Description
EffortLess Temporary Secure Login lets an administrator create a time-limited login link for a developer or support person, without ever sharing a password. Choose a role, choose an expiry, copy the link. The link auto-expires (deleting the temporary account and destroying its sessions) or can be revoked instantly.
Installation
- Upload the plugin files to
/wp-content/plugins/effortless-temporary-secure-login, or install directly through the WordPress plugins screen. - Activate the plugin.
- Go to Users > Temporary Logins to create your first temporary login.
FAQ
-
No. The plugin creates a separate, disposable WordPress user account and authenticates the recipient via a secure signed link — no password is ever shared or stored in plain text.
-
What happens when a temporary login expires?
-
The account is automatically logged out, its sessions destroyed, and the underlying WordPress user account deleted. The event stays visible in the plugin’s activity log.
Reviews
There are no reviews for this plugin.
Contributors & Developers
“EffortLess Temporary Secure Login” is open source software. The following people have contributed to this plugin.
ContributorsTranslate “EffortLess Temporary Secure Login” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
1.1.2
- Fixed: a temporary login’s granted Super Admin status was never actually revoked on expiry, revoke, or uninstall —
revoke_super_admin()was called with the temporary account’s username instead of its numeric user ID (which WordPress core silently ignores), and the uninstall routine didn’t call it at all. - Fixed: network-activating the plugin on a multisite install with existing sites only provisioned the tables/cron for one site; every other existing site never got its
eltsl_logins/eltsl_activitytables. - Fixed: sites that only got provisioned via the lazy per-site upgrade path never had the hourly expiry sweep scheduled.
- Fixed: uninstall only cleaned up the first 100 sites on a large network (missing
number => 0on the site query). - Fixed: an unparseable custom expiry date silently created an already-expired login instead of falling back to the default duration.
- Improved: front-end token verification now looks up the matching login by its indexed token hash instead of scanning and re-hashing every active login.
- Improved: the Network Admin list table no longer re-resolves a site’s URL once per row, and skips the lookup entirely for sites with no logins.
- Refactored: the per-site and network-wide list tables now share their column-rendering and revoke-link logic instead of duplicating it.
1.1.1
- Fixed a 404 when generating or revoking a temporary login from Network Admin — the create form and revoke links pointed at
wp-admin/network/admin-post.php, which doesn’t exist;admin-post.phpis a shared handler that always lives atwp-admin/admin-post.php.
1.1.0
- Added a Network Admin > Users > Temporary Logins page (multisite) with a site picker to create a temporary login for any site in the network, plus a combined list/revoke table across every site.
- Added an option (Network Admin only, visible only to an existing Super Admin) to also grant the temporary account real Super Admin rights for the login’s lifetime, cleanly revoked via revoke_super_admin() on expiry or manual revoke.
- Existing installs are upgraded automatically (adds the is_super_admin column to the logins table).
1.0.3
- Set Author to domclic (Donate link intentionally stays https://id7.dev/donate/, per project convention).
1.0.2
- Renamed to “EffortLess Temporary Secure Login” and set Contributors to domclic.
- Fixed Plugin Check findings: prefixed template loop variables in the admin view, and switched the direct-file-access guard in helpers.php/class-eltsl-secret.php to the standard ABSPATH-only check (recognized by automated scanners) — test loading now sets ABSPATH itself instead of a separate testing constant.
1.0.1
- Fixed multisite: sites created after Network Activation now get their tables and cron sweep provisioned automatically, and network-wide uninstall now cleans up every site instead of only the current one.
1.0.0
- Initial release.
