# PhantomGuard **WordPress security hardening with a modern React admin interface.** PhantomGuard helps you protect your WordPress site with configurable security rules, audit logging, and one-click presets. The free version includes essential hardening measures; upgrade to PhantomGuard Pro for malware scanning, DNS management, and advanced security features. **Source code:** The admin UI is built with React and webpack. The unminified JavaScript and CSS source is available at [https://github.com/bitninjaio/PhantomGuardFree](https://github.com/bitninjaio/PhantomGuardFree). See [Development Setup](#development-setup) for build instructions. --- ## Features ### Free Version | Feature | Description | |---------|-------------| | **Security presets** | Basic, Recommended, and Advanced presets for quick configuration | | **Force HTTPS for admin** | Redirect admin traffic over HTTPS | | **Hide WP version** | Remove version info from frontend and feeds | | **Audit logging** | Track security-relevant events in the database | | **Obscure login feedback** | Reduce information leakage on the login form | | **React admin UI** | Modern interface with i18n (English, German, Italian) | | **Dashboard & onboarding** | Overview and guided setup flow | | **Settings & Support** | Configuration and help pages | ### PhantomGuard Pro | Category | Features | |----------|----------| | **Malware Scanning** | Two-phase scanning, manual/scheduled scans, quarantine, restore, file preview, scan history | | **Security Hardening (Extended)** | Disallow file edit/mods, XML-RPC/REST API disable, rename admin URL, disable WP-Cron, restrict login by IP, Two-Factor Authentication | | **DNS Management** | Bunny CDN integration, Pull Zone management, DNS records, free SSL, traffic/geo charts | | **Dashboard (Extended)** | Cache purge, Bunny CDN statistics, next scheduled scan info, traffic statistics | --- ## Requirements - **WordPress** 6.8+ - **PHP** 7.4+ - **Node.js + npm** (for building the admin UI) --- ## Quick Start ### Installation 1. Install the plugin in WordPress (upload or use plugin directory). 2. Activate **PhantomGuard** in **Plugins**. 3. Open **WordPress Admin → PhantomGuard** to access the dashboard. ### Development Setup ```bash cd phantom-guard npm install npm run build # Production build # or npm run build:dev # Development build (unminified) npm run dev # Watch mode for development ``` Activate the plugin in WordPress after building. --- ## Project Structure ``` phantom-guard/ ├── phantom-guard.php # Plugin bootstrap ├── includes/ # Core classes and hardening rules │ ├── class-phantom-guard.php │ ├── class-phantom-guard-hardening.php │ └── hardening/ # Individual rule implementations ├── admin/ # WP admin integration and AJAX handlers ├── src/ # React admin app source │ ├── App.jsx │ ├── pages/ # Dashboard, Scanner, Hardening, DNS, Settings, Support │ ├── components/ │ ├── hooks/ │ └── i18n/ ├── assets/ # Built JS/CSS (generated by webpack) └── webpack.config.js # Frontend build configuration ``` --- ## Key Components | Component | Path | Purpose | |-----------|------|---------| | Core plugin | `includes/class-phantom-guard.php` | Main plugin logic and hook registration | | Hardening engine | `includes/class-phantom-guard-hardening.php` | Rule loading, presets, audit log | | Hardening rules | `includes/hardening/` | Per-rule implementations (base, hide-version, audit-log, etc.) | | Admin UI | `src/` | React app with routing and i18n | --- ## External Services | Service | Used by | Purpose | |---------|---------|---------| | Google Fonts | PhantomGuard | Mulish font for admin UI | | BitNinja API | Pro | Malware scanning | | GoQR | Pro | 2FA QR code generation | | IPify | Pro | IP detection | | WordPress.org | Pro | Plugin/theme version checks | See `README.txt` for the full external services section with data flows, terms, and privacy URLs. --- ## Source Code The admin UI (`assets/js/`, `assets/css/`) is built from React source in `src/` using webpack. The unminified source code is publicly available at: **https://github.com/bitninjaio/PhantomGuardFree** Use `npm run build:dev` for an unminified development build, or `npm run build` for production. See [Development Setup](#development-setup) for full instructions. --- ## License GPL-3.0-or-later. See [LICENSE.txt](LICENSE.txt) for details.