Three-tier bot detection for WordPress. Server-side WAF blocks threats before page load. JS challenge page verifies filtered visitors with proof-of-work + browser integrity checks. Client-side verification confirms real browsers. Traffic is classified into Gold, Silver, or Filtered quality tiers — automatically.
Download Free PluginPureGuard Performance sits between your traffic source and your landing page. It runs two independent detection phases before any visitor interacts with your content.
18+ detection layers execute before WordPress loads. IP reputation (FireHOL + CrowdSec), bot UA signatures, datacenter ASN detection, Chrome version analysis, Sec-Fetch header validation, burst rate limiting, and more. Bots are blocked in under 5ms — they never see your page.
10 client-side integrity checks run in the real browser: Canvas fingerprint, WebGL renderer, AudioContext hash, math precision, hardware concurrency, timezone consistency, touch API presence, devtools detection, headless browser flags, and runtime injection checks.
Filtered-tier visitors are served a lightweight verification page with SHA-256 proof-of-work + 10 browser integrity checks. Real browsers solve it in 1-3 seconds. Bots and headless browsers fail. Passed visitors get an HMAC-signed cookie valid for 1 hour.
Every visitor is classified into three tiers based on combined trust scores. Gold traffic goes to your best offers. Silver gets a secondary destination. Filtered traffic gets a JS challenge. You control what happens at each tier.
Real-time engagement beacons fire at 10s, 30s, and 60s intervals. Scroll depth percentage, click events, and time-on-page are tracked and reported to your PureGuard dashboard. Prove your traffic quality with hard data.
The server-side WAF runs before WordPress boots — blocked bots consume zero PHP resources. The client-side script loads with defer attribute, never blocking page render. Your Core Web Vitals stay clean.
All data flows to your PureGuard dashboard in real time. See tier breakdowns in Zone Quality, watch engagement metrics in Live Traffic, and track per-zone performance. WordPress admin shows a summary widget.
Traffic passes through two independent detection phases before reaching your content.
Visitor clicks your ad and lands on your WordPress site via PureGuard click URL
18+ detection layers run before WordPress loads. Bots blocked in <5ms. Zero page resources consumed.
10 integrity checks confirm the visitor is a real browser, not a headless bot or emulator.
Visitor is classified as Gold, Silver, or Filtered based on combined trust score.
Three-lane routing replaces the old binary accept/block model. Every visitor gets a quality classification.
Trust score ≥ 7.0. Passed all server-side and client-side checks with high confidence. Real device, real browser, clean IP, valid engagement signals. Route these to your highest-value offers.
Trust score 5.0–6.9. Passed detection but with borderline signals. Could be a cautious real user or a sophisticated bot. You choose: pass through, redirect to a secondary offer, or log for review.
Trust score < 5.0 or hard-kill signal detected. Visitors are served a JS challenge page with SHA-256 proof-of-work + 10 browser integrity checks. Real browsers pass in 1-3 seconds automatically. Bots and headless browsers fail. Configurable: challenge, block, redirect, or log.
Get up and running in under 2 minutes. No coding required.
Click the download button above to get the ZIP file. No account required to download.
In WordPress, go to Plugins → Add New → Upload Plugin. Select the ZIP file and click Install Now.
Activate the plugin, then navigate to Settings → PureGuard in your WordPress admin panel.
Enter your PureGuard workspace key (available in your account settings) and save. Protection starts immediately.
pg_z and pg_src URL parameters.
These are set automatically when traffic flows through PureGuard. Organic visits, search engine crawlers, and review bots are never tracked or affected.
Built for performance-critical media buying environments.
These checks run before WordPress loads. Bots never consume your server resources.
Yes. The plugin connects to your PureGuard workspace via an API key. Create a free account to get your workspace key. The Starter plan includes 100,000 checks per month at no cost.
No. The server-side WAF blocks bots before WordPress loads, so blocked traffic consumes zero PHP resources. The client-side script uses defer loading — it never blocks page render. Your Core Web Vitals are unaffected.
No. The plugin only activates on pages loaded with PureGuard tracking parameters (pg_z and pg_src). Organic visitors from Google, social media, or direct links are completely unaffected. Search engine crawlers are never blocked.
You decide. In the plugin settings, you can configure Silver traffic to pass through to your page normally, redirect to a secondary offer URL, or simply log it for review. The default is pass-through — no behavior changes on install.
Any traffic source that can send visitors through a PureGuard click URL. This includes PopAds, RollerAds, HilltopAds, PropellerAds, ExoClick, ClickAdilla (including RTB), and any source that supports redirect tracking.
Yes. Install the plugin on as many sites as you need. Each site connects to the same PureGuard workspace key. All traffic data is aggregated in your dashboard.
Download the plugin, install in 2 minutes, and see your first traffic quality report within the hour.
Download Plugin Create Free Account