Title: GateLink Manager – Secure One‑Click Admin Login & WordPress SSO Author: NUMAN RASHEED Published: October 3, 2025 Last modified: October 14, 2025 --- Search plugins ![](https://ps.w.org/gatelink-manager/assets/banner-772x250.jpg?rev=3372261) ![](https://ps.w.org/gatelink-manager/assets/icon.svg?rev=3372206) # GateLink Manager – Secure One‑Click Admin Login & WordPress SSO By [NUMAN RASHEED](https://profiles.wordpress.org/numanrki/) [Download](https://downloads.wordpress.org/plugin/gatelink-manager.1.8.3.zip) * [Details](https://pcd.wordpress.org/plugins/gatelink-manager/#description) * [Reviews](https://pcd.wordpress.org/plugins/gatelink-manager/#reviews) * [Installation](https://pcd.wordpress.org/plugins/gatelink-manager/#installation) * [Development](https://pcd.wordpress.org/plugins/gatelink-manager/#developers) [Support](https://wordpress.org/support/plugin/gatelink-manager/) ## Description **GateLink Manager** pairs with the companion GateLink Client to deliver secure, zero‑config single sign‑on for WordPress. Skip copying credentials across sites: connect your hub to client sites and teleport into their dashboards with a single click. Whether you’re a developer, freelancer or agency managing many installations, GateLink saves time and reduces risk by using cryptographically signed links that expire within minutes. ### Key Features * **Zero‑config, one‑click login** – Jump straight into any connected site’s wp‑ admin without passwords. * **Passwordless SSO & HMAC security** – Each login URL is HMAC‑signed and valid for only a short time. * **Multi‑site management** – Add, edit, delete, verify and log in to client sites from a single dashboard. * **Free plan included** – Manage up to 3 sites at no cost; upgrade to Pro (20 sites) or Business (unlimited) when needed. * **Built‑in logs & metrics** – View connection history and lightweight stats right from the dashboard. * **Modern UI** – Responsive admin interface styled with Tailwind, tuned for accessibility and ease of use. ### How It Works 1. **Add a site** – Enter the client’s base URL on your Manager dashboard. 2. **Share a token** – Create or paste the Shared Token in Manager; paste the same token in the Client’s “Trusted Manager” screen. 3. **Verify & trust** – Click **Verify** to perform a health check and establish trust. 4. **Login** – Click **Login**; a short‑lived, HMAC‑signed URL opens the client site in a new tab, validates the signature and redirects to `/wp-admin`. ### Security & Privacy * **Cryptographically signed tokens** – All login links use HMAC‑SHA256 signatures with nonce‑based replay protection. * **Time‑limited links** – Tokens expire after a few minutes to reduce attack windows. * **No stored credentials** – GateLink never stores your admin passwords; only minimal metadata and logs are kept locally. * **HTTPS required** – Both Manager and Client sites must run over HTTPS; allow‑ list the login query parameters (`gatelink_login`, `cid`, `ts`, `sig`) in security/ CDN tools if necessary. ### Plans & Licensing GateLink is free to use for up to three client sites. Professional and Business plans unlock higher site limits and additional support options. Licensing is handled through Freemius; no license key is required for the free tier. ### External Services GateLink communicates only with other WordPress sites that have the GateLink Client plugin installed. Data exchanged includes site URLs, shared tokens, and connection timestamps. Licensing and support are provided via the Freemius service; activating a paid license sends your site domain, license key, and environment info to Freemius for validation. ## Screenshots * [[ * Dashboard hero and stats * [[ * Client Sites list with Verify/Login/Edit/Delete * [[ * [[ ## Installation 1. Upload the `gatelink-manager` folder to `/wp-content/plugins/`. 2. Activate the plugin via **Plugins** in wp‑admin. 3. Go to **GateLink Manager Client Sites**, add your client’s base URL, then create or paste a Shared Token. 4. On the client site, paste the same Shared Token under **GateLink Client Trusted Manager**. 