{"id":255917,"date":"2025-10-17T08:16:27","date_gmt":"2025-10-17T08:16:27","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/gatelink-client\/"},"modified":"2025-10-17T08:15:48","modified_gmt":"2025-10-17T08:15:48","slug":"gatelink-client","status":"publish","type":"plugin","link":"https:\/\/bal.wordpress.org\/plugins\/gatelink-client\/","author":18175374,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.8.3","stable_tag":"1.8.3","tested":"6.8.5","requires":"6.3","requires_php":"8.0","requires_plugins":null,"header_name":"GateLink Client","header_author":"GateLink","header_description":"Accepts trusted Manager connections and enables one-click, short-lived HMAC SSO into this site.","assets_banners_color":"","last_updated":"2025-10-17 08:15:48","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"","rating":0,"author_block_rating":0,"active_installs":0,"downloads":181,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.8.3":{"tag":"1.8.3","author":"numanrki","date":"2025-10-17 08:15:48"}},"upgrade_notice":{"1.2.2":"

CRITICAL UPDATE: Fixes blocking SSO login issue and WordPress.org compliance. SSO login now works properly.<\/p>","1.2.0":"

Important update: Fixes authentication flow and improves security plugin compatibility.<\/p>","1.0.0":"

First stable release.<\/p>"},"ratings":[],"assets_icons":{"icon.svg":{"filename":"icon.svg","revision":3379941,"resolution":false,"location":"assets","locale":false}},"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.8.3"],"block_files":[],"assets_screenshots":[],"screenshots":{"1":"Endpoint\/Status Page<\/strong> \u2013 A real-time health check for your trust connections.","2":"Logs<\/strong> \u2013 View authentication history and debug information."},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[3816,232830,9223,600,5136],"plugin_category":[54],"plugin_contributors":[216577],"plugin_business_model":[],"class_list":["post-255917","plugin","type-plugin","status-publish","hentry","plugin_tags-admin-login","plugin_tags-one-click-login","plugin_tags-passwordless","plugin_tags-security","plugin_tags-single-sign-on","plugin_category-security-and-spam-protection","plugin_contributors-numanrki","plugin_committers-numanrki"],"banners":[],"icons":{"svg":"https:\/\/ps.w.org\/gatelink-client\/assets\/icon.svg?rev=3379941","icon":"https:\/\/ps.w.org\/gatelink-client\/assets\/icon.svg?rev=3379941","icon_2x":false,"generated":false},"screenshots":[],"raw_content":"\n

GateLink Client<\/strong> is the receiving end of the GateLink ecosystem. It pairs with GateLink Manager<\/strong> to deliver instant, passwordless admin access to your WordPress sites. Once installed and trusted, it accepts HMAC\u2011signed login links from your Manager site, validates them, and redirects the user straight to wp\u2011admin\u2014no passwords, no hassle. Designed for developers, freelancers and site admins who maintain multiple installations, GateLink Client makes it easy to manage trust relationships and keep your sites secure.<\/p>\n\n

Key Features<\/h3>\n\n
    \n
  • Trust Management<\/strong> \u2013 Explicitly approve or revoke which Manager sites can access your admin. <\/li>\n
  • Quick Connect & Manual Pairing<\/strong> \u2013 Choose between instant pairing or manual shared token setup for finer control. <\/li>\n
  • HMAC\u2011Signed Security<\/strong> \u2013 Enforces HMAC\u2011SHA256 signatures with TTL and replay protection for every login URL. <\/li>\n
  • Health Monitoring<\/strong> \u2013 Provides a REST endpoint for status checks, so you know when connections are healthy. <\/li>\n
  • Activity Logs<\/strong> \u2013 Tracks connection attempts and logins for auditing and troubleshooting. <\/li>\n
  • Accessible Admin Interface<\/strong> \u2013 Built with modern design and accessibility support for a seamless user experience.<\/li>\n<\/ul>\n\n

    How It Works<\/h3>\n\n
      \n
    1. Establish Trust<\/strong> \u2013 Generate a Shared Token in the Manager and paste it under GateLink Client \u2192 Trusted Manager<\/strong>. <\/li>\n
    2. Validate Links<\/strong> \u2013 When the Manager issues a login link, the Client verifies the HMAC signature and checks the timestamp. <\/li>\n
    3. Automatic Login<\/strong> \u2013 Upon successful validation, the user is logged into wp\u2011admin without needing credentials. <\/li>\n
    4. Expire & Revoke<\/strong> \u2013 Links expire after two minutes and can only be used once; you can revoke trust anytime via the admin interface.<\/li>\n<\/ol>\n\n

