前言介紹
- 這款 WordPress 外掛「Guard Dog」是 2025-09-24 上架。
- 目前有 30 個安裝啟用數。
- 上一次更新是 2026-02-21,距離現在已有 4 天。
- 外掛最低要求 WordPress 5.9 以上版本才可以安裝。
- 外掛要求網站主機運作至少需要 PHP 版本 8.1 以上。
- 有 1 人給過評分。
- 論壇上目前有 1 個提問,問題解答率 100% ,不低,算是個很有心解決問題的開發者團隊了!
外掛協作開發者
外掛標籤
2FA | captcha | security | protection | authentication |
內容簡介
總結:Guard Dog是一個全面的安全外掛程式,旨在保護您的WordPress網站免受未經授權的訪問和暴力攻擊。透過自訂登錄URL、雙因素驗證以及多個CAPTCHA提供者等功能,Guard Dog可為任何WordPress網站提供企業級安全。
1. Guard Dog的關鍵特點:
- 自訂登錄URLs - 將wp-admin和wp-login.php隱藏在攻擊者外
- 雙因素身份驗證(2FA) - 基於TOTP的驗證與恢復代碼
- 多個CAPTCHA提供者 - 支持Google reCAPTCHA v2/v3、hCaptcha和Cloudflare Turnstile
- 登錄嘗試限制 - 通過智能鎖定防止暴力攻擊
- 訪問控制 - 基於IP的白名單/黑名單保護
- 活動監控 - 安全事件的全面日誌記錄
- 臨時用戶訪問 - 創建具有有限時間安全訪問權限的臨時WordPress用戶
- 用戶管理 - 高級用戶權限控制
2. 為什麼選擇Guard Dog?
- 注重隱私 - 包括隱私優先提供方的多個CAPTCHA選項
- 符合WordPress.org標準 - 遵循WordPress編碼標準建構
- 企業級應用 - 可擴展功能,適合任何網站規模
- 使用友好 - 直觀界面與有用文檔
- 定期更新 - 積極維護和更新
3. Guard Dog適用於:
- 需要增強安全性的商業網站
- 處理敏感數據的WordPress網站
- 具有複雜訪問要求的多用戶網站
- 希望獲得全面保護而不複雜的任何人
補充信息:支援、隱私保護和安全性的第三方服務整合。有Google reCAPTCHA、Cloudflare Turnstile和hCaptcha等選項。
HTML格式的問題與答案:
<ul>
<li><strong>Google reCAPTCHA是什麼?</strong>
<ul>
<li>Google的CAPTCHA服務,用於保護網站免受垃圾郵件和濫用。</li>
</ul>
</li>
<li><strong>Google reCAPTCHA主要用於哪些目的?</strong>
<ul>
<li>驗證登錄、註冊和重置密碼的嘗試來源是否為人類。</li>
<li>防止自動機器人對WordPress表單的攻擊。</li>
</ul>
</li>
<li><strong>當Google reCAPTCHA解決時,會發送哪些數據?</strong>
<ul>
<li>用戶與CAPTCHA解決時的互動數據(滑鼠移動、頁面停留時間)。</li>
<li>用戶的IP地址。</li>
<li>網站域名進行驗證。</li>
<li>CAPTCHA響應令牌。</li>
</ul>
</li>
</ul>
原文外掛簡介
Guard Dog is a comprehensive security plugin designed to protect your WordPress site from unauthorized access and brute-force attacks. With features like custom login URLs, two-factor authentication, and multiple CAPTCHA providers, Guard Dog provides enterprise-level security for any WordPress site.
Key Features:
Custom Login URLs – Hide your wp-admin and wp-login.php from attackers
Two-Factor Authentication (2FA) – TOTP-based authentication with recovery codes
Social Login (OAuth) – Sign in with Google, Microsoft, or Apple
Passkeys – Use device-based biometric authentication like Face ID, Touch ID or Windows Hello
Multiple CAPTCHA Providers – Support for Google reCAPTCHA v2/v3, hCaptcha, and Cloudflare Turnstile
Login Attempt Limiting – Prevent brute-force attacks with intelligent lockout
Access Control – IP-based whitelist/blacklist protection
Activity Monitoring – Comprehensive logging of security events
Temporary User Access – Create temporary WordPress users with time-limited, secure access
User Management – Advanced user permission controls
Why Choose Guard Dog?
Privacy-Focused – Multiple CAPTCHA options including privacy-first providers
WordPress.org Compliant – Built following WordPress coding standards
Enterprise-Ready – Scalable features suitable for any site size
User-Friendly – Intuitive interface with helpful documentation
Regular Updates – Actively maintained and updated
Perfect For:
Business websites requiring enhanced security
WordPress sites handling sensitive data
Multi-user sites with complex access requirements
Anyone wanting comprehensive protection without complexity
Additional Information
Support:
For support questions, please use the WordPress.org support forums.
Privacy:
Guard Dog respects user privacy and offers multiple privacy-focused CAPTCHA options. No data is transmitted to third parties except for CAPTCHA verification when enabled.
Security:
Guard Dog follows WordPress security best practices and undergoes regular security audits. All user input is sanitized and all output is escaped.
