This guide will help you install and configure Guard Dog for the first time.
Installation
From WordPress Admin
1. Navigate to Plugins → Add New in your WordPress admin
2. Search for “Guard Dog”
3. Click Install Now on the Guard Dog plugin
4. Click Activate after installation completes
Manual Installation
1. Download the ‘guard-dog’ plugin folder
2. Upload it to ‘/wp-content/plugins/’ via FTP or your hosting file manager
3. Navigate to Plugins in your WordPress admin
4. Find Guard Dog in the list and click Activate
After Activation
Once activated, you’ll see a new Guard Dog menu item in your WordPress admin sidebar. This is your security command center.
Initial Configuration
Guard Dog works out of the box with secure defaults, but you should configure these essential features:
Step 1: Change Your Login URL (Recommended)
Why: This is the single most effective way to stop automated bot attacks on your site.
1. Go to Guard Dog → Login Security
2. In the Custom Login URL section, enter your desired login slug
- Example: ‘secure-login’ will make your login URL ‘yoursite.com/secure-login’
- Use something unique and memorable
- Avoid common words like “admin”, “login”, or “secure”
3. Click Save Changes
4. Important: Bookmark your new login URL immediately!
Step 2: Enable CAPTCHA (Recommended)
Why: CAPTCHA verification ensures only humans can attempt to log in, stopping automated bot attacks.
1. Go to Guard Dog → CAPTCHA
2. Choose your preferred CAPTCHA provider
3. Sign up for API keys from your chosen provider
4. Enter your Site Key and Secret Key
5. Configure display options (theme, size)
6. Click Save Changes
Choosing a CAPTCHA Provider
| Provider | Best For | User Experience | Privacy |
| Google reCAPTCHA v3 | Invisible protection | Excellent – no user interaction | Google tracking |
| Google reCAPTCHA v2 | Traditional verification | Good – simple checkbox | Google tracking |
| hCaptcha | Privacy-conscious sites | Good – accessible challenges | Privacy-focused |
| Cloudflare Turnstile | Modern, fast protection | Excellent – usually invisible | Privacy-first |
Step 3: Enable Login Attempt Limiting (Recommended)
Why: Prevents brute-force password attacks by locking out IPs after failed attempts.
1. Go to Guard Dog → Login Security
2. In the Login Attempt Limiting** section:
- Check “Enable Login Attempt Limiting”
- Set Maximum Retries (default: 5)
- Set Lockout Duration in minutes (default: 15)
3. Click Save Changes
Step 4: Configure Two-Factor Authentication (Optional but Highly Recommended)
Why: 2FA provides the strongest protection for user accounts.
1. Go to Guard Dog → Login Security
2. In the Two-Factor Authentication section:
- Check “Enable Two-Factor Authentication”
- Optionally enable email-based 2FA
- Configure enforcement settings if desired
3. Click Save Changes
4. Go to your User Profile to set up 2FA for your account
Post-Installation
After initial configuration, review these settings:
- Custom login URL is set and bookmarked
- CAPTCHA is enabled and tested
- Login attempt limiting is enabled
- 2FA is enabled for your admin account
- Test login with new settings from an incognito window
- Add your IP to the whitelist (optional, for extra protection)
- Review Activity Log settings
Testing Your Configuration
Before relying on your security setup, test it:
Test 1: Login URL
1. Open an incognito/private browser window
2. Try to access ‘yoursite.com/wp-login.php’ – should redirect to 404
3. Access your custom login URL – should show login form
4. Successfully log in
Test 2: CAPTCHA
1. Open an incognito window
2. Go to your login page
3. Verify CAPTCHA appears (or works invisibly for v3)
4. Complete CAPTCHA and log in
Test 3: Login Limiting
1. Open an incognito window
2. Enter incorrect password multiple times (up to your max retries)
3. Verify you get locked out
4. Wait for lockout duration to expire or clear lockout from admin
Test 4: Two-Factor Authentication
1. Set up 2FA on your account (email, TOTP or both)
2. Log out
3. Log in with username and password
4. Verify 2FA prompt appears
5. Enter 2FA code successfully
Common Initial Setup Issues
Issue: Locked Out After Changing Login URL
Solution: The custom login URL is stored in your database. If you lose access:
1. Via FTP or cPanel File Manager, rename the Guard Dog plugin folder to disable it temporarily
2. Log in via the standard ‘/wp-login.php’
3. Rename the plugin folder back
4. Go to Guard Dog settings and note/change your login URL
Prevention: Always bookmark your custom login URL immediately after setting it.
Issue: CAPTCHA Not Appearing
Causes:
- JavaScript errors on the page
- Incorrect API keys
- Wrong CAPTCHA provider domain registration
Solution:
1. Check browser console for JavaScript errors
2. Verify your Site Key and Secret Key are correct
3. Ensure your domain is registered with your CAPTCHA provider
4. Try a different CAPTCHA provider
Issue: Can’t Receive 2FA Emails
Causes:
- WordPress default mail function not working
- Email provider not configured
- Spam filtering
Solution:
1. Test your WordPress email with a plugin like WP Mail SMTP
2. Configure an email provider in Guard Dog → Settings → Email Provider
3. Check spam folders
4. Use app-based 2FA instead
Next Steps
Now that you have Guard Dog configured:
1. Enable Activity Logging – Start tracking security events
2. Set Up Access Control – Fine-tune who can access your site
3. Create Temporary Access – For contractors or support staff
4. Review Security Best Practices – Optimize your security posture
Getting Help
Frequently Asked Questions →
Troubleshooting Guide →