Skip to content

Temporary Login

Temporary Login lets you share a one-click, time-limited sign-in link instead of handing over a real password. Links use a ?tl_token= query parameter, expire on their own, and leave a short activity trail you can review.

  • Adds a dedicated admin page: WP PowerSuite -> Temporary Login (powersuite-temporary-login).
  • Creates token links that log the assigned user in when opened (?tl_token=...).
  • Stores logins and activity in database tables tl_temporary_logins and tl_activity_logs.
  • Free: new links are limited to 1-day expiry only.
  • Premium: longer/custom expiry, single-use, max uses, IP restriction, and bind to first device.
  • Can bypass WP PowerSuite 2FA for a valid token matching that user.
  • Blocks sensitive admin screens during a temporary session (plugin/theme editors, core updates, import/export, site health, and selected PowerSuite pages including Temporary Login management itself).
  • A developer or host needs short-lived admin access without your password.
  • A client or vendor should review the site for a day without a permanent account password.
  • You want an activity trail of temporary access.
  1. Go to WP PowerSuite -> Modules.
  2. Filter by Login & Users or search for “Temporary Login”.
  3. Turn the module on.
  4. Open WP PowerSuite -> Temporary Login to create and manage links.

There is no gear-icon settings modal - management is on the custom admin page.

  1. Create a temporary login for a test user (Free: 1-day expiry).
  2. Copy the link and open it in a private browser window while logged out. ✅ You are signed in as that user without entering a password.
  3. Confirm blocked screens (e.g. plugin editor) are inaccessible.
  4. After expiry (or revoke), reopen the link - access should be denied.
  5. Check activity on the Temporary Login admin page.
  • Link does nothing / access denied. Token may be expired, revoked, over max uses, IP-mismatched (Premium), or device-mismatched (Premium).
  • Can’t create longer expiry on Free. Expected - Free forces 1-day; activate Premium for other durations.
  • 2FA still prompts. Bypass only applies when the token is valid and matches the user being authenticated.
  • Can’t open Temporary Login while using a temp session. Expected - that PowerSuite page is blocked during temporary sessions.
What does the free Temporary Login plan allow?

On Free, new links use a 1-day expiry only. Single-use, max uses, IP restriction, device binding, and longer/custom expiries require Premium.

Does Temporary Login bypass two-factor authentication?

Yes. A valid temporary login token for that user can bypass WP PowerSuite 2FA for that sign-in.

Where do I manage temporary logins?

Under WP PowerSuite -> Temporary Login (admin.php?page=powersuite-temporary-login).

Can temporary sessions edit plugins or themes?

Sensitive screens such as the plugin/theme editors, update-core, import/export, and site health are blocked. Temporary Login and some PowerSuite admin pages are also blocked during a temp session.

Developer notes (hooks & filters)

Source: modules/temporary-login/module.php, FeatureGate.php, admin.php. Boot: critical. Meta: is_freemium, has_custom_page.

  • Token query param: tl_token.
  • Tables (with $wpdb->prefix): tl_temporary_logins, tl_activity_logs.
  • Session cookie: wpps_tl_session.
  • Free gating: FeatureGate::applyFreeTierCreateArgs() forces expiry_type = day, clears single-use / max uses / IP / bind_user_agent.
  • 2FA: wpps_2fa_allow_bypass via allow2FABypassForTemporaryLogin.
  • Always-blocked admin screens include plugin-editor.php, theme-editor.php, update-core.php, import.php, export.php, site-health.php.
  • Blocked PowerSuite pages during temp session: powersuite-temporary-login, powersuite-settings, powersuite-license, powersuite-performance.
  • Filter: wpps_tl_is_token_login_request.