WordPress.org

Gaeilge

Get WordPress
WordPress.org

Plugin Directory

GuestDock — Guest Post Management, Contributor Sandbox, Editorial Workflow & Content Security

GuestDock — Guest Post Management, Contributor Sandbox, Editorial Workflow & Content Security

By RAKIBUZZAMAN
Download

Description

GuestDock is the most secure and feature-complete way to accept guest posts on WordPress. It creates a fully sandboxed contributor environment where guest authors get temporary, strictly limited, and completely isolated access to the WordPress backend — without ever seeing other users’ content, media, or site settings.

Unlike the default WordPress contributor role, GuestDock enforces real isolation. Guest authors are completely siloed: they can only view, edit, and interact with their own posts and their own media uploads. No data leaks, no accidental exposure, and no security risks.

Who is GuestDock for?

GuestDock is the ideal guest post plugin for multi-author blogs, online magazines, news sites, content agencies, and any brand that needs to accept guest contributions without compromising WordPress security or editorial quality.

✨ Key Features

Sandbox & Access Control

  • True Sandbox Isolation — Guests are restricted at the query level via pre_get_posts, ajax_query_attachments, and REST API filters. They only see content they created. No other user’s drafts, media, or data is ever visible.
  • Time-Limited Guest Access — Set exact expiration dates for every guest author. Accounts automatically lose access once the time is up — zero manual cleanup.
  • Post Submission Limits — Control exactly how many posts each guest can submit. Prevent unlimited content flooding.
  • Runtime Capability Enforcement — Belt-and-suspenders: even if another plugin grants capabilities, GuestDock’s runtime filter ensures guests cannot exceed their allowed permissions.

Editorial Workflow

  • Approval & Feedback System — Return posts to “Draft” with inline admin feedback notes. Guests see feedback on their dashboard and in the editor. Automatic email notifications keep everyone in the loop.
  • Review Queue — Centralized queue with inline post preview, word count badges, QA status indicators, and direct edit links for efficient editorial review.
  • Smart Submission Checklist — A live-updating Gutenberg sidebar panel replaces the old notice-based QA with a modern, visual experience. Color-coded checks for word count, featured image, excerpt, and external links — always visible while writing.
  • Content Quality Enforcement — Block submission until guests meet minimum word counts, upload a featured image, and provide a custom excerpt.

Content & SEO Protection

  • SEO & Spam Link Protection — Limit external links per post and automatically inject rel="nofollow sponsored" attributes to safeguard your site’s SEO authority.
  • SEO Pre-Check Panel — Built-in Gutenberg sidebar SEO audit: focus keyword detection, heading structure analysis, image alt text coverage, meta description length check, and internal/external link ratio — all with a visual score.
  • Category Locking — Restrict guest posts to specific pre-approved categories to maintain your site’s content organization.
  • Gutenberg Block Restriction — Prevent script injection by denying dangerous blocks (Custom HTML, Shortcode, Code) while allowing access to all other Gutenberg blocks for full content creation. Fully customizable via the guestdock_denied_block_types filter.

Media & Upload Security

  • Media Upload Security — Strict MIME type validation (JPG, PNG, GIF, WebP only), configurable file size limits, double-extension checks, and per-user upload quotas with race condition protection.
  • API & XML-RPC Hardening — Completely disables XML-RPC access and tightly secures REST API endpoints for guest accounts to prevent unauthorized programmatic access.

Analytics & Reporting

  • Analytics Dashboard — Per-guest metrics: posts submitted, approval rate, average word count. Overview cards showing total published posts, active guests, and performance trends.
  • CSV Export — One-click export of all contributor analytics data for stakeholder reporting and content strategy.
  • Admin Dashboard Widget — “GuestDock at a Glance” widget on the WordPress dashboard showing pending post count, active guest count, and recent submissions with one-click links to the Review Queue.

Content Templates

  • Post Templates — Admins create reusable content templates (e.g., “Product Review”, “How-To Guide”) with pre-filled structure. Guests select a template when starting a new post, ensuring consistent content format across all contributions.
  • Template Selector Modal — Beautiful modal overlay intercepts the “Add New Post” button, presenting available templates and a “Start Blank” option.

Guest Experience

  • Guest Onboarding Modal — When a guest first logs in, a branded welcome overlay shows site-specific writing guidelines, content requirements summary, post allowance tracker, and a “Start Writing” call-to-action.
  • Guest Contributor Profiles — Public author bio pages with custom bio, website, and social media links (X/Twitter, LinkedIn). Automatically displayed on author archive pages.
  • Custom Writing Guidelines — Add editorial instructions that appear directly in the guest’s dashboard widget and post list page with smart dismissible notices.

