Skip to content

Adam Greenwell

Frequently Asked Questions

Common questions about Guard Dog security plugin for WordPress.

General Questions

What is Guard Dog?

Guard Dog is a comprehensive WordPress security plugin that protects your site from unauthorized access and brute-force attacks. It includes custom login URLs, two-factor authentication, CAPTCHA protection, login attempt limiting, access control, and activity monitoring.

Is Guard Dog free?

Yes, Guard Dog is free and open-source, licensed under GPLv2.

Do I need all the features?

No. All features are optional. Start with what you need (like custom login URL and CAPTCHA) and enable additional features as desired.

Will Guard Dog slow down my site?

No. Guard Dog is optimized for performance:

  • Features only load when needed
  • Efficient database queries with caching
  • Minimal overhead on page loads
  • CAPTCHA only loads on login/registration pages

Does Guard Dog work with my theme?

Yes. Guard Dog is theme-agnostic and works with any properly coded WordPress theme.

Does Guard Dog work with other security plugins?

Generally yes, but some features may conflict:

  • ✅ Works alongside: Wordfence, Sucuri, iThemes Security
  • ⚠️ May conflict with: Other custom login URL plugins
  • ⚠️ May conflict with: Other 2FA plugins

Test in a staging environment if using multiple security plugins.

Installation & Setup

How do I install Guard Dog?

From WordPress:

  1. Go to Plugins → Add New
  2. Search for “Guard Dog”
  3. Click Install Now
  4. Click Activate

Manual:

  1. Download the plugin
  2. Upload to /wp-content/plugins/guard-dog/
  3. Activate in WordPress admin

See Getting Started for details.

What should I configure first?

Recommended order:

  1. Custom login URL
  2. CAPTCHA protection
  3. Login attempt limiting
  4. Two-factor authentication

See Initial Configuration.

Can I import/export settings?

Currently no. Settings must be configured manually. This is a feature request for future versions.

Custom Login URL

What if I forget my custom login URL?

Recovery options:

  1. Check browser bookmarks
  2. Look in your database: wp_options table, guard_dog_login_slug option
  3. Temporarily disable plugin via FTP
  4. Add define('GUARD_DOG_BYPASS', true); to wp-config.php

See Custom Login URLs – Troubleshooting.

Will changing login URL break my site?

No. Guard Dog properly redirects all login-related functions. Password reset, logout, and other WordPress features continue to work normally.

Can search engines find my login page?

No. Direct access to /wp-login.php is blocked. Your custom login URL is not indexed by search engines.

Does this work on Nginx?

Yes. Guard Dog works on Apache, Nginx, Litespeed, and all major server configurations without special setup.

CAPTCHA

Which CAPTCHA provider should I choose?

Best user experience: Google reCAPTCHA v3 or Cloudflare Turnstile (invisible)

Best privacy: Cloudflare Turnstile or hCaptcha

Traditional verification: Google reCAPTCHA v2

See CAPTCHA Protection – Choosing a Provider.

Do I need CAPTCHA if I have a custom login URL?

Recommended yes. Custom URL hides your login page, but CAPTCHA provides additional protection if the URL is discovered.

Can I use CAPTCHA on WooCommerce login?

Yes, if WooCommerce uses WordPress core login functions (which it does by default).

Why is CAPTCHA not appearing?

Common causes:

  • JavaScript error on page
  • Incorrect API keys
  • Plugin/theme conflict
  • Ad blocker

See CAPTCHA Troubleshooting.

Two-Factor Authentication

Is 2FA required for all users?

No, it’s optional by default. Administrators can enforce 2FA with a grace period for users to set it up.

What if I lose my phone with the authenticator app?

Use a recovery code (you should have saved them). Alternatively, a site administrator can disable 2FA for your account.

See 2FA – Recovery Codes.

Can I use different authenticator apps?

Yes, any app supporting the TOTP standard works: Google Authenticator, Microsoft Authenticator, Authy, 1Password, Bitwarden, etc.

Do recovery codes expire?

No, recovery codes work indefinitely until you generate new ones (which invalidates old codes).

Can I have 2FA on multiple devices?

Yes, scan the same QR code with multiple devices, and all will generate valid codes.

