Description

Gatey provides a seamless integration with Amazon Cognito for secure, scalable authentication in WordPress. This plugin supports both dynamic WordPress sites and statically generated WordPress frontends.

Key features include:
– Amazon Cognito user pool login and registration
– Fully translatable Authenticator screens — 22 built-in languages plus a custom-JSON option for overriding any string or adding new languages
– SSO support with customizable pages
– Gutenberg block and Elementor shortcode support
– Multi-factor authentication (MFA)
– Profile editing and password reset features
– Secure API access with JWT or AWS IAM Signature authorization
– Role-based access control

You can find the plugin’s continuously expanding, detailed documentation at:

WP Suite – Gatey Docs

What’s on the site?
– Get Started guide — quick start, installation, first‑time setup.
– CSS/JS references — components, API, usage examples.
– Creating User Pools — step‑by‑step instructions with AWS CloudFormation / CDK scripts.
– Protecting static sites — full tutorial with point‑by‑point walkthroughs and AWS scripts.

This plugin is not affiliated with or endorsed by Amazon Web Services or the WordPress Foundation. All trademarks are property of their respective owners.

Free and Premium Usage Notice

Gatey works entirely offline and provides full login and registration functionality via your WordPress installation without requiring any registration or subscription.

Optional premium features (like advanced customization or frontend integrations) are only available after connecting your WordPress instance via a secure frontend-only JavaScript authenticator to our Gatey service. Registration and subscription are not required to use the core plugin functionality. All premium interactions happen client-side using standard AWS Amplify and Stripe components – no external PHP code is loaded or executed.

External Services

This plugin integrates with the following third-party services:

Amazon Cognito
- What it is & what it’s used for:
  A managed user-identity and authentication service from Amazon Web Services (AWS). We use Cognito User Pools to handle user registration, login, multi-factor authentication (MFA), password resets, and JWT issuance.
- What data is sent & when:
  - Registration / Sign-up: username, email, and any required attributes are sent to Cognito for account creation.
  - Sign-in / Authentication: username and password (and MFA code if enabled) are sent to Cognito for verification.
  - Token exchange: on successful login, Cognito returns ID, access, and refresh tokens which are stored client-side for session management.
  - Password reset & profile updates: relevant identifiers and new credentials or attributes are sent when users trigger those flows.
- Endpoints called:
  - https://cognito-idp.{region}.amazonaws.com/{userPoolId}
  - Other AWS API endpoints under the amazonaws.com domain.
- Links:
  - Terms of Service: https://aws.amazon.com/service-terms/
  - Privacy Policy: https://aws.amazon.com/privacy/
Google reCAPTCHA v3
- What it is & what it’s used for:
  A client-side bot-detection widget from Google that provides a score for interactions. We integrate reCAPTCHA v3 into the Authenticator block’s sign-up form by fetching a token in the browser.
- What data is sent & when:
  - Client-side only: the plugin’s JS calls grecaptcha.execute() to retrieve a reCAPTCHA token and then includes that token in the sign-up request sent to Amazon Cognito.
  - Server-side verification: only happens if you configure a Pre-SignUp Lambda in your Cognito user pool that calls Google’s siteverify API with your secret key. That Lambda is wholly under your control—Gatey does not handle or store your secret.
- Configuration in WordPress:
  - Enter your reCAPTCHA v3 Site Key in Settings General reCAPTCHA v3 Public Key.
  - No Secret Key is required by the plugin.
- Links:
  - About reCAPTCHA v3: https://www.google.com/recaptcha/about/
  - Google Terms of Service: https://policies.google.com/terms
  - Google Privacy Policy: https://policies.google.com/privacy

Client-Side Libraries

AWS Amplify Authenticator
- What it is & why we use it:
  A React UI component library from the Amplify Framework. We embed its <Authenticator> component inside our Gutenberg block to render and manage the login/signup flows.
- What it does:
  - Renders sign-in, sign-up, MFA, and password-reset forms.
  - Under the hood it calls the Amazon Cognito APIs (see External Services entry), but does not itself authenticate or store secrets.
- Docs & source:
  - GitHub repo: https://github.com/aws-amplify/amplify-ui
  - Docs: https://ui.docs.amplify.aws/react/connected-components/authenticator

Trademark Notice

Amazon Web Services, AWS, and Amazon Cognito are trademarks of Amazon.com, Inc. or its affiliates.

