{"id":319097,"date":"2026-06-01T09:37:48","date_gmt":"2026-06-01T09:37:48","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/presssentinel\/"},"modified":"2026-06-01T09:37:18","modified_gmt":"2026-06-01T09:37:18","slug":"niyiguard","status":"publish","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/niyiguard\/","author":23501258,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"0.1.0","stable_tag":"0.1.0","tested":"7.0","requires":"6.4","requires_php":"8.2","requires_plugins":null,"header_name":"NiyiGuard","header_author":"Niyish Technologies","header_description":"Laravel-inspired security infrastructure for WordPress.","assets_banners_color":"","last_updated":"2026-06-01 09:37:18","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"https:\/\/github.com\/harish282","rating":0,"author_block_rating":0,"active_installs":0,"downloads":24,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"0.1.0":{"tag":"0.1.0","author":"harish282","date":"2026-06-01 09:37:18"}},"upgrade_notice":{"0.1.0":"<p>Initial release. Test authentication, URL disguise, and rate limits on staging before production.<\/p>"},"ratings":[],"assets_icons":[],"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["0.1.0"],"block_files":[],"assets_screenshots":{"Screenshot-1.png":{"filename":"Screenshot-1.png","revision":3556496,"resolution":"1","location":"assets","locale":"","width":2370,"height":1243},"Screenshot-10.png":{"filename":"Screenshot-10.png","revision":3556496,"resolution":"10","location":"assets","locale":"","width":1014,"height":1271},"Screenshot-2.png":{"filename":"Screenshot-2.png","revision":3556496,"resolution":"2","location":"assets","locale":"","width":1250,"height":1274},"Screenshot-3.png":{"filename":"Screenshot-3.png","revision":3556496,"resolution":"3","location":"assets","locale":"","width":1574,"height":1268},"Screenshot-4.png":{"filename":"Screenshot-4.png","revision":3556496,"resolution":"4","location":"assets","locale":"","width":1736,"height":573},"Screenshot-5.png":{"filename":"Screenshot-5.png","revision":3556496,"resolution":"5","location":"assets","locale":"","width":2349,"height":1251},"Screenshot-6.png":{"filename":"Screenshot-6.png","revision":3556496,"resolution":"6","location":"assets","locale":"","width":1626,"height":1273},"Screenshot-7.png":{"filename":"Screenshot-7.png","revision":3556496,"resolution":"7","location":"assets","locale":"","width":1736,"height":573},"Screenshot-8.png":{"filename":"Screenshot-8.png","revision":3556496,"resolution":"8","location":"assets","locale":"","width":2349,"height":1251},"Screenshot-9.png":{"filename":"Screenshot-9.png","revision":3556496,"resolution":"9","location":"assets","locale":"","width":1416,"height":675}},"screenshots":{"1":"Dashboard \u2014 feature toggles, module status, and optional review \/ support section.","2":"Authentication settings \u2014 lockout and two-factor options.","3":"Audit log \u2014 filterable event list.","4":"File integrity \u2014 scan results and findings.","5":"WooCommerce Protection settings."}},"plugin_section":[],"plugin_tags":[8533,602,600,9217,286],"plugin_category":[38,45,54],"plugin_contributors":[265306],"plugin_business_model":[],"class_list":["post-319097","plugin","type-plugin","status-publish","hentry","plugin_tags-audit","plugin_tags-login","plugin_tags-security","plugin_tags-two-factor","plugin_tags-woocommerce","plugin_category-authentication","plugin_category-ecommerce","plugin_category-security-and-spam-protection","plugin_contributors-harish282","plugin_committers-harish282"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/s.w.org\/plugins\/geopattern-icon\/niyiguard.svg","icon_2x":false,"generated":true},"screenshots":[{"src":"https:\/\/ps.w.org\/niyiguard\/assets\/Screenshot-1.png?rev=3556496","caption":"Dashboard \u2014 feature toggles, module status, and optional review \/ support section."},{"src":"https:\/\/ps.w.org\/niyiguard\/assets\/Screenshot-2.png?rev=3556496","caption":"Authentication settings \u2014 lockout and two-factor options."},{"src":"https:\/\/ps.w.org\/niyiguard\/assets\/Screenshot-3.png?rev=3556496","caption":"Audit log \u2014 filterable event list."},{"src":"https:\/\/ps.w.org\/niyiguard\/assets\/Screenshot-4.png?rev=3556496","caption":"File integrity \u2014 scan results and findings."