Title: WP Guardian
Author: Ciprian Popescu
Published: <strong>11 outubro, 2017</strong>
Last modified: 20 maio, 2026

---

Pesquisar plugins

![](https://ps.w.org/wp-guardian/assets/banner-772x250.jpg?rev=3060726)

![](https://ps.w.org/wp-guardian/assets/icon-256x256.jpg?rev=3060719)

# WP Guardian

 Por [Ciprian Popescu](https://profiles.wordpress.org/butterflymedia/)

[Baixar](https://downloads.wordpress.org/plugin/wp-guardian.2.0.5.zip)

 * [Detalhes](https://br.wordpress.org/plugins/wp-guardian/#description)
 * [Avaliações](https://br.wordpress.org/plugins/wp-guardian/#reviews)
 *  [Instalação](https://br.wordpress.org/plugins/wp-guardian/#installation)
 * [Desenvolvimento](https://br.wordpress.org/plugins/wp-guardian/#developers)

 [Suporte](https://wordpress.org/support/plugin/wp-guardian/)

## Descrição

WP Guardian is a simple but effective plugin that locks down your WordPress website
to ensure it’s protected and safe.

#### About

Using this plugin couldn’t be easier as it’s designed to be as straight forward 
as possible to make sure you can get your website safe and secure so you can get
on with more important things. WP Guardian includes features such as a powerful 
firewall and Two-Step verification for logging in.

## Instalação

 1. Download the plugin package.
 2. Upload to the /wp-content/plugins/ directory.
 3. Activate the plugin in the dashboard.
 4. Go to the settings page and configure the plugin to get started.

## Perguntas frequentes

### How does this plugin secure my WordPress site?

This plugin helps secure your website by locking things down with a range of effective
tools with a simple interface.

### How good is the security of this plugin?

The plugin is by no means a one stop solution for everything. It’s designed to be
simple, giving you a range of essential security features to harden your site’s 
security defences.

### How does Two-Step verification work?

The option is available on your profile page when enabled globally. It will let 
you choose a method in which a code is sent to a secondary location for you to enter
at login before you can authenticate.

## Avaliações

![](https://secure.gravatar.com/avatar/d93edfb9907b386a70b322a2caeadad42aee3732bb5a45f056c2b05ad006827d?
s=60&d=retro&r=g)

### 󠀁[It’s the business](https://wordpress.org/support/topic/its-the-business-2/)󠁿

 [cormacsans](https://profiles.wordpress.org/cormacsans/) 9 abril, 2024

Happy to promote/recommend this wordpress plugin. Works seamlessly with my set up.
Delighted with the support 🙂

 [ Leia a 1 avaliação ](https://wordpress.org/support/plugin/wp-guardian/reviews/)

## Colaboradores e desenvolvedores

“WP Guardian” é um programa de código aberto. As seguintes pessoas contribuíram 
para este plugin.

Colaboradores

 *   [ Ciprian Popescu ](https://profiles.wordpress.org/butterflymedia/)

WP Guardian” foi traduzido para 2 localidades. Agradecemos aos [tradutores](https://translate.wordpress.org/projects/wp-plugins/wp-guardian/contributors)
por suas contribuições.

[Traduzir o “WP Guardian” para seu idioma.](https://translate.wordpress.org/projects/wp-plugins/wp-guardian)

### Interessado no desenvolvimento?

[Navegue pelo código](https://plugins.trac.wordpress.org/browser/wp-guardian/), 
consulte o [repositório SVN](https://plugins.svn.wordpress.org/wp-guardian/) ou 
assine o [registro de desenvolvimento](https://plugins.trac.wordpress.org/log/wp-guardian/)
por [RSS](https://plugins.trac.wordpress.org/log/wp-guardian/?limit=100&mode=stop_on_copy&format=rss).

## Registro de alterações

#### 2.0.5

 * UPDATE: Tested up to WordPress 7.0

#### 2.0.4

 * Change: Remove Dashboard “cleanup” that ran on every WP Guardian Dashboard load(
   deleting legacy `_login_attempts` option and user meta, and dropping legacy `
   dtjwpg_logins` / `dtjwpg_lockouts` tables)—no longer needed after upgrades
 * Change: Remove `admin_init` unscheduling of obsolete cron hook `dtjwpg_file_guardian_check`(
   File Guardian module removed in 1.9.0)

#### 2.0.3

 * Change: Remove the legacy Hide Backend incorrect-token redirect migration (slug
   to page ID); the `dtjwpg_backend_redirect_migrated_v2` option is no longer read
   or updated and is only removed when uninstall wipes plugin data

