Temporary Login
Temporary Login lets you share a one-click, time-limited sign-in link instead of handing over a real password. Links use a ?tl_token= query parameter, expire on their own, and leave a short activity trail you can review.
What it does
Section titled “What it does”- Adds a dedicated admin page: WP PowerSuite -> Temporary Login (
powersuite-temporary-login). - Creates token links that log the assigned user in when opened (
?tl_token=...). - Stores logins and activity in database tables
tl_temporary_loginsandtl_activity_logs. - Free: new links are limited to 1-day expiry only.
- Premium: longer/custom expiry, single-use, max uses, IP restriction, and bind to first device.
- Can bypass WP PowerSuite 2FA for a valid token matching that user.
- Blocks sensitive admin screens during a temporary session (plugin/theme editors, core updates, import/export, site health, and selected PowerSuite pages including Temporary Login management itself).
When to use it
Section titled “When to use it”- A developer or host needs short-lived admin access without your password.
- A client or vendor should review the site for a day without a permanent account password.
- You want an activity trail of temporary access.
When not to use it
Section titled “When not to use it”How to enable it
Section titled “How to enable it”- Go to WP PowerSuite -> Modules.
- Filter by Login & Users or search for “Temporary Login”.
- Turn the module on.
- Open WP PowerSuite -> Temporary Login to create and manage links.
There is no gear-icon settings modal - management is on the custom admin page.
How to test it
Section titled “How to test it”- Create a temporary login for a test user (Free: 1-day expiry).
- Copy the link and open it in a private browser window while logged out. ✅ You are signed in as that user without entering a password.
- Confirm blocked screens (e.g. plugin editor) are inaccessible.
- After expiry (or revoke), reopen the link - access should be denied.
- Check activity on the Temporary Login admin page.
Troubleshooting
Section titled “Troubleshooting”- Link does nothing / access denied. Token may be expired, revoked, over max uses, IP-mismatched (Premium), or device-mismatched (Premium).
- Can’t create longer expiry on Free. Expected - Free forces 1-day; activate Premium for other durations.
- 2FA still prompts. Bypass only applies when the token is valid and matches the user being authenticated.
- Can’t open Temporary Login while using a temp session. Expected - that PowerSuite page is blocked during temporary sessions.
What does the free Temporary Login plan allow?
On Free, new links use a 1-day expiry only. Single-use, max uses, IP restriction, device binding, and longer/custom expiries require Premium.
Does Temporary Login bypass two-factor authentication?
Yes. A valid temporary login token for that user can bypass WP PowerSuite 2FA for that sign-in.
Where do I manage temporary logins?
Under WP PowerSuite -> Temporary Login (admin.php?page=powersuite-temporary-login).
Can temporary sessions edit plugins or themes?
Sensitive screens such as the plugin/theme editors, update-core, import/export, and site health are blocked. Temporary Login and some PowerSuite admin pages are also blocked during a temp session.
Developer notes (hooks & filters)
Source: modules/temporary-login/module.php, FeatureGate.php, admin.php. Boot: critical. Meta: is_freemium, has_custom_page.
- Token query param:
tl_token. - Tables (with
$wpdb->prefix):tl_temporary_logins,tl_activity_logs. - Session cookie:
wpps_tl_session. - Free gating:
FeatureGate::applyFreeTierCreateArgs()forcesexpiry_type = day, clears single-use / max uses / IP /bind_user_agent. - 2FA:
wpps_2fa_allow_bypassviaallow2FABypassForTemporaryLogin. - Always-blocked admin screens include
plugin-editor.php,theme-editor.php,update-core.php,import.php,export.php,site-health.php. - Blocked PowerSuite pages during temp session:
powersuite-temporary-login,powersuite-settings,powersuite-license,powersuite-performance. - Filter:
wpps_tl_is_token_login_request.