5. Back in Manager, click **Verify**, then **Login** to open the client’s wp‑admin in a new tab. ## FAQ ### Do I need to configure anything on the client site? Yes. Install the GateLink Client plugin and paste the Shared Token (and optional Client ID) under **GateLink Client Trusted Manager**. ### The Login link doesn’t open wp-admin on the client. Ensure GateLink Client is active and reachable over HTTPS. Allow‑list the query parameters (`gatelink_login`, `cid`, `ts`, `sig`) in any firewall or security plugin and bypass CDN caching for those requests. ### Can I connect more than three sites? Yes. The free plan supports up to three sites. To manage more, upgrade to a Professional or Business plan via the Freemius licensing page. ### Does this use the REST API? Logins use a front‑end tokenized URL, not the REST API. Verification simply records trust and runs an advisory health check. ## Reviews There are no reviews for this plugin. ## Contributors & Developers “GateLink Manager – Secure One‑Click Admin Login & WordPress SSO” is open source software. The following people have contributed to this plugin. Contributors * [ NUMAN RASHEED ](https://profiles.wordpress.org/numanrki/) * [ Freemius ](https://profiles.wordpress.org/freemius/) [Translate “GateLink Manager – Secure One‑Click Admin Login & WordPress SSO” into your language.](https://translate.wordpress.org/projects/wp-plugins/gatelink-manager) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/gatelink-manager/), check out the [SVN repository](https://plugins.svn.wordpress.org/gatelink-manager/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/gatelink-manager/) by [RSS](https://plugins.trac.wordpress.org/log/gatelink-manager/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 1.8.3 * BUG FIX: Fixed SSO login URL generation to use query parameters instead of pretty URLs * COMPATIBILITY: SSO login now works with all permalink structures on client sites * BUG FIX: Fixed Add Site table refresh – newly added sites now appear immediately without page reload * UX: Improved Add Site workflow with automatic table updates and better visual feedback * SYNC: Version synchronized with Client plugin v1.8.3 for consistency #### 1.8.2 * Removed trial support from Freemius configuration. #### 1.8.1 * FIX: Fixed Connect flow – proper nonce verification for Manager Client REST handshake * ENHANCEMENT: AJAX Add Site with automatic table refresh – no more page reloads * COMPLIANCE: Enhanced nonce verification with dedicated connect_nonce for security * UX: Improved error handling with detailed troubleshooting messages for connection failures #### 1.8.0 * SECURITY: Enhanced sanitization and validation of super-globals, notably $_SERVER[‘ REMOTE_ADDR’] * STANDARDIZATION: Unified all prefixes to gate_manager_ for consistent naming across the plugin * MIGRATION: Added automatic migration logic to map old option names and keys to new unified names * COMPATIBILITY: Maintained backward compatibility with existing installations – no data loss * VALIDATION: Verified nonces and capability checks across all AJAX endpoints and admin forms #### 1.7.9 * DASHBOARD: Unlocked dashboard cards for all users including free plan – no more premium gating * UX: Added AJAX functionality for adding and deleting sites – no more page reloads * PERFORMANCE: Site operations now use AJAX for smoother user experience * UI: Enhanced responsiveness and workflow for site management * ACCESSIBILITY: Improved user experience with instant feedback for site operations #### 1.7.8 * WORDPRESS.ORG READY: Complete WordPress.org compliance achieved – plugin ready for directory submission and approval * COMPLIANCE: All WordPress.org requirements met including unique prefixes, no premium gating, proper enqueuing, and security standards * SECURITY: Enhanced HMAC-SHA256 authentication with time-limited tokens, nonce protection, and HTTPS enforcement * ERROR HANDLING: Enhanced HTTP 404 error messages with specific troubleshooting guidance for REST API connection failures * TROUBLESHOOTING: Added detailed diagnostic suggestions for common trust establishment issues including permalink and plugin activation checks * UX: Improved error messages provide actionable steps for resolving “Trust establishment failed” errors * VERSION: Synchronized version number with all plugin components for consistency #### 1.7.7 * CONNECT FLOW: Fixed “Connect” flow – new `/wp-json/gatelink-client/v1/connect` endpoint with proper HMAC/TTL payload validation * SECURITY: Implemented HMAC-SHA256 signatures with timestamp validation, nonce replay protection, and time skew tolerance (configurable 30-600 seconds) * DEBUG: Added debug mode setting with verbose logging for Connect/Verify operations– logs request/response details, UUIDs, and human-readable error reasons * STATUS: Added status banner on Client Sites page showing last connect attempt details (UUID, URL, response code, reason, timestamp) when debug mode enabled * AJAX: New `gate_manager_connect` action with `gate_manager_connect_nonce` per WordPress.org review requirements * ENDPOINTS: Manager uses HTTPS enforcement, proper user-agent (`GateLink-Manager/ v1.7.7`), and enhanced error handling * CLIENT: Updated to v1.7.7 with new connect endpoint, debug logging, settings storage, and improved HMAC validation * UI: Enhanced JavaScript with proper nonce handling for new connect action and better error display * COMPLIANCE: WordPress.org compliance improvements – replaced static Ajax endpoint references with proper admin_url() usage * COMPLIANCE: Fixed inline script/style enqueuing – moved all inline styles to proper wp_add_inline_style() usage * COMPLIANCE: Enhanced Freemius integration with WordPress.org compliance mode ( is_org_compliant => true) * COMPLIANCE: Improved unique function prefixes – replaced short gm_ prefix with unique gatema_ prefix for better namespace isolation * COMPLIANCE: Enhanced data sanitization, validation, and escaping throughout the plugin for improved security * SECURITY: Strengthened input validation and output escaping following WordPress best practices #### 1.6.0 * FIX: Immediate plan unlock after license activation – no more 20-30 minute delay. Reduced cache TTL from 5 minutes to 60 seconds with fresh entitlement bypass. * ENHANCEMENT: Added centralized plan state resolver with is_paid() and site_limit() helper methods. All features unlock instantly after license activation. * NEW: Added gatelink_refresh_entitlements AJAX endpoint for instant UI updates without page reload after Freemius activation. * EVENTS: Enhanced Freemius event handlers for after_account_connect, after_license_change, after_plan_change, after_premium_version_activation with immediate cache clearing and success notices. * CACHE: Improved cache compatibility with scoped purges for LiteSpeed, NitroPack, Airlift. Fresh entitlement flag bypasses cache for immediate refresh. * UX: Added success notices after license activation with automatic redirect to dashboard. Support/Contact menu visibility updates immediately based on plan. #### 1.5.5 * Fix: Freemius license activation/reset flow stabilized; eliminated SDK warnings after license reset; unified plan detection; enforced site limits (Free 3 / Pro 20 / Business unlimited); dynamic Support/Contact menus via Freemius. #### 1.5.4 * FREEMIUS: Use Freemius built-in Support/Contact menus dynamically: Free Support forum only; Paid/Trial Contact only. Removed custom Support/Contact pages. * MENU: Dynamic menu visibility using Freemius SDK filters based on plan state. Menu order: Dashboard Client Sites Settings (Support or Contact). * PLAN: Support/Contact menu switches automatically when plan changes via Freemius hooks (after_account_connect, after_plan_change, after_license_change, after_premium_version_activation). * CLEANUP: Removed entire render_contact_page method and custom support page templates in favor of Freemius native implementation. * VERSION: Both Manager and Client plugins updated to v1.5.4 for consistency. #### 1.5.3 * MENU: Consolidated Contact into a single Support page (plan-aware). Removed Diagnostics tab and all related code. Menu order: Dashboard Client Sites Settings Support. * SUPPORT: Single Support page with plan-aware content (Free: forum only; Professional: forum + Freemius contact; Business: forum + Freemius contact + priority support). * CLEANUP: Removed Diagnostics tab, functions, and AJAX endpoints. Added safe redirects for old Diagnostics URLs with dismissible notices. * COMPLIANCE: Enhanced security with proper nonce validation, capability checks, and input sanitization. * VERSION: Both Manager and Client