Executive Summary

CnEL India built a robust, secure and maintainable WordPress plugin that automates the entire process of collecting freelancer hours, gathering proof attachments, routing approvals to clients, and creating/sending invoices through Xero. The solution integrates Gravity Forms for data capture, the Newsletter plugin for email dispatches, and a reliable Xero integration for invoice creation — all while providing easy-to-use dashboards for freelancers and administrators.

Business Challenge

• Manual collection and verification of monthly freelancer hours created delays and billing errors.
• Clients required a simple approval method (no initial registration) with optional feedback ratings.
• Admins needed consolidated control to add or update freelancers, clients and hourly rates and to submit on behalf of freelancers.
• Invoices required banking details (no payment processing), accurate client/freelancer data and automatic generation within Xero.

Solution Overview

CnEL India delivered a custom WordPress plugin with the following capabilities:

1. Scheduled monthly reminders to freelancers to submit hours and upload evidence.
2. Gravity Forms-based submission form capturing hours, descriptions and attachments.
3. Newsletter plugin-driven transactional emails (To, CC and company-admin always CC’d).
4. Client approval flow through a one-click email link that opens a secure approval form with optional 1–5 rating.
5. Automatic Xero invoice creation after client approval, including client & freelancer details, hourly breakdown and bank transfer instructions.
6. Freelancer dashboard to view past timesheets per client and invoice history.
7. Admin screens to manage clients, freelancers, hourly rates per client, and to submit forms on behalf of freelancers.
8. Sandbox-first deployment and final installation on the client’s production WordPress site.

Technical Implementation

Architecture

The plugin follows WordPress best practices: a single plugin namespace, custom DB tables (created on activation), REST endpoints for approval links, and capability-checked admin UIs. All external communications (Xero API, email dispatch) are queued to avoid blocking web requests.

Key Components

• Gravity Forms — Used for freelancer submission forms (hours, description, attachments). Custom hooks capture entries and persist them to plugin tables.
• Newsletter Plugin — Used for templated transactional emails. Plugin uses Newsletter’s API hooks to send To and CC addresses (including multiple addresses) and ensures the company admin is CC’d on all communications.
• Xero Integration — Secure OAuth2 connection with Xero API to create draft/final invoices once client approval is recorded. Invoices include banking details and any client/freelancer meta fields required for accounting.
• Custom DB Tables — Persistent storage for freelance & client relationships and submitted hours (schema below).
• Freelancer Dashboard — A front-end dashboard (shortcode-based) that lets logged-in freelancers view, filter and export past hours and invoice status per client.
• Admin UI — WordPress admin pages for managing clients, freelancers, hourly rates, and for submitting on behalf of freelancers.


Email Flow & Approval Link

Emails are sent via the Newsletter plugin. Each timesheet entry generates an email to the client:

1. Freelancer submits hours (Gravity Forms) & receives a confirmation email (To + optional CCs).
2. Newsletter plugin sends a client email (To + CCs) containing a one-click approval link. The link contains a secure token mapped to the timesheet entry and opens a lightweight approval form on the site.
3. Client clicks the approval link, lands on the approval page, optionally provides a 1–5 rating and clicks Approve.
4. On approval, the plugin records approval, changes status, triggers Xero invoice creation and emails invoice to the client with banking details. Company admin is CC’d on all steps.

Multiple Email Addresses

Clients and freelancers can have multiple emails configured. The plugin stores primary and additional CC addresses (JSON or child table) and passes them to the Newsletter plugin templates for both To and CC fields.

Authentication and Access

• Initially clients do not need to register — approvals are driven by secure, single-use tokens in the approval link. Tokens expire after a configurable time (e.g., 30 days) for security.
• Freelancers must register and log in; plugin integrates with WP user system. For existing freelancers without WP accounts, admin can create an account and email credentials or invitation links.
• Admin roles require capability checks (manage_options or custom capability) to access management screens.

Sandbox and Deployment

Development and testing are performed in a sandbox environment matching the client’s hosting environment. Once validated (unit tests, integration tests with Gravity Forms and Xero, UAT), the plugin is installed on the production site during a maintenance window. A rollback plan and database backup are included in deployment notes.

UX / Interface Highlights

• Freelancer Dashboard: View by client, month or project; upload additional evidence; see invoice status and download a PDF copy of submitted hours.
• Client Approval Page: Clean, mobile-friendly page with details, attachments preview and an optional 1–5 rating. No registration required unless client chooses to register later.
• Admin Pages: CRUD interfaces for clients, freelancers, rates and timesheet overrides. Admin can submit timesheets on behalf of freelancers using a simplified form.

Testing & Quality Assurance

• Unit tests for plugin business logic and database interactions.
• Integration tests with Gravity Forms entry flows and Newsletter email dispatch.
• Xero sandbox testing (OAuth2 flow, invoice creation and retrieval).
• End-to-end user acceptance testing with sample freelancer and client accounts.
• Security review: token expiry, capability checks, attachment virus scans (recommended), and rate limiting for approval endpoints.

Security & Privacy

All user-submitted attachments are stored as WordPress attachments and access-controlled. Approval tokens are securely generated (cryptographically random) and stored hashed in DB where feasible. API credentials for Xero are stored in wp-config.php or using the site’s secrets manager recommended by the hosting provider. GDPR/Privacy considerations are addressed by allowing data export and deletion per request.

Why CnEL India Was the Right Choice

• Expert WordPress Development: Deep experience building custom plugins that follow WP coding standards and integrate cleanly with popular plugins like Gravity Forms.
• Accounting Integrations: Proven history implementing OAuth2-based integrations with accounting platforms (Xero, QuickBooks) and creating precise invoice payloads required by finance teams.
• Secure, Scalable Design: Architected for token-based approvals, queued API jobs and safe handling of attachments and personal data.
• Delivery-first Approach: Sandbox-first development, UAT, documentation and a clear rollout plan minimized risk during production installation.
• Support & Handover: Comprehensive documentation, admin training and a handover checklist (including backup and rollback steps) ensured the client could operate independently after delivery.

Client Testimonial

“CnEL India delivered exactly what we needed — a worry-free way to collect freelancer hours and automate billing. The approval flow is simple for our clients, and the Xero invoices are accurate without manual intervention. Their attention to testing and the sandbox deployment approach made the production rollout seamless. Highly recommended.”

Deliverables

• Custom WordPress plugin (installable ZIP) with activation/deactivation hooks.
• Gravity Forms templates & mapped fields.
• Newsletter email templates for freelancer reminders, client approval requests, and invoice emails.
• Admin UI pages for client/freelancer/rate management.
• Freelancer dashboard shortcode and approval public endpoints.
• Deployment & rollback plan, technical documentation and admin user guide.

Recommended Next Steps

1. Approve the functional spec and DB schema.
2. Provide a sandbox WordPress environment and Xero developer credentials for integration testing.
3. Confirm email templates and the exact banking information format required on invoices.
4. Run UAT with a small group of freelancers and clients for one billing cycle in sandbox.
5. Schedule production deployment and handover session.