Secure Access Bridge

Description

Secure Access Bridge helps WordPress administrators create secure, temporary, one-click login links for clients, developers, designers, SEO specialists, and support users. Instead of sharing passwords or creating unmanaged long-term accounts, you can generate controlled access links with expiry rules, access profiles, activity logs, and recovery tools.

The plugin is built for agencies, freelancers, site owners, and support teams that need safer temporary WordPress access management.

Key Features

• Temporary login links – Generate one-click access links with expiration control.
• Passwordless access – Give temporary WordPress access without exposing user passwords.
• Access profiles – Use presets such as Support, Developer, Client, Designer, and SEO, or create custom profiles.
• Granular restrictions – Limit temporary access by menu access, capabilities, IP address, country code, device type, browser, session duration, and idle timeout.
• Activity audit trail – Track important actions performed by temporary users.
• Change recovery – Create recoverable snapshots for supported content changes so administrators can review and restore changes when needed.
• QR code login – Display a scannable QR code for mobile login access.
• Webhook notifications – Optionally send critical login and activity notifications to a configured Slack or Discord webhook URL.
• Stealth mode – Hide the plugin menu and access it through a secret URL parameter when white-label access management is required.
• Automatic cleanup – Expired links and sessions can be cleaned up automatically through scheduled maintenance.

Why Use Secure Access Bridge?

Sharing administrator passwords is risky. Creating permanent accounts for every support task is difficult to manage. Secure Access Bridge provides a more controlled workflow by letting you issue temporary, restricted, and auditable access.

Use it when you need to:

• Give a developer short-term access to troubleshoot a site.
• Let a client review or edit limited areas of WordPress.
• Provide SEO or content access without exposing full administrator credentials.
• Track temporary-user activity and recover supported changes.
• Reduce password-sharing risk during support and maintenance work.

Security and Privacy

Secure Access Bridge stores generated access tokens as hashes instead of storing the plain login token in the database. Temporary access should still be granted carefully, and administrators should always assign the lowest privilege level required for the task.

The plugin does not include tracking, telemetry, or advertising code.

External services

This plugin can connect to external services only for specific optional features.

QRServer / goQR.me

The plugin uses the QRServer API from goQR.me to generate QR code images for temporary login links.

When a QR code is displayed, the generated temporary login URL is sent to the QRServer API as the QR code data. The plugin does not send WordPress passwords, site content, or payment information to QRServer.

Service provider: QRServer / goQR.me
Terms: https://goqr.me/api/doc/
Privacy policy: https://goqr.me/de/rechtliches/datenschutz-goqrme.html

Slack or Discord webhook URL

If an administrator manually configures a Slack or Discord webhook URL in the plugin settings, the plugin can send login and critical-activity notification payloads to that configured webhook endpoint.

The webhook payload may include the temporary user’s username, access profile, event time, action name, and action details. No webhook request is sent unless a webhook URL is configured by an administrator.

Slack terms: https://slack.com/terms-of-service
Slack privacy policy: https://slack.com/privacy-policy
Discord terms: https://discord.com/terms
Discord privacy policy: https://discord.com/privacy