Gatey provides a seamless integration with Amazon Cognito for secure, scalable authentication in WordPress. This plugin supports both dynamic WordPress sites and statically generated WordPress frontends.
Key features include:
– Amazon Cognito user pool login and registration
– Fully translatable Authenticator screens — 22 built-in languages plus a custom-JSON option for overriding any string or adding new languages
– Single Sign-On (SSO) integration with Social login, SAML, and OIDC providers
– Gutenberg block, Elementor widget, and shortcode support
– Multi-factor authentication (MFA)
– Profile editing and password reset features
– Secure API access with JWT or AWS IAM Signature authorization
– Role-based access control
You can find the plugin』s continuously expanding, detailed documentation at:
What』s on the site?
– Get Started guide — quick start, installation, first‑time setup.
– CSS/JS references — components, API, usage examples.
– Creating User Pools — step‑by‑step instructions with AWS CloudFormation / CDK scripts.
– Protecting static sites — full tutorial with point‑by‑point walkthroughs and AWS scripts.
This plugin is not affiliated with or endorsed by Amazon Web Services or the WordPress Foundation. All trademarks are property of their respective owners.
Free and Premium Usage Notice
Gatey works entirely offline and provides full login and registration functionality via your WordPress installation without requiring any registration or subscription.
Optional premium features (like advanced customization or frontend integrations) are only available after connecting your WordPress instance via a secure frontend-only JavaScript authenticator to our Gatey service. Registration and subscription are not required to use the core plugin functionality. All premium interactions happen client-side using standard AWS Amplify and Stripe components – no external PHP code is loaded or executed.
Machine-readable resources
- AI plugin manifest: https://wpsuite.io/.well-known/ai-plugin.json
- OpenAPI spec: https://wpsuite.io/.well-known/openapi.yaml
External Services
This plugin integrates with the following third-party services:
-
Amazon Cognito
- What it is & what it』s used for:
A managed user-identity and authentication service from Amazon Web Services (AWS). We use Cognito User Pools to handle user registration, login, multi-factor authentication (MFA), password resets, and JWT issuance. - What data is sent & when:
- Registration / Sign-up: username, email, and any required attributes are sent to Cognito for account creation.
- Sign-in / Authentication: username and password (and MFA code if enabled) are sent to Cognito for verification.
- Token exchange: on successful login, Cognito returns ID, access, and refresh tokens which are stored client-side for session management.
- Password reset & profile updates: relevant identifiers and new credentials or attributes are sent when users trigger those flows.
- Endpoints called:
https://cognito-idp.{region}.amazonaws.com/{userPoolId}- Other AWS API endpoints under the
amazonaws.comdomain.
- Links:
- Terms of Service: https://aws.amazon.com/service-terms/
- Privacy Policy: https://aws.amazon.com/privacy/
- What it is & what it』s used for:
-
Google reCAPTCHA v3
- What it is & what it』s used for:
A client-side bot-detection widget from Google that provides a score for interactions. We integrate reCAPTCHA v3 into the Authenticator block』s sign-up form by fetching a token in the browser. - What data is sent & when:
- Client-side only: the plugin』s JS calls
grecaptcha.execute()to retrieve a reCAPTCHA token and then includes that token in the sign-up request sent to Amazon Cognito. - Server-side verification: only happens if you configure a Pre-SignUp Lambda in your Cognito user pool that calls Google』s
siteverifyAPI with your secret key. That Lambda is wholly under your control—Gatey does not handle or store your secret.
- Client-side only: the plugin』s JS calls
- Configuration in WordPress:
- Enter your reCAPTCHA v3 Site Key in Settings General reCAPTCHA v3 Public Key.
- No Secret Key is required by the plugin.
- Links:
- About reCAPTCHA v3: https://www.google.com/recaptcha/about/
- Google Terms of Service: https://policies.google.com/terms
- Google Privacy Policy: https://policies.google.com/privacy
- What it is & what it』s used for:
Client-Side Libraries
- AWS Amplify Authenticator
- What it is & why we use it:
A React UI component library from the Amplify Framework. We embed its - What it does:
- Renders sign-in, sign-up, MFA, and password-reset forms.
- Under the hood it calls the Amazon Cognito APIs (see External Services entry), but does not itself authenticate or store secrets.
- Docs & source:
- GitHub repo: https://github.com/aws-amplify/amplify-ui
- Docs: https://ui.docs.amplify.aws/react/connected-components/authenticator
- What it is & why we use it:
Trademark Notice
Amazon Web Services, AWS, and Amazon Cognito are trademarks of Amazon.com, Inc. or its affiliates.
Gatey is an independent open-source project and is not affiliated with, sponsored by, or endorsed by Amazon Web Services.
All references to 「Amazon Cognito」 are made purely to describe this plugin』s interoperability.
Source & Build
Public (free) source code:
All of the code that ships in this public ZIP (the 「free」 version) is published here: https://github.com/smartcloudsol/gatey
WPSuite Admin source code:
The wpsuite-admin/ directory contains modules originating from the Hub for WPSuite.io project: https://github.com/smartcloudsol/hub-for-wpsuiteio
This shared component handles WPSuite workspace linking, licence validation, and subscription management, and will be included in all upcoming WPSuite plugins.
Premium-only features:
We maintain a fork of the AWS Amplify Authenticator (with Edit Account, Setup TOTP, etc.) and any additional paid-only screens and services in a private repository. Those files are not part of this public source.