      Security & Privacy<\/h3>\n\n
        \n
      • Short\u2011lived Tokens<\/strong> \u2013 Login URLs are valid for only a couple of minutes to minimize exposure. <\/li>\n
      • Server\u2011Side Signing<\/strong> \u2013 All signatures are generated on the Manager; the Client never stores admin passwords. <\/li>\n
      • HTTPS Recommended<\/strong> \u2013 Run both Manager and Client over HTTPS and avoid caching login requests. <\/li>\n
      • Peer\u2011to\u2011Peer Communication<\/strong> \u2013 The Client only exchanges data (site info, tokens, timestamps) with your Manager sites; no third parties are involved.<\/li>\n<\/ul>\n\n\n
          \n
        1. Upload the gatelink-client<\/code> folder to \/wp-content\/plugins\/<\/code>. <\/li>\n
        2. Activate the plugin from the Plugins<\/strong> menu. <\/li>\n
        3. Go to GateLink Client \u2192 Trusted Managers<\/strong> and approve pending requests or manually add a Manager using the Shared Token. <\/li>\n
        4. Once trusted, the Manager can verify the connection and perform one\u2011click logins.<\/li>\n<\/ol>\n\n

          Setup Notes<\/h3>\n\n
            \n
          • The Client plugin is free and works with any GateLink Manager plan (Free, Professional or Business). <\/li>\n
          • You can connect multiple Manager sites; each must be approved separately for security. <\/li>\n
          • You can revoke any Manager\u2019s access at any time via the Trusted Managers interface.<\/li>\n<\/ul>\n\n\n
            \n

            Do I need to set keys or tokens manually?<\/h3><\/dt>\n

            Yes. You must paste the Shared Token from your Manager under GateLink Client \u2192 Trusted Manager<\/strong>. The Client can generate an initial token, but both sides must match.<\/p><\/dd>\n

            It doesn\u2019t redirect to wp-admin.<\/h3><\/dt>\n

            Ensure that the request reaches WordPress\u2019s template_redirect<\/code>. Temporarily disable or adjust any firewall or caching rule that blocks the query parameters (gatelink_login<\/code>, cid<\/code>, ts<\/code>, sig<\/code>) and avoid caching these requests.<\/p><\/dd>\n

            Can I use it without a license?<\/h3><\/dt>\n

            Absolutely. The Client plugin itself requires no license and supports connections from any Manager plan. The only limit is imposed by the Manager\u2019s plan for the number of sites.<\/p><\/dd>\n\n<\/dl>\n\n\n

            1.8.3<\/h4>\n\n
              \n
            • SECURITY: Fixed sanitization of $_SERVER['REMOTE_ADDR'] in REST API endpoints (class-rest.php lines 100, 163)<\/li>\n
            • SECURITY: Implemented proper IP address validation using filter_var() with FILTER_VALIDATE_IP for both IPv4 and IPv6<\/li>\n
            • COMPATIBILITY: Added defensive check for DONOTCACHEPAGE constant to prevent conflicts with caching plugins<\/li>\n
            • COMPLIANCE: Resolved all WordPress.org Plugin Directory review issues - full compliance achieved<\/li>\n
            • COMPLIANCE: Enhanced security measures following WordPress.org \"Sanitize Early, Escape Late, Always Validate\" guidelines<\/li>\n<\/ul>\n\n

              1.8.2<\/h4>\n\n
                \n
              • Removed trial support from Freemius configuration.<\/li>\n<\/ul>\n\n

                1.8.1<\/h4>\n\n
                  \n
                • COMPATIBILITY: Enhanced connection handling for improved Manager \u2192 Client REST handshake<\/li>\n
                • SECURITY: Maintained robust HMAC signature validation and nonce replay protection <\/li>\n
                • VERSION SYNC: Updated to maintain version synchronization with Manager plugin v1.8.1<\/li>\n
                • No functional changes to Client plugin - maintains all existing security and connection features<\/li>\n<\/ul>\n\n

                  1.8.0<\/h4>\n\n
                    \n
                  • SECURITY: Enhanced sanitization and validation of super-globals, notably $_SERVER['REMOTE_ADDR']<\/li>\n
                  • STANDARDIZATION: Unified all prefixes to gate_client_ for consistent naming across the plugin<\/li>\n
                  • MIGRATION: Added automatic migration logic to map old option names and keys to new unified names<\/li>\n
                  • COMPATIBILITY: Maintained backward compatibility with existing installations - no data loss<\/li>\n
                  • VALIDATION: Verified nonces and capability checks across all AJAX endpoints and admin forms<\/li>\n<\/ul>\n\n

                    1.7.9<\/h4>\n\n
                      \n
                    • VERSION SYNC: Updated to maintain version synchronization with Manager plugin v1.7.9<\/li>\n
                    • COMPATIBILITY: Full compatibility with Manager's enhanced AJAX functionality and dashboard improvements<\/li>\n
                    • No functional changes to Client plugin - maintains all existing security and connection features<\/li>\n<\/ul>\n\n