Gatey is an independent open-source project and is not affiliated with, sponsored by, or endorsed by Amazon Web Services.

All references to “Amazon Cognito” are made purely to describe this plugin’s interoperability.

Source & Build

Public (free) source code:
All of the code that ships in this public ZIP (the “free” version) is published here: https://github.com/smartcloudsol/gatey

Premium-only features:
We maintain a fork of the AWS Amplify Authenticator (with Edit Account, Setup TOTP, etc.) and any additional paid-only screens and services in a private repository. Those files are not part of this public source.

Screenshots

Blocks

This plugin provides 3 blocks.

Account Attribute Account Attribute for Gatey Authenticator – display an attribute of the current user
Authenticator Gatey Authenticator
Custom Block Custom Block for Gatey Authenticator

Installation

Upload the plugin files to the /wp-content/plugins/gatey directory, or install via the WordPress plugin repository.

Activate the plugin through the “Plugins” screen in WordPress.

Navigate to WP Admin > Gatey > Settings to configure your AWS Cognito user pool and integration settings.

FAQ

What is Gatey?: Gatey is a WordPress plugin that lets you integrate AWS Cognito authentication into your site — using Gutenberg blocks, shortcodes, or CSS. No coding required.
Is my user data stored or processed by Gatey?: No. All authentication runs through your own AWS Cognito setup. Gatey simply integrates it into WordPress. We do not access or store your end‑user data.
Is my data shared with any third party?: Gatey never shares your personal data or WordPress site data with any third party. Authentication flows run directly between your site and your AWS Cognito user pool. If you enable premium features, subscription management is handled securely via Stripe using hosted forms and client‑side JavaScript. No payment data is stored or processed by Gatey.
Do I need AWS or Cognito knowledge to use it?: Basic AWS Cognito setup is needed (e.g. user pool, app client). But the plugin handles all frontend logic — sign‑in, sign‑up, MFA, attribute access — visually.
Can I show or hide content based on the logged‑in user?: Yes. You can use shortcodes or CSS variables like –gatey-account-group-admin or –gatey-account-attribute-email to control visibility.
Is Gatey compatible with my theme?: Yes. It works with all WordPress themes and builders like Elementor, using Gutenberg blocks or shortcodes.
Do I need to register or subscribe to use Gatey?: No. Gatey works fully offline out of the box and requires no registration or subscription to function. You can configure your AWS Cognito user pool directly inside WordPress and use login, registration, MFA, and profile features without ever connecting to wpsuite.io. Premium features are entirely optional and only become available after connecting your site using secure client‑side JavaScript.
What’s the difference between plans?: Free includes all core blocks, but frontend customizations are hidden. Basic shows custom blocks on live pages. Professional unlocks social login, JWT/IAM‑secured APIs, and advanced Gatey control.
Where are the subscription-based configuration files stored, and how often are they refreshed?: All Pro settings you create in the Gatey Settings—API Settings, custom Form Fields—are saved server-side and, whenever you hit Save, an encrypted copy is written to your site’s wp-content/uploads/ folder.
The small licence file needed to decrypt that config are also stored in uploads. A licence is valid for one month, so the plugin automatically downloads a fresh file every seven days while your subscription is active.
If you run a static export, you’ll still need that weekly refresh (a short tutorial covers this topic), but a normal WordPress install handles it for you automatically.
Can I cancel or upgrade later?: Yes, at any time. The plugin will still work in Free mode, and your site’s blocks won’t break — only premium features will deactivate.

Reviews

csappancs Sseeboaseka 2, 2025

We can easily restrict private content to logged-in users on a static WordPress site.

Read all 1 review

Contributors & Developers

“Gatey – Login & SSO with Amazon Cognito” is open source software. The following people have contributed to this plugin.

Smart Cloud Solutions Inc.

“Gatey – Login & SSO with Amazon Cognito” has been translated into 2 locales. Thank you to the translators for their contributions.

Translate “Gatey – Login & SSO with Amazon Cognito” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.3.6

The reCAPTCHA provider is now enqueued inside the Gutenberg editor whenever a Site Key is set, so the Authenticator block renders correctly during editing.

1.3.5

Second observer.js patch: fixed a bug that could prevent Gatey Gutenberg blocks from rendering (they stayed invisible but produced no error).

1.3.4

Patched observer.js: eliminated edge-case errors that could appear in the browser console (rendering was unaffected).