#### 2.0.2

 * Add: Add nG Firewall to block malicious query strings, request URIs, user agents,
   and HTTP referrers (Apache / LiteSpeed only)
 * Add: nG Firewall supports optional request logging to nG_log.txt with a log viewer
   and clear-log action; rules and log files are removed on plugin deactivation 
   and uninstall

#### 2.0.1

 * Fix: Users Audit treats administrator capability user IDs without a wp_users 
   row as orphaned metadata (no edit links; dedicated section and reference table)
 * Fix: Users Audit count and set comparisons use verified capability IDs tied to
   existing users so stale capability rows alone do not trigger a mismatch
 * Add: Users Audit action to remove this site’s orphaned capabilities and user-
   level usermeta for those IDs (manage_options, nonce, confirmation)

#### 2.0.0

 * Add: Plugin / Theme Audit (merged plugin + theme on-disk checks, collapsible 
   directory listings, MU plugin audit)
 * Add: Users Audit and REST Audit

#### 1.9.3

 * Add: Option to require two-step verification for all Administrator accounts (
   and Super Admins on multisite)
 * Fix: Two-step verification flow (reliable site toggle, early wp_login hook, login_init
   for verify step, correct user ID handling, login URL handling without fatal errors,
   wp_mail success detection, 10-minute code expiry, admin redirect uses admin_url)
 * Change: Hide-backend login token query parameter is now `token` (legacy `dtjwpg-
   token` still accepted); incorrect-token redirect is a page dropdown (stored as
   page ID) with migration from legacy slug
 * Change: Move secret token and redirect settings into Login Security tab; move
   Disable File Editor into Security Measures tab; remove Security tab (guardian-
   options template removed)
 * Change: Admin submenu label Security to Dashboard for the main WP Guardian screen
 * Add: Remove Plugin Guard MU drop-in and pg_* options on plugin delete (uninstall.
   php) and when deactivation wipes data
 * Cleanup: DRY option helpers, remove unused DTJWPG_LOG_DIR constant, redirect 
   helper uses full URLs, nonce on Login Security saves

#### 1.9.2

 * Fix: The Plugins page Settings link now points to the main WP Guardian admin 
   page
 * Add: Short contextual help text under each option on the Guardian tab

#### 1.9.1

 * Change: Plugin Guard is now disabled by default and can be enabled manually by
   an administrator
 * Change: Plugin Guard MU behavior now checks for the main WP Guardian plugin and
   disables enforcement if the parent plugin is missing (e.g., forced FTP deletion)
 * Fix: Firewall custom redirect URL now saves correctly
 * Change: Removed File Guardian module code and admin submenu; old scheduled hooks
   are now cleaned up
 * Change: Removed Script Cleaner module and related settings
 * Change: Removed Security Measures options “Enable bot protection” and “Block 
   access to sensitive files” from UI and save flow
 * Cleanup: Removed unused DataTables loading and unused CSS selectors
 * Cleanup: Removed unused legacy options cleanup calls and obsolete comments

#### 1.9.0

 * Add Plugin Guard feature to block plugin installation and activation unless an
   admin unlocks via Settings  Plugin Guard
 * Remove File Guardian feature to reduce complexity and improve performance
 * Update WordPress compatibility

#### 1.8.5

 * Fix: All REST API requests (including unauthenticated) are now excluded from 
   firewall blocking to support Gravity Forms and other plugins
 * Fix: Gravity Forms REST API endpoints are now whitelisted to prevent blocking
   form submissions
 * Fix: Gravity Forms form submissions from logged-out users now work correctly

#### 1.8.4

 * Fix: Regex pattern error in security measures file access restriction (preg_match
   unknown modifier warning)

#### 1.8.3

 * Fix: Authenticated REST API requests are now properly excluded from firewall 
   blocking
 * Fix: POST scanning no longer blocks authenticated REST API requests when saving
   pages
 * Fix: Security measures no longer interfere with authenticated REST API requests

