WindCodex SwitchGuard – Safe User Switching for WordPress & WooCommerce

WindCodex SwitchGuard is the most secure free user switching plugin for WordPress and WooCommerce. Switch into any lower-privilege user account in one click – no passwords, no account resets, no risk.

Whether you’re a support agent reproducing a customer bug, a WooCommerce store owner checking an order as the buyer, or a developer testing member-only content, SwitchGuard gives you instant, safe access to any user account and brings you straight back when you’re done.

🔒 Security-first design. Every switch is nonce-verified, role-hierarchy-enforced, and recorded in a signed session cookie. You can never switch into an equal-or-higher privilege account by mistake.

✅ Everything In The Free Version

One-Click Switching * Switch from the Users list with a single click * Switch from any user profile edit screen * Switch from WooCommerce order screens – jump straight into the customer’s account * Admin bar quick search – find any user by name or email and switch instantly

Access Control * Switching is disabled by default – you opt in when you’re ready * Restrict switching to specific WordPress roles (e.g., only Shop Managers) * Automatically blocks switching into administrator accounts * Equal-or-higher privilege accounts are always blocked – no configuration needed * Configurable session duration from 1 to 168 hours (default 48 h)

Security * Every switch action protected by WordPress nonces (CSRF protection) * Switch sessions stored in a signed, HTTPOnly cookie – tamper-proof * No passwords stored, logged, or transmitted – ever * Full multisite support

Switch Back * Prominent Switch Back button in the admin bar – always visible * Switch Off to end the session and return to your original account * Session expires automatically when the cookie TTL is reached

🚀 Who Uses SwitchGuard?

• WordPress agencies – debug client accounts without password sharing
• WooCommerce store owners – investigate orders from the customer’s perspective
• Membership site admins – verify what members see after plan changes
• Help desk & support teams – reproduce user-reported issues in seconds
• Developers & QA teams – test role-restricted content and functionality

🔐 How Is SwitchGuard Different From Other User-Switching Plugins?

Most user-switching plugins simply swap the session – leaving you exposed to privilege escalation and session fixation. SwitchGuard was built from the ground up with a security-first approach:

• Role hierarchy enforcement – switch targets must have strictly lower privilege than the switcher
• Explicit opt-in – switching is off by default, not on
• Signed cookie session – the switch origin is HMAC-signed, not just stored in a plain cookie or database row
• Nonce on every action – switch, switch back, and switch off are all CSRF-protected

⚡ How It Works

1. Activate SwitchGuard and go to the SwitchGuard settings page in wp-admin.
2. Turn on Enable User Switching and configure who can switch.
3. Click Switch To next to any user in the Users list, profile screen, or WooCommerce order screen.
4. Work in the target account as needed.
5. Click Switch Back in the admin bar to return to your original account instantly.

📋 Requirements

• WordPress 6.0 or higher
• PHP 8.1 or higher
• WooCommerce is optional – order-screen switching only appears when WooCommerce is active