plugin-icon

Guard Dog

Di Adam Greenwell·
Comprehensive WordPress security plugin with custom login URLs, two-factor authentication, social login (OAuth), CAPTCHA protection, event and activit …
2FA
authentication
captcha
Votazioni
5
Versione
1.9.31
Installazioni attive
10
Ultimo aggiornamento
Feb 12, 2026

Guard Dog is a comprehensive security plugin designed to protect your WordPress site from unauthorized access and brute-force attacks. With features like custom login URLs, two-factor authentication, and multiple CAPTCHA providers, Guard Dog provides enterprise-level security for any WordPress site.

Key Features:

  • Custom Login URLs – Hide your wp-admin and wp-login.php from attackers
  • Two-Factor Authentication (2FA) – TOTP-based authentication with recovery codes
  • Social Login (OAuth) – Sign in with Google, Microsoft, or Apple
  • Passkeys – Use device-based biometric authentication like Face ID, Touch ID or Windows Hello
  • Multiple CAPTCHA Providers – Support for Google reCAPTCHA v2/v3, hCaptcha, and Cloudflare Turnstile
  • Login Attempt Limiting – Prevent brute-force attacks with intelligent lockout
  • Access Control – IP-based whitelist/blacklist protection
  • Activity Monitoring – Comprehensive logging of security events
  • Temporary User Access – Create temporary WordPress users with time-limited, secure access
  • User Management – Advanced user permission controls

Why Choose Guard Dog?

  • Privacy-Focused – Multiple CAPTCHA options including privacy-first providers
  • WordPress.org Compliant – Built following WordPress coding standards
  • Enterprise-Ready – Scalable features suitable for any site size
  • User-Friendly – Intuitive interface with helpful documentation
  • Regular Updates – Actively maintained and updated

Perfect For:

  • Business websites requiring enhanced security
  • WordPress sites handling sensitive data
  • Multi-user sites with complex access requirements
  • Anyone wanting comprehensive protection without complexity

Additional Information

Support: For support questions, please use the WordPress.org support forums.

Privacy: Guard Dog respects user privacy and offers multiple privacy-focused CAPTCHA options. No data is transmitted to third parties except for CAPTCHA verification when enabled.

Security: Guard Dog follows WordPress security best practices and undergoes regular security audits. All user input is sanitized and all output is escaped.

Third-Party Services

Guard Dog integrates with the following third-party services to provide CAPTCHA protection. These services are optional and only used when CAPTCHA features are enabled.

Google reCAPTCHA (v2 and v3)

What it is: Google’s CAPTCHA service that helps protect websites from spam and abuse.

What it’s used for: – Verifying that login, registration, and password reset attempts are made by humans – Preventing automated bot attacks on your WordPress forms

What data is sent and when: – User interaction data (mouse movements, time spent on page) when CAPTCHA is solved – IP address of the user – Site domain for verification – CAPTCHA response token

Privacy and Terms:Google reCAPTCHA Privacy PolicyGoogle reCAPTCHA Terms of ServiceGoogle reCAPTCHA Data Usage

Cloudflare Turnstile

What it is: Cloudflare’s privacy-first CAPTCHA alternative that doesn’t require user interaction.

What it’s used for: – Invisible verification of human users during login, registration, and password reset – Privacy-focused protection without tracking or cookies

What data is sent and when: – Non-interactive browser signals when forms are submitted – IP address for verification – Site domain for validation

Privacy and Terms:Cloudflare Privacy PolicyCloudflare Terms of ServiceTurnstile Documentation

hCaptcha

What it is: A privacy-focused CAPTCHA service that doesn’t track users across websites.

What it’s used for: – Human verification during login, registration, and password reset forms – Privacy-conscious alternative to Google reCAPTCHA

What data is sent and when: – User interaction with CAPTCHA challenge – IP address for verification – Site domain for validation

Privacy and Terms:hCaptcha Privacy PolicyhCaptcha Terms of ServicehCaptcha Data Processing

Google OAuth (Social Login)

What it is: Google’s OAuth 2.0 service that allows users to sign in using their Google account.

