Traffic Origin Guard

Traffic Origin Guard helps protect your origin server from direct traffic by requiring a secret header value on every request.

Use case: – Your site is behind Cloudflare or another reverse proxy. – You want only proxy-originated requests to reach WordPress. – You want automatic Apache rule management.

How it works: – You set one token in plugin settings. – The plugin writes Apache rules into .htaccess using a managed block. – Requests missing the expected X-Origin-Secret header are blocked with HTTP 403.

Features: – Apache .htaccess rule writer with managed BEGIN/END markers. – Header validation status visibility on the settings page. – One-click token utilities in admin (generate, copy, and “Use as token”). – In-page Cloudflare setup guide with step-by-step instructions. – Lockout recovery instructions displayed directly in the settings page. – View details link on the Plugins list page. – Automatic cleanup on plugin deactivation and uninstall.