Gatewarden
Gatewarden provides a modular security and mail-delivery layer for WordPress and WooCommerce. The interface and source strings are written in English and are translation-ready through the gatewarden text domain.
All public protection, integration, event-logging, notification, SMTP, and uninstall-cleanup modules are disabled by default. Administrators enable only the features required by the site. The suggested privacy-policy text and WordPress personal-data exporter/eraser integrations are registered while the plugin is active; they only operate on Gatewarden data that actually exists.
CAPTCHA providers
- Google reCAPTCHA v2.
- Google reCAPTCHA v3.
- Cloudflare Turnstile.
WordPress protection
- Login.
- Registration.
- Lost password.
- Password reset.
- Comments.
WooCommerce protection
- My Account login and registration.
- Lost-password and reset-password forms.
- Checkout login.
- Account creation during classic checkout.
- Account creation during Checkout Block checkout.
Security, observability, and email features
- Configurable failed-login limits by IP address, username, or IP address and username.
- Progressive lockout durations with a configurable multiplier and maximum duration.
- Optional neutral account messages for login, registration, and password-recovery flows.
- One indexed, retention-aware audit stream with focused Authentication, CAPTCHA, Account activity, and Email views.
- Searchable, filterable, sortable, paginated, clearable, and CSV-exportable activity logs.
- WordPress-native list tables with Screen Options for visible columns and rows per page.
- Human-readable event details instead of raw JSON in the administration interface and CSV exports.
- A Gatewarden dashboard with login, lockout, CAPTCHA, email, provider, integration, and recent-event metrics.
- A compact WordPress Dashboard widget for administrators.
- Optional email alerts for selected lockouts, logins, registrations, password events, CAPTCHA service errors, and SMTP failures.
- Asynchronous alert delivery with configurable recipients, successful-login scope, minimum lockout duration, durable deduplication, global rate limits, and duplicate-alert cooldown.
- Optional approximate IP location from server headers or an explicit IPWHOIS.io lookup.
- Optional standard SMTP delivery with sender, host, port, encryption, authentication, timeout, certificate verification, settings-page secret redaction, and a test tool.
- Credential-redacted SMTP diagnostics that classify DNS, connection, timeout, TLS, authentication, relay, sender, recipient, and message-policy failures.
- SMTP outcome logging that excludes message bodies, attachments, passwords, and complete recipient addresses.
- Configurable log retention and optional data removal on uninstall.
- Secret-key and SMTP-password controls that never render a stored secret in administration HTML.
- Responsive CAPTCHA wrappers for WordPress and WooCommerce forms.
Gatewarden stores security events, lockout state, and pending notification jobs in site-prefixed custom database tables created through the WordPress database API. Records can include IP addresses, submitted usernames, and a WordPress user ID when one is known. Notification payloads are removed after terminal processing, deduplication hashes are cleared after the maximum cooldown, and obsolete queue records are cleaned automatically. Configure event logging, alerting, and retention according to the site’s privacy and operational requirements.
To disable public Gatewarden protection during an emergency, add this to wp-config.php:
define( 'GATEWARDEN_DISABLE', true );
Administrators with the manage_options capability see a warning while the emergency bypass is active.
The default allowed CAPTCHA verification hostnames are the normalized hosts from home_url() and site_url(). Additional explicit hostnames can be supplied through the gatewarden_allowed_hostnames filter.
Developer and infrastructure controls
Gatewarden provides narrowly scoped filters for installations that need infrastructure or integration-specific policy. Treat them as code-level controls and validate all values returned by custom callbacks.
