Guard Dog

Guard Dog is a comprehensive security plugin designed to protect your WordPress site from unauthorized access and brute-force attacks. With features like custom login URLs, two-factor authentication, and multiple CAPTCHA providers, Guard Dog provides enterprise-level security for any WordPress site.

Key Features:

• Custom Login URLs — Hide your wp-admin and wp-login.php from attackers
• Two-Factor Authentication (2FA) — TOTP-based authentication with recovery codes
• Multiple CAPTCHA Providers — Support for Google reCAPTCHA v2/v3, hCaptcha, and Cloudflare Turnstile
• Login Attempt Limiting — Prevent brute-force attacks with intelligent lockout
• Access Control — IP-based whitelist/blacklist protection
• Activity Monitoring — Comprehensive logging of security events
• Temporary User Access — Create temporary WordPress users with time-limited, secure access
• User Management — Advanced user permission controls

Why Choose Guard Dog?

• Privacy-Focused — Multiple CAPTCHA options including privacy-first providers
• WordPress.org Compliant — Built following WordPress coding standards
• Enterprise-Ready — Scalable features suitable for any site size
• User-Friendly — Intuitive interface with helpful documentation
• Regular Updates — Actively maintained and updated

Perfect For:

• Business websites requiring enhanced security
• WordPress sites handling sensitive data
• Multi-user sites with complex access requirements
• Anyone wanting comprehensive protection without complexity

Additional Information

Support: For support questions, please use the WordPress.org support forums.

Privacy: Guard Dog respects user privacy and offers multiple privacy-focused CAPTCHA options. No data is transmitted to third parties except for CAPTCHA verification when enabled.

Security: Guard Dog follows WordPress security best practices and undergoes regular security audits. All user input is sanitized and all output is escaped.

Third-Party Services

Guard Dog integrates with the following third-party services to provide CAPTCHA protection. These services are optional and only used when CAPTCHA features are enabled.

Google reCAPTCHA (v2 and v3)

What it is: Google’s CAPTCHA service that helps protect websites from spam and abuse.

What it’s used for: — Verifying that login, registration, and password reset attempts are made by humans — Preventing automated bot attacks on your WordPress forms

What data is sent and when: — User interaction data (mouse movements, time spent on page) when CAPTCHA is solved — IP address of the user — Site domain for verification — CAPTCHA response token

Privacy and Terms: — Google reCAPTCHA Privacy Policy — Google reCAPTCHA Terms of Service — Google reCAPTCHA Data Usage

Cloudflare Turnstile

What it is: Cloudflare’s privacy-first CAPTCHA alternative that doesn’t require user interaction.

What it’s used for: — Invisible verification of human users during login, registration, and password reset — Privacy-focused protection without tracking or cookies

What data is sent and when: — Non-interactive browser signals when forms are submitted — IP address for verification — Site domain for validation

Privacy and Terms: — Cloudflare Privacy Policy — Cloudflare Terms of Service — Turnstile Documentation

hCaptcha

What it is: A privacy-focused CAPTCHA service that doesn’t track users across websites.

What it’s used for: — Human verification during login, registration, and password reset forms — Privacy-conscious alternative to Google reCAPTCHA

What data is sent and when: — User interaction with CAPTCHA challenge — IP address for verification — Site domain for validation

Privacy and Terms: — hCaptcha Privacy Policy — hCaptcha Terms of Service — hCaptcha Data Processing

TOTP (Time-based One-Time Password) Standard

What it is: An open standard (RFC 6238) for generating time-based one-time passwords used in two-factor authentication.

What it’s used for: — Generating secure, time-limited authentication codes for 2FA — Providing backup authentication when primary 2FA methods are unavailable — Enabling compatibility with popular authenticator apps (Google Authenticator, Authy, Microsoft Authenticator, etc.)

What data is sent and when: — No external data transmission — TOTP codes are generated locally using the TOTP algorithm — Secret key generation — A unique secret key is generated locally when 2FA is enabled for a user — QR code generation — QR codes are generated locally for easy setup with authenticator apps — Code verification — Generated codes are verified locally against the stored secret key

Privacy and Terms: — RFC 6238 — TOTP Standard — Google Authenticator Privacy Policy (if using Google Authenticator app) — Authy Privacy Policy (if using Authy app) — Microsoft Authenticator Privacy Policy (if using Microsoft Authenticator app)

Data Handling Summary

When CAPTCHA is disabled: No data is sent to any third-party services.

When CAPTCHA is enabled: Only the specific provider you choose receives verification data. Data is not shared between providers or stored by Guard Dog beyond the verification process.

When 2FA is disabled: No external data transmission occurs.

When 2FA is enabled: — All TOTP operations (code generation, verification) happen locally on your server — No data is transmitted to external services for 2FA functionality — Authenticator apps only receive the initial setup QR code or secret key — Recovery codes are generated locally and stored securely

User control: Users can choose which CAPTCHA provider to use, or disable CAPTCHA entirely. 2FA can be enabled/disabled per user, and users can choose their preferred authenticator app. All security features are optional and configurable.