FAIR

Federated and Independent Repositories

OnGuard | Advanced French login fraud detection system based on billions of data points.

Plugin Banner

OnGuard | Advanced French login fraud detection system based on billions of data points.

by On Guard

Download
Description

OnGuard by OnGuardX is a French fraud detection and prevention system trained on 33 million connection attempts, all hosted on a European infrastructure. It will challenge suspicious logins by email, send password compromise and warn users with new connection emails.

Getting Started video that explain in details how OnGuard will enhance your login security

OnGuard Plugin needs you to create an account on OnGuard and copy your client credentials on the WordPress OnGuard plugin page. The account creation flow will be your guide for configure your client depending on your needs.

OnGuard added value:

  • Security: 1.61%* of connections are probably account hijackings and have been prevented.

  • Anticipation: 5.52%* of users have a password that has already been hacked on other sites and are protected.

  • Customizable: Customize your security settings to protect users without being intrusive.

  • Effective: 31%* of challenged users will not solve the challenge.

  • Survivability: In the event of a massive attack, attackers will fail to log in despite having the right password.

  • Simple: Quick integration with your architecture, fast efficiency: just add plugin and create a client and that’s all.

*Analysis based on 33M connection attempts by kaggle.com.

Languages compatible

  • French
  • English
  • Spanish
  • German
  • Italian
  • Portuguese
  • Dutch
  • Russian
  • Chinese (Simplified)
  • Chinese (Traditional)
  • Japanese
  • Korean
  • Arabic
  • Turkish
  • Polish
  • Swedish
  • Danish
  • Finnish
  • Czech
  • Hungarian
  • Greek
  • Romanian
  • Indonesian
  • Vietnamese
  • Thai

External services

This plugin connects to our SaaS service API to obtain weather information.
We list here all the cases when data are sent to our service.

When you did not subscribe to our product

If you have installed this plugin but you didn’t setup your client credentials to the setting page, you can’t take the benefits of the plugin. In this case, during login, we will send the domain of your website to our service. It’s simply for tracking purposes, to let’s us identify misuse of our plugin and help them to use it correctly.

On login success

To be able to challenge or let pass a login that succeed, we need some data.

  • WordPress user identifier: to be able remember user actions. Purpose is like not challenge again a user on next login on the same device for example.
  • IP address: to know the condition of the connection, distance between previous logins, is a public IP, the reputation of IP…
  • email: this information is not stored. It’s only used to analyse email host domain and, of course, be able to send email to the user to challenge him.
  • Password hash: this information is not stored. And the fact that the password is hashed means that the user’s account cannot be stolen from us. It’s only to verify how many time this password has been associated to hack accounts and send an email to the user to warn him that he has an insecure password.
  • User Agent: this information is not stored. It’s identify some characteristics of the browser to help us to evaluate the reputation of the user.
  • Fingerprint cookie: it’s simply a cookie that we store on browser. The purpose is mainly for travelers or VPN users: if a user succeeds a login challenge on a device we know his fingerprint, then if he travels and makes a new connection thousands of miles away, we still let him pass because the fingerprint is trusted.
  • Browser language: this information is not stored. Simply to know the most appropriated language to send email to the user 🙂

On challenge success

The main feature of this plugin is the ability to challenge suspicious users. To not challenge them again on a trusted device/ip we need to store that he succeeds the challenge.

  • Login token: after login, a token to identify the challenge is generated by us. This token is sent back after challenge success. We use it to know who’s succeed this challenge
  • OTP code: the 6 digit code that the user fills on challenge.

On password renewal

As long we warn users during login that the password is not safe, we don’t want to go into an infinite loop: we warn him, he resets the passwords with another leaked password, we warn him again on next login…

So when a user resets his password, we will check on the fly his password hash, then display that his password is associated with many hacked accounts.

Legal information

This service is provided by “ONGUARDX INC”:

  1. Upload the plugin to your ‘wp-content/plugins’ directory, or download and install automatically through your admin panel.
  2. Activate the plugin through the ‘Plugins’ menu in WordPress.
  1. Fill a 6-digit code to validate your login

    Fill a 6-digit code to validate your login

  2. Warn your users when their password has been compromised

    Warn your users when their password has been compromised

  3. Get interactive dashboard with your OnGuard account

    Get interactive dashboard with your OnGuard account

  4. Get detailed statistics about your users

    Get detailed statistics about your users

  5. Check and add logs about your users

    Check and add logs about your users

  6. Get the user's login history

    Get the user's login history

  7. Change your OnGuard settings when you want

    Change your OnGuard settings when you want

How to get started with OnGuard?

In your WordPress Dashboard, navigate to OnGuard > Settings to get started.

Who should use OnGuard?

Every WordPress site administrator that use wp-login.php login page for his customers should use OnGuard.

Do I need to have coding skills to use OnGuard?

Absolutely not. Everything is configured on OnGuard account creation.

1.0 – 2024-03-07

  • New Feature: Make WordPress login compatible with OnGuard

1.1 – 2025-04-24

  • New Feature: Make WordPress login compatible with WooCommerce plugin
Back to top