
外掛標籤
開發者團隊
② 後台搜尋「WindCodex SwitchGuard – WordPress User Switching & Audit Log for WooCommerce」→ 直接安裝(推薦)
原文外掛簡介
WindCodex SwitchGuard is a secure, free user switching plugin for WordPress and WooCommerce. Switch into any lower-privilege user account in one click – no passwords, no account resets, no security risk.
Whether you are a support agent reproducing a customer bug, a WooCommerce store owner checking an order as the buyer, or a developer testing member-only content – SwitchGuard gives you instant access to any user account and brings you straight back when you are done.
Security-first design. Every switch is nonce-verified, role-hierarchy-enforced, and recorded in a signed session cookie. You cannot accidentally switch into an equal-or-higher privilege account.
Everything in the Free Version
One-Click User Switching
* Switch from the Users list with a single click – no page reloads
* Switch from any user profile edit screen
* Switch from WooCommerce order screens – jump straight into the customer’s account to reproduce checkout or order issues
* Admin bar quick search – find any user by name or email and switch instantly from any page
Access Control
* Switching is disabled by default – you opt in deliberately when you are ready
* Restrict switching to specific WordPress roles (e.g., only Shop Managers or Editors)
* Automatically blocks switching into administrator accounts
* Equal-or-higher privilege accounts are always blocked – no configuration needed
* Configurable session duration from 1 to 168 hours (default 48 hours)
Security & Audit
* Every switch action protected by WordPress nonces – full CSRF protection
* Switch sessions stored in a signed, HTTPOnly cookie – tamper-proof and replay-resistant
* Every switch action is recorded – who switched, when, from which IP, and for how long. A full audit log dashboard is available in SwitchGuard Pro
* No passwords stored, logged, or transmitted – ever
* Full WordPress multisite support
Switch Back
* Prominent Switch Back button always visible in the admin bar during any active switch session
* Switch Off to end the session permanently and return to your original account
* Session expires automatically when the configured cookie TTL is reached
Who Uses SwitchGuard?
WordPress support agencies – debug client accounts without password sharing or account handover
WooCommerce store owners – review orders from the customer’s exact perspective
Membership site admins – verify what members see after plan changes or role updates
Help desk and support teams – reproduce user-reported issues in seconds without a support ticket
Developers and QA teams – test role-restricted content, locked pages, and feature flags in context
How SwitchGuard Differs from Other User-Switching Plugins
Most user-switching plugins simply swap the WordPress session with no additional safeguards – leaving you exposed to privilege escalation and session fixation. SwitchGuard is built with security as the core requirement:
Role hierarchy enforcement – switch targets must have strictly lower privilege than the switcher. Peer and admin accounts are blocked at the server level.
Explicit opt-in – switching is disabled by default, not enabled. You turn it on deliberately.
HMAC-signed cookie session – the switch origin is signed with a secret key, not stored in a plain cookie or database row that can be tampered with.
Nonce on every action – switch, switch back, and switch off actions are all CSRF-protected with WordPress nonces.
🚀 Pro Version
Need IP allowlists, locked accounts, scheduled switching windows, email alerts, and a full audit log dashboard?
SwitchGuard Pro is available at windcodex.com
SwitchGuard Pro adds advanced controls for agencies, enterprise teams, and high-security environments:
Idle timeout – automatic switch-back after a configurable period of inactivity
Re-authentication gate – require password confirmation before privileged switches
IP allowlist – restrict switching to known office or VPN IP ranges
Scheduled windows – allow switching only during defined hours or days
Per-user grants – give specific users permission to be switched into
Full audit log dashboard – every switch event recorded with actor, target, IP address, and timestamp
Email alerts – notify admins when a switch session starts or ends
Locked user protection – prevent switching into flagged or suspended accounts
How It Works
Activate SwitchGuard and go to the SwitchGuard settings page in wp-admin.
Turn on Enable User Switching and configure which roles can switch.
Click Switch To next to any user in the Users list, profile screen, or WooCommerce order screen.
Work in the target account – browse the frontend, check orders, test content.
Click Switch Back in the admin bar to return to your original account instantly.
Requirements
WordPress 6.0 or higher
PHP 8.1 or higher
WooCommerce is optional – order-screen switching only appears when WooCommerce is active
