CAPTCHA service that helps protect websites from spam and abuse.

What it’s used for:
– Verifying that login, registration, and password reset attempts are made by humans
– Preventing automated bot attacks on your WordPress forms

What data is sent and when:
– User interaction data (mouse movements, time spent on page) when CAPTCHA is solved
– IP address of the user
– Site domain for verification
– CAPTCHA response token

Privacy and Terms:
Google reCAPTCHA Privacy Policy
Google reCAPTCHA Terms of Service
Google reCAPTCHA Data Usage

Cloudflare Turnstile

What it is: Cloudflare’s privacy-first CAPTCHA alternative that doesn’t require user interaction.

What it’s used for:
– Invisible verification of human users during login, registration, and password reset
– Privacy-focused protection without tracking or cookies

What data is sent and when:
– Non-interactive browser signals when forms are submitted
– IP address for verification
– Site domain for validation

Privacy and Terms:
Cloudflare Privacy Policy
Cloudflare Terms of Service
Turnstile Documentation

hCaptcha

What it is: A privacy-focused CAPTCHA service that doesn’t track users across websites.

What it’s used for:
– Human verification during login, registration, and password reset forms
– Privacy-conscious alternative to Google reCAPTCHA

What data is sent and when:
– User interaction with CAPTCHA challenge
– IP address for verification
– Site domain for validation

Privacy and Terms:
hCaptcha Privacy Policy
hCaptcha Terms of Service
hCaptcha Data Processing

TOTP (Time-based One-Time Password) Standard

What it is: An open standard (RFC 6238) for generating time-based one-time passwords used in two-factor authentication.

What it’s used for:
– Generating secure, time-limited authentication codes for 2FA
– Providing backup authentication when primary 2FA methods are unavailable
– Enabling compatibility with popular authenticator apps (Google Authenticator, Authy, Microsoft Authenticator, etc.)

What data is sent and when:
No external data transmission – TOTP codes are generated locally using the TOTP algorithm
Secret key generation – A unique secret key is generated locally when 2FA is enabled for a user
QR code generation – QR codes are generated locally for easy setup with authenticator apps
Code verification – Generated codes are verified locally against the stored secret key

Privacy and Terms:
RFC 6238 – TOTP Standard
Google Authenticator Privacy Policy (if using Google Authenticator app)
Authy Privacy Policy (if using Authy app)
Microsoft Authenticator Privacy Policy (if using Microsoft Authenticator app)

Data Handling Summary

When CAPTCHA is disabled: No data is sent to any third-party services.

When CAPTCHA is enabled: Only the specific provider you choose receives verification data. Data is not shared between providers or stored by Guard Dog beyond the verification process.

When 2FA is disabled: No external data transmission occurs.

When 2FA is enabled:
– All TOTP operations (code generation, verification) happen locally on your server
– No data is transmitted to external services for 2FA functionality
– Authenticator apps only receive the initial setup QR code or secret key
– Recovery codes are generated locally and stored securely

User control: Users can choose which CAPTCHA provider to use, or disable CAPTCHA entirely. 2FA can be enabled/disabled per user, and users can choose their preferred authenticator app. All security features are optional and configurable.

Screenshots

  • Change your WordPress login URL to your own string
  • Limit login attempts and set lockout duration
  • Enable email and app-based two-factor authentication methods
  • 2FA configuration from the user profile screen
  • Two-factor authentication on the login screen
  • Enable site-wide blocking, IP address blocking and username blocking
  • Create temporary user with granular access and expiration controls
  • Track site and system events with the Activity Log feature
  • Configure AWS, Resend or Sendgrid as your email provider for two-factor messaging

Installation

  1. Upload the guard-dog folder to the /wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. Navigate to ‘Guard Dog’ in your admin menu to configure settings
  4. Configure your desired security features step by step

Quick Setup:

  1. Change Login URL: Set a custom login URL immediately after activation
  2. Enable CAPTCHA: Choose and configure your preferred CAPTCHA provider
  3. Configure 2FA: Set up two-factor authentication for enhanced security
  4. Review Settings: Adjust login limits and access controls as needed

FAQ

What if I get locked out of my site?

