WordPress.org
Get WordPress
WordPress.org

Plugin Directory

PhantomGuard

PhantomGuard

By phantomguard
Download

Description

PhantomGuard helps you harden WordPress without editing code by hand. Pick a preset (Basic, Recommended, or Advanced), turn rules on or off, and review activity in the audit log—all from a modern admin interface.

What you get in the free version

  • Security presets — Start with Basic, Recommended, or Advanced and adjust as needed.
  • Core hardening rules — Force HTTPS for the admin area, hide the WordPress version, enable audit logging, and obscure login feedback to reduce information leaks.
  • Clear dashboard — Overview, onboarding, settings, and support in one place.
  • Plugin vulnerability check — Compares installed plugins against public advisories (WPVulnerability API) and links to WordPress updates when a fix is available.
  • Translations — Admin UI available in English, German, and Italian.

PhantomGuard Pro (optional license) adds malware scanning, extended hardening rules, DNS/CDN management, traffic analytics, and more. You can enter a license key in the plugin when you’re ready.

Legal

By using PhantomGuard you agree to our Terms of Service and Privacy Policy.

Source code

The admin area is built with React and webpack. The files shipped in this plugin (assets/js/*.js, assets/css/*.css) are minified for performance.

Full source code (readable and forkable) is here:
https://github.com/bitninjaio/PhantomGuardFree

Build from source (developers)

  1. Clone the repository and cd into the plugin directory.
  2. Run npm install
  3. Run npm run build for production assets, or npm run build:dev / npm run dev for development builds.

See README.md in the repository for more detail.

External services

PhantomGuard loads Google Fonts (Mulish) for the admin UI. Loading fonts may involve a request to Google; see their terms and privacy policy linked below.

PhantomGuard Pro may connect to additional services when you use a license (scanning, 2FA QR, license checks, CDN/DNS, etc.). Details:

WPVulnerability API (www.wpvulnerability.net)

  • What it does: Supplies vulnerability metadata used to flag plugins that may need updates on the dashboard.
  • Data sent: For each installed plugin, the plugin slug is requested in the URL path (no WordPress content or credentials).
  • When: When you open the PhantomGuard dashboard (or when the dashboard requests a refresh of this data).
  • Terms: See the service operator’s site for current terms.
  • Privacy: See the service operator’s site for their privacy policy.

Google Fonts (fonts.googleapis.com)

  • What it does: Loads the Mulish font for the plugin’s admin screens.
  • Data sent: No site content—only font requests (Google may log IP per their policy).
  • When: While using PhantomGuard in the WordPress admin.
  • Terms: https://developers.google.com/fonts/faq
  • Privacy: https://policies.google.com/privacy

BitNinja API (api.bitninja.io) — Pro only

  • What it does: Malware scanning, quarantine, license validation, and related Pro features.
  • Data sent: May include file hashes, file content for deep scans, license key, site domain, and server IP as needed for the feature you use.
  • When: While using Pro features that rely on the API.
  • Terms: https://bitninja.com/terms-and-conditions/
  • Privacy: https://bitninja.com/privacy-policy/

GoQR API (api.qrserver.com) — Pro only

  • What it does: Generates QR codes for two-factor authentication setup.
  • Data sent: OTP Auth URI in the request URL only (no separate account with GoQR required for basic use).
  • When: Enabling 2FA in Pro hardening options.
  • Terms: https://goqr.me/legal/tos-api.html
  • Privacy: https://goqr.me/privacy-safety-security/

IPify (api.ipify.org) — Pro only

  • What it does: Helps determine the server’s public IP for license validation.
  • Data sent: Minimal request; response is your public IP.
  • When: License validation in Pro.
  • Terms: https://geo.ipify.org/terms-of-service
  • Privacy: https://geo.ipify.org/privacy-policy/

WordPress.org (api.wordpress.org, downloads.wordpress.org) — Pro only

  • What it does: Core/plugin checksum checks during scanning workflows.
  • Data sent: WordPress version and plugin slug as needed for the check.
  • When: During relevant Pro scan steps.
  • Terms: https://wordpress.com/tos/
  • Privacy: https://wordpress.org/about/privacy/

Consent

The dashboard plugin check uses WPVulnerability as described above. Using a PhantomGuard Pro license and Pro features means those additional services may process data as described above. Core free hardening does not require a license.

Screenshots

  • Dashboard overview and stats (some areas show Pro features when unlocked)
  • Malware scanner (Pro)
  • Security hardening rules and presets
  • CDN / DNS management (Pro)
  • Settings and license
  • Plugin vulnerability checker and patcher

Installation

  1. Upload the plugin folder to /wp-content/plugins/, or install PhantomGuard from the WordPress.org plugin directory.
  2. Activate the plugin through the Plugins screen in WordPress.
  3. Open PhantomGuard in the admin menu to configure hardening and explore the dashboard.

No extra configuration file is required for the free version—everything is managed in the plugin screens.

FAQ

Does the free version need a license?

No. Hardening and the rules listed above work without a license. A PhantomGuard license is only required for Pro features such as malware scanning and advanced tools.

Where do I change security rules?

Go to WordPress Admin PhantomGuard and use Security Hardening (and other tabs as labeled). Presets and individual rules are explained in the interface.

What about malware scanning and Pro features?

Those require PhantomGuard Pro and a valid license. The free plugin still shows where those features live so you can upgrade when you want full protection.

Does PhantomGuard replace my security plugin?

PhantomGuard focuses on hardening and logging in the free tier. Pro adds scanning and related tools. You can use it alongside other plugins if their features don’t overlap in a conflicting way.

Reviews

There are no reviews for this plugin.

Contributors & Developers

“PhantomGuard” is open source software. The following people have contributed to this plugin.

Contributors

Translate “PhantomGuard” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.0.1

  • Dashboard: plugin vulnerability check (WPVulnerability API) with update links via WordPress core update flow.

1.0.0

  • Initial release of PhantomGuard on WordPress.org.

Meta

  • Version 1.0.1
  • Last updated 4 weeks ago
  • Active installations 10+
  • WordPress version 6.5 or higher
  • Tested up to 6.9.4
  • PHP version 7.4 or higher
  • Advanced View

Ratings

No reviews have been submitted yet.

Your review

See all reviews

Contributors

Support

Got something to say? Need help?

View support forum