Third-Party Services
Guard Dog integrates with the following third-party services to provide CAPTCHA protection. These services are optional and only used when CAPTCHA features are enabled.
Google reCAPTCHA (v2 and v3)
What it is: Google’s CAPTCHA service that helps protect websites from spam and abuse.
What it’s used for:
– Verifying that login, registration, and password reset attempts are made by humans
– Preventing automated bot attacks on your WordPress forms
What data is sent and when:
– User interaction data (mouse movements, time spent on page) when CAPTCHA is solved
– IP address of the user
– Site domain for verification
– CAPTCHA response token
Privacy and Terms:
– Google reCAPTCHA Privacy Policy
– Google reCAPTCHA Terms of Service
– Google reCAPTCHA Data Usage
Cloudflare Turnstile
What it is: Cloudflare’s privacy-first CAPTCHA alternative that doesn’t require user interaction.
What it’s used for:
– Invisible verification of human users during login, registration, and password reset
– Privacy-focused protection without tracking or cookies
What data is sent and when:
– Non-interactive browser signals when forms are submitted
– IP address for verification
– Site domain for validation
Privacy and Terms:
– Cloudflare Privacy Policy
– Cloudflare Terms of Service
– Turnstile Documentation
hCaptcha
What it is: A privacy-focused CAPTCHA service that doesn’t track users across websites.
What it’s used for:
– Human verification during login, registration, and password reset forms
– Privacy-conscious alternative to Google reCAPTCHA
What data is sent and when:
– User interaction with CAPTCHA challenge
– IP address for verification
– Site domain for validation
Privacy and Terms:
– hCaptcha Privacy Policy
– hCaptcha Terms of Service
– hCaptcha Data Processing
Google OAuth (Social Login)
What it is: Google’s OAuth 2.0 service that allows users to sign in using their Google account.
What it’s used for:
– Authenticating WordPress users via their Google account
– Retrieving basic profile information (name, email) to link or create accounts
What data is sent and when:
– User is redirected to Google’s authorization server when clicking “Sign in with Google”
– An authorization code is exchanged for an access token on your server
– Basic profile information (name, email, Google user ID) is retrieved from Google’s API
– No ongoing data sharing – data is only retrieved during the login process
Privacy and Terms:
– Google OAuth Privacy Policy
– Google OAuth Terms of Service
– Google API Services User Data Policy
Microsoft Azure AD (Social Login)
What it is: Microsoft’s OAuth 2.0 service via Azure Active Directory that allows users to sign in using their Microsoft account.
What it’s used for:
– Authenticating WordPress users via their personal Microsoft account or organizational (work/school) account
– Retrieving basic profile information (name, email) to link or create accounts
What data is sent and when:
– User is redirected to Microsoft’s authorization server when clicking “Sign in with Microsoft”
– An authorization code is exchanged for an access token and ID token (JWT) on your server
– Basic profile information (name, email, Azure object ID) is extracted from the ID token
– No ongoing data sharing – data is only retrieved during the login process
Privacy and Terms:
– Microsoft Privacy Statement
– Microsoft Services Agreement
– Microsoft Identity Platform Documentation
Apple Sign In (Social Login)
What it is: Apple’s OAuth 2.0 / OpenID Connect service that allows users to sign in using their Apple ID.
What it’s used for:
– Authenticating WordPress users via their Apple ID
– Retrieving basic profile information (name, email) to link or create accounts
What data is sent and when:
– User is redirected to Apple’s authorization server when clicking “Sign in with Apple”
– An authorization code is exchanged for an access token and ID token (JWT) on your server
– Basic profile information (email, user ID) is extracted from the ID token
– User’s name is only provided on first authorization; subsequent logins return only the user ID
– Apple may provide a private relay email address instead of the user’s real email
– No ongoing data sharing – data is only retrieved during the login process
Privacy and Terms:
– Apple Privacy Policy
– Sign in with Apple Guidelines
– Apple Developer Program License Agreement
TOTP (Time-based One-Time Password) Standard
What it is: An open standard (RFC 6238) for generating time-based one-time passwords used in two-factor authentication.
What it’s used for:
– Generating secure, time-limited authentication codes for 2FA
– Providing backup authentication when primary 2FA methods are unavailable
– Enabling compatibility with popular authenticator apps (Google Authenticator, Authy, Microsoft Authenticator, etc.)
What data is sent and when:
– No external data transmission – TOTP codes are generated locally using the TOTP algorithm
– Secret key generation – A unique secret key is generated locally when 2FA is enabled for a user
– QR code generation – QR codes are generated locally for easy setup with authenticator apps
– Code verification – Generated codes are verified locally against the stored secret key
Privacy and Terms:
– RFC 6238 – TOTP Standard
– Google Authenticator Privacy Policy (if using Google Authenticator app)
– Authy Privacy Policy (if using Authy app)
– Microsoft Authenticator Privacy Policy (if using Microsoft Authenticator app)
Data Handling Summary
When CAPTCHA is disabled: No data is sent to any third-party services.
