WindCodex SwitchGuard – Safe User Switching for WordPress & WooCommerce

开发者	windcodex
更新时间	2026年5月28日 12:41
PHP版本:	8.1 及以上
WordPress版本:	7.0
版权:	GPLv2 or later
版权网址:	版权信息

下载

1.0.0

详情介绍:

WindCodex SwitchGuard is the most secure free user switching plugin for WordPress and WooCommerce. Switch into any lower-privilege user account in one click – no passwords, no account resets, no risk. Whether you're a support agent reproducing a customer bug, a WooCommerce store owner checking an order as the buyer, or a developer testing member-only content, SwitchGuard gives you instant, safe access to any user account and brings you straight back when you're done. 🔒 Security-first design. Every switch is nonce-verified, role-hierarchy-enforced, and recorded in a signed session cookie. You can never switch into an equal-or-higher privilege account by mistake. ✅ Everything In The Free Version One-Click Switching

Switch from the Users list with a single click
Switch from any user profile edit screen
Switch from WooCommerce order screens – jump straight into the customer's account
Admin bar quick search – find any user by name or email and switch instantly Access Control
Switching is disabled by default – you opt in when you're ready
Restrict switching to specific WordPress roles (e.g., only Shop Managers)
Automatically blocks switching into administrator accounts
Equal-or-higher privilege accounts are always blocked – no configuration needed
Configurable session duration from 1 to 168 hours (default 48 h) Security
Every switch action protected by WordPress nonces (CSRF protection)
Switch sessions stored in a signed, HTTPOnly cookie – tamper-proof
No passwords stored, logged, or transmitted – ever
Full multisite support Switch Back
Prominent Switch Back button in the admin bar – always visible
Switch Off to end the session and return to your original account
Session expires automatically when the cookie TTL is reached

🚀 Who Uses SwitchGuard?

WordPress agencies – debug client accounts without password sharing
WooCommerce store owners – investigate orders from the customer's perspective
Membership site admins – verify what members see after plan changes
Help desk & support teams – reproduce user-reported issues in seconds
Developers & QA teams – test role-restricted content and functionality

🔐 How Is SwitchGuard Different From Other User-Switching Plugins? Most user-switching plugins simply swap the session – leaving you exposed to privilege escalation and session fixation. SwitchGuard was built from the ground up with a security-first approach:

Role hierarchy enforcement – switch targets must have strictly lower privilege than the switcher
Explicit opt-in – switching is off by default, not on
Signed cookie session – the switch origin is HMAC-signed, not just stored in a plain cookie or database row
Nonce on every action – switch, switch back, and switch off are all CSRF-protected

⚡ How It Works

Activate SwitchGuard and go to the SwitchGuard settings page in wp-admin.
Turn on Enable User Switching and configure who can switch.
Click Switch To next to any user in the Users list, profile screen, or WooCommerce order screen.
Work in the target account as needed.
Click Switch Back in the admin bar to return to your original account instantly.

📋 Requirements

WordPress 6.0 or higher
PHP 8.1 or higher
WooCommerce is optional – order-screen switching only appears when WooCommerce is active

安装:

From WordPress Dashboard (Recommended)

Go to Plugins > Add New Plugin.
Search for SwitchGuard.
Click Install Now, then Activate.
Navigate to SwitchGuard in the left sidebar and configure your settings.

Manual Installation

Download the plugin .zip file.
Go to Plugins > Add New Plugin > Upload Plugin.
Upload the zip and click Install Now, then Activate.
Go to SwitchGuard in the left sidebar to configure.

屏幕截图:

升级注意事项:

1.0.0 Initial release. No upgrade steps required.

常见问题:

Is user switching safe?

Yes – when done correctly. SwitchGuard protects every switch action with WordPress nonces (CSRF protection), enforces role hierarchy (you can only switch into lower-privilege accounts), and stores the session in a signed, HTTPOnly cookie that cannot be tampered with or replayed.

Does SwitchGuard store passwords?

Never. SwitchGuard switches your WordPress session – no passwords are read, stored, logged, or transmitted at any point.

Who can switch user accounts?

By default, any user with the edit_users capability (typically Administrators). You can restrict this further to specific roles – for example, allowing only Shop Managers to switch – from the Access Control settings.

Can I accidentally switch into an administrator account?

No. SwitchGuard automatically blocks switching into any account with equal or higher privilege than the current user. The "Block switching into administrators" setting adds an extra explicit layer on top of this.

Does it work with WooCommerce?

Yes. When WooCommerce is active, a Switch To Customer button appears on order edit screens, letting you jump straight into the customer's account to reproduce checkout issues or verify order history.

How do I switch back to my original account?

The admin bar always shows a Switch Back button during an active switch session. Click it to instantly return to your original account. You can also click Switch Off to end the session entirely.

Does the switch session expire automatically?

Yes. The switch session is stored in a cookie with a configurable TTL (default 48 hours, adjustable from 1 to 168 hours). When the cookie expires, the session ends automatically.

Does SwitchGuard work on WordPress multisite?

Yes. SwitchGuard is fully compatible with WordPress multisite networks.

What happens if I close the browser during a switch session?

The switch session is stored in a persistent cookie (not a session cookie), so it survives browser restarts until the TTL you configured expires. Once expired, the session ends and you will need to log in again.

Is this plugin compatible with 2FA or membership plugins?

SwitchGuard bypasses the login form entirely, so it works naturally alongside most 2FA and membership plugins. If a plugin enforces its own session validation on every page load, there may be edge cases – check the compatibility notes or contact support.

How is this different from other user-switching plugins?

SwitchGuard adds: explicit opt-in requirement (off by default), role hierarchy enforcement (not just capability checks), HMAC-signed session cookies (not plain database rows), and nonce protection on every action. It also integrates directly with WooCommerce order screens and includes an admin-bar quick-search switcher.

更新日志: