bpduguard vs. bpdufilter

Suppose you have a switch with servers connected to it. It's called "access layer switch" in Cisco lingo. There is no need to run spannig-tree on these server-facing ports. So, you disable it with "switchport portfast" interface command. One of the benefits of disabling STP on the port is that if you server boots fast, it does not need to wait until port finishes going through all STP port states and can start transmitting data immediately.
Since servers normally should ignore BPDUs coming from switch, there is no need to send them to a server in first place. To filter out outgoing BPDUs apply interface command "spanning-tree bpdufilter enable".
But when BPDU is received on the port with bpdufilter enabled, the port is portfast status is disabled and port will participate in spanning-tree. At the time network needs to be protected from unauthorized device that might decide to participate in your spanning-tree topology and cause spanning-tree loop or try to hijack root. Interface command "spanning-tree bpduguard enable" puts interface in err-disable mode whenever BPDU is received from connected device.
What will happen if you have both bpdufilter and bpduguard enabled on the interface?

spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable

bpdufilter takes precedence and bpdugard does not work. Although bpduguard needs more administrative overhead - port needs to be enabled manually - it makes your network more secure.