                      1.7.8<\/h4>\n\n
                        \n
                      • WORDPRESS.ORG READY: Complete WordPress.org compliance achieved - plugin ready for directory submission and approval<\/li>\n
                      • COMPLIANCE: All WordPress.org requirements met including unique prefixes, proper security, and coding standards<\/li>\n
                      • VERSION SYNC: Updated to maintain version synchronization with Manager plugin v1.7.8<\/li>\n
                      • COMPATIBILITY: Full compatibility with Manager's enhanced error handling and troubleshooting guidance<\/li>\n
                      • SECURITY: Maintains all existing security and connection features with HMAC-SHA256 validation<\/li>\n
                      • No functional changes to Client plugin - maintains all existing security and connection features<\/li>\n<\/ul>\n\n

                        1.7.7<\/h4>\n\n
                          \n
                        • CONNECT FLOW: New \/wp-json\/gatelink-client\/v1\/connect<\/code> endpoint with proper HMAC\/TTL signature validation<\/li>\n
                        • SECURITY: Enhanced security with HMAC-SHA256 validation, timestamp checking (\u00b1120 seconds configurable), and nonce replay protection<\/li>\n
                        • DEBUG: Added debug mode and comprehensive logging for connect attempts with request\/response details<\/li>\n
                        • STORAGE: Added settings storage system for debug mode and time skew tolerance configuration<\/li>\n
                        • VALIDATION: Robust input sanitization and validation for all connect endpoint parameters<\/li>\n
                        • COMPLIANCE: Removed uninstall.php per WordPress.org requirements; cleaned contentReference placeholders from readme<\/li>\n
                        • API: REST endpoint validates manager_id, manager_url, timestamp, nonce, and signature; returns proper JSON responses<\/li>\n
                        • LOGGING: Connect attempts logged with UUID tracking, detailed context, and human-readable error messages<\/li>\n
                        • TIME SKEW: Configurable time skew tolerance (30-600 seconds) to handle server clock differences<\/li>\n<\/ul>\n\n

                          1.5.5<\/h4>\n\n
                            \n
                          • Fix: Freemius license activation\/reset flow stabilized; eliminated SDK warnings after license reset; unified plan detection; enforced site limits (Free 3 \/ Pro 20 \/ Business unlimited); dynamic Support\/Contact menus via Freemius.<\/li>\n<\/ul>\n\n

                            1.5.4<\/h4>\n\n
                              \n
                            • VERSION SYNC: Updated to maintain version synchronization with Manager plugin v1.5.4<\/li>\n
                            • COMPATIBILITY: Full compatibility with Manager's Freemius dynamic Support\/Contact menu system<\/li>\n
                            • No functional changes to Client plugin - maintains all existing security and connection features<\/li>\n<\/ul>\n\n

                              1.5.3<\/h4>\n\n
                                \n
                              • VERSION SYNC: Updated to maintain version synchronization with Manager plugin v1.5.3<\/li>\n
                              • COMPATIBILITY: Full compatibility with Manager's consolidated Support page and removed Diagnostics functionality<\/li>\n
                              • No functional changes to Client plugin - maintains all existing security and connection features<\/li>\n<\/ul>\n\n

                                1.5.2<\/h4>\n\n
                                  \n
                                • VERSION SYNC: Updated to maintain version synchronization with Manager plugin v1.5.2<\/li>\n
                                • COMPATIBILITY: Full compatibility with Manager's enhanced Contact & Support system and improved diagnostics<\/li>\n
                                • No functional changes to Client plugin - maintains all existing security and connection features<\/li>\n<\/ul>\n\n

                                  1.5.1<\/h4>\n\n
                                    \n
                                  • VERSION SYNC: Updated to maintain version synchronization with Manager plugin v1.5.1<\/li>\n
                                  • COMPATIBILITY: Full compatibility with Manager's stabilized Freemius integration and unified plan API<\/li>\n
                                  • No functional changes to Client plugin - maintains all existing security and connection features<\/li>\n<\/ul>\n\n

                                    1.5.0<\/h4>\n\n
                                      \n
                                    • VERSION SYNC: Updated to maintain version synchronization with Manager plugin v1.5.0<\/li>\n
                                    • COMPATIBILITY: Full compatibility with Manager's new Dashboard page and AJAX search functionality<\/li>\n
                                    • No functional changes to Client plugin - maintains all existing security and connection features<\/li>\n<\/ul>\n\n