plugins updated to v1.5.3 for consistency. #### 1.5.2 * FIX: Diagnostics tab fatal due to missing callback; consolidated Contact into a single plan-aware page (Free: forum only; Pro: forum + Freemius form; Business: forum + Freemius form + priority info); menu cleanup and UI polish; added safe guards and refresh in Diagnostics. * MENU: Reordered plugin menu logically (Dashboard Client Sites Settings Contact& Support) * CONTACT: Implemented plan-aware Contact & Support page with different content for Free/Professional/Business plans * DIAGNOSTICS: Added proper nonce-protected refresh functionality and defensive error handling * SECURITY: Enhanced nonce protection, capability checks, and input sanitization across admin pages * UI: Applied consistent styling with primary color #E91919 for CTAs and improved accessibility #### 1.5.1 * FIX: Dashboard & Diagnostics fatal due to missing Freemius method; unified Freemius plan API; stronger SDK guards; Diagnostics stabilized; plan gating corrected so paid/trial plans are fully enabled. * API: Unified stable Freemius API – get_display_plan_name(), get_plan_state(), is_paid(), is_trial(), get_trial_end(), get_license_last4(), refresh_cache() * STABILITY: Added comprehensive error handling and safe fallbacks for all Freemius SDK calls * DIAGNOSTICS: Enhanced with unified API self-check section showing plan state, trial info, and cache status * PERFORMANCE: Force cache invalidation on Freemius plan/license change hooks for immediate UI updates * COMPLIANCE: Verified Business/Professional plans are properly detected and not treated as Free #### 1.5.0 * NEW: Dedicated Dashboard page with consolidated metrics and quick actions * NEW: Live AJAX search on Client Sites (search by label or URL, debounced, accessible) * RESTRUCTURE: Client Sites now focuses on site management only; dashboard metrics moved to separate page * ENHANCEMENT: Dashboard placed above Client Sites in admin menu for better UX * ACCESSIBILITY: Search includes aria-live announcements and keyboard support ( Enter/Escape) * PERFORMANCE: Server-side search endpoint with proper pagination and caching * SECURITY: Search functionality secured with nonces and capability checks #### 1.4.4 * Fix: Freemius plan detection unified. Business/Professional (and trials) now fully unlocked. Free plan shows a simple upgrade panel and hides Logs. Correct site limits: Free 3, Pro 20, Business unlimited. Server-side gating added. #### 1.4.3 * SETTINGS RESTORATION: Restored Settings page with tabs – now available to all users, not just premium plans * RESET FUNCTIONALITY: Added Reset License and Reset Plugin Settings with enhanced UI and proper confirmations * FACTORY RESET: Reset Plugin Settings now requires typing “RESET” and redirects to onboarding screen * UNINSTALL CONTROLS: Added Uninstall/Data Cleanup tab with toggle and detailed deletion list * COLOR SCHEME: Updated to plugin primary color #E91919 for Reset tab highlighting and primary actions * ENHANCED MODALS: Replaced browser confirm() with accessible modal dialogs for all reset operations * SECURITY COMPLIANCE: All actions secured with nonces and capability checks, passes Plugin Check & WPCS * UI IMPROVEMENTS: Mobile responsive design with proper focus states and aria labels #### 1.4.1 * DOCUMENTATION: Complete documentation suite added to repository with comprehensive guides * ENHANCED READMES: Updated plugin readme files with improved descriptions and expanded FAQ sections * SECURITY GUIDANCE: Added detailed security documentation including firewall/CDN configuration * API REFERENCE: Complete endpoint documentation with curl examples and error codes * TROUBLESHOOTING: Comprehensive troubleshooting guide for common connection and authentication issues * DEPLOYMENT: Added build and deployment documentation for WordPress.org and Freemius compliance #### 1.4.0 * FREEMIUS TRIALS: Full trial support with proper plan detection – Professional/ Business trials now unlock corresponding features * TRIAL NOTICES: In-plugin trial status, remaining time, and auto-downgrade notifications for all admins * AUTO-DOWNGRADE: Automatic reversion to Free plan when trials expire, preserving existing site functionality * TRIAL LIFECYCLE: Event logging for