{"id":315289,"date":"2026-05-28T03:50:49","date_gmt":"2026-05-28T03:50:49","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/windcodex-switchguard\/"},"modified":"2026-06-30T05:03:15","modified_gmt":"2026-06-30T05:03:15","slug":"windcodex-switchguard","status":"publish","type":"plugin","link":"https:\/\/ca-valencia.wordpress.org\/plugins\/windcodex-switchguard\/","author":23476832,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.0.1","stable_tag":"1.0.1","tested":"7.0","requires":"6.0","requires_php":"8.1","requires_plugins":null,"header_name":"WindCodex SwitchGuard","header_author":"WindCodex","header_description":"Secure one-click user switching for WordPress and WooCommerce with admin-only access control.","assets_banners_color":"d3cbf9","last_updated":"2026-06-30 05:03:15","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"https:\/\/www.windcodex.com","rating":0,"author_block_rating":0,"active_installs":0,"downloads":204,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"windcodex","date":"2026-05-28 03:58:26"},"1.0.1":{"tag":"1.0.1","author":"windcodex","date":"2026-06-30 05:03:15"}},"upgrade_notice":{"1.0.1":"<p>Adds inline Pro upsell banner, review request notice, and help button in the settings header. No database changes \u2013 safe to update.<\/p>","1.0.0":"<p>Initial release \u2013 no upgrade steps required.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3551498,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3551498,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3551498,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3551498,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0","1.0.1"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3551498,"resolution":"1","location":"assets","locale":"","width":1200,"height":618},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3551498,"resolution":"2","location":"assets","locale":"","width":1200,"height":666},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3551498,"resolution":"3","location":"assets","locale":"","width":1200,"height":1000},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3551498,"resolution":"4","location":"assets","locale":"","width":1200,"height":598}},"screenshots":{"1":"<strong>Users list<\/strong> \u2013 Switch To link next to each user row.","2":"<strong>Admin bar<\/strong> \u2013 Quick user search, Switch Back, and Switch Off controls.","3":"<strong>Settings page<\/strong> \u2013 Access Control, Integration Points, and session duration settings.","4":"<strong>WooCommerce order screen<\/strong> \u2013 Switch to Customer button on order edit pages."}},"plugin_section":[],"plugin_tags":[248715,42294,168751,3749,286],"plugin_category":[45],"plugin_contributors":[260242],"plugin_business_model":[],"class_list":["post-315289","plugin","type-plugin","status-publish","hentry","plugin_tags-login-as-customer","plugin_tags-login-as-user","plugin_tags-switch-user","plugin_tags-user-switching","plugin_tags-woocommerce","plugin_category-ecommerce","plugin_contributors-windcodex","plugin_committers-windcodex"],"banners":{"banner":"https:\/\/ps.w.org\/windcodex-switchguard\/assets\/banner-772x250.png?rev=3551498","banner_2x":"https:\/\/ps.w.org\/windcodex-switchguard\/assets\/banner-1544x500.png?rev=3551498","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/windcodex-switchguard\/assets\/icon-128x128.png?rev=3551498","icon_2x":"https:\/\/ps.w.org\/windcodex-switchguard\/assets\/icon-256x256.png?rev=3551498","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/windcodex-switchguard\/assets\/screenshot-1.png?rev=3551498","caption":"<strong>Users list<\/strong> \u2013 Switch To link next to each user row."},{"src":"https:\/\/ps.w.org\/windcodex-switchguard\/assets\/screenshot-2.png?rev=3551498","caption":"<strong>Admin bar<\/strong> \u2013 Quick user search, Switch Back, and Switch Off controls."},{"src":"https:\/\/ps.w.org\/windcodex-switchguard\/assets\/screenshot-3.png?rev=3551498","caption":"<strong>Settings page<\/strong> \u2013 Access Control, Integration Points, and session duration settings."},{"src":"https:\/\/ps.w.org\/windcodex-switchguard\/assets\/screenshot-4.png?rev=3551498","caption":"<strong>WooCommerce order screen<\/strong> \u2013 Switch to Customer button on order edit pages."}],"raw_content":"<!--section=description-->\n<p><strong>WindCodex SwitchGuard<\/strong> is a secure, free user switching plugin for WordPress and WooCommerce. Switch into any lower-privilege user account in one click \u2013 no passwords, no account resets, no security risk.