Does 2FA work offline?

App-based 2FA works offline. Email-based 2FA requires internet connection to receive the code.

Login Attempt Limiting

What happens when someone is locked out?

They see an error message and cannot attempt login (even with correct password) until the lockout period expires.

Can I whitelist my IP to avoid lockouts?

Yes. Add your IP to the IP Whitelist in Access Control settings. Whitelisted IPs are never locked out.

Will this lock out legitimate users?

Rarely, if they repeatedly mistype their password. Use reasonable settings (5 attempts, 15 minutes) to minimize this.

What about shared IPs (office, school)?

This can be an issue. Solutions:

  • Whitelist the shared IP
  • Increase max retries
  • Use 2FA instead of relying solely on login limiting

See Login Limiting – Shared IPs.

Access Control

What’s the difference between blacklist and whitelist?

Blacklist: Everyone allowed except those on the list (default: allow)

Whitelist: Only those on the list allowed (default: block)

See Access Control.

Can I block entire countries?

Not directly through Guard Dog. You’d need to:

  • Add all that country’s IP ranges to blacklist (tedious)
  • Use Cloudflare geographic blocking
  • Use server-level GeoIP blocking

What’s site-wide blocking?

It restricts access to your entire site (not just admin) to whitelisted IPs only. Useful for maintenance mode or private sites.

⚠️ Warning: Add your IP to whitelist before enabling!

Will IP blocking affect search engines?

Login access control doesn’t affect search engines. Site-wide blocking will block search engines unless you whitelist them.

Activity Log

How long are logs kept?

Indefinitely by default. Configure automatic cleanup in Settings → Data Management.

Can I export activity logs?

Yes, activity logs can be exported to CSV or JSON.

Do logs affect performance?

Minimal impact. Logging is optimized with batching and caching. For very high-traffic sites, consider limiting events logged.

Can users see activity logs?

No, only administrators can view activity logs by default.

What if logs grow too large?

Enable automatic cleanup to delete logs older than a specified period (e.g., 90 days).

See Activity Log – Database Performance.

Temporary User Access

What happens to content created by temporary users?

Content remains after the temporary user is deleted. It’s either reassigned or orphaned depending on WordPress configuration.

Can temporary users reset their password?

No, they don’t have a password. They only access via the token link.

What if the access link is leaked?

Delete the temporary user immediately. The link will stop working. Create a new temporary user if access is still needed.

Can I extend a temporary user’s access?

Not directly. Options:

  • Create a new temporary user with same email
  • Edit expiry date in database (advanced)

See Temporary User Access.

Email Provider

Do I need an email provider?

Only if you want email-based 2FA or reliable transactional emails. App-based 2FA doesn’t require email configuration.

Which email provider should I use?

Simplest: Resend
Cheapest at scale: Amazon SES
Most established: SendGrid

See Email Provider Configuration.

Will this affect my regular WordPress emails?

No. Guard Dog’s email provider is only used for Guard Dog emails. Other WordPress emails still use wp_mail().

Security & Privacy

Does Guard Dog collect data about my site?

No. Guard Dog doesn’t phone home or collect any data. Everything stays on your server.

What data is stored locally?

  • Activity logs (events, IPs, usernames)
  • Failed login attempts and lockouts
  • User 2FA settings and recovery codes
  • Temporary user data

Is data encrypted?

2FA secret keys are stored encrypted in the database. Other data is stored as standard WordPress options and database entries.

What data is sent to third parties?

When CAPTCHA is disabled: Nothing.

When CAPTCHA is enabled: Only your chosen CAPTCHA provider receives verification data (IP address, browser data).

When 2FA is enabled: Nothing. All TOTP operations happen locally.

When email 2FA is enabled: Your configured email provider receives email sending requests.

See Privacy for details.

Is Guard Dog GDPR compliant?

Guard Dog itself is GDPR-compliant in that it:

  • Only stores necessary data
  • Provides data export capabilities
  • Allows data deletion

However:

  • Using Google reCAPTCHA may require cookie consent
  • Storing IP addresses may be personal data in your jurisdiction
  • You must update your privacy policy

See Privacy & GDPR.