Admin Experience

  • Admin Onboarding Wizard — First-time 4-step setup wizard: configure content rules, create your first invite, set up secure login, and copy the shortcode — all without leaving the page.
  • Inline Guest Management — Edit expiration dates and post limits directly from the admin dashboard without opening each user profile.
  • Safe Guest Removal — Delete guest accounts while safely reassigning their published posts to an administrator, preventing content loss. Automatically cleans up orphaned media.
  • Auto Username Generation — Automatically generate clean usernames from email prefixes during guest creation.

Integrations & Developer Tools

  • REST API — Full REST API under guestdock/v1 namespace: list guests, get guest details, list submissions, view stats. All endpoints require manage_options authentication.
  • Webhooks — Configure webhook URLs to receive POST notifications on guest.invited, post.submitted, and post.approved events. Compatible with Zapier, Make, Slack, and custom endpoints.
  • Frontend Request Form — Use the [guestdock_request_form] shortcode to let visitors apply for guest author access directly from your site. Built-in honeypot and rate limiting for spam protection.
  • Email Template Customization — Fully customize the subject and body of all 6 automated email types: Invitations, Feedback Notifications, Approval Confirmations, Submission Alerts, Request Confirmations, and Access Requests.
  • Secure Login Integration — One-click install and activate AuthDock from within GuestDock for magic link authentication, eliminating password management for guest authors.
  • 30+ Developer Hooks — Over 30 WordPress-style filters and actions across every plugin class for full extensibility, from capabilities and email notifications to validation rules and upload quotas.
  • In-Plugin Help Center — Built-in “Help” and “Shortcode Reference” tabs for instant admin guidance — no external docs needed.
  • Clean Uninstall — Proper uninstall.php removes all plugin data (options, user meta, post meta, custom post types, transients) when the plugin is deleted.

Documentation & Resources

For a complete step-by-step guide on how to use GuestDock, including setup instructions and workflows for both administrators and guest authors, please read our GuestDock User Guide.

To learn more about the philosophy behind GuestDock and why it’s the most secure way to manage guest posts, check out our blog post: The Ultimate Way to Manage Guest Posts on WordPress.

Screenshots

The Guest Dashboard showing access limits, expiration status, and editorial feedback.
The Guest Dashboard showing access limits, expiration status, and editorial feedback.
The Admin interface for managing guest invites, durations, and post limits.
The Admin interface for managing guest invites, durations, and post limits.
The Gutenberg editor with the Smart Submission Checklist sidebar panel.
The Gutenberg editor with the Smart Submission Checklist sidebar panel.
The Analytics tab with per-guest metrics, overview cards, and CSV export.
The Analytics tab with per-guest metrics, overview cards, and CSV export.

Installation

  1. Upload the guestdock folder to the /wp-content/plugins/ directory.
  2. Activate the plugin through the ‘Plugins’ menu in WordPress.
  3. Follow the Onboarding Wizard to configure content rules, create your first invite, and set up your shortcode.
  4. (Optional) Create a “Write for Us” page and add the [guestdock_request_form] shortcode to accept guest applications from your frontend.
  5. (Optional) Install AuthDock from the “Secure Login” tab for passwordless guest authentication.

FAQ

Can guests see my other posts or media?

No. GuestDock uses deep hooks into the WordPress query engine (pre_get_posts, ajax_query_attachments_args, rest_attachment_query) to ensure guests can only see and manage their own content and media uploads. Complete isolation is enforced at the database query level, covering admin, REST API, and AJAX requests.

What happens when a guest’s access expires?

The guest will be automatically blocked from logging in and redirected away from the admin area. Their published posts remain on the site. If you delete the guest user, their content is safely reassigned to a designated administrator.

Does GuestDock work with the Block Editor (Gutenberg)?

Yes. GuestDock is fully optimized for the WordPress block editor. Guest users have access to all Gutenberg blocks except Custom HTML, Shortcode, and Code blocks (which are denied for security). This is customizable via the guestdock_denied_block_types filter. GuestDock also provides a Smart Submission Checklist sidebar panel and an SEO Pre-Check panel directly in the editor.

Can I restrict guests to specific categories?

Yes. You can lock guest users to one or more admin-approved categories. Guests will only see those categories when creating posts, keeping your site’s content organization clean.

How do I notify guests about editorial feedback?

When you click “Send Feedback & Return to Draft,” the guest receives an automatic email notification with your feedback notes. They also see the feedback prominently on their Guest Dashboard and within the post editor.

What is the Smart Submission Checklist?

It’s a Gutenberg sidebar panel that shows a live-updating visual checklist of content requirements (word count, featured image, excerpt, external links). It replaces the old notice-based approach with a modern, always-visible, color-coded interface.

Can I create content templates for guests?

