Develop a secure, self-contained WordPress plugin that allows internal users (staff) to generate temporary login links for prospective customers. Each link grants time-limited access to a separate WordPress site where the prospect can fill out an onboarding form. Once submitted (or expired), access is revoked automatically. Functional Requirements 1. Admin/Staff Portal (Site A) A plugin-generated admin page within the WordPress dashboard (under its own menu) with these capabilities: Form to create invitations: Fields: Prospect Name, Prospect Email, Notes (optional), Expiration (default 7 days). On submit: Generate a unique token (UUID or SHA256 hash). Store token, email, creation/expiration timestamps, and status (“Active”, “Used”, “Expired”) in a dedicated database table (e.g., wp_prospect_tokens). Send a customizable email to the entered address containing: The unique secure link to the onboarding site. Expiration notice. Company branding (can be edited via WP settings or template file). Admin view: List of all issued tokens. Columns: Name, Email, Date Created, Expiration Date, Status, Link, and Actions (Resend / Revoke / Delete). Search and filter controls. Security: Nonce-protected forms. Sanitized/escaped input/output. Email validation and duplicate prevention. 2. Prospect Portal (Site B) A separate WordPress site (or subdomain, e.g., onboarding.domain.com) that hosts the onboarding form. Login link behavior: Link format: https://onboarding.domain.com/?token=<securehash> Plugin validates the token by calling Site A’s REST endpoint or by verifying against its own database (if synced). If valid and not expired: Auto-create a temporary WordPress user (role = “prospect_guest”) or session. Redirect to the onboarding form page. If invalid or expired: Display a friendly “Link expired” or “Invalid invitation” message. Onboarding form: Typical fields: Company Name, Contact Person, Address, Phone, Email, Tax ID, Billing Info, Shipping Info, Notes. Optional: File upload (e.g., W9 or resale certificate). Validation on all fields with clear error feedback. Submission actions: Store submission to a wp_prospect_submissions table (linked by token). Email notifications: To Customer Service and Accounting departments (configurable emails in settings). Attach CSV summary of submitted data. Mark the token as Used. Optionally expire access immediately after submission. 3. Token Lifecycle & Expiration Tokens auto-expire after the set time (default 7 days). Expiration can be enforced via cron job or checked on every access. Expired tokens show “Expired” in the admin table and are unusable for login. Optional cleanup routine to purge tokens older than 30 days. 4. Configuration & Settings A separate “Settings” tab for: Default expiration time (days) Notification email addresses Email template customization (subject, message body) REST endpoint URLs (if Site A ↔ Site B communication is required) Optional: reCAPTCHA keys for form submissions Technical Specifications Language: PHP 8.1+ Platform: WordPress 6.x Architecture: Plugin must be self-contained (no dependency on theme files) Security: Use WordPress nonce fields for all forms. Sanitize/escape all user input/output. Use secure hash for token generation. Never expose internal user IDs or predictable token data. Database: Create two custom tables: wp_prospect_tokens wp_prospect_submissions Include activation hook for table creation with dbDelta(). Deliverables Installable plugin ZIP file, git repo. Full PHP source code (clean, commented, and organized). SQL schema creation handled automatically on activation. Admin interface for managing tokens and submissions. Working email templates and token verification logic. Automatic deletion or anonymization of expired records. Logging/auditing actions (who created each invite). Readme documentation including: Installation steps Configuration guide Timeline & Budget Timeline: 2–3 weeks from start to delivery. Budget: Open to proposals; please provide a fixed price with milestones. Preferred Skills Strong experience building custom WordPress plugins (not theme functions). Familiarity with WordPress REST API and secure token generation. Experience with user/session management and form processing. Understanding of data validation, escaping, and nonce protection. Ability to deliver clear, maintainable code. To Apply Please include: A brief outline of how you would structure this plugin (database, token flow, etc.). Links to similar projects or GitHub repositories. Your estimated timeline and total cost. Any optional enhancements you can suggest (e.g., multisite handling, REST integration, form styling).