#### 1.8.2

 * Fix: File Guardian now correctly scans root directory for files only (not folders)
 * Fix: File Guardian now scans wp-admin and wp-includes directories recursively
   for both files and folders
 * Fix: File Guardian path normalization to prevent duplicate directory names in
   file listings
 * Fix: File Guardian integrity check now excludes wp-content/plugins, wp-content/
   themes, and wp-content/languages from core file checks
 * Fix: File Guardian now automatically deletes suspicious PHP files in root directory
   that are not in WordPress core checksums
 * Fix: Circular progress bar stroke color now displays correctly
 * Fix: Circular progress bar percentage calculation now accurately reflects Guardian
   score
 * Security measures now included in Guardian percentage calculation (excluding 
   Script Cleaner aggressive filter)
 * Guardian percentage calculation redistributed to allow 100% score when all security
   measures are enabled
 * Rename “Obfuscated Script Cleaner” to “Script Cleaner” throughout user-facing
   text and comments

#### 1.8.1

 * Fix: Script Cleaner now properly detects and removes Trojan:HTML/Redirector.SSF!
   MTB malware
 * Enhanced malware detection patterns to match real-time filter capabilities
 * Add detection for hex-encoded obfuscated scripts and additional obfuscation techniques(
   String.fromCharCode, unescape, decodeURIComponent)
 * Script Cleaner now detects _0x obfuscation patterns, atob/eval functions, and
   urshort.live redirect domains

#### 1.8.0

 * Add UI toggle for Script Cleaner aggressive filtering (off by default)
 * Script Cleaner is now less aggressive: only removes detected malicious scripts,
   not all HTML
 * Fix: HTML is no longer stripped from post/page content unless aggressive mode
   is enabled

#### 1.7.3

 * Remove SQLite logging functionality to reduce complexity and improve performance
 * Add Script Cleaner feature to scan and remove malicious injected scripts from
   all post types
 * Add real-time protection to block malicious content from being saved

#### 1.7.2

 * Optimize memory usage by reducing SQLite cache size from 32MB to 8MB
 * Improve memory efficiency for better performance on resource-constrained servers
 * Consolidate security measures: merge directory browsing protection options, combine
   sensitive file blocking options, and unify PHP execution prevention measures 
   for a cleaner interface

#### 1.7.1

 * Fix a few minor issues for compatibility with WordPress 6.9
 * Improve security measures notifications
 * Improve security measures for directory browsing protection

#### 1.7.0

 * Add Security Measures feature with 18 configurable security options
 * Add comprehensive file whitelist for common legitimate files
 * Add file permission management for wp-config.php
 * Improve security key validation with complexity checks
 * Enhanced bot protection and file access restrictions
 * All security measures enabled by default with toggle options
 * Update WordPress compatibility

#### 1.6.2

 * Update WordPress compatibility

#### 1.6.1

 * Only check for POST injection when not logged in
 * Fix session starting when headers are already sent

#### 1.6.0

 * Reduce query string length check from 2000 to 1000 characters
 * Remove a deprecated UA check
 * Test and insure compatibility with the Pepper plugin
 * Further sanitize and unslash data

#### 1.5.2

 * Add new brute force protection feature
 * Update WordPress compatibility

#### 1.5.1

 * Add option to restrict external POST requests
 * Clean up the plugin Dashboard

#### 1.5.0

 * Clean up the admin stylesheet
 * Remove the inefficient login lockdown feature
 * Remove several obsolete features (the plugin is 8 years old, after all)
 * Refactor the Settings page to use the native settings API, instead of jQuery 
   accordions
 * Rebrand Gatekeeper to Guardian

#### 1.4.6

 * Fix the firewall module being requested twice
 * Implement a better Dashboard section
 * Add default settings for the firewall to make it truly plug and play
 * Make blocked requests count more prominent
 * Set foundation for SQLite lockout logging
 * Remove the aside section from the Dashboard

#### 1.4.5

 * Implement logging for malicious requests
 * Implement log pruning
 * Move all security settings to a new tab
 * Refactor the Dashboard tab

#### 1.4.4

 * Remove broken automatic core updates options
 * Remove unused constants
 * Fix request logging function
 * Add malicious request counter
 * Add new Settings tab
 * Move Settings page to the Settings tab
 * Ignore AJAX and REST requests in the firewall

#### 1.4.3

 * Fix issues with the firewall (for good)
 * Remove obsolete features, such as database backups and version control

#### 1.4.2

 * Fix issues with pattern matching in the firewall

#### 1.4.1

 * Add new firewall feature
 * Add new security settings
 * Sanitize and escape all data

#### 1.4.0

 * Fix the plugin header information (stable tag, tested up to, etc.)
 * Implement WordPress Coding Standards (WPCS)
 * Replace index.html with index.php in the root directory
 * Remove changelog.md file and move contents to readme.txt
 * Remove readme.md file and move contents to readme.txt

#### 1.3.4

 * More updates to author information

#### 1.3.3

 * Updated author information – Removed Daniel James danieltj
 * To see the full revision history, please read the `CHANGELOG.md` file which explains
   any changes that have been made.

