WordPress.org
Get WordPress
WordPress.org

Plugin Directory

PureGuard — Bot Protection & Performance

PureGuard — Bot Protection & Performance

By Pure Guard
Download

Description

PureGuard is a simple, safe bot-protection plugin for WordPress. You pick one of three security modes — the plugin configures everything else for you. No confusing combinations, no accidental blocking.

Every visitor is sorted into one of three lanes:

  • Humans — proven real visitors (always allowed).
  • Suspicious — not clearly a bot, but not clearly human either.
  • Bots — confirmed bots.

The three modes

  • Off (Log only) — Nothing is ever blocked or challenged. The plugin only observes and reports. Use this when your traffic is already filtered upstream.
  • Medium (recommended) — Confirmed bots are blocked. Humans and Suspicious visitors both pass freely. No challenge page.
  • High — Confirmed bots are blocked and Suspicious visitors must pass a quick JavaScript browser check.

Multilingual challenge page

The High-mode challenge page automatically detects the visitor’s browser language and shows localized text. English, Thai, Bahasa Indonesia, Vietnamese, and Burmese (Myanmar) are built in, and every line is editable from the settings page.

Engagement intelligence

Optionally measures anonymous time-on-page and scroll signals so PureGuard can score traffic quality per site. No personal data is collected.

Stats you can see

A Stats tab and a dashboard widget show exactly what the plugin is doing: Humans / Suspicious / Bots counts, API checks, and challenge pass rate. No silent blocking.

FAQ

Will this block my real visitors?

In Off mode, never. In Medium mode, only confirmed bots. In High mode, uncertain visitors may briefly see a JavaScript challenge — do not use High mode for background/popunder traffic.

Do I need a PureGuard account?

Yes. Add your PureGuard API key under Settings PureGuard. Get one at https://pureguard.io.

Does it slow down my site?

Verdicts are cached per visitor (default 1 hour), so the API is called at most once per visitor per cache window. Logged-in users and search engines are skipped.

Reviews

There are no reviews for this plugin.

Contributors & Developers

“PureGuard — Bot Protection & Performance” is open source software. The following people have contributed to this plugin.

Contributors

Translate “PureGuard — Bot Protection & Performance” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

5.0.4

  • NEW: “Allow AI training crawlers” toggle (off by default) — block or allow GPTBot, ClaudeBot, CCBot, PerplexityBot, etc. Search engines and social crawlers are always allowed.
  • CHANGED: “Allow VPN” now applies to VPNs only — open / datacenter / TOR proxies stay blocked.
  • IMPROVED: Plain-language labels (Humans / Suspicious / Bots) and clearer mode descriptions throughout the settings and stats.

5.0.3

  • IMPROVED: The plugin now forwards the visitor’s browser headers (Sec-Fetch, client-hints, language) to the detection API, so trust scoring reflects the real browser context instead of treating every visitor as header-less.

5.0.2

  • NEW: “Allow VPN / proxy visitors” toggle — treat people browsing via a VPN or proxy as human instead of bots.

5.0.1

  • NEW: Burmese (Myanmar) added to the built-in challenge page languages.
  • CHANGED: Default trust threshold aligned to 5.5 (the standard human line) instead of 7.0; the API now flags only genuine bots as Lane C.

5.0.0

  • NEW: One simple security mode selector — Off / Medium / High — replaces the separate WAF, Silver, and Filtered action settings.
  • FIX: “Off / Log only” is now guaranteed in code to never block or challenge (hard early return).
  • FIX: Each site is now identified by its own domain instead of a single shared bucket, preventing one site’s traffic from affecting another’s reputation.
  • NEW: Multilingual challenge page (English, Thai, Indonesian, Vietnamese) with auto language detection and fully editable text.
  • NEW: Lane A / B / C stats in the Stats tab and dashboard widget, including total API checks.
  • CHANGED: Fails open — if the detection API is unreachable, visitors are allowed through, never blocked.
  • CHANGED: Settings reorganized into General, Security Mode, Challenge Page, and Stats tabs.
  • Automatic one-time migration from v4 settings to the new security mode.

4.0.1

  • Compliance: moved the browser-challenge CSS/JS out of inline tags into enqueued assets (wp_enqueue_style/script + wp_add_inline_script) per WordPress.org review.

4.0.0

  • BREAKING: All function/option prefixes renamed from pg_ to pgperf_ (4+ character prefix requirement).
  • NEW: JS Challenge page for filtered traffic — SHA-256 proof-of-work + 10 browser integrity checks.
  • NEW: HMAC-signed verification cookie for visitors who pass the challenge (1 hour validity).
  • NEW: Challenge statistics tracking.

3.0.0

  • NEW: Three-tier traffic classification.

2.0.0

  • NEW: WAF Security layer — server-side bot blocking via PureGuard 18-layer detection engine.

1.0.0

  • Initial release.

Meta

Ratings

No reviews have been submitted yet.

Your review

See all reviews

Contributors

Support

Got something to say? Need help?

View support forum