What it’s used for: – Authenticating WordPress users via their Google account – Retrieving basic profile information (name, email) to link or create accounts

What data is sent and when: – User is redirected to Google’s authorization server when clicking “Sign in with Google” – An authorization code is exchanged for an access token on your server – Basic profile information (name, email, Google user ID) is retrieved from Google’s API – No ongoing data sharing – data is only retrieved during the login process

Privacy and Terms:Google OAuth Privacy PolicyGoogle OAuth Terms of ServiceGoogle API Services User Data Policy

Microsoft Azure AD (Social Login)

What it is: Microsoft’s OAuth 2.0 service via Azure Active Directory that allows users to sign in using their Microsoft account.

What it’s used for: – Authenticating WordPress users via their personal Microsoft account or organizational (work/school) account – Retrieving basic profile information (name, email) to link or create accounts

What data is sent and when: – User is redirected to Microsoft’s authorization server when clicking “Sign in with Microsoft” – An authorization code is exchanged for an access token and ID token (JWT) on your server – Basic profile information (name, email, Azure object ID) is extracted from the ID token – No ongoing data sharing – data is only retrieved during the login process

Privacy and Terms:Microsoft Privacy StatementMicrosoft Services AgreementMicrosoft Identity Platform Documentation

Apple Sign In (Social Login)

What it is: Apple’s OAuth 2.0 / OpenID Connect service that allows users to sign in using their Apple ID.

What it’s used for: – Authenticating WordPress users via their Apple ID – Retrieving basic profile information (name, email) to link or create accounts

What data is sent and when: – User is redirected to Apple’s authorization server when clicking “Sign in with Apple” – An authorization code is exchanged for an access token and ID token (JWT) on your server – Basic profile information (email, user ID) is extracted from the ID token – User’s name is only provided on first authorization; subsequent logins return only the user ID – Apple may provide a private relay email address instead of the user’s real email – No ongoing data sharing – data is only retrieved during the login process

Privacy and Terms:Apple Privacy PolicySign in with Apple GuidelinesApple Developer Program License Agreement

TOTP (Time-based One-Time Password) Standard

What it is: An open standard (RFC 6238) for generating time-based one-time passwords used in two-factor authentication.

What it’s used for: – Generating secure, time-limited authentication codes for 2FA – Providing backup authentication when primary 2FA methods are unavailable – Enabling compatibility with popular authenticator apps (Google Authenticator, Authy, Microsoft Authenticator, etc.)

What data is sent and when:No external data transmission – TOTP codes are generated locally using the TOTP algorithm – Secret key generation – A unique secret key is generated locally when 2FA is enabled for a user – QR code generation – QR codes are generated locally for easy setup with authenticator apps – Code verification – Generated codes are verified locally against the stored secret key

Privacy and Terms:RFC 6238 – TOTP StandardGoogle Authenticator Privacy Policy (if using Google Authenticator app) – Authy Privacy Policy (if using Authy app) – Microsoft Authenticator Privacy Policy (if using Microsoft Authenticator app)

Data Handling Summary

When CAPTCHA is disabled: No data is sent to any third-party services.

When CAPTCHA is enabled: Only the specific provider you choose receives verification data. Data is not shared between providers or stored by Guard Dog beyond the verification process.

When 2FA is disabled: No external data transmission occurs.

When 2FA is enabled: – All TOTP operations (code generation, verification) happen locally on your server – No data is transmitted to external services for 2FA functionality – Authenticator apps only receive the initial setup QR code or secret key – Recovery codes are generated locally and stored securely

When Social Login is disabled: No data is sent to any OAuth provider.

When Social Login is enabled: – Data is only sent to the configured providers (Google, Microsoft, Apple) during the login process – Only basic profile information (name, email, user ID) is retrieved – Social account links are stored locally in your WordPress database – Users can unlink their social accounts from their profile at any time

User control: Users can choose which CAPTCHA provider to use, or disable CAPTCHA entirely. 2FA can be enabled/disabled per user, and users can choose their preferred authenticator app. Social login can be enabled/disabled by administrators, and users can manage their linked social accounts. All security features are optional and configurable.

Gratuitosul piano Business
Comincia ora
Eseguendo l'installazione, accetti i Termini di servizio di WordPress.com e i Termini dei plugin di terze parti.
Testato fino alla versione
WordPress 6.9.1
Questo plugin ora può essere scaricato per il tuo sito .
Scarica