When CAPTCHA is enabled: Only the specific provider you choose receives verification data. Data is not shared between providers or stored by Guard Dog beyond the verification process.
When 2FA is disabled: No external data transmission occurs.
When 2FA is enabled:
– All TOTP operations (code generation, verification) happen locally on your server
– No data is transmitted to external services for 2FA functionality
– Authenticator apps only receive the initial setup QR code or secret key
– Recovery codes are generated locally and stored securely
When Social Login is disabled: No data is sent to any OAuth provider.
When Social Login is enabled:
– Data is only sent to the configured providers (Google, Microsoft, Apple) during the login process
– Only basic profile information (name, email, user ID) is retrieved
– Social account links are stored locally in your WordPress database
– Users can unlink their social accounts from their profile at any time
User control: Users can choose which CAPTCHA provider to use, or disable CAPTCHA entirely. 2FA can be enabled/disabled per user, and users can choose their preferred authenticator app. Social login can be enabled/disabled by administrators, and users can manage their linked social accounts. All security features are optional and configurable.
各版本下載點
- 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
- 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「Guard Dog」來進行安裝。
(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。
1.9.0 | 1.9.1 | trunk | 1.8.44 | 1.8.46 | 1.8.47 | 1.8.48 | 1.9.01 | 1.9.11 | 1.9.31 | 1.9.32 | 1.9.34 | 1.8.431 | 1.8.432 | 1.8.433 |
延伸相關外掛(你可能也想知道)
NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall 》真正的網路應用防火牆, NinjaFirewall (WP Edition)是一個真正的網路應用防火牆。雖然它可以像外掛一樣安裝和設定,但它是一個獨立的防火牆,位於 WordPress ...。
Email Address Encoder 》這是一個輕量級的外掛,可以保護純文字的電子郵件地址和 mailto 鏈結免受電子郵件抓取機器人獵取,透過將它們編碼成十進位和十六進位實體。對文章、頁面、留...。
Image Watermark 》Image Watermark 外掛能讓您自動給 WordPress 媒體庫上傳的圖片打上浮水印,也可大量添加浮水印到之前上傳的圖片之中。, 欲進一步瞭解,請前往dFactory的外掛...。
Protect Uploads 》上傳目錄是 WordPress 圖書館中檔案存放的地方。不幸的是,這個目錄沒有受到保護。一個想要查看您全部圖書館的人可以立即列出它,前往:http://yourwebsite/w...。
NinjaScanner – Virus & Malware scan 》該款WordPress外掛為「NinjaScanner」,是一款輕量、快速且強大的防毒掃描軟體。此外掛內建多種功能來協助掃描網誌中的惡意軟體及病毒。, , 主要功能:, , - ...。
WP Content Copy Protection 》「WP Content Copy Protection」是一個簡單卻有效的外掛,使用多種強力技術來保護您的線上內容免遭盜取。該外掛禁用常見的幾種文本複製方式,如右鍵、圖像拖...。
Prevent Direct Access – Protect WordPress Files 》Prevent Direct Access (PDA) 提供了一個簡單的解決方案,可以保護您的 WordPress 檔案,防止 Google、其他搜索引擎和未經授權的用戶索引和盜取您艱難製作的...。
WP-Copyright-Protection 》這個外掛是保護你網站內容的簡單方法。對大多數瀏覽器而言,它會禁用文字、圖像複製,並阻止你的網站被置入一個 iframe 框架中。此外,這個外掛程式具備乾淨...。
ContentProtector – password protect your page, post or text 》```html, <ul>, <li>ContentProtector是一個輕量且靈活的外掛,可讓您使用密碼保護您的WordPress內容。您可以保護整個文章或頁面,或僅保護特...。
WP Bouncer – Limit Simultaneous Logins 》WP Bouncer 可限制相同 WordPress 使用者帳戶的同時登入數量。該外掛程式的目標是防止使用者分享您網站的登入憑證,這對於付費會員、高級內容或電子學習網站...。
IP Ban 》更新1:對於管理員用戶,該外掛未啟用。, 更新2:添加了IP範圍功能,以供IP列表使用。, IP Ban是一個安全性外掛,可保護您的網站免受來自不希望的IP地址或用...。
No-Bot Registration 》厭倦了垃圾機器人、虛假註冊和其他垃圾行為嗎?不想使用笨重且不友好的驗證碼?, No-Bot Registration 將為您提供卓越的保護,而不會使用戶感到困難。可以輕...。
NETSENSAI Shield 》總結: NETSENSAI Shield 提供一個使用者友善的介面,讓使用者可以在 WordPress 中管理基本安全設定,使他們能夠保護自己的網站而無需過多配置知識。, , 1. 這...。
WebTotem Security 》WebTotem Security是一個針對WordPress的安全外掛程式,透過特殊的內部和外部公用程式,監控網站並預防網站攻擊。, 內部公用程式:, 1) 防毒程式尋找shell、...。
WP Site Protector 》我們都知道 WordPress 是全世界最好的 CMS。現在是時候透過提供四層保護來保護您的 WordPress 網站內容了。, 1. 關閉網站頁面的「右鍵點擊」訪問, 2. 關閉網...。