Guard Dog is a comprehensive security plugin designed to protect your WordPress site from unauthorized access and brute-force attacks. With features like custom login URLs, two-factor authentication, and multiple CAPTCHA providers, Guard Dog provides enterprise-level security for any WordPress site.
Key Features:
- Custom Login URLs – Hide your wp-admin and wp-login.php from attackers
- Two-Factor Authentication (2FA) – TOTP-based authentication with recovery codes
- Multiple CAPTCHA Providers – Support for Google reCAPTCHA v2/v3, hCaptcha, and Cloudflare Turnstile
- Login Attempt Limiting – Prevent brute-force attacks with intelligent lockout
- Access Control – IP-based whitelist/blacklist protection
- Activity Monitoring – Comprehensive logging of security events
- Temporary User Access – Create temporary WordPress users with time-limited, secure access
- User Management – Advanced user permission controls
Why Choose Guard Dog?
- Privacy-Focused – Multiple CAPTCHA options including privacy-first providers
- WordPress.org Compliant – Built following WordPress coding standards
- Enterprise-Ready – Scalable features suitable for any site size
- User-Friendly – Intuitive interface with helpful documentation
- Regular Updates – Actively maintained and updated
Perfect For:
- Business websites requiring enhanced security
- WordPress sites handling sensitive data
- Multi-user sites with complex access requirements
- Anyone wanting comprehensive protection without complexity
Additional Information
Support:
For support questions, please use the WordPress.org support forums.
Privacy:
Guard Dog respects user privacy and offers multiple privacy-focused CAPTCHA options. No data is transmitted to third parties except for CAPTCHA verification when enabled.
Security:
Guard Dog follows WordPress security best practices and undergoes regular security audits. All user input is sanitized and all output is escaped.
Third-Party Services
Guard Dog integrates with the following third-party services to provide CAPTCHA protection. These services are optional and only used when CAPTCHA features are enabled.
Google reCAPTCHA (v2 and v3)
What it is: Google』s CAPTCHA service that helps protect websites from spam and abuse.
What it』s used for:
– Verifying that login, registration, and password reset attempts are made by humans
– Preventing automated bot attacks on your WordPress forms
What data is sent and when:
– User interaction data (mouse movements, time spent on page) when CAPTCHA is solved
– IP address of the user
– Site domain for verification
– CAPTCHA response token
Privacy and Terms:
– Google reCAPTCHA Privacy Policy
– Google reCAPTCHA Terms of Service
– Google reCAPTCHA Data Usage
Cloudflare Turnstile
What it is: Cloudflare』s privacy-first CAPTCHA alternative that doesn』t require user interaction.
What it』s used for:
– Invisible verification of human users during login, registration, and password reset
– Privacy-focused protection without tracking or cookies
What data is sent and when:
– Non-interactive browser signals when forms are submitted
– IP address for verification
– Site domain for validation
Privacy and Terms:
– Cloudflare Privacy Policy
– Cloudflare Terms of Service
– Turnstile Documentation
hCaptcha
What it is: A privacy-focused CAPTCHA service that doesn』t track users across websites.
What it』s used for:
– Human verification during login, registration, and password reset forms
– Privacy-conscious alternative to Google reCAPTCHA
What data is sent and when:
– User interaction with CAPTCHA challenge
– IP address for verification
– Site domain for validation
Privacy and Terms:
– hCaptcha Privacy Policy
– hCaptcha Terms of Service
– hCaptcha Data Processing
TOTP (Time-based One-Time Password) Standard
What it is: An open standard (RFC 6238) for generating time-based one-time passwords used in two-factor authentication.
What it』s used for:
– Generating secure, time-limited authentication codes for 2FA
– Providing backup authentication when primary 2FA methods are unavailable
– Enabling compatibility with popular authenticator apps (Google Authenticator, Authy, Microsoft Authenticator, etc.)
What data is sent and when:
– No external data transmission – TOTP codes are generated locally using the TOTP algorithm
– Secret key generation – A unique secret key is generated locally when 2FA is enabled for a user
– QR code generation – QR codes are generated locally for easy setup with authenticator apps
– Code verification – Generated codes are verified locally against the stored secret key
Privacy and Terms:
– RFC 6238 – TOTP Standard
– Google Authenticator Privacy Policy (if using Google Authenticator app)
– Authy Privacy Policy (if using Authy app)
– Microsoft Authenticator Privacy Policy (if using Microsoft Authenticator app)
Data Handling Summary
When CAPTCHA is disabled: No data is sent to any third-party services.
When CAPTCHA is enabled: Only the specific provider you choose receives verification data. Data is not shared between providers or stored by Guard Dog beyond the verification process.
When 2FA is disabled: No external data transmission occurs.
When 2FA is enabled:
– All TOTP operations (code generation, verification) happen locally on your server
– No data is transmitted to external services for 2FA functionality
– Authenticator apps only receive the initial setup QR code or secret key
– Recovery codes are generated locally and stored securely
User control: Users can choose which CAPTCHA provider to use, or disable CAPTCHA entirely. 2FA can be enabled/disabled per user, and users can choose their preferred authenticator app. All security features are optional and configurable.
