描述
Secure Access Bridge helps WordPress administrators create secure, temporary, one-click login links for clients, developers, designers, SEO specialists, and support users. Instead of sharing passwords or creating unmanaged long-term accounts, you can generate controlled access links with expiry rules, access profiles, activity logs, and recovery tools.
The plugin is built for agencies, freelancers, site owners, and support teams that need safer temporary WordPress access management.
Key Features
- Temporary login links – Generate one-click access links with expiration control.
- Passwordless access – Give temporary WordPress access without exposing user passwords.
- Access profiles – Use presets such as Support, Developer, Client, Designer, and SEO, or create custom profiles.
- Granular restrictions – Limit temporary access by menu access, capabilities, IP address, country code, device type, browser, session duration, and idle timeout.
- Activity audit trail – Track important actions performed by temporary users.
- Change recovery – Create recoverable snapshots for supported content changes so administrators can review and restore changes when needed.
- QR code login – Display a scannable QR code for mobile login access.
- Webhook notifications – Optionally send critical login and activity notifications to a configured Slack or Discord webhook URL.
- Stealth mode – Hide the plugin menu and access it through a secret URL parameter when white-label access management is required.
- Automatic cleanup – Expired links and sessions can be cleaned up automatically through scheduled maintenance.
Why Use Secure Access Bridge?
Sharing administrator passwords is risky. Creating permanent accounts for every support task is difficult to manage. Secure Access Bridge provides a more controlled workflow by letting you issue temporary, restricted, and auditable access.
Use it when you need to:
- Give a developer short-term access to troubleshoot a site.
- Let a client review or edit limited areas of WordPress.
- Provide SEO or content access without exposing full administrator credentials.
- Track temporary-user activity and recover supported changes.
- Reduce password-sharing risk during support and maintenance work.
Security and Privacy
Secure Access Bridge stores generated access tokens as hashes instead of storing the plain login token in the database. Temporary access should still be granted carefully, and administrators should always assign the lowest privilege level required for the task.
The plugin does not include tracking, telemetry, or advertising code.
External services
This plugin can connect to external services only for specific optional features.
QRServer / goQR.me
The plugin uses the QRServer API from goQR.me to generate QR code images for temporary login links.
When a QR code is displayed, the generated temporary login URL is sent to the QRServer API as the QR code data. The plugin does not send WordPress passwords, site content, or payment information to QRServer.
Service provider: QRServer / goQR.me
Terms: https://goqr.me/api/doc/
Privacy policy: https://goqr.me/de/rechtliches/datenschutz-goqrme.html
Slack or Discord webhook URL
If an administrator manually configures a Slack or Discord webhook URL in the plugin settings, the plugin can send login and critical-activity notification payloads to that configured webhook endpoint.
The webhook payload may include the temporary user’s username, access profile, event time, action name, and action details. No webhook request is sent unless a webhook URL is configured by an administrator.
Slack terms: https://slack.com/terms-of-service
Slack privacy policy: https://slack.com/privacy-policy
Discord terms: https://discord.com/terms
Discord privacy policy: https://discord.com/privacy
屏幕截图
安装
- Upload the
secure-access-bridgefolder to the/wp-content/plugins/directory, or install the ZIP through Plugins > Add New > Upload Plugin. - Activate Secure Access Bridge from the WordPress Plugins screen.
- Open Secure Access Bridge from the admin menu.
- Create a temporary access link, select an access profile, configure restrictions, and share the generated link only with the intended user.
常见问题
-
No. The plugin is designed to provide temporary login access without sharing a user’s WordPress password.
-
Are login tokens stored in plain text?
-
No. Generated access tokens are hashed before being stored in the database. The plain token is only used to build the temporary login URL shown to the administrator.
-
Can I restrict what a temporary user can access?
-
Yes. You can use predefined access profiles or configure custom access rules, including allowed menus, capabilities, session duration, idle timeout, IP restrictions, country restrictions, device restrictions, and browser restrictions.
-
Can I revoke a temporary login link?
-
Yes. Administrators can revoke or delete temporary access links from the plugin dashboard.
-
Does the plugin support QR code login?
-
Yes. The plugin can display a QR code for the generated login URL. The QR code image is generated through the external QRServer service described in the External services section.
-
What happens when I deactivate the plugin?
-
The plugin stops running and temporary login links will no longer work while it is deactivated. Stored plugin data is not automatically removed on deactivation.
-
What happens when I uninstall the plugin?
-
Uninstalling the plugin removes its custom database tables and plugin options.
评价
此插件暂无评价。
贡献者及开发者
更新日志
1.0.0
- Initial release.
- Added temporary passwordless login links.
- Added access profiles and custom restrictions.
- Added activity logging, change recovery, QR code login, webhooks, stealth mode, and automatic cleanup.