SOG (Secure Outbound Gateway) is a WordPress plugin that displays a customizable warning when visitors click on external links. It is designed for websites that prioritize security, transparency, and control over user behavior when leaving the site.

• Regulations such as GDPR, HIPAA, and even internal guidelines from many public and private institutions recommend warning users before redirecting them off-domain.
• It can be part of a security or UX (user experience) audit.

If your site redirects to third-party services (links to banks, affiliates, etc.), notifying the user before leaving can protect you from claims if that third party has problems.

• When visitors see a warning like, "You are about to leave this site," they feel that you care about their security.
• This increases the perception of the website or company's seriousness.

• Legal warning modal before leaving the site.
• Customizable text with a professional design.
• Automatic logging of external link clicks.
• Whitelist for trusted domains or internal subdomains.
• Visual style adaptable via CSS.
• Use of ipinfo.io to log Countries.
• Localstore in order to avoid warning message to same site accepted.
• Email alerting changes (enable, disable, update).

The plugin offers an optional feature to automatically add rel="noopener noreferrer" to all external links.

• noopener: Prevents the new tab from accessing window.opener, mitigating tabnabbing attacks.
• noreferrer: In addition to blocking window.opener, this prevents the Referer (source URL) from being sent to the destination site.

• Security: Prevents reverse tabnabbing attacks.
• Privacy: Stops leaking the source site through HTTP Referer.

1. Clone or download the repository:

   git clone https://github.com/asantar0/sog.git

2. Upload the sog folder to your /wp-content/plugins/ directory.

3. Activate the plugin from the WordPress admin dashboard.

Go to release section in this proyect.

From the WordPress backend you can:

• Edit the whitelist of trusted domains.
• Automatically validate that the entered URLs are correctly formatted.
• Delete the audit log with a single click.
• Set IP Info token.
• Enable or disable an automatic email notification each time the log is deleted.

• Admin panel with click statistics
• Multi-language support (WPML, Polylang, browser detection)
• Advanced exceptions (by pattern, link type, or category)
• Log export (CSV)
• Integration with Google Analytics or Matomo
• Delete accepted domains button
• Tracking with Matomo/Google Analytics/Microsoft Clarity

This plugin is released under the MIT License.

For feature requests, improvements, or bug reports, please open an issue in this repository.

agustins@root-view.com

If you find this plugin useful, you can buy me a coffee: