Guard Dog Documentation

Version 1.9.40

Welcome to the comprehensive documentation for Guard Dog, a powerful WordPress security plugin designed to protect your site from unauthorized access and brute-force attacks.

Getting Started

Core Features

Custom Login URLs – Hide your wp-admin and wp-login.php from attackers
CAPTCHA Protection – Multiple CAPTCHA providers to prevent automated attacks
Login Attempt Limiting – Prevent brute-force attacks with intelligent lockout
User Enumeration Protection – Block username discovery attacks

Authentication

Two-Factor Authentication (2FA) – App-based and email-based 2FA
Passkeys (WebAuthn) – Passwordless login with biometrics or security keys
Email Provider Configuration – Configure AWS, Resend, or SendGrid for emails
Email Verification – Require email verification before login
Password Policy – Enforce strong password requirements
Recovery Codes – Backup access when 2FA is unavailable

Access Management

Access Control – IP-based and username-based whitelist/blacklist
Site-Wide Blocking – Restrict entire site access by IP
Temporary User Access – Create time-limited users with secure access

Monitoring

Session Management – Track and manage active login sessions
Activity Log – Comprehensive logging of security and WordPress events
Debug System – Advanced logging for troubleshooting

Additional Resources

What is Guard Dog?

Guard Dog is a comprehensive security plugin that provides enterprise-level protection for any WordPress site. With features ranging from basic login protection to advanced two-factor authentication and activity monitoring, Guard Dog gives you complete control over who can access your site and what they can do.

Key Benefits

🛡️ Multi-Layer Protection

Custom login URLs to hide your admin area
Multiple CAPTCHA providers for bot protection
Two-factor authentication for enhanced security
Login attempt limiting to prevent brute-force attacks

🔒 Privacy-Focused

Choose from privacy-first CAPTCHA providers
No data transmitted to third parties (except CAPTCHA verification when enabled)
All 2FA operations happen locally on your server
Full control over what events are logged

⚙️ Enterprise-Ready

Scalable features suitable for sites of any size
Advanced access control with IP and username filtering
Comprehensive activity logging for compliance
Temporary user access for secure collaboration

👤 User-Friendly

Intuitive admin interface with organized pages
Helpful documentation and tooltips
Smart defaults that work out of the box
Gradual feature adoption – enable what you need

Quick Links

Just installed? Start with Getting Started
Setting up 2FA? Read the Two-Factor Authentication Guide
Building an account page? Use the Frontend Shortcodes and Blocks guide
Need help? Check the FAQ or Troubleshooting Guide
Locked out? See Emergency Access

What's New in 1.9.40

Guard Dog 1.9.40 adds a cleaner frontend integration surface for block-based themes, custom login pages, and member/account dashboards:

Public login form, account security, 2FA, session, passkey, and passkey-login shortcodes and blocks
Stable custom-login helper APIs for 2FA status, email code delivery, verification, passkey login markup, and required assets
Better 2FA method gating so setup controls appear only when the matching method is enabled and configured
Email 2FA checks that an email provider is configured before setup or verification can send or accept codes
IP whitelist notes so admins can label saved addresses, offices, vendors, VPNs, or people

Review the shortcode and block guide ->

Feature Overview

Hide your WordPress login page from attackers by using a custom URL instead of the default /wp-login.php. This simple change can eliminate the majority of automated bot attacks targeting your site.

Learn more about Custom Login URLs →

CAPTCHA Protection

Choose from four industry-leading CAPTCHA providers to verify that login attempts are made by humans, not bots:

Google reCAPTCHA v3 (invisible)
Google reCAPTCHA v2 (checkbox)
hCaptcha (privacy-focused)
Cloudflare Turnstile (fast and privacy-first)

Learn more about CAPTCHA Protection →

Render a Guard Dog-managed login form on standard pages, templates, or block-based themes. The form can include CAPTCHA, passkey login, social login buttons, remember-me, and lost-password controls according to your settings.

Learn more about Frontend Shortcodes and Blocks ->

Two-Factor Authentication

Add an extra layer of security with app-based or email-based two-factor authentication. Users must enter a verification code from their authenticator app or email in addition to their password.

Learn more about Two-Factor Authentication →

Frontend account pages can render 2FA management with [guard_dog_two_factor] or the Guard Dog Two-Factor Auth block.

Automatically lock out IP addresses after a specified number of failed login attempts, preventing brute-force password attacks.

Learn more about Login Attempt Limiting →

Access Control

Create IP whitelists or blacklists to control who can access your site. Block specific users by username or restrict access to approved IP addresses only.

Learn more about Access Control →

Activity Log

Track every security event, user action, and system change on your site. The comprehensive activity log helps you monitor what's happening and investigate security incidents.

Learn more about Activity Log →

Temporary User Access

Create temporary WordPress users with automatic expiration dates and login limits. Perfect for contractors, clients, or support staff who need temporary access to your site.

Learn more about Temporary User Access →

Passkeys (WebAuthn)

Enable passwordless authentication using biometrics (Face ID, Touch ID) or hardware security keys. Passkeys are more secure than passwords and can optionally bypass 2FA.

Learn more about Passkeys →

Custom login pages can render passkey sign-in with [guard_dog_passkey_login] or the Guard Dog Passkey Login block. Account pages can render passkey management with [guard_dog_passkeys] or the Guard Dog Passkeys block.

Session Management

Track all active login sessions with device, location, and activity details. Users can remotely terminate sessions, and administrators can enforce session limits and detect suspicious activity.

Learn more about Session Management →

Frontend account pages can render active-session management with [guard_dog_sessions] or the Guard Dog Sessions block.

Sites with their own login templates can hand 2FA and passkey steps to Guard Dog through public helper functions instead of reading plugin internals directly.

Learn more about Custom Login Integration ->

User Enumeration Protection

Block attackers from discovering valid usernames through REST API, author archives, login errors, password reset messages, XML-RPC, oEmbed, and registration forms.

Learn more about User Enumeration Protection →

Password Policy

Enforce strong password requirements with configurable minimum length, character requirements, common password blocking, and password history to prevent reuse.

Learn more about Password Policy →

Email Verification

Require new users to verify their email address before logging in. Prevents fake account registrations and ensures users have access to their stated email.

Learn more about Email Verification →

Support

For support questions, please use the WordPress.org support forums.

Privacy & Third-Party Services

Guard Dog respects user privacy. When CAPTCHA features are disabled, no data is transmitted to any third parties. When enabled, only your chosen CAPTCHA provider receives verification data.

Two-factor authentication uses the TOTP standard and operates entirely on your server – no external services are contacted for 2FA verification.

Last Updated: April 2026
Plugin Version: 1.9.40
Requires WordPress: 5.9 or higher
Requires PHP: 8.1 or higher

Accessibility Options

Reset Settings

Contrast

Grayscale

Text Size

Readable Font

Letter Spacing

Word Spacing

Links Underline

Hide Images

Reading Guide

Focus Outline

Line Height

Text Align

Pause Animations

Table of Contents