<\/p>\n\n<p>Whether you are a <strong>support agent<\/strong> reproducing a customer bug, a <strong>WooCommerce store owner<\/strong> checking an order as the buyer, or a <strong>developer<\/strong> testing member-only content \u2013 SwitchGuard gives you instant access to any user account and brings you straight back when you are done.<\/p>\n\n<p><strong>Security-first design.<\/strong> Every switch is nonce-verified, role-hierarchy-enforced, and recorded in a signed session cookie. You cannot accidentally switch into an equal-or-higher privilege account.<\/p>\n\n<h4>Everything in the Free Version<\/h4>\n\n<p><strong>One-Click User Switching<\/strong>\n* Switch from the <strong>Users list<\/strong> with a single click \u2013 no page reloads\n* Switch from any <strong>user profile edit screen<\/strong>\n* Switch from <strong>WooCommerce order screens<\/strong> \u2013 jump straight into the customer's account to reproduce checkout or order issues\n* <strong>Admin bar quick search<\/strong> \u2013 find any user by name or email and switch instantly from any page<\/p>\n\n<p><strong>Access Control<\/strong>\n* Switching is <strong>disabled by default<\/strong> \u2013 you opt in deliberately when you are ready\n* Restrict switching to specific <strong>WordPress roles<\/strong> (e.g., only Shop Managers or Editors)\n* Automatically blocks switching into <strong>administrator accounts<\/strong>\n* Equal-or-higher privilege accounts are <strong>always blocked<\/strong> \u2013 no configuration needed\n* Configurable <strong>session duration<\/strong> from 1 to 168 hours (default 48 hours)<\/p>\n\n<p><strong>Security &amp; Audit<\/strong>\n* Every switch action protected by <strong>WordPress nonces<\/strong> \u2013 full CSRF protection\n* Switch sessions stored in a <strong>signed, HTTPOnly cookie<\/strong> \u2013 tamper-proof and replay-resistant\n* Every switch action is recorded \u2013 who switched, when, from which IP, and for how long. A full <strong>audit log dashboard<\/strong> is available in SwitchGuard Pro\n* No passwords stored, logged, or transmitted \u2013 ever\n* Full <strong>WordPress multisite<\/strong> support<\/p>\n\n<p><strong>Switch Back<\/strong>\n* Prominent <strong>Switch Back<\/strong> button always visible in the admin bar during any active switch session\n* <strong>Switch Off<\/strong> to end the session permanently and return to your original account\n* Session expires automatically when the configured cookie TTL is reached<\/p>\n\n<h4>Who Uses SwitchGuard?<\/h4>\n\n<ul>\n<li><strong>WordPress support agencies<\/strong> \u2013 debug client accounts without password sharing or account handover<\/li>\n<li><strong>WooCommerce store owners<\/strong> \u2013 review orders from the customer's exact perspective<\/li>\n<li><strong>Membership site admins<\/strong> \u2013 verify what members see after plan changes or role updates<\/li>\n<li><strong>Help desk and support teams<\/strong> \u2013 reproduce user-reported issues in seconds without a support ticket<\/li>\n<li><strong>Developers and QA teams<\/strong> \u2013 test role-restricted content, locked pages, and feature flags in context<\/li>\n<\/ul>\n\n<h4>How SwitchGuard Differs from Other User-Switching Plugins<\/h4>\n\n<p>Most user-switching plugins simply swap the WordPress session with no additional safeguards \u2013 leaving you exposed to privilege escalation and session fixation. SwitchGuard is built with security as the core requirement:<\/p>\n\n<ul>\n<li><strong>Role hierarchy enforcement<\/strong> \u2013 switch targets must have strictly lower privilege than the switcher. Peer and admin accounts are blocked at the server level.<\/li>\n<li><strong>Explicit opt-in<\/strong> \u2013 switching is disabled by default, not enabled. You turn it on deliberately.<\/li>\n<li><strong>HMAC-signed cookie session<\/strong> \u2013 the switch origin is signed with a secret key, not stored in a plain cookie or database row that can be tampered with.<\/li>\n<li><strong>Nonce on every action<\/strong> \u2013 switch, switch back, and switch off actions are all CSRF-protected with WordPress nonces.<\/li>\n<\/ul>\n\n<h4>\ud83d\ude80 Pro Version<\/h4>\n\n<p>Need IP allowlists, locked accounts, scheduled switching windows, email alerts, and a full audit log dashboard?