Guardian Gaze

Guardian Gaze is a powerful WordPress security plugin developed by RedSec Labs.
It provides real-time protection against common and advanced threats including malware injections, brute force login attempts, and zero-day exploits.

Features include:
– Dashboard – Get a complete overview of your website security status.
– Malware Scan – Detect malicious code using regularly updated threat patterns.
– IP Management – Block, allow, or monitor suspicious IPs.
– Login Security – Protect your login page with brute-force protection and additional rules.
– Hardening – Strengthen WordPress core security with recommended hardening practices.
– Settings – Configure plugin options, license key, and email alerts.

Guardian Gaze integrates with our security intelligence API to keep detection patterns always updated.

External Services

This plugin connects to several external services to provide security features and functionality. Below is a detailed explanation of each service, what data is sent, when, and why:

1. Guardian Gaze API (wp-api.guardiangaze.com)

Purpose: This is our proprietary API service used for license management, malware pattern updates, and email report delivery.

What data is sent:
– Admin email address
– Site URL
– API/License key
– Plugin version
– Malware definitions version
– IP address (for blocking malicious IPs)
– Scan report data (when scheduled email reports are enabled)

When data is sent:
– During plugin activation and license registration
– When checking for malware pattern updates
– When sending scheduled scan email reports
– When blocking malicious IPs globally

Service provider: Guardian Gaze by RedSec Labs
– Terms of Service: https://wp.guardiangaze.com/terms-of-service/
– Privacy Policy: https://wp.guardiangaze.com/privacy-policy/

2. Guardian Gaze API (wp.guardiangaze.com)

Purpose: Used to send website url for registration in url querystring.

What data is sent:
– Site URL

When data is sent:
– When user register the plugin for the first time

Service provider: Guardian Gaze by RedSec Labs
– Terms of Service: https://wp.guardiangaze.com/terms-of-service/
– Privacy Policy: https://wp.guardiangaze.com/privacy-policy/

3. WordPress.org API (api.wordpress.org)

Purpose: Used to check for the latest WordPress core version and verify WordPress core file integrity.

What data is sent:
– WordPress version number
– Locale/language setting

When data is sent:
– When checking if WordPress is up to date (in Hardening section)
– When verifying WordPress core file checksums during malware scans
– When checking WordPress.org communication status

Service provider: WordPress.org / Automattic
– Terms of Service: https://wordpress.org/about/privacy/
– Privacy Policy: https://wordpress.org/about/privacy/

4. IP-API.com Geolocation Service (ip-api.com)

Purpose: Used to determine the country location of IP addresses for country-based blocking and geographic analytics.

What data is sent:
– IP addresses (visitor IPs and blocked IPs)

When data is sent:
– When displaying geographic data on the dashboard
– When determining country for IP-based blocking rules
– Results are cached for 24 hours to minimize API calls

Service provider: IP-API.com
– Terms of Service: https://ip-api.com/docs/legal
– Privacy Policy: https://ip-api.com/docs/legal
– Note: This plugin uses the free tier which has usage limits

5. IPAPI.co Geolocation Service (ipapi.co)

Purpose: Alternative geolocation service used for determining visitor country information on the dashboard.

What data is sent:
– Visitor IP addresses

When data is sent:
– When loading the dashboard to display visitor geographic information

Service provider: IPAPI.co
– Terms of Service: https://ipapi.co/terms/
– Privacy Policy: https://ipapi.co/privacy/

Important Notes:
– All external API communications use WordPress’s built-in wp_remote_get() and wp_remote_post() functions
– Data transmission occurs over HTTPS (except ip-api.com which uses HTTP)
– No sensitive user data (passwords, personal information) is ever transmitted
– You can disable certain features if you prefer not to use specific external services
– Geolocation data is cached to minimize external API calls

1. Upload the plugin files to the /wp-content/plugins/guardian-gaze directory, or install directly from the WordPress plugin repository.
2. Activate the plugin through the Plugins menu in WordPress.
3. Go to Guardian Gaze and configure your email and activate the plugin with the license key.
4. Run your first malware scan and review the results on the Dashboard.

1.4.0

• Initial release

1.3.0

• Initial release with:
  • Dashboard
  • Malware Scan
  • IP Management
  • Login Security
  • Hardening
  • Settings & Email alerts.

1.2.2

• Initial release