Title: PureGuard — Bot Protection &amp; Performance
Author: Pure Guard
Published: <strong>24 juin 2026</strong>
Last modified: 10 juillet 2026

---

Recherche d’extensions

![](https://ps.w.org/pureguard-performance/assets/banner-772x250.png?rev=3599719)

![](https://ps.w.org/pureguard-performance/assets/icon-256x256.png?rev=3583936)

# PureGuard — Bot Protection & Performance

 Par [Pure Guard](https://profiles.wordpress.org/chanmyayaung/)

[Télécharger](https://downloads.wordpress.org/plugin/pureguard-performance.6.0.22.zip)

 * [Détails](https://fr-ca.wordpress.org/plugins/pureguard-performance/#description)
 * [Avis](https://fr-ca.wordpress.org/plugins/pureguard-performance/#reviews)
 * [Développement](https://fr-ca.wordpress.org/plugins/pureguard-performance/#developers)

 [Support](https://wordpress.org/support/plugin/pureguard-performance/)

## Description

PureGuard is a simple, safe bot-protection plugin for WordPress. You pick **one**
of six security modes — the plugin configures everything else for you. No confusing
combinations, no accidental blocking.

Every visitor is sorted into one of three groups:

 * **Humans** — proven real visitors (always allowed).
 * **Suspicious** — not clearly a bot, but not clearly human either.
 * **Bots** — confirmed bots.

**The six modes**

 * **Off (Disabled)** — Completely inactive: never blocks, never calls the API, 
   records nothing. Use when your traffic is already filtered upstream.
 * **Monitor (Watch only)** — Checks and records every visitor to your Live dashboard
   so you can SEE your traffic and bot activity — but never blocks or challenges
   anyone. The safe first step before turning on blocking.
 * **Medium (recommended)** — Confirmed bots are blocked. Humans and Suspicious 
   visitors both pass freely. No challenge page.
 * **High** — Confirmed bots are blocked and Suspicious visitors must pass a quick
   JavaScript browser check.
 * **Strict (Humans only)** — Only proven humans get in. Bots AND suspicious visitors
   are blocked.
 * **Lockdown** — Emergency mode: everyone sees the block page. Logged-in users 
   and search engines are always excepted, so you never lock yourself out.

**Censorship-friendly VPN filter**

If your real audience browses through VPNs or proxies to escape censorship, turn
on the censorship-friendly filter: a visitor flagged ONLY for VPN / proxy / hosting-
network signals is never hard-blocked. In High mode they get the quick browser check
instead (humans pass it, bots cannot). Visitors with real bot evidence are still
blocked.

**Branded challenge and block pages**

Add your own logo, brand name, accent color, and dark or light theme. Customize 
the block-page heading and message, show blocked visitors their IP and an incident
ID, and let real people report a mistake with one click (« I am human »). Preview
both pages from the settings with one click before anything goes live.

**PureGuard Live dashboard**

A full statistics page with two views:

 * **Security** — hourly traffic chart, visitor mix, top blocked IPs, top countries,
   top block reasons, visitor reports, and a live feed of the latest decisions.
 * **Performance** — API latency (average and p95), cache efficiency, checks per
   hour, and the bot page-loads your server never had to render.

Data comes from a local, self-pruning event log in your own database (last 30 days).
Nothing extra is sent anywhere.

**Multilingual challenge page**

The challenge page auto-detects the visitor’s browser language. English, Thai, Bahasa
Indonesia, Vietnamese, and Burmese (Myanmar) are built in, and every line is editable
from the settings page.

**Engagement intelligence (off by default)**

Optional and opt-in: when you turn it on, the plugin measures anonymous time-on-
page and scroll signals so PureGuard can score traffic quality per site. Off by 
default — no tracking script is added unless you enable it. No personal data is 
collected.

## Captures d’écran

[⌊PureGuard Live dashboard — Security view⌉⌊PureGuard Live dashboard — Security 
view⌉[

PureGuard Live dashboard — Security view

[⌊PureGuard Live dashboard — Performance view⌉⌊PureGuard Live dashboard — Performance
view⌉[

PureGuard Live dashboard — Performance view

[⌊Security mode selector (six modes)⌉⌊Security mode selector (six modes)⌉[

Security mode selector (six modes)

[⌊Design & Pages — branding and block-page customization⌉⌊Design & Pages — branding
and block-page customization⌉[

Design & Pages — branding and block-page customization

[⌊The branded challenge page⌉⌊The branded challenge page⌉[

The branded challenge page

[⌊The branded block page with incident details⌉⌊The branded block page with incident
details⌉[

The branded block page with incident details

## FAQ

### Will this block my real visitors?

In Off mode, never. In Medium mode, only confirmed bots. In High mode, uncertain
visitors may briefly see a JavaScript challenge. In Strict mode, suspicious visitors
are blocked too — use it only when you want humans-only traffic. Lockdown blocks
everyone except logged-in users and search engines.

