Switchboard DOCS
Docs
Get Started Get Lifetime Deal

Temporary Login

Generate secure temporary login links that expire automatically. Perfect for giving developers, support staff, or contractors time-limited access without sharing passwords or creating permanent accounts.

Use Cases

  • Give a developer 24-hour access to fix a bug without sharing your password
  • Let support staff access an account to troubleshoot an issue
  • Provide temporary admin access to a client for approval
  • Create demo accounts that automatically expire
  • Allow a freelancer to work on your site for a specific timeframe

How It Works

  1. Select an existing user or create a new temporary user
  2. Set how long the link should remain active (1-168 hours)
  3. Generate a secure, unique login link
  4. Share the link with the person who needs access
  5. They click the link and are logged in as that user
  6. After the time expires, the link stops working

Where to Find It

Go to Switchboard → User Management and find the Temporary Login module. Click the settings/gear icon to open the temporary login generator interface.

Creating a Temporary Login

For an Existing User

  1. Open the Temporary Login settings panel
  2. Stay on the “Existing User” tab
  3. Select a user from the dropdown
  4. Set expiration time (1-168 hours, default is 24)
  5. Optionally check “One-time use only”
  6. Click Generate Login Link
  7. Copy the link and share it

Creating a New User + Link

  1. Open the Temporary Login settings panel
  2. Click the “Quick Create User” tab
  3. Enter their email address
  4. Enter a display name
  5. Choose their role
  6. Set expiration time
  7. Click Generate Login Link

This creates a new WordPress user AND generates a temporary login link in one step. The user account remains even after the link expires.

Settings

SettingOptionsDefaultDescription
Expires In1-168 hours24 hoursHow long until the link stops working
One-time useCheckboxOffIf checked, link can only be used once
  • One-time - Link works once. After someone uses it, it’s invalidated. Good for single access needs.
  • Multi-use - Link works repeatedly until it expires. Good for ongoing access within the time window.

Below the generator, you’ll see a table of all active (non-expired) links:

ColumnDescription
UserWhich user account this link logs into
CreatedWhen the link was generated
ExpiresWhen the link will stop working
TypeOne-time or Multi-use
StatusActive or Used (for one-time links)
ActionsCopy link, Revoke link

Click Copy next to any active link to copy its URL to your clipboard. You can then paste and share it.

Click Revoke to immediately invalidate a link. This is useful if you shared a link but no longer want it to work (even if it hasn’t expired yet).

Security Features

Cryptographically Secure Tokens

Each link uses a 256-bit random token - practically impossible to guess or brute force.

Rate Limiting

After 5 failed login attempts from the same IP address, further attempts are blocked for 15 minutes. This prevents brute-force attacks on tokens.

Admin Email Notifications

When someone uses a temporary login link, the site admin receives an email notification with:

  • Who logged in (user name and email)
  • When they logged in
  • Their IP address and browser info
  • Who created the link
  • When the link expires

Session Expiration

Even during an active session, the user is automatically logged out when the link’s expiration time passes. They can’t stay logged in beyond the expiration, even if they’re actively using the site.

Administrator Protection

You cannot create temporary login links for Administrator accounts unless you’re already an Administrator yourself.

FAQ

What happens when a link expires?The link simply stops working. Anyone who tries to use it sees an “Invalid Login Link” message. If someone is already logged in via the link, they’re automatically logged out when the expiration time passes.
Can I extend an existing link?No. To extend access, revoke the current link and create a new one with a longer expiration time.
What’s the maximum duration?7 days (168 hours). For longer access needs, consider creating a regular user account instead.
Does the user account get deleted when the link expires?No. If you used “Quick Create User,” the user account remains. Only the login link expires. You can manually delete the user if needed, or create another temporary link for them later.
Can the temporary user change their password?Yes, if they have profile editing capabilities based on their role. However, they’ll still need the temporary link to log in again unless they know their password.
What if someone is already logged in when I revoke their link?Revoking a link doesn’t kick out active sessions. The person stays logged in until they log out, their session expires naturally, or the original link expiration time passes.

For support access, create a dedicated “Support” user with Editor or limited Admin capabilities, then generate temporary links for that account. This keeps the support access separate from real user accounts.

Links are stored in a custom database table and automatically cleaned up by a background task when they expire. No manual cleanup is needed.

PRO

Get access to all 147 modules with a single license

Upgrade to Pro
Prev
Login As User
Next
Username Changer