Guard Dog includes a temporary access feature that generates secure bypass links. These can be created before lockout occurs. If you’re already locked out, you can disable the plugin via FTP by renaming the plugin folder.

Which CAPTCHA provider should I choose?

  • Google reCAPTCHA v3 – Invisible, best user experience
  • Google reCAPTCHA v2 – Checkbox verification, widely supported
  • hCaptcha – Privacy-focused alternative to Google
  • Cloudflare Turnstile – Fast, privacy-first option

Is two-factor authentication required?

No, 2FA is optional but highly recommended. It can be enabled per-user and includes recovery codes for backup access.

Will this affect my site performance?

Guard Dog is optimized for performance. Features like database query optimization and intelligent caching ensure minimal impact on your site speed.

Does it work with other security plugins?

Guard Dog is designed to work alongside other security plugins, though we recommend testing in a staging environment first to avoid conflicts.

Reviews

There are no reviews for this plugin.

Contributors & Developers

“Guard Dog” is open source software. The following people have contributed to this plugin.

Contributors

Translate “Guard Dog” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.8.44

  • Add WooCommerce events to Activity Log
  • Improve site-wide blocking message customization

1.8.433

  • Fix activity log error that could occur when updating a navigation menu

1.8.432

  • Fix “Unknown Event” event name logging in the Activity Log section to display the proper event name

1.8.431

  • Minor 2FA login form styling

1.8.43

  • Resolve AWS SDK conflict with other plugins that may use AWS environment variables
  • Refactor 2FA login flow to improve security

1.8.42

  • Code quality improvements to meet WordPress coding standards

1.8.41

  • Code quality improvements to meet WordPress coding standards

1.8.4

  • Improve Activity Log admin interface
  • Improve front-end styling for two-factor authentication methods when logging in

1.8.325

  • Added additional two-factor authentication method via email
  • Added email provider configuration for use with two-factor via email authentication

1.8.312

  • Under-the-hood refactoring of plugin settings templates

1.8.31

  • Update readme.txt describing third party libraries in use and what they do

1.8.3

  • Under-the-hood performance improvements and updates for WordPress plugin directory compliance

1.8.2

  • Improved debug logging to prevent potential PHP errors

1.8.1

  • Update activity log settings to add additional event types
  • Improve shortcode 2FA widget for use in custom themes using a custom login page

1.8.0

  • Custom login URL feature refactored to be server agnostic
  • Improve custom login URL support when using CAPTCHA and 2FA

1.7.0

  • Enhanced debug logging system with multiple log levels and export ability
  • Styling improvements applied to settings page

1.6.0

  • Added Cloudflare Turnstile CAPTCHA support
  • Enhanced activity logging system
  • NEW: Complete temporary user access system – create actual WordPress users with time limits
  • Improved temporary access security with automatic user cleanup
  • Better mobile responsiveness for admin interface
  • Performance optimizations for large sites

1.5.0

  • Added hCaptcha support for privacy-focused protection
  • Enhanced two-factor authentication with recovery codes
  • Improved user interface and user experience
  • Better internationalization support
  • Bug fixes and security enhancements

1.4.0

  • Implemented comprehensive activity monitoring
  • Added advanced IP access control features
  • Enhanced temporary access system
  • Improved admin interface design
  • Performance optimizations

1.3.0

  • Added two-factor authentication (TOTP)
  • Enhanced login attempt limiting
  • Improved admin interface
  • Better error handling and logging
  • Security improvements

1.2.0

  • Added Google reCAPTCHA v3 support
  • Enhanced custom login URL features
  • Improved user management
  • Better admin interface
  • Performance optimizations

1.1.0

  • Added login attempt limiting
  • Enhanced access control features
  • Improved admin interface
  • Bug fixes and optimizations

1.0.0

  • Initial release
  • Custom login URLs
  • Basic access control
  • Google reCAPTCHA v2 support
  • Activity logging

Meta

Ratings

No reviews have been submitted yet.

Add my review

See all reviews

Contributors

Support

Got something to say? Need help?

View support forum