trial started/expiring/ended with comprehensive diagnostics * PLAN BADGES: Enhanced plan display showing “Professional (Trial — X days left)” with real-time countdown * HELP DOCUMENTATION: Updated with comprehensive trial information and upgrade guidance #### 1.3.2 * FREE PLAN: No license required – Free plan now works without any license key and supports up to 3 sites * BUTTON UX: Improved action buttons – labels never disappear, show connecting/ verifying states, all buttons in one row * Enhanced button states: Connect becomes blue “Connected”, Verify becomes green“ Verified”, Login restores after new tab * Better mobile responsive design with graceful button wrapping * Suppressed Freemius activation prompts for Free plan users * Updated README documentation to reflect free plan behavior #### 1.3.1 * CRITICAL FIX: Fixed Free plan connection blocking – Connect/Verify/Login now work properly for up to 3 sites * Improved plan enforcement – only block adding new sites when limit exceeded, not operations on existing sites * Fixed “Connection failed” error on Free plan when exactly at site limit (3 sites) * Enhanced blocking logic to distinguish between site operations vs. adding new sites * Updated version numbering across both Manager and Client plugins * Better compliance with licensing requirements for Free/Professional/Business plans #### 1.3.0 * Fixed Freemius deployment integration – moved uninstall logic to proper hook for analytics * Improved free plan UX – existing sites remain fully functional when limit reached * Enhanced Settings page with tabbed interface (General | Advanced | Reset) * Removed standalone Reset menu, integrated into Settings as red-styled tab * Fixed plan limit modal to show upgrade options instead of window alerts * Better uninstall cleanup respecting Data Retention settings * Improved WordPress.org compliance and code quality #### 1.2.2 * CRITICAL FIX: Fixed SSO login URL generation – login links now properly authenticate users to Client wp-admin * WordPress.org Compliance: Removed all inline scripts and styles, properly using wp_enqueue_script/style * Enhanced admin interface with improved JavaScript handling and modal interactions * Fixed URL generation logic for SSO login endpoints * Improved delete confirmation dialogs and action handling * Better styling for dashboard cards and log tables * Updated help documentation with clearer firewall allowlist instructions #### 1.2.0 * Fixed core connectivity issues with Manager-Client authentication * Added Dashboard with statistics cards (Total, Verified, Pending/Error, Last Login) * Implemented comprehensive logging system with admin interface * Enhanced error handling with actionable fallback guidance * Added no-cache headers to prevent caching of sensitive requests * Improved manual pairing interface with copy-to-clipboard functionality * Added Health Check diagnostics for troubleshooting connections * Better firewall compatibility with allowlist guidance #### 1.0.0 Initial release: Shared‑token Verify + one‑click HMAC login, Client Sites CRUD, Tailwind UI, logs. ## Meta * Version **1.8.3** * Last updated **6 months ago** * Active installations **50+** * WordPress version ** 6.3 or higher ** * Tested up to **6.8.5** * PHP version ** 8.0 or higher ** * Language * [English (US)](https://wordpress.org/plugins/gatelink-manager/) * Tags * [admin access](https://pcd.wordpress.org/plugins/tags/admin-access/)[multi-site](https://pcd.wordpress.org/plugins/tags/multi-site/) [one click login](https://pcd.wordpress.org/plugins/tags/one-click-login/)[passwordless](https://pcd.wordpress.org/plugins/tags/passwordless/) [Single Sign-on](https://pcd.wordpress.org/plugins/tags/single-sign-on/) * [Advanced View](https://pcd.wordpress.org/plugins/gatelink-manager/advanced/) ## Ratings No reviews have been submitted yet. [Add my review](https://wordpress.org/support/plugin/gatelink-manager/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/gatelink-manager/reviews/) ## Contributors * [ NUMAN RASHEED ](https://profiles.wordpress.org/numanrki/) * [ Freemius ](https://profiles.wordpress.org/freemius/) ## Support Got something to say? Need help? [View support forum](https://wordpress.org/support/plugin/gatelink-manager/)