SignoffFlow - Client Approval Workflow & Client Portal

Only WordPress users assigned to that client account, plus staff users with the cliapwo_manage_portal capability.

Clients receive protected download links that go through an access-checked endpoint. Files are stored in a dedicated cliapwo-private uploads subdirectory instead of standard public Media Library URLs, and the portal UI does not expose raw file paths. Apache hardening files are created automatically for that directory. Nginx hosts may still need an equivalent deny rule added at the server level.

Yes. SignoffFlow can send request, update, and file notifications with wp_mail() to all WordPress users assigned to the related client account. Notification types can be toggled in SignoffFlow > Settings.

Yes, but local mail delivery depends on your environment. SignoffFlow records Email attempt entries in the Event Log for each notification. If WordPress cannot confirm delivery, SignoffFlow also shows a dismissible admin notice on its own screens so you can check the Event Log and review your mail transport. The Notifications settings screen also includes an Email delivery help section with a simple test flow and recommendations for Mailpit, MailHog, SMTP, Postmark, and Mailtrap.

Yes. The portal uses a stable root wrapper (.cliapwo-portal), documented CSS variables, and a small set of filters for wrapper classes, section classes, and inline style variables. For installed sites, see the Portal styling help note in SignoffFlow > Settings. Customizations should be added from a theme or site-specific plugin rather than by editing SignoffFlow directly.

Clients can add a response note of up to 500 characters when choosing an approval outcome. A note is optional for Approved and required for Changes requested, Rejected, and Blocked. The latest response, responder, and response time are shown in the client portal and request admin screen. Reopening a request preserves the previous response until the client submits a new one.