FAQ
Is the audit log tamper-proof?
The log is stored in a WordPress database table. Database-level access by a privileged admin could modify records. For tamper-proof audit trails, pipe the switchguard_switched action to an external log service.
Can the target user see that they were switched to?
Not in the current version. A future update may add a "your account was accessed" notification to target users.
Can I grant a customer the ability to switch to other customers?
Technically yes via per-user grants, but this would be a significant security risk. Grants should only be assigned to trusted internal users.
Does the idle timeout work on REST API requests?
REST API requests reset the idle timer if they are made within the switched session. Pure background AJAX calls (e.g., heartbeat) also reset the timer.
What happens if the weekly digest cron does not run?
If wp-cron is disabled and no server cron runs wp cron event run, the digest will not send. Check with WP Crontrol that switchguard_weekly_digest is scheduled.
Can I restrict Pro features to specific administrator accounts?
Not with a UI setting. Use the switchguard_can_switch filter to add custom logic based on the switcher's user ID.