Guard Dog Documentation

Table of Contents

Getting Started

• Installation & Quick Setup
• Initial Configuration
• Best Practices

Core Features

Login Protection

• Custom Login URLs – Hide your wp-admin and wp-login.php from attackers
• CAPTCHA Protection – Multiple CAPTCHA providers to prevent automated attacks
• Login Attempt Limiting – Prevent brute-force attacks with intelligent lockout

Authentication

• Two-Factor Authentication (2FA) – App-based and email-based 2FA
• Email Provider Configuration – Configure AWS, Resend, or SendGrid for 2FA emails
• Recovery Codes – Backup access when 2FA is unavailable

Access Management

• Access Control – IP-based and username-based whitelist/blacklist
• Site-Wide Blocking – Restrict entire site access by IP
• Temporary User Access – Create time-limited users with secure access

Monitoring

• Activity Log – Comprehensive logging of security and WordPress events
• Debug System – Advanced logging for troubleshooting

Additional Resources

• Frequently Asked Questions
• Troubleshooting Guide
• Security Best Practices
• Performance Optimization

What is Guard Dog?

Guard Dog is a comprehensive security plugin that provides enterprise-level protection for any WordPress site. With features ranging from basic login protection to advanced two-factor authentication and activity monitoring, Guard Dog gives you complete control over who can access your site and what they can do.

Key Benefits

Multi-Layer Protection

• Custom login URLs to hide your admin area
• Multiple CAPTCHA providers for bot protection
• Two-factor authentication for enhanced security
• Login attempt limiting to prevent brute-force attacks

Privacy-Focused

• Choose from privacy-first CAPTCHA providers
• No data transmitted to third parties (except CAPTCHA verification when enabled)
• All 2FA operations happen locally on your server
• Full control over what events are logged

Enterprise-Ready

• Scalable features suitable for sites of any size
• Advanced access control with IP and username filtering
• Comprehensive activity logging for compliance
• Temporary user access for secure collaboration

User-Friendly

• Intuitive admin interface with organized pages
• Helpful documentation and tooltips
• Smart defaults that work out of the box
• Gradual feature adoption – enable what you need

Quick Links

• Just installed? Start with Getting Started
• Setting up 2FA? Read the Two-Factor Authentication Guide
• Need help? Check the FAQ or Troubleshooting Guide
• Locked out? See Emergency Access

Feature Overview

Custom Login URLs

Hide your WordPress login page from attackers by using a custom URL instead of the default ‘/wp-login.php’. This simple change can eliminate the majority of automated bot attacks targeting your site.

CAPTCHA Protection

Choose from four industry-leading CAPTCHA providers to verify that login attempts are made by humans, not bots:

• Google reCAPTCHA v3 (invisible)
• Google reCAPTCHA v2 (checkbox)
• hCaptcha (privacy-focused)
• Cloudflare Turnstile (fast and privacy-first)

Two-Factor Authentication

Add an extra layer of security with app-based or email-based two-factor authentication. Users must enter a verification code from their authenticator app or email in addition to their password.

Login Attempt Limiting

Automatically lock out IP addresses after a specified number of failed login attempts, preventing brute-force password attacks.

Access Control

Create IP whitelists or blacklists to control who can access your site. Block specific users by username or restrict access to approved IP addresses only.

Activity Log

Track every security event, user action, and system change on your site. The comprehensive activity log helps you monitor what’s happening and investigate security incidents.

Temporary User Access

Create temporary WordPress users with automatic expiration dates and login limits. Perfect for contractors, clients, or support staff who need temporary access to your site.

Support

For support questions, please use the WordPress.org support forums.

Privacy & Third-Party Services

Guard Dog respects user privacy. When CAPTCHA features are disabled, no data is transmitted to any third parties. When enabled, only your chosen CAPTCHA provider receives verification data.

Two-factor authentication uses the TOTP standard and operates entirely on your server – no external services are contacted for 2FA verification.