All docs
Connection & Authentication

Getting Started

What Is Syncly for GoHighLevel? System Requirements Installation Guide Quick Start: Setup Wizard Plugin Dashboard Overview Free vs Pro: Feature Comparison White-Label Domain Setup WordPress Multisite Setup

Connection & Authentication

Connecting via OAuth2 Manual API Token Authentication API Scope Detection Multi-Location and Agency Setup Disconnecting and Reconnecting Security Best Practices Connection Troubleshooting

Field Mapping

How Field Mapping Works Setting Up Field Mapping Sync Direction: To GHL, From GHL, Both Ways Computed and Virtual Fields Extended Field Mapping (Pro) AI-Assisted Field Suggestions (Pro)

User Sync & Tag Management

How User Sync Works Configuring User Sync Settings Bulk User Sync Login Tracking Ping-Pong Prevention Role-Based Tagging System Global Tags (Pro) Sync Preview and Dry Run (Pro) User Profile GHL Section

Content Restrictions

How Tag-Based Restrictions Work Page and Post Metabox Setup [syncly_restrict] Shortcode Gutenberg Restricted Content Block Elementor Widget Conditions (Pro) Archive and REST API Protection (Pro) Admin Bypass and Override Rules (Pro)

Forms & Shortcodes

Embedding Syncly Forms: Overview [syncly_form] Shortcode [syncly_user_meta] Shortcode Syncly Form Gutenberg Block Syncly Form Elementor Widget Per-Form Submission Limits (Pro) Form Autofill and Logged-In-Only Mode Contact Form 7 Integration

Webhooks & Bulk Import

Setting Up Inbound Webhooks Webhook Event Types Bulk Import from GoHighLevel Webhook Troubleshooting Ping-Pong Prevention and Guards

WooCommerce Integration

WooCommerce Integration Overview Per-Product GHL Tags (Pro) Abandoned Cart Tracking (Pro) Pipeline and Opportunity Management (Pro) Lead-to-Customer Conversion (Pro) WooCommerce Extended Field Mapping (Pro)

LearnDash Integration

LearnDash Integration Overview (Pro) Course Enrollment and Completion Tags (Pro) Tag-Based Auto-Enrollment (Pro) Quiz Score-Based Threshold Tagging (Pro) Lesson and Topic Completion Tags (Pro) Syncing Course Progress to GHL (Pro) LearnDash Group Sync (Pro) LearnDash Extended Field Mapping (Pro)

BuddyBoss Integration

BuddyBoss Group Sync to GHL Custom Objects BuddyBoss Group Admin Metabox Bulk Group Sync BuddyBoss XProfile Field Mapping (Pro) Family BuddyBoss Groups (Pro)

Pro Features

Custom Objects: Overview (Pro) Mapping Post Types to GHL Custom Objects (Pro) Custom Object Contact Associations (Pro) Family Relationships: Overview (Pro) Managing Family Members and Invitations (Pro) Family Tag Inheritance (Pro) Conditional Navigation Menus (Pro) [syncly_family_manager] Shortcode (Pro) Analytics Dashboard (Pro) Public REST API Endpoints (Pro)

Sync Engine & Troubleshooting

How the Sync Queue Works Sync Logs and Reading Them Enhanced Sync Logs (Pro) Rate Limits and API Quotas Auto-Login Links Email Notifications Setup Advanced Settings (Cache, Batch Size, Retention) Common Issues and Solutions Frequently Asked Questions Uninstalling the Plugin

Connection & Authentication

Security Best Practices

< 1 min read Updated Jun 6, 2026

Credential storage

OAuth2 tokens are encrypted using your WordPress site’s secret keys and salts before being stored in the database. Never stored in plain text. If your WordPress salts rotate, reconnect.

Webhook security

Inbound webhooks use a shared-secret header (x-ghl-token). The plugin auto-generates a secret. Add it to your GHL automation as a custom header value. Without it, payloads are rejected with a 401 error.

To regenerate: go to Settings > Webhooks and click Regenerate Secret. Update the value in GHL after.

Nonce verification

All admin AJAX requests use WordPress nonces to prevent CSRF attacks.

Rate limiting

The plugin enforces 100 requests per 10 seconds (burst) and 200,000 requests per day. This protects your GHL account from being flagged for API abuse.

Sync log redaction

Tokens, secrets, and authorization headers are automatically redacted from sync log entries. Logs are safe to share for troubleshooting.

HTTPS requirement

OAuth2 connections require HTTPS. If your site is not on HTTPS, the connection will fail by design.

What are your Feelings