Gmail Inbox Viewer is a lightweight, security-focused WordPress plugin that lets administrators read Gmail emails — inbox and sent mail — directly from the WordPress admin panel. No browser switching, no extra logins.

All credentials are encrypted with AES-256-CBC + HMAC-SHA256 and stored securely in the WordPress database.

• 📥 Inbox & Sent — Browse both folders with tab switching
• 🔒 Encrypted credentials — AES-256-CBC + HMAC-SHA256, never stored in plain text
• 🗑️ Delete emails — Move emails to Gmail Trash with one click
• 📄 Paginated email list — 20 emails per page
• 🔵 Unread indicator — Bold rows and blue dot for unread emails
• ↔️ Resizable panel — Drag the divider to adjust the email list width
• 🛡️ Rate limiting — Locked after 5 failed connection attempts (15-minute lockout)
• 🔑 Nonce protection — All AJAX requests protected with WordPress nonces
• 📱 Responsive — Adapts to smaller screens
• 🧹 Clean uninstall — All plugin data removed on uninstall

1. Download or clone this repository into your WordPress plugins directory:

   cd wp-content/plugins/
   git clone https://github.com/caferkara/gmail-inbox-viewer.git

2. Go to WordPress Admin → Plugins and activate Gmail Inbox Viewer.

3. Navigate to Gmail Mail → Settings and enter your Gmail credentials.

1. Enable 2-Step Verification on your Google Account
2. Go to myaccount.google.com/apppasswords
3. Select Other (Custom name) → type WordPress Gmail Viewer → click Generate
4. Copy the 16-character App Password

1. Go to Gmail Mail → Settings
2. Enter your Gmail address and the App Password
3. Click Save, then Test Connection

Google Workspace users: Your G Suite admin must enable IMAP in the Google Admin Console (Gmail → End User Access → Enable IMAP)

gmail-inbox-viewer/
├── gmail-inbox-viewer.php        # Main plugin file (bootstrap & constants)
├── admin/
│   ├── class-admin-menu.php      # Admin menus & AJAX handlers
│   └── views/
│       ├── inbox.php             # Inbox page view
│       └── settings.php         # Settings page view
├── assets/
│   ├── css/
│   │   └── gmail-viewer.css     # Admin styles
│   └── js/
│       └── gmail-viewer.js      # Frontend JavaScript (jQuery)
└── includes/
    ├── class-encryption.php     # AES-256-CBC encryption helper
    ├── class-imap-connector.php # Gmail IMAP connector & operations
    └── class-rate-limiter.php   # Rate limiter (transient-based)

Q: Why do I need an App Password? Google no longer allows direct password login for third-party apps. An App Password is a 16-character code that grants limited access to your Gmail over IMAP.

Q: Are my credentials safe? Yes. Credentials are encrypted with AES-256-CBC before being stored in the database and are never logged or exposed in the browser.

Q: Can I use this with Google Workspace? Yes, but your G Suite admin must enable IMAP access in the Google Admin Console.

Q: What happens when I delete an email? Deleted emails are moved to Gmail’s Trash folder — not permanently deleted.

Q: I get an SSL certificate error on connection. What should I do? Uncheck Verify SSL certificate in the Settings page. This is sometimes required on shared hosting environments.

Q: How do I remove my account from the plugin? Go to Gmail Mail → Settings and click Remove Account. All stored credentials will be deleted.

• Initial release
• Gmail IMAP inbox and sent mail viewer
• AES-256-CBC + HMAC-SHA256 credential encryption
• Email deletion (moves to Trash)
• Resizable email list panel
• Rate limiting, nonce protection, folder injection prevention
• Responsive admin UI

Download

You can download the system code files from github: https://github.com/caferkara/gmail-inbox-viewer