內容簡介
HappyAccess 簡化了為支援工程師、開發者和代理商提供臨時管理員訪問的過程,確保安全、透明且符合 GDPR 規範。此外掛讓商家無需手動創建或刪除管理員用戶,並保持完全控制和審計可見性。
【主要功能】
• OTP 驗證:生成安全的 6 位數代碼
• 魔法鏈接登入:一鍵登入,短期有效
• 可重複使用的訪問代碼:多次登入直到過期
• 角色選擇:分配任意 WordPress 角色
• 時間限制訪問:自動在設定時間後過期
• 管理員菜單限制:阻止臨時用戶訪問特定頁面
外掛標籤
開發者團隊
原文外掛簡介
HappyAccess simplifies the process of granting temporary admin access to support engineers, developers, and agencies – securely, transparently, and GDPR-compliantly.
It removes the need for merchants to manually create/delete admin users or share passwords, while maintaining full control and audit visibility.
Key Features
Access & Authentication
OTP-Based Authentication: Generate secure 6-digit codes instead of sharing passwords.
Magic Link Authentication: One-click login links with short expiration (1-10 minutes), single-use.
OTP Share Links: Generate secure single-view links to share OTP codes safely with auto-expiry.
Reusable Access Codes: Support engineers can log in multiple times with the same code until it expires.
One-Time Use Option: Generate codes that automatically revoke after first use for maximum security.
Role Selection: Assign any WordPress role (Administrator, Editor, Shop Manager, or custom roles).
Time-Limited Access: Automatically expires after the set duration (1 hour to 30 days).
Access Restrictions
Admin Menu & Submenu Restrictions: Block temp users from specific admin pages with a visual picker. Supports top-level menus and individual sub-pages (WooCommerce tabs, EDD sections, BuddyPress, or any plugin).
Direct URL Blocking: Restricted pages are inaccessible even when accessed by typing the URL directly.
Hide Admin Bar: Option to hide the WordPress admin bar for temporary users.
Main Admin Protection: Temp users cannot see, edit, or delete the site owner. Dangerous bulk actions are blocked.
Plugin Self-Protection: HappyAccess is hidden from the plugins list for temp users.
Activate/Deactivate Toggle: Suspend a temp user’s access without deleting them, and reactivate later with one click.
Security
reCAPTCHA v3 Protection: Optional invisible bot protection for OTP login.
IP Allowlist: Optionally restrict access codes to specific IP addresses.
Rate Limiting: Failed attempt lockouts and IP tracking prevent brute force attacks.
Emergency Lock: One-click admin bar button to instantly revoke all active tokens.
Session Management: Logout all temp sessions without revoking tokens.
Monitoring & Compliance
Full Audit Log: Track all access, logins, restrictions, and actions with filterable event log and CSV export.
Live Countdown Timer: Real-time expiry countdown in the admin bar with auto-logout.
Login Count Tracking: See first login vs re-logins in the audit log.
Active Token Management: View all active codes, see usage status, generate magic links, and revoke anytime.
Email Notifications: Send access codes and magic links to admin or support email.
Automatic Cleanup: Temporary users and old logs are deleted automatically when access expires.
GDPR Compliant: Built-in consent workflow, privacy policy integration, and data export/erasure support.
Native WordPress UI: Clean interface matching WordPress and WooCommerce admin styles.
How It Works
Go to Users → HappyAccess in your WordPress admin.
Click Generate Access tab.
Choose duration (1 hour to 30 days) and role.
Optionally enable email notification.
Accept GDPR terms and click Generate Access Code.
Share the 6-digit code with your support engineer.
They enter the code at your login page – no username/password needed.
Access automatically expires and user is deleted.
Perfect For
Support Engineers – Quick access without password hassles.
Agencies – Manage client access professionally.
Store Owners – Maintain security while getting help.
Developers – Troubleshoot without credential sharing.
GDPR & Security
All access must be disclosed in your Terms & Conditions.
Complete audit trail of all actions.
Data stored locally on your WordPress site.
Automatic data cleanup after 30 days.
Rate limiting prevents brute force attacks.
Third-Party Services
This plugin optionally connects to the following third-party service:
Google reCAPTCHA v3 (optional)
When enabled in Settings, HappyAccess loads Google reCAPTCHA v3 on the WordPress login page to protect the OTP field from automated attacks. This sends the user’s IP address, browser information, and interaction data to Google for bot detection.
Service URL: https://www.google.com/recaptcha/
Terms of Service: https://policies.google.com/terms
Privacy Policy: https://policies.google.com/privacy
reCAPTCHA is disabled by default and must be explicitly enabled by an administrator. When disabled, no data is sent to Google.
Privacy Policy
HappyAccess stores access logs locally on your WordPress site. No data is sent to external services unless you enable optional integrations (see Third-Party Services above).
The plugin collects:
* IP addresses of users accessing with temporary codes.
* Browser information (user agent).
* Access times and durations.
* Actions performed (audit log).
This data is automatically deleted after 30 days unless configured otherwise.
When Google reCAPTCHA v3 is enabled, the user’s IP address, browser fingerprint, and interaction data are sent to Google for bot detection. See Google’s Privacy Policy for details.
You must disclose in your Terms & Conditions that you may grant admin access to third parties for support purposes.
