WordPress.org

China 简体中文

获取 WordPress
WordPress.org

Plugin Directory

SMSTunnel

SMSTunnel

作者:nicunarcisbodea
下载

描述

SMSTunnel transforms your Android phone into a powerful SMS gateway for WordPress.

Key Features

  • Use Your Own Phone – No third-party SMS gateway costs
  • Two-Factor Authentication – Secure WordPress login with SMS 2FA
  • End-to-End Encryption – Messages encrypted with RSA keys
  • Quick Setup – Scan QR code from the mobile app

External Services

This plugin connects to external services to provide certain functionality. Below are the details of each service:

SMSTunnel API

  • Purpose: Core service that enables the plugin to communicate with the SMSTunnel mobile app for sending SMS messages from your phone
  • When data is sent: During Quick Setup (when pairing via QR code), when sending SMS messages, and when verifying API connections
  • Data sent:
    • During setup: Site URL, site token (random identifier), admin email (for account creation)
    • When sending SMS: Phone number, message content (encrypted if E2E is enabled), API key for authentication
  • Service provider: SMSTunnel.io (NARBOWEB SRL)
  • Privacy Policy: https://smstunnel.io/privacy
  • Terms of Service: https://smstunnel.io/terms

SMSTunnel Authentication

  • Purpose: Optional sign-in via Google, Facebook, or email to link your SMSTunnel account with WordPress
  • When data is sent: Only when the admin uses the “Connect with Google/Facebook/Email” options on the plugin settings page
  • Data sent:
    • Google/Facebook: Redirects to smstunnel.io/auth/google or smstunnel.io/auth/facebook with a callback URL and CSRF state token
    • Email login: Email and password sent to smstunnel.io/api/v1/auth/login
    • After authentication: Fetches user profile from smstunnel.io/auth/me and creates an API key via smstunnel.io/api/v1/api-keys
  • Service provider: SMSTunnel.io (NARBOWEB SRL)
  • Privacy Policy: https://smstunnel.io/privacy
  • Terms of Service: https://smstunnel.io/terms

Note: QR codes are generated locally using an embedded JavaScript library (qrcode.min.js). No external QR code generation services are used. All SMS messages are sent through your own Android phone – the SMSTunnel server only acts as a relay to connect WordPress with your phone.

屏幕截图

安装

  1. Upload the plugin to /wp-content/plugins/
  2. Activate the plugin
  3. Go to SMSTunnel > Quick Setup
  4. Download the SMSTunnel app and scan the QR code

评价

Not functional yet?

2026 年 4 月 24 日 1 回复
Would love to use this type of a plug-in for SMS messaging to my local Lions Club. However it appears there is NO corresponding app on Google Play Store. GREAT idea if we can get it working.
阅读所有1条评价

贡献者及开发者

「SMSTunnel」是开源软件。 以下人员对此插件做出了贡献。

贡献者

帮助将「SMSTunnel」翻译成简体中文。

对开发感兴趣吗?

您可以浏览代码,查看SVN仓库,或通过RSS订阅开发日志

更新日志

1.0.6

  • Security: Added nonce validation (check_ajax_referer) to all nopriv AJAX endpoints including 2FA login and phone setup
  • Security: Fixed DOM XSS in quick-setup.js, social-login.js, and admin-settings.js – all server/URL data now uses .text() instead of .html()
  • Security: Escaped all remaining unescaped outputs in SMS history table
  • Security: API key verification now uses X-API-Key header and configurable server URL (consistent with rest of plugin)
  • Fix: Corrected AJAX action name mismatch for API key verification
  • Documentation: Added SMSTunnel Authentication section to External Services (auth endpoints)

1.0.5

  • Security: Moved all inline JavaScript to external files using wp_enqueue_script and wp_localize_script
  • Security: Added OAuth state parameter validation to prevent CSRF attacks on OAuth callback
  • Security: REST API /setup-callback now validates site_token in permission_callback instead of callback body
  • Security: Removed all wp_add_inline_script calls – all scripts now in external .js files
  • Code: Added $request parameter to all REST API permission_callback methods for PHP 8+ compatibility

1.0.4

  • Documentation: Updated External Services section with complete service documentation

1.0.3

  • Security: Replaced __return_true with documented custom permission_callback methods

1.0.2

  • Security: Replaced inline scripts with wp_add_inline_script for proper enqueueing
  • Security: Fixed XSS vulnerabilities by using textContent instead of innerHTML for server responses
  • Security: Removed external QR code generation services (Google Charts, QR Server API) – all QR codes now generated locally
  • Security: Improved escaping for all JavaScript strings using esc_js()
  • Documentation: Updated External Services section to accurately reflect service usage

1.0.1

  • Security: Added sanitization callbacks for all settings
  • Security: Fixed escape output for translatable strings
  • Security: Database queries now use prepared statements
  • Security: Changed wp_redirect to wp_safe_redirect
  • Security: Changed mt_rand to wp_rand
  • Compatibility: Tested up to WordPress 6.7.1

1.0.0

  • Initial release

额外信息

评级

2 星(最高 5 星)。

Your review

查看全部评论

支持

有话要说吗?是否需要帮助?

查看支持论坛