1.3.3

Improved licence handling: secondary-domain detection and validation logic have been fixed, ensuring licences activate correctly on all mapped domains.

1.3.2

Flexible reCAPTCHA options: In Gatey Settings General you can now choose Classic v3 or Enterprise keys, and switch between google.com and the China-friendly recaptcha.net domain.
Reduced-motion polish: Additional fixes ensure all editor and front-end animations fully respect the user’s “prefers-reduced-motion” setting (follow-up to 1.2.7).
Insecure-host compatibility: All features, including licence validation, now work on plain-HTTP sites lacking the browser Crypto API.

1.3.1

reCAPTCHA upgrade: Gatey now works exclusively with reCAPTCHA Enterprise (v3) keys.

1.3.0

Sign-up attributes unlocked: all standard Cognito attributes are now available in the free plan.
Form-field editor moved down to BASIC: customise field order, labels, and validation rules without a PRO licence.
New field type – country: autocomplete selector with the full ISO list, translated in all 22 Gatey languages.
Enhanced phone_number field: country-code picker now uses the same autocomplete component and localisation as the new country field.

1.2.7

Fixed the Copy Shortcode button in Gatey › Patterns so it now works on sites served over “http://”. Also removed animations from Mantine Select components in the admin UI to prevent tab freezes on Windows when OS-level animations are disabled.

1.2.6

Added a licence-file download guide to the admin screen, plus three JavaScript helpers—Gatey.cognito.toSignIn(), Gatey.cognito.toSignUp(), and Gatey.cognito.toForgotPassword()—for switching screens inside custom blocks.

1.2.5

Filled in the last untranslated UI strings and exposed two client-side helpers: Gatey.cognito.setLanguage() and Gatey.cognito.setDirection() for runtime language or LTR/RTL switching.

1.2.4

Fixed attribute parsing in the [gatey] shortcode; all parameters now load correctly even in edge-case combinations.

1.2.3

Small fixes: the shortcode’s direction attribute now accepts auto, and shortcode previews inside the Elementor editor render correctly even when multiple Gatey shortcodes are placed on the same page.

1.2.2

Added “Auto (by language)” to the Direction setting: the Authenticator now switches to RTL for Arabic or Hebrew and stays LTR for all other languages. You can still override this at any time by selecting LTR or RTL explicitly.

1.2.1

Added a Custom Translations URL field under Gatey › Settings › General. Point it to a JSON file to override any of the 22 built-in languages—or add completely new languages—without touching the code.

1.2.0

The front-end Authenticator screens are now fully localised: choose from 22 languages and switch text direction (LTR / RTL) as needed.

1.1.2

Refined the Settings screen: subscription-management actions now appear only for users who have permission to manage the site’s active plan.

1.1.1

Added the JavaScript chunks that were accidentally left out of 1.1.0; all blocks and admin screens now load correctly.

1.1.0

New on-disk configuration system eliminates all front-end config downloads. Config + weekly licence file now live in the WordPress uploads folder (static exports still refresh the licence weekly). Because downloads are gone, all plans are now flat-priced—there is no longer any “Additional Usage” charge.
The admin screen makes it clear whether the site is linked to a WPSuite workspace and whose workspace it is.

1.0.5

Added new style controls (typography, spacing, colours, etc.) to the Account Attribute block and fixed a configuration-loading bug that could prevent the admin UI from appearing.

1.0.4

Authenticator block: added optional trigger‑button properties — render a button first, and open the Authenticator only after users click it. Perfect for building lean profile pages (see updated Get Started guide).
Account block: now supports full Gutenberg styling controls — alignment, custom HTML tag, box‑shadow, spacing (margin/padding), min‑height, typography (font‑size, line‑height, text‑align) and color (background & text).

1.0.3

Bumped the Authenticator block version to invalidate cached frontend assets—ensures the updated view.js is loaded. No functional changes.

1.0.2

Pro features for an already‑connected site can now be edited even if the WordPress administrator is not logged in to wpsuite.io.
Fixed [gatey] shortcode: the screen, variation, and colormode attributes are now honoured (previously only the pattern defaults were shown).

1.0.1

Authenticator block: added optional “Signing in”, “Signing out” and “Redirecting” message fields, so you no longer need to listen for gatey‑authenticator events for basic feedback. Defaults are empty.

1.0.0

Initial release.