SiteGuard WP Plugin is a dedicated WordPress security solution built to combat brute force login attacks and unauthorized access attempts. With its focus on login endpoint protection, SiteGuard enhances the default WordPress security posture by introducing multiple defensive layers—ranging from login page obfuscation to IP-based access filtering. Unlike general-purpose security suites, SiteGuard zeroes in on the most commonly abused attack vectors, providing lightweight and robust protection with minimal configuration.
Developed by JP-Secure, the plugin includes advanced features like CAPTCHA integration, login rate limiting, email alerts, and author enumeration blocking. These tools are engineered to resist automated login bots, password spraying attacks, and information disclosure exploits. Owing to its focused architecture and strict development standards, SiteGuard WP Plugin 1.7.8 has been independently audited and certified by CleanTalk, receiving the Plugin Security Certification (PSC) with ID PSC-2025-64577.
Name of | SiteGuard WP Plugin |
Version | 1.7.8 |
Downloads | 500 000+ |
Description | Advanced login protection plugin offering CAPTCHA, IP filtering, login rename, and brute-force mitigation—PSC certified for secure WordPress use. |
Security | Successfully tested for SQL Injections, XSS Attacks, CSRF Attacks, Authentication Vulnerabilities, Authentication Bypass Vulnerabilities, Privilege Escalation Vulnerabilities, Buffer Overflow Vulnerabilities, Denial-of-Service (DoS) Vulnerabilities, Data Leakage Vulnerabilities, Insecure Dependencies, Code Execution Vulnerabilities, Privilege Escalation Vulnerabilities, File Unauthorized Access Vulnerabilities, Insufficient Injection Protection, and Information Leakage Vulnerabilities. |
CleanTalk Certification | Proudly earned the “Plugin Security Certification” (PSC) from CleanTalk, indicating adherence to stringent security standards. |
Additional Information | Users can confidently manage age restrictions with the assurance of the “Plugin Security Certification” (PSC). Verify the latest details on the plugin developer’s website. |
Plugin Security Certification by CleanTalk | ![]() |
Logo of the plugin | ![]() |
Key Features
- Admin Page IP Filter: Limits access to the
/wp-admin/
dashboard to known IP addresses that have previously logged in, thereby neutralizing remote discovery and brute force bots. - Rename Login Page: Replaces the default
wp-login.php
endpoint with a randomized or custom-named login page, significantly reducing exposure to automated login scanners. - CAPTCHA Enforcement: Adds a CAPTCHA challenge to login and comment forms using hiragana or alphanumeric characters, disrupting bot-driven attacks.
- Login Lock: Enforces IP-based temporary lockouts after a predefined number of failed login attempts, without disabling individual user accounts.
- Login Alert: Sends real-time email notifications when a login occurs, enabling immediate response to suspicious activity.
- Fail Once Mechanism: Forces the first login attempt to fail regardless of accuracy, slowing down automated credential stuffing attacks.
- Disable Pingback: Prevents abuse of the pingback feature, commonly used in DDoS amplification and internal network scanning attacks.
- Block Author Query: Prevents username enumeration via the
/?author=
query string. - Update Notification: Sends alerts when the core, themes, or plugins are outdated—reinforcing security hygiene.
- WAF Tuning Support: Integrates with the SiteGuard Server Edition WAF, allowing for intelligent bypass rules to reduce false positives while maintaining strong perimeter defense.
Security Assurance
SiteGuard WP Plugin 1.7.8 has undergone a detailed security audit led by the CleanTalk security research team. The plugin’s core was evaluated through both static and dynamic analysis for adherence to secure coding practices and resistance to common vulnerabilities:
- Authentication Endpoint Protection: By changing the login URL and enforcing CAPTCHA challenges, the plugin significantly reduces brute force entry points.
- Sanitization and Escaping: All user inputs processed in the plugin are properly sanitized and escaped to mitigate XSS, CSRF, and injection risks.
- IP Filtering Mechanism: Admin IP access is stored and rotated securely, providing strong access control with minimal risk of bypass.
- Secure Hook Usage: The plugin uses WordPress hooks and filters in a safe manner, respecting user roles and capabilities.
- Email Notification Handling: Email alerts are triggered securely with no exposure of user data or leakage vectors.
- WAF Support Integration: The plugin’s optional WAF tuning support is implemented using non-invasive methods, ensuring false positive tuning is secure and does not weaken the WAF ruleset.
The plugin does not introduce any new attack surface and maintains a minimal and hardened codebase. As a result, CleanTalk has issued a Plugin Security Certification (PSC) for SiteGuard WP Plugin with certification number PSC-2025-64577, ensuring its reliability and trustworthiness for WordPress administrators focused on login security.
Conclusion
SiteGuard WP Plugin 1.7.8 is a purpose-built WordPress security plugin focused on mitigating the most prevalent attack vectors targeting login endpoints. Its strong feature set, intelligent lockout policies, CAPTCHA support, and stealth login features make it ideal for site owners seeking a secure and lightweight solution. With certification PSC-2025-64577 from CleanTalk, the plugin stands as a verified security asset, assuring users of its integrity, safety, and commitment to best practices in WordPress plugin development.
Note: The date and certification information may change over time. It is advisable to verify the latest details on the plugin developer’s website.