內容簡介
Tempmails 將您的 WordPress 網站轉變為自我托管的臨時電子郵件服務。訪客可以生成隨機的可丟棄電子郵件地址,實時接收訊息並在完成後刪除,所有操作均在您的網站內進行,確保資料隱私。
【主要功能】
• 自我托管的臨時電子郵件服務
• 實時收件匣,支持 AJAX 自動刷新
• 支援附件下載,支持 40 多種檔案類型
• 現代化的 Material Design 3 UI
• 完全無第三方品牌標識的白標設計
• 無需用戶帳號或註冊的 Cookie 基於會話
外掛標籤
開發者團隊
原文外掛簡介
Self-hosted. Privacy-first. Fully yours.
Tempmails turns your WordPress site into a self-hosted temporary email
service. Visitors generate a random disposable email address, receive
messages in a real-time inbox, and discard them when done — all without
leaving your site.
Unlike third-party services, Tempmails runs entirely on your own server
and IMAP mailbox. You own the data, the domain, and the brand.
🔒 No third-party email APIs
📬 Real IMAP inbox — not a simulation
🎨 Material Design 3 UI — beautiful out of the box
⚡ AJAX-powered — no page reloads
🚀 Quick Links
Everything you need to get started, get help, and stay connected:
🌐 Official Website — tempmails.cv — docs,
roadmap, and addon announcements
🎬 Installation Tutorial — Watch the step-by-step video guide below
📺 YouTube Channel — NeoSmartApps on YouTube
— tutorials, walkthroughs, and new release demos
☕ Support the Project — Buy us a coffee via PayPal
— Tempmails is free forever; your support keeps development alive
🖥️ Need Hosting? — Tempmails works best on a VPS or shared host with
catch-all IMAP support. We recommend Hostinger
(affiliate link — we earn a small commission at no extra cost to you)
🎬 Watch: Full Installation Tutorial
Core Features
📨 Email Engine
IMAP Email Fetching — connects to any catch-all IMAP mailbox
Auto Email Generation — random disposable addresses on your own domains
Real-time Inbox — AJAX-powered message viewer with configurable
auto-refresh
Attachment Support — download files with 40+ allowed extensions
🎨 Design & UI
Material Design 3 UI — modern, responsive inbox with Inter & Poppins fonts
White-labeled — fully rebrandable, no third-party branding in the UI
Design Panel — live color picker and label customization in admin
🛡️ Privacy & Data
Soft Delete — messages are never hard-deleted; safe for compliance
Cookie-based sessions — no user accounts or registration required
Zero external data transmission — all data stays on your server
⚙️ WordPress Native
Uses WP database, cron, options, nonces, and security APIs throughout
Settings API compliant admin panel
Full i18n/l10n support with .pot file included
Shortcode
Place the inbox anywhere on your site with one shortcode:
[tempmails_inbox]
This renders the full inbox UI — email generation, copy button,
auto-refresh, message list, and message viewer modal.
Addon Ecosystem
Tempmails Core is frozen infrastructure. All new functionality is
delivered via addons using a documented, stable hook system — your site
never breaks on Core updates.
Available addon hooks cover: email generation, message routing, inbox
access control, multi-domain support, billing integration, and more.
See the Hooks section below for the full reference.
Privacy
Tempmails stores temporary email addresses in browser cookies to
maintain inbox sessions between page loads. No personal data is collected,
stored against user accounts, or transmitted to any external service.
See External Services below for details on the optional GitHub
ecosystem feed.
Hooks
Tempmails exposes a complete hook system for addon developers. All hooks
below are stable and frozen — they will not be renamed, removed, or
have their signatures changed in any minor version.
Action Hooks
tempmails_loaded — Core fully initialized; safe for addon bootstrap
tempmails_core_ready — fires after DB integrity check; passes Core
version string
tempmails_activated — fires on plugin activation; safe for addon setup
tempmails_deactivated — fires on plugin deactivation
tempmails_email_generated — new address generated; params: $email,
$ip
tempmails_inbox_accessed — user opened inbox; params: $email, $ip
tempmails_message_received — new message stored; params: $message_id,
$to_address
tempmails_message_marked_seen — message read; params: $message_id
tempmails_message_deleted — soft delete triggered; params: $message_id,
$email
tempmails_cleanup_completed — cron cleanup finished; params:
$deleted_count
tempmails_fetch_completed — fetch cycle finished; params: $results
array
Filter Hooks
tempmails_registered_addons — register your addon for the Addons admin
page
tempmails_generated_email — modify a generated address before returning
it
tempmails_available_domains — modify the domain list available for
generation
tempmails_can_fetch_messages — allow/block a fetch cycle; params:
$bool, $engine
tempmails_can_process_message — allow/block a single message; params:
$bool, $message
tempmails_can_store_message — allow/block DB insert; params: $bool,
$data
tempmails_can_read_inbox — allow/block inbox access; params: $bool,
$email
tempmails_message_content — filter body before display; params:
$content, $message_id
tempmails_default_settings — modify default option values on activation
tempmails_inbox_attributes — modify shortcode default attributes
tempmails_admin_dashboard_stats — extend dashboard stat cards
tempmails_settings_tabs — add custom tabs to the Settings page
External Services
Ecosystem Feed (Optional — Default On)
Tempmails fetches a public JSON file from GitHub to display addon and
ecosystem information inside the WordPress admin panel.
What this connection does:
Fires only when viewing Tempmails admin pages
Retrieves only public, non-personal JSON content
Transmits no user data, site URL, or any identifiable information
Results are cached locally for 1 hour to minimize requests
Remote endpoint:
https://raw.githubusercontent.com/ubermensch-site/tempmails-ecosystem/main/ecosystem.json
Service provider: GitHub
Privacy policy: https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement
To disable this connection entirely, uncheck Ecosystem Feed under
Tempmails → Settings → General. Hardcoded fallback content is shown
instead — no requests are made.
Google Fonts
The frontend inbox loads the Inter and Poppins typefaces and the
Material Symbols icon font from Google Fonts CDN.
What this connection does:
Fires only on pages where [tempmails_inbox] is rendered
Transmits the visitor’s IP address to Google as part of a standard font
request
Service provider: Google Fonts
Privacy policy: https://developers.google.com/fonts/faq/privacy
To avoid this (e.g. for GDPR compliance), dequeue tempmails-google-fonts
and load self-hosted font copies instead.
Developers
This section documents internal implementation details, security practices,
and notes for addon developers.
Security Hardening Log
All security changes are tracked here for auditing purposes.
2026-04-04 — Security Review Pass (v1.0.7 patch)
class-core.php — ajax_delete_message(): $_POST['message_id']
was wp_unslash()-ed but not sanitized, with a phpcs:ignore
suppression comment masking the warning. Now wrapped with
sanitize_text_field( wp_unslash( … ) ). Suppression comment removed.
2026-04-02 — Security Review Pass (v1.0.7 patch)
class-design.php — Removed raw