### My readers use VPNs. Will they be blocked?

Turn on the censorship-friendly filter (Security Mode tab). Visitors flagged only
for VPN/proxy usage are never hard-blocked — at most they see a quick automatic 
browser check that real people pass in seconds.

### Do I need a PureGuard account?

Yes. Add your PureGuard API key under Settings  PureGuard. Get one at https://pureguard.
io.

### Does it slow down my site?

Verdicts are cached per visitor (default 1 hour), so the API is called at most once
per visitor per cache window. Logged-in users and search engines are skipped. The
Performance view of the Live dashboard shows you the exact latency and cache-hit
numbers.

### Where is the traffic data stored?

In a small table in your own WordPress database, pruned automatically to the last
30 days. You can turn the local log off in Settings  General.

## Avis

Il n’y a aucun avis sur cette extension.

## Contributeurs & développeurs

« PureGuard — Bot Protection & Performance » est un logiciel libre. Les personnes
suivantes ont contribué à cette extension.

Contributeurs

 *   [ Pure Guard ](https://profiles.wordpress.org/chanmyayaung/)

[Traduisez « PureGuard — Bot Protection & Performance » dans votre langue.](https://translate.wordpress.org/projects/wp-plugins/pureguard-performance)

### Le développement vous intéresse ?

[Parcourir le code](https://plugins.trac.wordpress.org/browser/pureguard-performance/),
consulter le [SVN dépôt](https://plugins.svn.wordpress.org/pureguard-performance/),
ou s’inscrire au [journal de développement](https://plugins.trac.wordpress.org/log/pureguard-performance/)
par [RSS](https://plugins.trac.wordpress.org/log/pureguard-performance/?limit=100&mode=stop_on_copy&format=rss).

## Historique des changements

#### 6.0.22

 * IMPROVED: Campaign render counting now fires the moment the page arrives (with
   a follow-up once the ad slot actually fills), so pop-under landings opened in
   a background tab are no longer missed by the counter.

#### 6.0.21

 * NEW: First-party render counter for campaign landing pages — a tiny same-origin
   beacon (immune to ad blockers) records that your money page really rendered and
   whether the ad slot filled. Stored only in a private file on your own site under
   a non-guessable name; nothing is sent anywhere. On by default for campaign visits
   only; switch it off in Settings.

#### 6.0.20

 * NEW: Optional « force render » for pop-under campaign landings (OFF by default).
   Some ad tags wait for the tab to gain focus before rendering; this treats the
   freshly opened background tab as already visible so the page and its ad render
   on load. Applies to campaign traffic only and never touches normal visitors.

#### 6.0.19

 * IMPROVED: The same-origin campaign gate now forwards the visitor’s real browser
   signals to PureGuard, so genuine humans are scored with full evidence instead
   of IP + user-agent alone. Fewer false dumps of real visitors; bots gain nothing(
   the signals are browser-enforced).

#### 6.0.17

 * NEW: Same-origin campaign gate (opt-in, OFF by default) — filter your ad-campaign
   traffic right on the landing page instead of routing it through a separate gate
   URL first. Blocked ad zones still apply; if PureGuard is ever unreachable the
   gate fails open and lets the visitor through, never breaking your page.

#### 6.0.16

 * IMPROVED: The plugin records your workspace key once from your PureGuard account,
   so campaign intelligence beacons are correctly attributed to your workspace.

#### 6.0.15

 * NEW: Optional L3 client-side signal collector for campaign landing pages (OFF
   by default). Collects the same in-browser bot tells as the hosted PureGuard gate—
   same-origin, so nothing extra is loaded from third parties — and sends them to
   PureGuard for scoring. The detection logic itself stays server-side.

#### 6.0.14

 * SECURITY: The engagement beacon no longer places your API key in the page source.
   It now posts to your own site, which forwards it to PureGuard server-side — the
   key never reaches the browser.
 * NEW: The Performance view now shows real visitor engagement — average time on
   page, scroll depth and bounce rate — measured anonymously and stored only in 
   your own site database (nothing is sent anywhere). Off by default; enable « measure
   engagement » to see it. A clear way to confirm the humans PureGuard lets through
   are genuinely engaged, while any bot that slips past shows near-zero time.
 * FIXED: The Performance view no longer counts failed or timed-out checks as « 
   billed API calls » — they now have their own « API errors (fail-open) » figure,
   so your usage numbers are accurate.
 * IMPROVED: The « slowest checks » list now shows plain-English verdicts instead
   of internal codes.

