A background Windows tool that blocks adult content and, optionally, shows you an encouraging Bible verse instead of a dead page when you try to visit a blocked site.
Run it and it starts blocking. Stop it by closing it — from the tray icon, or Task Manager — same as any other background app. No lock, no timer, no code required.
The moment you run it (and every 2 minutes after, for as long as it keeps running), it:
- Rewrites a managed block in your hosts file, redirecting ~100 known adult
domains (plus
www.variants) to a dead address. Seeblocklist.txt. - Points your network adapters' DNS at OpenDNS FamilyShield
(
208.67.222.123/208.67.220.123), a free, no-signup resolver that blocks adult content and proxy/anonymizer sites network-wide, so coverage isn't limited to the static list. - Forces SafeSearch/Restricted Mode on Google, YouTube, Bing, and DuckDuckGo,
using each provider's own documented DNS-redirect mechanism — it resolves
forcesafesearch.google.com,restrict.youtube.com,strict.bing.com, andsafe.duckduckgo.comlive and points the real search hostnames at whatever IP comes back, so nothing is hardcoded or able to go stale.
It also sets itself to autostart at login the first time it runs, and shows an icon in your system tray the whole time it's active.
The first time you run it, it asks whether you'd like this. If you say yes, visiting a blocked domain shows a random verse (KJV — public domain, so it's quoted in full) about temptation, strength, and self-control, instead of a browser error page:
"There hath no temptation taken you but such as is common to man: but God is faithful, who will not suffer you to be tempted above that ye are able; but will with the temptation also make a way to escape, that ye may be able to bear it." — 1 Corinthians 10:13
Toggle it anytime from the tray menu. Technically, this works by running a tiny local web server (loopback-only — it isn't reachable from your network) that the blocked domains get redirected to instead of a dead address.
Known limitation: this reliably shows the verse for plain HTTP requests. Most sites today are HTTPS-only, and showing a custom page for those would require a locally-generated certificate your browser is told to trust — which this deliberately does not do, since silently modifying your trusted certificate store is a bigger trust decision than a novelty feature warrants. In practice: for HTTPS sites, your browser will usually show its own certificate warning first. The site is still blocked either way; you just won't always see the verse specifically.
- Start: run
FocusGuard.exe(or double-clickInstall-Now.cmdthe first time). It asks for admin once, then sits in your system tray. - Stop: right-click the tray icon → Exit, or End Task it in Task Manager. Either way, it removes the hosts entries and restores your original DNS settings before it actually quits.
- It starts again automatically next login, unless you also turn off autostart (tray icon → Disable autostart at login).
- Clone or download this repo.
- Right-click
Install.ps1→ Run with PowerShell (it prompts for admin itself). If that's blocked, open PowerShell as Administrator,cdinto the folder, and run:powershell -ExecutionPolicy Bypass -File .\Install.ps1
- It compiles
FocusGuard.exefromsrc/Program.csright there on your machine — nothing prebuilt is shipped, so you can read the source first — installs it toC:\FocusGuard, and starts it.
No external dependencies: it compiles with the C# compiler that ships with every
Windows install (csc.exe, part of .NET Framework), no NuGet packages, no internet
access needed at build time.
Right-click the tray icon for:
- Status — uptime, blocked domain count, autostart state, Bible verse mode state.
- Add a site to block... — adds one more domain and re-applies immediately.
- Show a Bible verse when a site is blocked — toggle, see above.
- Disable autostart at login — stops it launching next login (doesn't affect the current session).
- Exit — stops blocking now and cleans everything up.
From a terminal, adding a site works the same way without the tray menu:
C:\FocusGuard\FocusGuard.exe --add somesite.com
To remove it completely, run Uninstall.ps1 the same way as Install.ps1. If
FocusGuard is still running, it'll ask you to Exit it from the tray first for a
clean removal, then it resets your hosts file/DNS, removes the autostart entry, and
deletes the certificate it generated for the HTTPS block page.
Program files live in C:\FocusGuard. State (DNS backup, certificate thumbprint,
log) lives in C:\ProgramData\FocusGuard, machine-wide rather than per-profile.
This provides zero resistance to your own in-the-moment decision to turn it off — that's a deliberate trade for it being simple and not something you have to fight with when you have a legitimate reason to need it off.
Coverage gaps worth knowing:
- The static list blocks domains, not URL paths — it can't block "just the NSFW
parts" of a mixed-use site like Reddit or Twitter/X without blocking the whole
thing, so those aren't in the default list. Add them yourself (tray menu, or
--add reddit.com) if you'd rather lose the whole site than the risk. onlyfans.comandfansly.comare in the default list since they're a common trigger, even though both have legitimate non-adult use — remove those two lines fromblocklist.txtif that's a problem for you.- DNS filtering and SafeSearch enforcement need a working internet connection to resolve; offline, you fall back to just the static hosts list.
- If FocusGuard is ever force-killed in a way that skips its cleanup (a crash, or
"End Process Tree" during the brief window before it finishes cleaning up), the
hosts/DNS changes can be left in place until you reopen it and Exit properly, or
run
FocusGuard.exe --cleanup.
A background process that edits your hosts file, needs admin rights, changes DNS,
and autostarts is also the textbook behavior signature of hosts-hijacking malware.
Windows Defender or SmartScreen may flag or quarantine it. That's why this ships as
readable source you compile yourself rather than a prebuilt binary — but it doesn't
make Defender any less twitchy about the behavior itself. If it's flagged and you're
confident in what you just read, you'll need to restore it from quarantine and/or add
an exclusion for C:\FocusGuard in Windows Security. That's a real reduction in your
system's protection against actual malware, so only do it if you're sure — and
reconsider it if this is a shared or managed machine.
Single C# file (src/Program.cs), no external dependencies, compiled with the
.NET Framework compiler that ships with Windows. Uses:
- The Windows hosts file for domain blocking
- WMI (
Win32_NetworkAdapterConfiguration) for DNS configuration - The
ScheduledTasksPowerShell module for autostart (its cmdlet parameters are locale-independent, unlikeschtasks.exe's own CLI keywords, which are localized and silently fail on non-English Windows installs) HttpListenerbound to loopback only, for the optional Bible verse block page- Windows Forms for the tray icon and dialogs
Issues and pull requests welcome — in particular, a wider-coverage blocklist, more
verses, or additional search-engine SafeSearch mechanisms are all easy, self-contained
additions (see the SafeSearchTargets and Verses arrays in src/Program.cs).
No license has been chosen yet for this repository — add one (MIT is a common choice for a project like this) before treating it as open source.