\n<a href=\"https:\/\/windcodex.com\/product\/woocommerce-user-switching-plugin\/\">SwitchGuard Pro is available at windcodex.com<\/a><\/p>\n\n<p>SwitchGuard Pro adds advanced controls for agencies, enterprise teams, and high-security environments:<\/p>\n\n<ul>\n<li><strong>Idle timeout<\/strong> \u2013 automatic switch-back after a configurable period of inactivity<\/li>\n<li><strong>Re-authentication gate<\/strong> \u2013 require password confirmation before privileged switches<\/li>\n<li><strong>IP allowlist<\/strong> \u2013 restrict switching to known office or VPN IP ranges<\/li>\n<li><strong>Scheduled windows<\/strong> \u2013 allow switching only during defined hours or days<\/li>\n<li><strong>Per-user grants<\/strong> \u2013 give specific users permission to be switched into<\/li>\n<li><strong>Full audit log dashboard<\/strong> \u2013 every switch event recorded with actor, target, IP address, and timestamp<\/li>\n<li><strong>Email alerts<\/strong> \u2013 notify admins when a switch session starts or ends<\/li>\n<li><strong>Locked user protection<\/strong> \u2013 prevent switching into flagged or suspended accounts<\/li>\n<\/ul>\n\n<h4>How It Works<\/h4>\n\n<ol>\n<li>Activate SwitchGuard and go to the <strong>SwitchGuard<\/strong> settings page in wp-admin.<\/li>\n<li>Turn on <strong>Enable User Switching<\/strong> and configure which roles can switch.<\/li>\n<li>Click <strong>Switch To<\/strong> next to any user in the Users list, profile screen, or WooCommerce order screen.<\/li>\n<li>Work in the target account \u2013 browse the frontend, check orders, test content.<\/li>\n<li>Click <strong>Switch Back<\/strong> in the admin bar to return to your original account instantly.<\/li>\n<\/ol>\n\n<h4>Requirements<\/h4>\n\n<ul>\n<li>WordPress 6.0 or higher<\/li>\n<li>PHP 8.1 or higher<\/li>\n<li>WooCommerce is optional \u2013 order-screen switching only appears when WooCommerce is active<\/li>\n<\/ul>\n\n<!--section=installation-->\n<p><strong>From WordPress Dashboard (Recommended)<\/strong><\/p>\n\n<ol>\n<li>Go to <strong>Plugins &gt; Add New Plugin<\/strong>.<\/li>\n<li>Search for <strong>WindCodex SwitchGuard<\/strong> or <strong>SwitchGuard<\/strong>.<\/li>\n<li>Click <strong>Install Now<\/strong>, then <strong>Activate<\/strong>.<\/li>\n<li>Navigate to <strong>SwitchGuard<\/strong> in the left sidebar and configure your settings.<\/li>\n<\/ol>\n\n<p><strong>Manual Installation<\/strong><\/p>\n\n<ol>\n<li>Download the plugin <code>.zip<\/code> file.<\/li>\n<li>Go to <strong>Plugins &gt; Add New Plugin &gt; Upload Plugin<\/strong>.<\/li>\n<li>Upload the zip and click <strong>Install Now<\/strong>, then <strong>Activate<\/strong>.<\/li>\n<li>Go to <strong>SwitchGuard<\/strong> in the left sidebar to configure.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"is%20user%20switching%20safe%3F\"><h3>Is user switching safe?<\/h3><\/dt>\n<dd><p>Yes \u2013 when done correctly. SwitchGuard protects every switch action with WordPress nonces (CSRF protection), enforces role hierarchy so you can only switch into lower-privilege accounts, and stores the session in a signed HTTPOnly cookie that cannot be tampered with or replayed.<\/p><\/dd>\n<dt id=\"does%20switchguard%20store%20passwords%3F\"><h3>Does SwitchGuard store passwords?<\/h3><\/dt>\n<dd><p>Never. SwitchGuard switches your WordPress session without touching the login form. No passwords are read, stored, logged, or transmitted at any point.<\/p><\/dd>\n<dt id=\"who%20can%20switch%20user%20accounts%3F\"><h3>Who can switch user accounts?<\/h3><\/dt>\n<dd><p>By default, any user with the <code>edit_users<\/code> capability (typically Administrators). You can restrict this to specific roles \u2013 for example, allowing only Shop Managers to switch \u2013 from the Access Control settings.<\/p><\/dd>\n<dt id=\"can%20i%20accidentally%20switch%20into%20an%20administrator%20account%3F\"><h3>Can I accidentally switch into an administrator account?<\/h3><\/dt>\n<dd><p>No. SwitchGuard automatically blocks switching into any account with equal or higher privilege than the switcher. The \"Block switching into administrators\" setting adds an explicit extra layer on top of this rule.<\/p><\/dd>\n<dt id=\"how%20do%20i%20switch%20back%20to%20my%20original%20account%3F\"><h3>How do I switch back to my original account?<\/h3><\/dt>\n<dd><p>A <strong>Switch Back<\/strong> button is always shown in the WordPress admin bar during an active switch session. Click it to return instantly. You can also click <strong>Switch Off<\/strong> to end the session entirely.<\/p><\/dd>\n<dt id=\"how%20is%20this%20different%20from%20the%20%22user%20switching%22%20plugin%3F\"><h3>How is this different from the \"User Switching\" plugin?<\/h3><\/dt>\n<dd><p>SwitchGuard adds security layers that are not present in most other user-switching plugins: explicit opt-in (off by default), strict role hierarchy enforcement (server-side, not just UI), HMAC-signed session cookies (not plain database rows), nonce protection on every action, and a WooCommerce order-screen integration with an admin-bar quick-search switcher.<\/p><\/dd>\n<dt id=\"does%20it%20work%20with%20woocommerce%3F\"><h3>Does it work with WooCommerce?