#### 1.3.2

 * Released: 19th November 2017
 * Fixed a mistake listed in the change log file.
 * Removed the button links to security and settings next to the page titles.

#### 1.3.1

 * Released: 19th November 2017
 * Fixed a bug where database backups weren’t attached to emails.
 * Improved some of the transaltion strings throughout the plugin.

#### 1.3.0

 * Released: 13th November 2017
 * Added the ability to remove support for Emoji scripts.
 * Updated how CSS and JS assets are loaded for users.
 * Updated a few language translation strings.

#### 1.2.2

 * Released: 8th November 2017
 * Fixed a bug which caused some meta data to not be removed properly.
 * Improvements to a range of code documentation and meta data.

#### 1.2.1

 * Released: 26th October 2017
 * Added a new directory within the uploads folder for database backups.
 * Improvements to database backup function and supporting documentation.
 * Improvements to the database upgrade notice and l10n strings.
 * Removed a deprecated callback function for the settings section.
 * Removes the user meta for Two Step Verification when the plugin is deleted.

#### 1.2.0

 * Released: 16th October 2017
 * Added new field to send backup emails to different email address.
 * Added a new setting to allow WP_DEBUG to be enabled/disabled via the dashboard.
 * Improved the Version Control page to now include update information.
 * Improved the CSS styling for the plugin user interface.
 * Improved overall code base and removed unused functions that are no longer used.
 * Improved some language strings and corrected a sentence that wasn’t translatable.

#### 1.1.0

 * Released: 12th October 2017
 * Fixed the implementation of Two Step Verification code expiry.
 * Improvements to core functions and inline documentation.
 * Improved some of the language strings and provided more context.
 * Updated the server config to include some essential rewrite rules.
 * Updated the readme.txt file with more useful information.

#### 1.0.0

 * Released: 11th October 2017
 * Initial version

## Meta

 *  Versão **2.0.5**
 *  Última atualização **1 semana atrás**
 *  Instalações ativas **40+**
 *  Versão do WordPress ** 4.9 ou superior **
 *  Testado até **7.0**
 *  Versão do PHP ** 8.0 ou superior **
 *  Idiomas
 * [English (Canada)](https://en-ca.wordpress.org/plugins/wp-guardian/), [English (UK)](https://en-gb.wordpress.org/plugins/wp-guardian/)
   e [English (US)](https://wordpress.org/plugins/wp-guardian/).
 *  [Traduzir para seu idioma](https://translate.wordpress.org/projects/wp-plugins/wp-guardian)
 * Tags
 * [attack](https://br.wordpress.org/plugins/tags/attack/)[firewall](https://br.wordpress.org/plugins/tags/firewall/)
   [hack](https://br.wordpress.org/plugins/tags/hack/)[malware](https://br.wordpress.org/plugins/tags/malware/)
   [security](https://br.wordpress.org/plugins/tags/security/)
 *  [Visualização avançada](https://br.wordpress.org/plugins/wp-guardian/advanced/)

## Classificações

 5 de 5 estrelas.

 *  [  1 avaliação com 5 estrela     ](https://wordpress.org/support/plugin/wp-guardian/reviews/?filter=5)
 *  [  0 avaliação com 4 estrela     ](https://wordpress.org/support/plugin/wp-guardian/reviews/?filter=4)
 *  [  0 avaliação com 3 estrela     ](https://wordpress.org/support/plugin/wp-guardian/reviews/?filter=3)
 *  [  0 avaliação com 2 estrela     ](https://wordpress.org/support/plugin/wp-guardian/reviews/?filter=2)
 *  [  0 avaliação com 1 estrela     ](https://wordpress.org/support/plugin/wp-guardian/reviews/?filter=1)

[Your review](https://wordpress.org/support/plugin/wp-guardian/reviews/#new-post)

[Ver todas avaliações](https://wordpress.org/support/plugin/wp-guardian/reviews/)

## Colaboradores

 *   [ Ciprian Popescu ](https://profiles.wordpress.org/butterflymedia/)

## Suporte

Tem algo a dizer? Precisa de ajuda?

 [Ver fórum de suporte](https://wordpress.org/support/plugin/wp-guardian/)

## Doar

Gostaria de contribuir para o desenvolvimento deste plugin?

 [ Doe para este plugin ](https://www.buymeacoffee.com/wolffe)