Yes. Admins can create reusable post templates (e.g., “Product Review”, “How-To Guide”) from the Templates tab. When guests click “Add New Post,” a template selector modal lets them choose a pre-built structure or start blank.

Does GuestDock have analytics?

Yes. The Analytics tab shows per-guest metrics including posts submitted, posts published, approval rate, and average word count. You can also export all data as a CSV file.

Can I integrate GuestDock with external tools?

Yes. GuestDock provides a REST API and webhook system. Configure a webhook URL in Settings to receive JSON notifications on guest invitations, post submissions, and post approvals. Compatible with Zapier, Make, Slack, and any HTTP endpoint.

Is GuestDock compatible with multisite?

GuestDock is designed for single-site WordPress installations. Multisite compatibility is planned for a future release.

Does GuestDock add nofollow to guest post links?

Yes. GuestDock automatically injects rel="nofollow sponsored" attributes on all external links within guest posts to protect your site’s SEO authority and comply with search engine guidelines.

Can I customize the invitation emails?

Yes. GuestDock provides full email template customization for all 6 automated email types — Invitations, Feedback Notifications, Approval Confirmations, Submission Alerts, Request Confirmations, and Guest Access Requests. You can edit both the subject line and body content with dynamic placeholder tags.

How do I accept guest post applications from my frontend?

Add the [guestdock_request_form] shortcode to any page (e.g., a “Write for Us” page). Visitors can submit their name, email, and a writing sample. You review and approve applications from the GuestDock admin panel. The form includes honeypot and rate limiting anti-spam protection.

What data does GuestDock clean up on uninstall?

When you delete GuestDock from the Plugins page, the uninstall.php handler removes all plugin options, user meta, post meta, content templates, transients, and the custom role. Published guest posts are preserved.

Reviews

There are no reviews for this plugin.

Contributors & Developers

“GuestDock — Guest Post Management, Contributor Sandbox, Editorial Workflow & Content Security” is open source software. The following people have contributed to this plugin.

Contributors

Translate “GuestDock — Guest Post Management, Contributor Sandbox, Editorial Workflow & Content Security” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.1.0

New Features

  • New: Admin Dashboard Widget — “GuestDock at a Glance” widget on the WordPress dashboard showing pending posts, active guests, recent submissions, and quick-action links. Forced to top position for maximum visibility.
  • New: Analytics & Reporting tab — per-guest metrics (submitted, published, approval rate, avg word count), overview cards, and one-click CSV export of all contributor data.
  • New: Content Templates system — admins create reusable post templates with a custom post type. Guests see a template selector modal when creating new posts. Includes “Start Blank” option.
  • New: Smart Submission Checklist — Gutenberg PluginSidebar panel with live-updating, color-coded content requirement checks (word count, featured image, excerpt, external links). Always visible while editing.
  • New: SEO Pre-Check panel — Gutenberg sidebar SEO audit with focus keyword detection, heading structure analysis, image alt text coverage, meta description length check, and internal/external link ratio score.
  • New: Guest Contributor Profiles — custom bio, website, X/Twitter, and LinkedIn fields on user profile. Auto-displayed on frontend author archive pages with social links.
  • New: Guest Onboarding Experience — branded welcome overlay on first guest login showing writing guidelines, content requirements, post allowance tracker, and “Start Writing” CTA. Dismissible with AJAX.
  • New: Admin Onboarding Wizard — first-time 4-step setup wizard (content rules, first invite, secure login integration, shortcode copy). Dismissible and re-triggerable.
  • New: REST API — guestdock/v1 namespace with 4 endpoints: list guests, get guest details, list submissions, and view stats. All require manage_options authentication.
  • New: Webhook system — configurable webhook URL with guest.invited, post.submitted, and post.approved events. JSON payloads with SSRF protection (http/https scheme validation).
  • New: Secure Login tab — one-click install and activate AuthDock for passwordless guest authentication. Integrated into both the settings page and the onboarding wizard.
  • New: Real-Time Feedback Notifications — automatic email to guest author when admin leaves feedback and returns post to draft. Configurable email templates with dynamic tags.
  • New: Review Queue enhancements — inline post preview, word count badges, QA status indicators, and direct edit links for efficient editorial review.
  • New: Guest post count display — post count badges in review queue showing X/Y posts used per guest author.
  • New: Proper uninstall.php — complete cleanup of all plugin data (14 options, 7 user meta keys, 2 post meta keys, CPT entries, transients, upload locks, custom role) on plugin deletion.