},{"src":"https:\/\/ps.w.org\/niyiguard\/assets\/Screenshot-5.png?rev=3556496","caption":"WooCommerce Protection settings."},{"src":"https:\/\/ps.w.org\/niyiguard\/assets\/Screenshot-6.png?rev=3556496","caption":""},{"src":"https:\/\/ps.w.org\/niyiguard\/assets\/Screenshot-7.png?rev=3556496","caption":""},{"src":"https:\/\/ps.w.org\/niyiguard\/assets\/Screenshot-8.png?rev=3556496","caption":""},{"src":"https:\/\/ps.w.org\/niyiguard\/assets\/Screenshot-9.png?rev=3556496","caption":""},{"src":"https:\/\/ps.w.org\/niyiguard\/assets\/Screenshot-10.png?rev=3556496","caption":""}],"raw_content":"<!--section=description-->\n<p>NiyiGuard hardens WordPress at the <strong>application layer<\/strong>: login abuse, accountability, file integrity, browser security headers, optional rate limits, and WooCommerce-specific threats. It <strong>complements<\/strong> your host firewall, CDN, or WAF \u2014 it does not replace them.<\/p>\n\n<h4>Why install NiyiGuard?<\/h4>\n\n<ul>\n<li><strong>Self-hosted<\/strong> \u2014 security data stays on your server; no NiyiGuard account and no usage telemetry to the author.<\/li>\n<li><strong>One dashboard<\/strong> \u2014 enable or disable modules (authentication, audit log, integrity, headers, rate limits, WooCommerce protection).<\/li>\n<li><strong>For store owners<\/strong> \u2014 reduce fake checkouts, cart and coupon abuse, registration spam, and Store API abuse when WooCommerce is active.<\/li>\n<li><strong>For developers<\/strong> \u2014 protect custom <code>admin-post<\/code> handlers, forms, and REST routes with the <strong>Security SDK<\/strong> (CSRF, rate limits, signed URLs, route guards).<\/li>\n<li><strong>Fully free<\/strong> \u2014 no license key, beta trial, or paywalled module in 0.1.0.<\/li>\n<\/ul>\n\n<h4>What makes it different?<\/h4>\n\n<p>Many security plugins offer two-factor auth, lockouts, headers, or malware scanning. NiyiGuard does not claim to be the only plugin with those features. It stands out in three ways:<\/p>\n\n<ol>\n<li><strong>Developer SDK<\/strong> \u2014 middleware-style helpers for <strong>your<\/strong> code paths, not only wp-admin toggles.<\/li>\n<li><strong>WooCommerce abuse pipelines<\/strong> \u2014 checkout, cart, registration, and Store API protection in the same package as audit logging and login hardening.<\/li>\n<li><strong>Privacy-first<\/strong> \u2014 no license server and no analytics to the author (see Privacy section below).<\/li>\n<\/ol>\n\n<p>Longer positioning notes and reusable marketing copy: <code>docs\/WHY_NIYIGUARD.md<\/code>.<\/p>\n\n<h4>Features included (0.1.0)<\/h4>\n\n<ul>\n<li><strong>Authentication hardening<\/strong> \u2014 login lockouts (IP and username), TOTP and email two-factor authentication, recovery codes, session tracking with remote revoke, and new-device suspicious-login email alerts.<\/li>\n<li><strong>Security headers<\/strong> \u2014 HSTS, Content-Security-Policy, X-Frame-Options, Referrer-Policy, Permissions-Policy, and X-Content-Type-Options (each header can be toggled).<\/li>\n<li><strong>Audit log<\/strong> \u2014 logins, plugin changes, role changes, selected option changes, file editor use, and WooCommerce-related actions. Admin list UI, detail view, retention, and scheduled pruning.<\/li>\n<li><strong>File integrity monitoring<\/strong> \u2014 WordPress.org core checksum comparison, plugin manifest diff scans, suspicious PHP heuristics, and optional themes\/uploads scopes (scheduled scans).<\/li>\n<li><strong>Rate limiting<\/strong> \u2014 optional global throttling for front-end, AJAX, wp-login, and REST API traffic (wp-admin dashboard loads excluded by default).<\/li>\n<li><strong>WooCommerce Protection<\/strong> \u2014 checkout, cart, registration, and Store API pipelines (velocity limits, honeypots, disposable-email checks, fraud scoring, coupon abuse). Requires WooCommerce.<\/li>\n<li><strong>CSRF middleware and SDK<\/strong> \u2014 nonce verification for custom routes, forms, and REST handlers you register.<\/li>\n<li><strong>Signed URLs<\/strong> \u2014 time-limited HMAC links for downloads, invites, and sensitive actions.