plugin-icon

WindCodex SwitchGuard – WordPress User Switching & Audit Log for WooCommerce

Switch between WordPress user accounts in one click – no passwords needed. Secure sessions, role protection, and instant switch-back.
Versión
1.0.1
Última actualización
Jun 30, 2026
WindCodex SwitchGuard – WordPress User Switching & Audit Log for WooCommerce

WindCodex SwitchGuard is a secure, free user switching plugin for WordPress and WooCommerce. Switch into any lower-privilege user account in one click – no passwords, no account resets, no security risk.

Whether you are a support agent reproducing a customer bug, a WooCommerce store owner checking an order as the buyer, or a developer testing member-only content – SwitchGuard gives you instant access to any user account and brings you straight back when you are done.

Security-first design. Every switch is nonce-verified, role-hierarchy-enforced, and recorded in a signed session cookie. You cannot accidentally switch into an equal-or-higher privilege account.

Everything in the Free Version

One-Click User Switching * Switch from the Users list with a single click – no page reloads * Switch from any user profile edit screen * Switch from WooCommerce order screens – jump straight into the customer’s account to reproduce checkout or order issues * Admin bar quick search – find any user by name or email and switch instantly from any page

Access Control * Switching is disabled by default – you opt in deliberately when you are ready * Restrict switching to specific WordPress roles (e.g., only Shop Managers or Editors) * Automatically blocks switching into administrator accounts * Equal-or-higher privilege accounts are always blocked – no configuration needed * Configurable session duration from 1 to 168 hours (default 48 hours)

Security & Audit * Every switch action protected by WordPress nonces – full CSRF protection * Switch sessions stored in a signed, HTTPOnly cookie – tamper-proof and replay-resistant * Every switch action is recorded – who switched, when, from which IP, and for how long. A full audit log dashboard is available in SwitchGuard Pro * No passwords stored, logged, or transmitted – ever * Full WordPress multisite support

Switch Back * Prominent Switch Back button always visible in the admin bar during any active switch session * Switch Off to end the session permanently and return to your original account * Session expires automatically when the configured cookie TTL is reached

Who Uses SwitchGuard?

  • WordPress support agencies – debug client accounts without password sharing or account handover
  • WooCommerce store owners – review orders from the customer’s exact perspective
  • Membership site admins – verify what members see after plan changes or role updates
  • Help desk and support teams – reproduce user-reported issues in seconds without a support ticket
  • Developers and QA teams – test role-restricted content, locked pages, and feature flags in context

How SwitchGuard Differs from Other User-Switching Plugins

Most user-switching plugins simply swap the WordPress session with no additional safeguards – leaving you exposed to privilege escalation and session fixation. SwitchGuard is built with security as the core requirement:

  • Role hierarchy enforcement – switch targets must have strictly lower privilege than the switcher. Peer and admin accounts are blocked at the server level.
  • Explicit opt-in – switching is disabled by default, not enabled. You turn it on deliberately.
  • HMAC-signed cookie session – the switch origin is signed with a secret key, not stored in a plain cookie or database row that can be tampered with.
  • Nonce on every action – switch, switch back, and switch off actions are all CSRF-protected with WordPress nonces.

🚀 Pro Version

Need IP allowlists, locked accounts, scheduled switching windows, email alerts, and a full audit log dashboard? SwitchGuard Pro is available at windcodex.com

SwitchGuard Pro adds advanced controls for agencies, enterprise teams, and high-security environments:

  • Idle timeout – automatic switch-back after a configurable period of inactivity
  • Re-authentication gate – require password confirmation before privileged switches
  • IP allowlist – restrict switching to known office or VPN IP ranges
  • Scheduled windows – allow switching only during defined hours or days
  • Per-user grants – give specific users permission to be switched into
  • Full audit log dashboard – every switch event recorded with actor, target, IP address, and timestamp
  • Email alerts – notify admins when a switch session starts or ends
  • Locked user protection – prevent switching into flagged or suspended accounts

How It Works

  1. Activate SwitchGuard and go to the SwitchGuard settings page in wp-admin.
  2. Turn on Enable User Switching and configure which roles can switch.
  3. Click Switch To next to any user in the Users list, profile screen, or WooCommerce order screen.
  4. Work in the target account – browse the frontend, check orders, test content.
  5. Click Switch Back in the admin bar to return to your original account instantly.

Requirements

  • WordPress 6.0 or higher
  • PHP 8.1 or higher
  • WooCommerce is optional – order-screen switching only appears when WooCommerce is active
Gratisen planes de pago
Probado hasta
WordPress 7.0.1
Te puedes descargar este plugin para utilizarlo en tu sitio de .