- Authentication:
gatewarden_limit_authentication_requestcan exclude a classified channel/request;gatewarden_invalid_credential_error_codeschanges the credential-error allowlist; the legacygatewarden_is_interactive_login_requestfilter remains available for form detection. - Client IP:
gatewarden_trusted_proxy_rangesdeclares trusted proxy addresses/CIDRs andgatewarden_client_ipcan override the final validated address. Forwarded headers are ignored unless the socket peer is trusted. - CAPTCHA hostname verification:
gatewarden_allowed_hostnameschanges the strict hostname allowlist. - SMTP scope and network policy:
gatewarden_smtp_apply_to_mailcan opt an individual PHPMailer transaction out of Gatewarden SMTP. Private/reserved SMTP destinations on multisite requireGATEWARDEN_ALLOW_PRIVATE_SMTP_HOSTorgatewarden_allow_private_smtp_host; authenticated SMTP without transport encryption requiresGATEWARDEN_ALLOW_INSECURE_SMTP_AUTHorgatewarden_allow_insecure_smtp_auth. - Notification capacity:
gatewarden_notification_queue_max,gatewarden_notification_queue_total_max,gatewarden_notification_limit_per_minute,gatewarden_notification_limit_per_hour,gatewarden_notification_batch_size,gatewarden_notification_max_attempts, andgatewarden_notification_lease_secondsadjust bounded worker limits. - Notification content:
gatewarden_notification_recipients,gatewarden_notification_subject,gatewarden_notification_message, andgatewarden_ip_locationreceive sanitized notification context. - CSV export:
gatewarden_csv_export_max_rowschanges the bounded export safety limit.
Operational integrations can observe gatewarden_event_recorded, gatewarden_login_limit_error, gatewarden_notification_dropped, gatewarden_notification_capture_exception, gatewarden_notification_worker_exception, gatewarden_notification_resume_exception, gatewarden_notification_exception, gatewarden_smtp_test_completed, gatewarden_smtp_mailer_configured, gatewarden_smtp_configuration_failed, gatewarden_smtp_configuration_exception, gatewarden_smtp_sender_error, and gatewarden_privacy_tool_error.
gatewarden_login_limit_error receives `(string $message, WP_Error $error)`. `gatewarden_notification_worker_exception` always receives `(Throwable $error, ?array $claimed_row)`, with `null` for a batch-level failure. `gatewarden_notification_exception` receives `(Throwable $error, array $event)` when mail delivery or its cleanup raises an exception inside the worker boundary. `gatewarden_smtp_mailer_configured` receives the live PHPMailer object and a settings array whose `password` value is empty and whose `password_configured` flag reports whether a password exists. The live PHPMailer object is privileged and can itself contain the configured password, so callbacks must never log or expose it. Observer callbacks should remain fast; Gatewarden contains exceptions from authentication and notification diagnostic observers, but integrations should not deliberately throw.
External services
Gatewarden connects to an external service only after the relevant feature is explicitly configured and enabled by an administrator, or when an administrator explicitly runs the SMTP connection test with complete SMTP settings.
Google reCAPTCHA
When Google reCAPTCHA v2 or v3 is selected, Gatewarden loads Google’s reCAPTCHA JavaScript from www.google.com on protected forms and sends the generated response token and configured secret key to Google’s verification endpoint. Gatewarden does not include the visitor’s IP address in the server-side verification request. Google’s client-side service may process browser and device data under Google’s terms.
- Service: https://www.google.com/recaptcha/about/
- Privacy policy: https://policies.google.com/privacy
- Terms: https://policies.google.com/terms
Cloudflare Turnstile
When Cloudflare Turnstile is selected, Gatewarden loads the Turnstile JavaScript from challenges.cloudflare.com on protected forms and sends the generated response token and configured secret key to Cloudflare’s verification endpoint. Gatewarden does not include the visitor’s IP address in the server-side verification request. Cloudflare’s client-side service may process browser and device data under Cloudflare’s policies.
- Service: https://www.cloudflare.com/products/turnstile/
- Privacy policy: https://www.cloudflare.com/privacypolicy/
- Terms: https://www.cloudflare.com/website-terms/
Administrator-configured SMTP server
When SMTP is enabled, WordPress sends outgoing message content, recipient addresses, and sender details to the SMTP server configured by the administrator. The server may be operated by any provider selected by the site owner. Gatewarden stores the configured SMTP password in the WordPress options table, never renders the stored password in administration HTML, and supplies it only to the configured host during SMTP authentication. Review the selected provider’s privacy policy and terms before enabling SMTP.
IPWHOIS.io
Approximate location is disabled by default. When an administrator enables location in security notifications and explicitly selects IPWHOIS.io, Gatewarden sends the event IP address to ipwho.is and requests country, region, and city data. The result is cached on the WordPress site for 24 hours. Server-header location mode does not make this external request.
- Service and documentation: https://ipwhois.io/documentation
- Privacy policy: https://ipwhois.io/privacy
- Terms: https://ipwhois.io/terms