<\/li>\n<li><strong>Login URL disguise<\/strong> \u2014 optional custom login path instead of <code>wp-login.php<\/code> (off by default; test on staging first).<\/li>\n<li><strong>Safe mode<\/strong> \u2014 emergency bypass via <code>NIYIGUARD_SAFE_MODE<\/code> in <code>wp-config.php<\/code> without changing saved settings.<\/li>\n<li><strong>Health diagnostics<\/strong> \u2014 hooks, database tables, and module state on an admin screen.<\/li>\n<li><strong>MU loader helper<\/strong> \u2014 optional must-use loader for earlier bootstrap in the request lifecycle.<\/li>\n<\/ul>\n\n<p>The <strong>NiyiGuard \u2192 Dashboard<\/strong> includes optional links to leave a WordPress.org review or support development (Ko-fi). Neither is required.<\/p>\n\n<h4>Developer APIs<\/h4>\n\n<p>The <code>Security<\/code> facade provides route guards, CSRF fields, rate limiters, signed URLs, and related helpers. Documented in <code>docs\/USAGE.md<\/code>. Middleware applies to <strong>routes you protect<\/strong> \u2014 it is not automatic site-wide protection for every WordPress hook. Before production, follow <code>docs\/STAGING_TEST_PLAN.md<\/code>.<\/p>\n\n<h4>Requirements<\/h4>\n\n<ul>\n<li>WordPress 6.4+<\/li>\n<li>PHP 8.2+<\/li>\n<li>MySQL 5.7+ or MariaDB 10.3+ (standard WordPress database)<\/li>\n<\/ul>\n\n<h3>Privacy<\/h3>\n\n<p>NiyiGuard processes security-related data on your WordPress server (IP addresses, user agents, user IDs, audit events, session metadata, and similar fields when features are enabled). It does not sell personal data or include advertising trackers.<\/p>\n\n<p><strong>Third-party service<\/strong><\/p>\n\n<ul>\n<li><strong>WordPress.org Core Checksums API<\/strong> (<code>https:\/\/api.wordpress.org\/core\/checksums\/1.0\/<\/code>) \u2014 used for core file integrity checks (WordPress version and locale only; responses may be cached about 12 hours).<\/li>\n<\/ul>\n\n<p><strong>Email<\/strong><\/p>\n\n<p>Optional security emails (two-factor codes, suspicious-login alerts) use WordPress <code>wp_mail()<\/code> and your site's mail configuration.<\/p>\n\n<p><strong>Optional donations<\/strong><\/p>\n\n<p>If you use the dashboard Ko-fi link, payment and any data you provide are handled by Ko-fi under their terms, not by NiyiGuard.<\/p>\n\n<p>Full details: <code>docs\/PRIVACY.md<\/code> in the plugin folder, and the Privacy section below.<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload the <code>niyiguard<\/code> folder to <code>\/wp-content\/plugins\/<\/code> (or install from the WordPress.org plugin directory when listed).<\/li>\n<li>Activate <strong>NiyiGuard<\/strong> on the <strong>Plugins<\/strong> screen.<\/li>\n<li>Open <strong>NiyiGuard<\/strong> in the admin menu and review dashboard feature toggles.<\/li>\n<li>(Recommended) Install the optional MU loader from <strong>NiyiGuard \u2192 Dashboard<\/strong> or follow <code>docs\/MU_LOADER_INSTALL.md<\/code>.<\/li>\n<li>Configure Authentication, Security Headers, Rate Limiting, File Integrity, WooCommerce Protection, and Audit Log before enabling strict rules on production.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"does%20niyiguard%20replace%20cloudflare%20or%20my%20host%20firewall%3F\"><h3>Does NiyiGuard replace Cloudflare or my host firewall?<\/h3><\/dt>\n<dd><p>No. NiyiGuard is an in-application security layer. Use it together with edge and host protections.<\/p><\/dd>\n<dt id=\"how%20is%20niyiguard%20different%20from%20wordfence%2C%20solid%20security%2C%20or%20similar%20plugins%3F\"><h3>How is NiyiGuard different from Wordfence, Solid Security, or similar plugins?<\/h3><\/dt>\n<dd><p>Those are mature products and often include cloud scanning or firewall services. NiyiGuard focuses on <strong>modular, self-hosted<\/strong> controls, a <strong>Security SDK<\/strong> for custom routes, and <strong>WooCommerce abuse pipelines<\/strong> in one free package. Choose NiyiGuard for application-layer hardening without a NiyiGuard cloud account. Choose an all-in-one cloud firewall\/scanner if that is your primary need.<\/p><\/dd>\n<dt id=\"who%20should%20install%20niyiguard%3F\"><h3>Who should install NiyiGuard?<\/h3><\/dt>\n<dd><p><strong>Good fit:<\/strong> WooCommerce sites with checkout or spam issues; agencies with custom plugins; teams wanting audit, integrity, and login protection on-server; developers protecting custom forms and REST endpoints.