<\/h3><\/dt>\n<dd><p>Yes. When WooCommerce is active, a <strong>Switch to Customer<\/strong> button appears on order edit screens, letting you jump into the customer's account to reproduce checkout issues, verify order history, or check account details exactly as they see them.<\/p><\/dd>\n<dt id=\"does%20the%20switch%20session%20expire%20automatically%3F\"><h3>Does the switch session expire automatically?<\/h3><\/dt>\n<dd><p>Yes. The switch session is stored in a cookie with a configurable TTL (default 48 hours, adjustable from 1 to 168 hours). When the cookie expires, the session ends and you are returned to your original login state.<\/p><\/dd>\n<dt id=\"what%20happens%20if%20i%20close%20the%20browser%20during%20a%20switch%20session%3F\"><h3>What happens if I close the browser during a switch session?<\/h3><\/dt>\n<dd><p>The switch session is stored in a persistent cookie (not a session cookie), so it survives browser restarts until the configured TTL expires. Once expired, you will need to log in again.<\/p><\/dd>\n<dt id=\"does%20switchguard%20work%20on%20wordpress%20multisite%3F\"><h3>Does SwitchGuard work on WordPress multisite?<\/h3><\/dt>\n<dd><p>Yes. SwitchGuard is fully compatible with WordPress multisite networks.<\/p><\/dd>\n<dt id=\"is%20switchguard%20compatible%20with%202fa%20or%20membership%20plugins%3F\"><h3>Is SwitchGuard compatible with 2FA or membership plugins?<\/h3><\/dt>\n<dd><p>SwitchGuard bypasses the login form entirely, so it works alongside most 2FA and membership plugins. If a plugin enforces its own session validation on every page load, there may be edge cases \u2013 check the plugin documentation or contact support.<\/p><\/dd>\n<dt id=\"can%20i%20log%20or%20audit%20switch%20sessions%20in%20the%20free%20version%3F\"><h3>Can I log or audit switch sessions in the free version?<\/h3><\/dt>\n<dd><p>The free version records basic switch activity in signed session cookies but does not include a persistent audit log. A full audit log with actor, target, IP, and timestamp is available in SwitchGuard Pro.<\/p><\/dd>\n<dt id=\"can%20i%20restrict%20which%20users%20can%20be%20switched%20into%3F\"><h3>Can I restrict which users can be switched into?<\/h3><\/dt>\n<dd><p>In the free version, you can restrict who can perform switches by role. Per-user target grants \u2013 allowing only specific users to be switched into \u2013 are available in SwitchGuard Pro.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.1<\/h4>\n\n<ul>\n<li>Improved: Settings page UI for better usability.<\/li>\n<li>Added: Admin review request notice.<\/li>\n<li>Added: Pro features notice.<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release.<\/li>\n<li>One-click user switching from Users list, profile, and WooCommerce order screens.<\/li>\n<li>Admin bar quick user search (name\/email) with instant switch.<\/li>\n<li>Explicit opt-in, role-based access control, and session duration settings.<\/li>\n<li>Role hierarchy enforcement \u2013 equal-or-higher privilege targets blocked automatically.<\/li>\n<li>Signed HTTPOnly session cookie with configurable TTL (1\u2013168 hours).<\/li>\n<li>CSRF-protected switch, switch-back, and switch-off actions.<\/li>\n<li>Multisite compatible. Translation-ready.<\/li>\n<\/ul>","raw_excerpt":"Switch between WordPress user accounts in one click \u2013 no passwords needed. Secure sessions, role protection, and instant switch-back.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ca-valencia.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/315289","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ca-valencia.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/ca-valencia.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/ca-valencia.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=315289"}],"author":[{"embeddable":true,"href":"https:\/\/ca-valencia.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/windcodex"}],"wp:attachment":[{"href":"https:\/\/ca-valencia.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=315289"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/ca-valencia.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=315289"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/ca-valencia.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=315289"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/ca-valencia.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=315289"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/ca-valencia.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=315289"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/ca-valencia.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=315289"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}