Website
Messaging

Add a Ticket Center to Your WordPress Site

Embed the Helpdesky Ticket Center for logged in WordPress users with HMAC, no plugin required. PHP code included.

Authors: Helpdesky

Adding a Ticket Center to WordPress gives your signed in users a full support portal: open conversations, view history, and reply, all without leaving your app. This guide assumes you already have authentication in place.

The Ticket Center uses HMAC SHA256 authentication. Your server signs the user's email with a secret, the embed sends the signature, and Helpdesky verifies both before rendering. For the underlying concepts, read the Ticket Center Setup Guide. Below is the WordPress specific path.

Ticket Center vs Contact Form: the Ticket Center is for signed in users. If you only need anonymous visitors to send a message, use a Contact Form instead. Authentication note: This guide uses WordPress core's built in user accounts (wp_get_current_user()). If you use WooCommerce, MemberPress, or another membership plugin, the same pattern works as long as you can read the logged in user's email server side.

Set Up Your Helpdesk

Open the Helpdesky dashboard and go to Ticket Center in the sidebar. From this page you will need:

  • Your Helpdesk ID, visible in the embed snippet at the top
  • The Verification Tool further down, used later to confirm your HMAC matches

Generate Your HMAC Secret

On the Ticket Center page, click Generate HMAC Secret and copy it immediately. Helpdesky never shows it a second time.

Define the secret in wp-config.php (above the /* That's all, stop editing! */ line):

define('HELPDESKY_HMAC_SECRET', 'hdh_secret_xxxxxxxxxxxxxxxx');
define('HELPDESKY_HELPDESK_ID', 'your_helpdesk_id');

wp-config.php is server side, so these constants are never exposed to the browser.

The secret must stay server side. Never expose it to the browser, embed it in client side bundles, or commit it to a public repo.

Compute the HMAC in a Page Template

Create a custom page template (for example page-support.php in your active theme) that only renders for signed in users:

<?php
/* Template Name: Support */
get_header();

if (!is_user_logged_in()) {
    echo '<p>Please log in to view your support center.</p>';
    get_footer();
    return;
}

$user = wp_get_current_user();
$email = $user->user_email;
$signature = hash_hmac('sha256', $email, HELPDESKY_HMAC_SECRET);
?>

<main class="support-page">
  <h1>Support</h1>
  <div id="hdh-ticket-center"></div>
  <script src="https://helpdesky.io/ticket-center.js"
    data-helpdesk-id="<?php echo esc_attr(HELPDESKY_HELPDESK_ID); ?>"
    data-email="<?php echo esc_attr($email); ?>"
    data-signature="<?php echo esc_attr($signature); ?>"></script>
</main>

<?php get_footer(); ?>

In WordPress admin, create a new page, set its template to Support, and publish.

Test It

Sign in to WordPress as a real user and open your support page. The Ticket Center should render with that user's conversations.

If you see an authentication error, copy the email and signature your template generated (use a temporary echo $signature; for debugging) and paste them into the Verification Tool in the Helpdesky dashboard. The expected signature must match yours exactly.

Common issues:

  • Signature mismatch. WordPress's user_email field includes whatever the user registered with. If a profile plugin transforms the email, sign the transformed value.
  • Caching plugins. WP Rocket, W3 Total Cache, and similar plugins may cache the page across users. Exclude the support page from caching, otherwise everyone sees the first visitor's signature.
  • Empty panel. Confirm the test user has at least one conversation, or open one from another channel first.

Next Steps

Add a public Contact Form on your marketing pages for visitors who are not signed in. Route inbound support email into the same inbox with the Email Forwarding Setup Guide.

Last updated on May 2, 2026