Manage GPL
Sign up free

← Connecting WordPress sites

Connecting WordPress sites

Pair a site using the connector plugin (manual flow)

The universal way to connect any WordPress site — install the connector plugin yourself, copy the token from its settings page, paste it into Manage GPL. Works on any WordPress install, including sites with 2FA or CAPTCHA on wp-login.

Updated

On this page

The manual pairing flow works on every WordPress site, including ones where the automatic flow can't help: sites with 2FA on wp-admin, sites behind HTTP basic auth, hardened hosts, and sites where you don't have admin credentials but an admin can help. It takes about two minutes end-to-end.

Step 1 — Download the connector plugin

  1. In Manage GPL, click Add site and pick the Manual tab.
  2. Click the Download plugin button on that tab. You'll get managegpl-connect.zip.

You can also download the same zip from the homepage if it's easier.

Step 2 — Install the plugin on your WordPress site

  1. Log in to your WordPress site's wp-admin.
  2. Go to Plugins → Add New → Upload Plugin.
  3. Choose the managegpl-connect.zip file and click Install Now, then Activate Plugin.

On activation, the plugin auto-generates a unique pairing token for this site. It's a 32-character random string that's stored hashed on our side, so possession of it is what authorizes the pairing.

Step 3 — Copy the token from WP admin

  1. In WP admin, go to Settings → Manage GPL Connect.
  2. You'll see two values: the site URL and the connection token, each with a Copy button next to it.
  3. Copy the token.

Step 4 — Paste the token into Manage GPL

  1. Go back to Manage GPL's Add site → Manual screen.
  2. Enter the site URL (including https://) and paste the connection token.
  3. Click Connect site →.

Manage GPL sends an HMAC-signed confirmation request to your site's connector, the connector returns the per-site HMAC secret (the only time it's transmitted in plaintext), and the site flips to connected. Inventory pulls automatically and you land on the site's page.

What gets stored where

  • On your WordPress site: the connector plugin, a per-site HMAC secret in wp_options.
  • On Manage GPL: the site URL, the HMAC secret (used to sign every outbound request from us to your site), the current inventory snapshot.
  • Never transmitted or stored: your WordPress admin username or password. The connector does not need or store them.

Common blockers

If pairing fails, the most common causes are: outbound HTTPS blocked by a strict firewall on the WP host, the WordPress REST API blocked by a security plugin (Wordfence, iThemes Security), or the site URL not matching what the connector reports as its canonical URL. See Common pairing errors for fixes.

More in Connecting WordPress sites

Connect a site automatically using wp-admin credentials

Manage a WordPress Multisite network

Understanding site statuses

Re-pair a site after auth drift

Remove or disable a site

Is something wrong with this article?

Tell us so we can fix it — outdated info, broken steps, wrong numbers, anything.

Report an issue

Article: Pair a site using the connector plugin (manual flow)

Still stuck?

If this article didn't solve it, open a ticket and we'll help.

Open a support ticket