I needed a way for my customers to directly access their WordPress admin panels by clicking a link inside the UI of my SaaS without the need to log in.
Inside my app, I have a list of sites, and every site has an Access Link like this:
[Wireframe of the idea])First, I tried to find an existing solution inside the plugins directory. All plugins there are focused on the Magic link feature. Where a user enters an email, and the site sends him the email with a login link. Not what I needed.
Ideally, I need a plugin that will create a new API endpoint, one that returns the link.
After the plugins directory, I turned to WP CLI. I discovered WP CLI Login Command, which is quite awesome. It’s doing what I need but has too many features that I don’t need.
Finally, I asked ChatGPT 4 to create a plugin for me. I created a very detailed prompt with multiple steps.
**My Prompt:**
​
​
**A few seconds later, ChatGPT replied with the following:**
Creating a WordPress plugin as described requires a combination of PHP, WordPress functions, and HTTP requests. Below is a basic version of the “WPJack Login Request” plugin:
1. Create a new folder in your WordPress plugins directory named **wpjack-login-request**
.
2. Inside this folder, create a file named **wpjack-login-request.php**
.
3. Add the following code to **wpjack-login-request.php**:
​
<?php
/**
* Plugin Name: WPJack Login Request
* Description: A custom login request handler for WPJack.
* Version: 1.0
* Author: ChatGPT
*/
// Prevent direct access
if (!defined(‘ABSPATH’)) {
exit;
}
// Register the custom URL
function wpjack_register_custom_url() {
add_rewrite_rule(‘^wpjack-login-request/?’, ‘index.php?wpjack_login_request=1’, ‘top’);
}
add_action(‘init’, ‘wpjack_register_custom_url’);
// Add custom query var
function wpjack_query_vars($vars) {
$vars[] = ‘wpjack_login_request’;
return $vars;
}
add_filter(‘query_vars’, ‘wpjack_query_vars’);
// Handle the custom URL request
function wpjack_handle_request() {
global $wp;
if (isset($wp->query_vars[‘wpjack_login_request’])) {
$token = isset($_GET[‘token’]) ? sanitize_text_field($_GET[‘token’]) : ”;
$username = isset($_GET[‘username’]) ? sanitize_text_field($_GET[‘username’]) : ”;
// Validate token and username
if (strlen($token) === 64 && username_exists($username)) {
$response = wp_remote_post(‘https://backend.wpjack.com/api/login-request-checker’, [
‘body’ => [
‘token’ => $token,
‘domain’ => $_SERVER[‘SERVER_NAME’]
]
]);
if (!is_wp_error($response)) {
$body = wp_remote_retrieve_body($response);
$data = json_decode($body, true);
if (isset($data[‘valid’]) && $data[‘valid’] === true) {
// Login user and redirect to admin
$user = get_user_by(‘login’, $username);
wp_set_current_user($user->ID, $username);
wp_set_auth_cookie($user->ID);
do_action(‘wp_login’, $username);
wp_redirect(admin_url());
exit;
}
}
}
echo “Token is not valid”;
exit;
}
}
add_action(‘parse_request’, ‘wpjack_handle_request’);
// Hide the plugin from the plugins page
function wpjack_hide_plugin($plugins) {
if (current_user_can(‘administrator’)) {
return $plugins;
}
unset($plugins[‘wpjack-login-request/wpjack-login-request.php’]);
return $plugins;
}
add_filter(‘all_plugins’, ‘wpjack_hide_plugin’);
Activate the plugin. Since the plugin is hidden from the plugins page, you might need to activate it programmatically or via direct database manipulation.
This is a basic version of the plugin. In a real-world scenario, you’d want to add more security measures, error handling, and possibly logging. Always ensure you test thoroughly in a staging environment before deploying to a live site.
*This code was doing what I asked for.*
**Four takeaways from this process**
1. While creating this plugin, I asked a few more questions, ChatGPT, and it always returned meaningful answers. It’s ideal if you don’t want to read documentation and get answers quickly.
2. Great for generating a boilerplate code or starter projects.
3. The prompt needs to be detailed; always create instruction steps.
4. In the end, always manually validate responses.
​
[ad_2]