內容簡介
<b>GateLink Client WordPress 外掛介紹</b>
GateLink Client 是 GateLink 生態系統的接收端。它與 GateLink Manager 配對,為您的 WordPress 網站提供即時、無密碼管理訪問。一旦安裝並受信任,它會接受來自您的 Manager 網站的 HMAC 簽名登入連結,驗證它們,並將用戶直接重定向到 wp-admin──無需密碼,無需麻煩。GateLink Client 專為開發人員、自由職業者和管理多個網站的網站管理員設計,使得管理信任關係並保持您的網站安全變得輕鬆。
<ul>
<li>信任管理-明確批准或撤銷哪些 Manager 網站可以訪問您的管理員。</li>
<li> 快速連接和手動配對-可選擇即時配對或手動共享令牌設置以更好地控制。</li>
<li> HMAC-簽名安全-對每個登入 URL 強制執行 HMAC-SHA256 簽名,並提供 TTL 和重播保護。</li>
<li> 健康監控-為狀態檢查提供 REST 端點,讓您知道連接何時正常。</li>
<li> 活動日誌-跟踪連接嘗試和登錄以進行審計和疑難排解。</li>
<li> 可訪問的管理介面-具有現代設計和無障礙支持,提供無縫的使用者體驗。</li>
</ul>
<b>如何運作</b>
<ul>
<li>建立信任-在管理員中生成共享令牌,並將其粘貼到 GateLink Client → 受信任的 Manager 下方。</li>
<li> 驗證連結-當 Manager 發出登入連結時,Client 驗證 HMAC 簽名並檢查時間戳。</li>
<li> 自動登入-驗證成功後,用戶無需憑證即可登錄到 wp-admin。</li>
<li> 過期和撤銷-連結在兩分鐘後過期,且僅可使用一次;您隨時可以通過管理介面撤銷信任。</li>
</ul>
<b>安全和隱私</b>
<ul>
<li>短暫使用令牌-登入 URL 有效時間僅為幾分鐘,以最大程度減少曝光。</li>
<li> 伺服器端簽署-所有簽名均在 Manager 上生成;Client 永遠不會儲存管理員密碼。</li>
<li> 建議使用 HTTPS-使用 HTTPS 運行 Manager 和 Client,以避免緩存登入請求。</li>
<li> 點對點通訊-Client 只與您的 Manager 網站交換數據(站點資訊、令牌、時間戳);無第三方參與。</li>
</ul>
外掛標籤
開發者團隊
② 後台搜尋「GateLink Client – Passwordless SSO & One‑Click Admin Access」→ 直接安裝(推薦)
原文外掛簡介
GateLink Client is the receiving end of the GateLink ecosystem. It pairs with GateLink Manager to deliver instant, passwordless admin access to your WordPress sites. Once installed and trusted, it accepts HMAC‑signed login links from your Manager site, validates them, and redirects the user straight to wp‑admin—no passwords, no hassle. Designed for developers, freelancers and site admins who maintain multiple installations, GateLink Client makes it easy to manage trust relationships and keep your sites secure.
Key Features
Trust Management – Explicitly approve or revoke which Manager sites can access your admin.
Quick Connect & Manual Pairing – Choose between instant pairing or manual shared token setup for finer control.
HMAC‑Signed Security – Enforces HMAC‑SHA256 signatures with TTL and replay protection for every login URL.
Health Monitoring – Provides a REST endpoint for status checks, so you know when connections are healthy.
Activity Logs – Tracks connection attempts and logins for auditing and troubleshooting.
Accessible Admin Interface – Built with modern design and accessibility support for a seamless user experience.
How It Works
Establish Trust – Generate a Shared Token in the Manager and paste it under GateLink Client → Trusted Manager.
Validate Links – When the Manager issues a login link, the Client verifies the HMAC signature and checks the timestamp.
Automatic Login – Upon successful validation, the user is logged into wp‑admin without needing credentials.
Expire & Revoke – Links expire after two minutes and can only be used once; you can revoke trust anytime via the admin interface.
Security & Privacy
Short‑lived Tokens – Login URLs are valid for only a couple of minutes to minimize exposure.
Server‑Side Signing – All signatures are generated on the Manager; the Client never stores admin passwords.
HTTPS Recommended – Run both Manager and Client over HTTPS and avoid caching login requests.
Peer‑to‑Peer Communication – The Client only exchanges data (site info, tokens, timestamps) with your Manager sites; no third parties are involved.