<\/p>\n\n<p><strong>Less ideal:<\/strong> Sites that only want a single famous cloud malware suite with zero configuration \u2014 compare established plugins first. Multisite is not formally certified in 0.1.0.<\/p><\/dd>\n<dt id=\"does%20the%20plugin%20send%20data%20to%20the%20author%3F\"><h3>Does the plugin send data to the author?<\/h3><\/dt>\n<dd><p>No telemetry or license callbacks. The routine outbound request is the <strong>WordPress.org Core Checksums API<\/strong> when integrity monitoring compares core files (<code>api.wordpress.org<\/code>). Optional Ko-fi links on the dashboard open in the browser; payments are handled by Ko-fi only. See the Privacy section below.<\/p><\/dd>\n<dt id=\"is%20the%20plugin%20really%20free%3F\"><h3>Is the plugin really free?<\/h3><\/dt>\n<dd><p>Yes. All security modules in 0.1.0 are included without a license key or time limit.<\/p><\/dd>\n<dt id=\"how%20can%20i%20support%20development%3F\"><h3>How can I support development?<\/h3><\/dt>\n<dd><p>Use <strong>Support development<\/strong> on <strong>NiyiGuard \u2192 Dashboard<\/strong> (optional Ko-fi tip) or leave a review on WordPress.org.<\/p><\/dd>\n<dt id=\"i%20am%20locked%20out%20after%20enabling%20login%20disguise%20or%20lockout.%20what%20should%20i%20do%3F\"><h3>I am locked out after enabling login disguise or lockout. What should I do?<\/h3><\/dt>\n<dd><p>Add <code>define( 'NIYIGUARD_SAFE_MODE', true );<\/code> to <code>wp-config.php<\/code> (before WordPress loads plugins) or set <code>recovery.safe_mode<\/code> to <code>true<\/code> in <code>config\/plugin.php<\/code>. Disable safe mode after you regain access.<\/p><\/dd>\n<dt id=\"does%20it%20work%20with%20woocommerce%3F\"><h3>Does it work with WooCommerce?<\/h3><\/dt>\n<dd><p>Yes. <strong>WooCommerce Protection<\/strong> is included and loads when WooCommerce is active and the module is enabled on the dashboard. Other features work without WooCommerce.<\/p><\/dd>\n<dt id=\"is%20multisite%20supported%3F\"><h3>Is multisite supported?<\/h3><\/dt>\n<dd><p>Multisite has not been formally certified in 0.1.0. Test on staging first.<\/p><\/dd>\n<dt id=\"where%20is%20personal%20data%20stored%3F\"><h3>Where is personal data stored?<\/h3><\/dt>\n<dd><p>On your server: custom tables for audit logs, sessions, and integrity data; WordPress options and transients for settings and rate limits; user meta for two-factor state. See the Privacy section below.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>0.1.0<\/h4>\n\n<ul>\n<li>Initial public release \u2014 all features free (no license or evaluation period).<\/li>\n<li>Positioning and documentation: <code>docs\/WHY_NIYIGUARD.md<\/code>, updated directory readme.<\/li>\n<li>Security SDK: middleware pipeline, CSRF protection, signed URLs, route guards.<\/li>\n<li>Authentication hardening: lockout, TOTP\/email 2FA, sessions, new-device alerts.<\/li>\n<li>Security headers module with per-header controls.<\/li>\n<li>Audit log with retention, pruning, detail view, and admin UI.<\/li>\n<li>File integrity: core checksums, manifest diff, suspicious PHP heuristics.<\/li>\n<li>Global rate limiting for REST, front end, AJAX, and wp-login.<\/li>\n<li>Login URL disguise and safe mode recovery.<\/li>\n<li>WooCommerce Protection (checkout, cart, registration, API pipelines).<\/li>\n<li>Health diagnostics, MU loader download, dashboard review and Ko-fi support links.<\/li>\n<\/ul>","raw_excerpt":"Self-hosted WordPress security: 2FA, lockouts, audit log, integrity, headers, rate limits, WooCommerce protection, and SDK. Free.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/319097","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=319097"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/harish282"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=319097"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=319097"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=319097"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=319097"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=319097"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=319097"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}