Compatibility

What WordPress version do I need?

WordPress 5.8 or higher.

What PHP version do I need?

PHP 7.4 or higher. PHP 8.0+ recommended.

Does it work with WooCommerce?

Yes. Guard Dog protects WordPress authentication which WooCommerce uses. WooCommerce events can be logged in Activity Log.

Does it work with BuddyPress / bbPress?

Yes, as long as they use WordPress core authentication.

Does it work with membership plugins?

Generally yes, if they use WordPress core authentication. Test in staging first.

Does it work on multisite?

Guard Dog should work with multi-site installations but explicit support is not yet provided or garuanteed.

Troubleshooting

I’m locked out of my site!

Quick fix:

  1. Access via FTP
  2. Rename /wp-content/plugins/guard-dog to guard-dog-disabled
  3. Log in normally
  4. Fix your settings
  5. Rename folder back

See Troubleshooting – Locked Out.

Features aren’t working

Check:

  • Feature is enabled in settings
  • No conflicting plugins
  • Clear all caches
  • Check PHP error logs
  • Enable debug logging

Database errors

Symptoms: “Table doesn’t exist” errors

Solution:

  • Deactivate and reactivate plugin
  • This recreates database tables

Settings not saving

Check:

  • File permissions
  • PHP memory limit
  • Conflicting plugins
  • Form size limits

See Troubleshooting Guide.

Getting Help

Where can I get support?

Free support: WordPress.org support forums

Documentation: This documentation site

Bug reports: WordPress.org support forums

How do I report a bug?

  1. Go to WordPress.org support forums
  2. Create a new thread
  3. Include:
  • WordPress version
  • PHP version
  • Guard Dog version
  • Description of issue
  • Steps to reproduce
  • Error messages (if any)

How do I request a feature?

Post in the WordPress.org support forums with “[Feature Request]” in the title.

Is there premium support?

Currently no premium support is available. All support is community-based via WordPress.org.

Best Practices

What’s the most important feature to enable?

Custom login URL. This single feature eliminates 90%+ of automated bot attacks.

What’s the most secure configuration?

Maximum security:

  • Custom login URL
  • Cloudflare Turnstile CAPTCHA
  • 2FA enforced for all users
  • IP whitelist for admins
  • Login limiting (3 attempts, 60 min lockout)
  • Comprehensive activity logging

See Best Practices.

Should I enable all features?

Not necessarily. Enable what you need based on your security requirements and user tolerance.

Minimum recommended:

  • Custom login URL
  • CAPTCHA
  • Login attempt limiting

High security:

  • Add 2FA
  • Add access control
  • Add activity monitoring

How often should I review settings?

  • Monthly: Review activity logs, check for attacks
  • Quarterly: Review whitelists/blacklists, remove outdated entries
  • Annually: Review all settings, update as needed

Updates & Compatibility

How do I update Guard Dog?

Like any WordPress plugin:

  • Dashboard → Updates → Check for plugin updates
  • Or enable automatic updates

Always backup before updating.

Will updates reset my settings?

No. Plugin updates preserve all your settings.

What’s the update frequency?

Guard Dog is regularly updated for:

  • Security patches
  • WordPress compatibility
  • New features
  • Bug fixes

Can I roll back to a previous version?

Yes:

  1. Deactivate current version
  2. Delete plugin files
  3. Install previous version from wordpress.org/plugins
  4. Reactivate

Note: Settings are preserved.

Performance

Does Guard Dog work on high-traffic sites?

Yes. Guard Dog is optimized for high-traffic environments:

  • Efficient database queries
  • Caching where appropriate
  • Minimal overhead

For very high traffic:

  • Limit activity log events
  • Enable automatic log cleanup
  • Use object caching (Redis, Memcached)

Can I use Guard Dog with caching plugins?

Yes. Guard Dog works with:

  • W3 Total Cache
  • WP Super Cache
  • WP Rocket
  • LiteSpeed Cache
  • Cloudflare

Security checks happen before page caching, so there’s no conflict.

Does it work with CDNs?

Yes. Guard Dog works with Cloudflare, CloudFront, and other CDNs. IP detection works correctly through CDNs.