Challenge
A nonprofit arts organization needed a way for board members and staff to securely access sensitive documents like meeting minutes, financial reports, and governance materials.
The existing process relied on email attachments and shared drives, creating version confusion, security gaps, and no way to track who accessed what.
Solution
84EM built a custom WordPress plugin that provides two separate, secure document portals directly within the organization’s existing website.
Board members and staff each have their own dedicated portal with role-based access control, passwordless login, and a categorized document library.
The system eliminates the need for third-party file sharing services while keeping everything managed within WordPress.
Technical Implementation
- Dual-portal architecture with separate board and staff document libraries, each with their own login page and access controls.
- Passwordless magic link authentication that sends single-use, time-limited login links via email, removing the need for members to manage passwords.
- Six custom WordPress roles with granular capabilities covering portal access, document viewing, downloading, and management for both board and staff contexts.
- Secure file storage that moves uploaded documents outside the public web directory and renames them with hashed filenames, preventing direct URL access.
- PHP-controlled file delivery that verifies login status and role-based permissions before serving any document download.
- Download audit logging that records every file access with user identity, document name, portal, and IP address for compliance tracking.
- Accordion-based document organization with categories, subcategories, and custom display ordering so members can quickly find what they need.
- User enumeration prevention that returns identical responses regardless of whether an email address exists, protecting member privacy.
- WP-CLI command suite for managing documents, users, categories, roles, and audit logs from the command line.
- REST API integration for document management, enabling future expansion into mobile or external applications.
Results
Board members and staff now access a single, organized portal to find and download documents instead of searching through email threads.
Magic link login removed the friction of password management, resulting in a simpler experience for non-technical users.
The organization gained full visibility into document access through audit logging, supporting governance and compliance requirements.
Administrators manage everything from within WordPress, with no additional software licenses or third-party platforms required.