Improvements

  • Improved: Full Gutenberg block access — switched from a strict allowlist (17 blocks) to a denylist approach. Only core/html, core/shortcode, and core/code are denied by default. Customizable via guestdock_denied_block_types filter.
  • Improved: Visual Guest Activity Timeline — card-style guest list with Gravatar, status journey dots, and color-coded indicators replacing the plain table layout.
  • Improved: Dynamic QA requirements display — post requirements shown in both the dashboard widget and the post list page with detailed rule descriptions.
  • Improved: Dismissible instructions notice — guests can dismiss the writing guidelines notice, and the preference is saved via AJAX.
  • Improved: Custom date/time picker for invite expiration — select exact expiration dates in addition to preset durations (7/14/30/60/90 days).
  • Improved: Guest removal now auto-cleans orphaned (unattached) media uploads before deleting the user account.
  • Improved: Pending post count badge on admin menu — amber badge with transient caching and automatic invalidation on status transitions.

Security

  • Security: Deep security audit — comprehensive line-by-line review of all 12 PHP files and 8 JS files.
  • Security: All $_POST and $_GET values now use sanitize_text_field( wp_unslash() ) before processing, including integer fields previously using raw intval().
  • Security: SSRF protection on webhook sender — only http:// and https:// URL schemes allowed. Added esc_url_raw() defense-in-depth.
  • Security: Date format validation on custom invite expiry dates — regex validation prevents unexpected strtotime() behavior.
  • Security: Strict comparison (===) enforced in in_array() calls for category restriction checks.
  • Security: Upload lock mechanism using atomic add_option() to prevent race condition quota bypass on simultaneous uploads.
  • Security: REST API foreign post access blocked — prevents guests from modifying or deleting posts they don’t own via PUT/PATCH/DELETE requests.
  • Security: REST API media query isolation — guests cannot enumerate site-wide media through REST endpoints.
  • Security: Gutenberg dangerous blocks denied server-side via allowed_block_types_all filter.

Developer

  • Dev: 30+ WordPress-style hooks (filters and actions) across all plugin classes for full extensibility.
  • Dev: guestdock_loaded action fires after plugin initialization.
  • Dev: guestdock_guest_capabilities filter for runtime capability enforcement.
  • Dev: guestdock_role_capabilities filter for activation-time role capabilities.
  • Dev: guestdock_allowed_admin_pages filter to customize guest-accessible admin pages.
  • Dev: guestdock_allowed_rest_prefixes filter to customize guest-accessible REST routes.
  • Dev: guestdock_guest_mime_types filter for upload MIME type control.
  • Dev: guestdock_upload_quota_bytes and guestdock_upload_quota_count filters for upload limits.
  • Dev: guestdock_hidden_admin_menus filter to control hidden admin menus.
  • Dev: guestdock_is_guest_user filter to override guest detection.
  • Dev: guestdock_restrict_categories filter for category restrictions.
  • Dev: guestdock_validation_errors filter to customize post submission validation.
  • Dev: guestdock_nofollow_attributes filter to customize link rel attributes.
  • Dev: guestdock_denied_block_types filter to customize which Gutenberg blocks are denied for guests.
  • Dev: Email filters: guestdock_before_admin_notification, guestdock_before_guest_notification, guestdock_before_feedback_notification, guestdock_before_invite_email.
  • Dev: Lifecycle actions: guestdock_guest_created, guestdock_guest_updated, guestdock_guest_removed, guestdock_before_guest_removal.
  • Dev: Workflow actions: guestdock_post_submitted, guestdock_post_approved, guestdock_feedback_sent.
  • Dev: Access control actions: guestdock_guest_expired, guestdock_post_limit_reached, guestdock_before_expire_logout.
  • Dev: Extension actions: guestdock_request_form_fields, guestdock_request_submitted, guestdock_welcome_widget_content.
  • Dev: guestdock_qa_requirements filter for QA requirements display.

1.0.0

  • Initial Release.
  • Core Access Control with the guestdock_guest role.
  • Strict Sandbox isolation for posts and media.
  • Time-based expiration and post submission quotas.
  • Editorial workflow with “Admin Feedback” system.
  • Content QA rules: Word counts, link limits, and required images.
  • SEO protection: Auto-nofollow/sponsored attributes for guest links.
  • Frontend [guestdock_request_form] shortcode.
  • Enhancement: Rebranded plugin to GuestDock, updating text domain and metadata.
  • Enhancement: Refactored asset loading to a standardized enqueue system, removing hardcoded scripts/styles.
  • Security: Enforced strict late escaping (esc_html, esc_attr, esc_url) across all views.
  • Security: Refactored JavaScript data passing to use secure wp_json_encode.
  • Security: Removed “nag” UI patterns and hardened administrative capability checks.

Meta

Ratings

No reviews have been submitted yet.

Your review

See all reviews

Contributors

Support

Got something to say? Need help?

View support forum

Donate

Would you like to support the advancement of this plugin?

Donate to this plugin