                                      1.4.4<\/h4>\n\n
                                        \n
                                      • Fix: Version sync with Manager plugin. Supports unified plan detection and feature gating improvements. No functional changes to Client plugin.<\/li>\n<\/ul>\n\n

                                        1.4.3<\/h4>\n\n
                                          \n
                                        • VERSION SYNC: Updated to maintain version synchronization with Manager plugin v1.4.3<\/li>\n
                                        • COMPATIBILITY: Full compatibility with Manager's restored Settings page and enhanced reset functionality<\/li>\n
                                        • UNINSTALL SUPPORT: Compatible with Manager's improved uninstall data cleanup controls<\/li>\n
                                        • No functional changes to Client plugin - maintains all existing security and connection features<\/li>\n<\/ul>\n\n

                                          1.4.1<\/h4>\n\n
                                            \n
                                          • DOCUMENTATION: Updated plugin readme with enhanced descriptions and expanded FAQ<\/li>\n
                                          • COMPATIBILITY: Full compatibility with Manager plugin v1.4.1 documentation updates<\/li>\n
                                          • INSTALLATION: Improved installation instructions covering Quick Connect and Manual Pairing<\/li>\n
                                          • Enhanced description of security features and trust management capabilities<\/li>\n<\/ul>\n\n

                                            1.4.0<\/h4>\n\n
                                              \n
                                            • Updated version numbering to match Manager plugin v1.4.0<\/li>\n
                                            • Compatible with Manager's enhanced trial functionality and auto-downgrade behavior<\/li>\n
                                            • Full support for Professional and Business trial connections<\/li>\n<\/ul>\n\n

                                              1.3.2<\/h4>\n\n
                                                \n
                                              • Updated version numbering to match Manager plugin v1.3.2<\/li>\n
                                              • Compatible with Manager's improved free plan behavior (no license required)<\/li>\n
                                              • Enhanced UI compatibility with Manager's improved button states<\/li>\n<\/ul>\n\n

                                                1.3.1<\/h4>\n\n
                                                  \n
                                                • Updated version numbering to match Manager plugin v1.3.1<\/li>\n
                                                • No functional changes - Client plugin works with improved Manager licensing logic<\/li>\n
                                                • Better compatibility with Free\/Professional\/Business plan enforcement<\/li>\n<\/ul>\n\n

                                                  1.3.0<\/h4>\n\n
                                                    \n
                                                  • Enhanced WordPress.org compliance and code quality<\/li>\n
                                                  • Improved authentication flow stability and error handling<\/li>\n
                                                  • Better compatibility with security plugins and caching systems<\/li>\n
                                                  • Updated admin interface styling for consistency<\/li>\n<\/ul>\n\n

                                                    1.2.2<\/h4>\n\n
                                                      \n
                                                    • CRITICAL FIX: Fixed SSO login authentication flow - login URLs now properly authenticate and redirect to wp-admin<\/li>\n
                                                    • WordPress.org Compliance: Removed all inline scripts and styles, properly using wp_enqueue_script\/style<\/li>\n
                                                    • Enhanced copy-to-clipboard functionality for API tokens and endpoints<\/li>\n
                                                    • Improved rewrite rule handling for SSO login URLs<\/li>\n
                                                    • Added proper cache clearing for authentication cookies<\/li>\n
                                                    • Better no-cache headers implementation for SSO endpoints<\/li>\n
                                                    • Updated admin interface styling and JavaScript handling<\/li>\n<\/ul>\n\n

                                                      1.2.0<\/h4>\n\n
                                                        \n
                                                      • Fixed authentication flow to support both \"Push\" and \"Manual\" pairing methods<\/li>\n
                                                      • Enhanced admin interface with improved API token display and copy functionality<\/li>\n
                                                      • Added support for security plugin compatibility with proper authentication handling<\/li>\n
                                                      • Improved user interface with better Manager approval workflow<\/li>\n
                                                      • Added no-cache headers to prevent caching of sensitive authentication requests<\/li>\n
                                                      • Enhanced error handling and security validation<\/li>\n
                                                      • Better integration with Manager sites for seamless connection establishment<\/li>\n<\/ul>\n\n

                                                        1.0.0<\/h4>\n\n

                                                        Initial release: shared\u2011token one\u2011click HMAC login.<\/p>","raw_excerpt":"Secure, zero\u2011config SSO for WordPress sites\u2014validate HMAC\u2011signed links and log users into wp\u2011admin automatically.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/bal.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/255917","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bal.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/bal.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/bal.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=255917"}],"author":[{"embeddable":true,"href":"https:\/\/bal.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/numanrki"}],"wp:attachment":[{"href":"https:\/\/bal.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=255917"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/bal.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=255917"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/bal.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=255917"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/bal.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=255917"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/bal.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=255917"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/bal.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=255917"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}