About CRA Guard

CRA Guard is built by a small team in Manchester, UK. We build tools that help WordPress developers navigate EU regulations without needing a compliance department.

Why we built this

The EU Cyber Resilience Act (Regulation 2024/2847) introduces mandatory cybersecurity requirements for anyone selling software with digital elements to EU customers. That includes WordPress plugin and theme developers.

The first enforcement deadline is 11 September 2026. Fines reach up to EUR 15 million. Most WordPress developers we talked to had never heard of the CRA, let alone started preparing for it.

We saw the same pattern play out with GDPR. Developers scrambled at the last minute, overpaid for consultants, or just ignored it and hoped for the best. CRA Guard exists so that doesn't happen again.

What we believe

• Compliance shouldn't require a legal team. A solo developer shipping a WordPress plugin deserves the same access to compliance tooling as a Fortune 500 company.
• Free should actually be useful. Our free tier covers the checklist, document templates, education centre, and security.txt generator. That gets you most of the way there.
• Deadlines focus the mind. The countdown timer on our homepage isn't a marketing trick. It's a genuine reminder that September 2026 is closer than it feels.

Get in touch

Questions about CRA Guard or the Cyber Resilience Act? Reach us at hello@getcraguard.com or through the WordPress.org support forums.