#### 6.0.13

 * FIXED: The Live dashboard now counts UNIQUE VISITORS, not raw page-views. A single
   crawler hitting thousands of pages (mostly served from cache) was inflating the«
   Bots » and « Checked » numbers many times over. The dashboard now shows the true
   number of unique visitors and bots, with total page-views shown as context — 
   so the figures are honest and no longer alarming.

#### 6.0.12

 * SECURITY: The connector « campaign skip » is now an explicit opt-in setting, 
   OFF by default. On a normal website every single visitor is now verified — a 
   visitor can no longer skip the security check by adding tracking parameters to
   the URL. Media buyers who send PureGuard ad-connector traffic to their site can
   enable « Media-buyer campaign skip » to avoid re-checking already-verified campaign
   traffic.

#### 6.0.11

 * FIXED: Campaign visitors from your ad connectors are recognized across their 
   whole visit, not just the first click. Their follow-up page views (which drop
   the tracking parameters) no longer trigger a redundant security re-check — removing
   extra latency on paid landing pages. A short-lived cookie carries the « already-
   verified » status; bot-looking requests never get it.

#### 6.0.10

 * NEW: Campaign-aware Live dashboard — visitors arriving through your PureGuard
   ad-campaign landers (connector tracking URLs) are shown in their own « Campaign»
   bucket, separate from direct visitors. Their numbers now line up with your pureguard.
   io /live campaign stats.
 * IMPROVED: Campaign-referred visitors are no longer re-checked against the API(
   they were already verified upstream at the connector gate) — saves quota and 
   removes per-visitor latency on landing pages. Bot-looking user agents never get
   this shortcut.
 * IMPROVED: Performance view labels now say exactly what is counted — local checks(
   incl. cache) vs API calls (server-billed) — so plugin totals and account totals
   are apples-to-apples.

#### 6.0.9

 * NEW: « Test key » button on the settings page — instantly confirm your API key
   works and see your plan and monthly usage.
 * HOUSEKEEPING: Deleting the plugin now fully cleans up after itself (removes its
   database table and settings). Deactivating still keeps your data.

#### 6.0.8

 * RELIABILITY: If the PureGuard service is ever unreachable, the plugin now detects
   it and instantly stops calling the API (no per-visitor delay) while allowing 
   every visitor through — your site stays fast and open, never blocked. Protection
   resumes automatically when the service is back.
 * NEW: A clear status banner on the plugin pages tells you when protection is paused(
   service unreachable, or plan quota used up), so you always know the current state.

#### 6.0.7

 * FIX: « Allow VPN » and the censorship filter now tell the engine to skip VPN 
   detection natively, so VPN readers are reliably allowed (previously some VPNs
   detected as proxies were still blocked). Real datacenter / TOR / public proxies
   stay blocked. Verified end-to-end with a real VPN visitor.

#### 6.0.6

 * IMPROVED: Plain-English labels in the Live dashboard (e.g. « Verified human »,«
   Bot user-agent », « Proxy network ») instead of raw engine codes.
 * IMPROVED: The Campaign tab now appears only if your account actually runs traffic
   connectors — pure-security sites see a clean, single-scope dashboard.

#### 6.0.5

 * PRIVACY: Engagement tracking is now OFF by default (opt-in). New installs are
   pure bot protection with no tracking script added; turn on Engagement in Settings
   General if you want time-on-page/scroll intelligence.
 * IMPROVED: The account/campaign view now shows only your traffic connectors — 
   your site’s own security checks no longer appear mixed in as a « source. »

#### 6.0.4

 * NEW: Monitor mode — watch and record every visitor to your Live dashboard without
   ever blocking or challenging anyone. The safe first step: see your traffic for
   a few days, then turn on blocking once you trust it. (Off now means fully disabled—
   no blocking and no logging.)

#### 6.0.3

 * SECURITY: Site protection now uses a dedicated security endpoint, fully separated
   from the media-buying side — your WordPress site can never be affected by ad-
   traffic zone reputation.
 * IMPROVED: Clearer mode descriptions — Medium (fast server-side check) vs High(
   adds a browser check a bot cannot fake).

#### 6.0.2

 * NEW: Per-source breakdown in the account view — see every traffic source / connector
   with its own checked / accepted / blocked / accept-rate, so campaigns running
   side by side no longer blend into one number.
 * NEW: Source drill-down — pick a source (or click « view ») to scope the whole
   account dashboard to that one campaign.

#### 6.0.1

 * NEW: PureGuard Live now has two scopes — « This site » (visitors this plugin 
   checked at your WordPress site) and « My PureGuard account » (every visitor across
   all your sites and traffic connectors). The account scope shows the same numbers
   as your pureguard.io/live dashboard, so the two never disagree.
 * IMPROVED: Clear labels explain which checkpoint each number comes from.

#### 6.0.0

 * NEW: Two more security modes — Strict (Humans only) and Lockdown (block everyone,
   admins and search engines excepted).
 * NEW: Censorship-friendly VPN filter — visitors flagged only for VPN/proxy/hosting
   signals are challenged instead of hard-blocked, for audiences that browse via
   VPN to escape censorship.
 * NEW: PureGuard Live — a full statistics dashboard with Security and Performance
   views: hourly charts, visitor mix, top blocked IPs/countries/reasons, live feed,
   API latency and cache efficiency. Powered by a local, self-pruning 30-day event
   log.
 * NEW: Branded gate pages — custom logo (Media Library picker), brand name, accent
   color, dark/light theme on both the challenge and block pages, with one-click
   admin previews.
 * NEW: Customizable block page — heading, message, visitor IP + incident ID + time
   display, and an « I am human » report button; reports appear on the Live dashboard.
 * NEW: Custom success message and optional redirect after a passed browser check.
 * CHANGED: Each site now reports to PureGuard intelligence under its own domain
   as the traffic source (previously a shared « WORDPRESS » source), so your site
   gets its own reputation.
 * FIX: Internal version constant and readme stable tag aligned.

#### 5.0.7

 * IMPROVED: Off mode now returns before any API call — zero added latency when 
   monitoring is all you want.

#### 5.0.4

 * NEW: « Allow AI training crawlers » toggle (off by default). Search engines and
   social crawlers are always allowed.
 * CHANGED: « Allow VPN » now applies to VPNs only — open / datacenter / TOR proxies
   stay blocked.
 * IMPROVED: Plain-language labels (Humans / Suspicious / Bots) throughout.

#### 5.0.3

 * IMPROVED: The plugin forwards the visitor’s browser headers (Sec-Fetch, client-
   hints, language) to the detection API for accurate trust scoring.

#### 5.0.2

 * NEW: « Allow VPN / proxy visitors » toggle.

#### 5.0.1

 * NEW: Burmese (Myanmar) challenge language. Default trust threshold aligned to
   5.5.

#### 5.0.0

 * NEW: One security mode selector (Off / Medium / High) replacing the v4 multi-
   dropdown setup, per-site zone identity, multilingual challenge page, stats tab,
   fail-open API behavior.

#### 4.0.1

 * Compliance: challenge CSS/JS moved into enqueued assets per WordPress.org review.

#### 4.0.0

 * BREAKING: prefixes renamed to `pgperf_`. JS challenge with SHA-256 proof-of-work
   and browser integrity checks.

#### 3.0.0

 * Three-tier traffic classification.

#### 2.0.0

 * WAF security layer via the PureGuard detection engine.

#### 1.0.0

 * Initial release.

## Méta

 *  Version **6.0.22**
 *  Last updated **il y a 1 semaine**
 *  Active installations **Moins de 10**
 *  WordPress version ** 5.6 ou plus **
 *  Tested up to **7.0.2**
 *  PHP version ** 7.4 ou plus **
 *  Language
 * [English (US)](https://wordpress.org/plugins/pureguard-performance/)
 * Tags
 * [bot detection](https://fr-ca.wordpress.org/plugins/tags/bot-detection/)[firewall](https://fr-ca.wordpress.org/plugins/tags/firewall/)
   [security](https://fr-ca.wordpress.org/plugins/tags/security/)[WAF](https://fr-ca.wordpress.org/plugins/tags/waf/)
 *  [Vue avancée](https://fr-ca.wordpress.org/plugins/pureguard-performance/advanced/)

## Notes

No reviews have been submitted yet.

[Your review](https://wordpress.org/support/plugin/pureguard-performance/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/pureguard-performance/reviews/)

## Contributeurs

 *   [ Pure Guard ](https://profiles.wordpress.org/chanmyayaung/)

## Support

Quelque chose à dire ? Besoin d’aide ?

 [Voir le forum de support](https://wordpress.org/support/plugin/pureguard-performance/)