WordPress Plugin for Auth0 Authentication
🚀 Getting Started - 💬 Feedback
- PHP 8.0+
- Most recent version of WordPress
- WordPress configured with database privileges allowing database table creation
Please review our support policy to learn when language and framework versions will exit support in the future.
Add the dependency to your application with Composer:
composer require auth0/wordpress
Then,
- Log in to your WordPress site as an administrator.
- Go to Plugins menu.
- Look for "Login by Auth0" in the list.
- Click Install Now, and then Activate.
- Log in to your WordPress site as an administrator.
- Go to Plugins menu, then click 'Add New.'
- Search for "Login by Auth0".
- Click Install Now, and then Activate.
Create a Regular Web Application in the Auth0 Dashboard. Verify that the "Token Endpoint Authentication Method" is set to POST
.
Next, configure the callback and logout URLs for your application under the "Application URIs" section of the "Settings" page:
- Allowed Callback URLs: The URL of your application where Auth0 will redirect to during authentication, e.g.,
http://localhost:3000/callback
. - Allowed Logout URLs: The URL of your application where Auth0 will redirect to after the user logout, e.g.,
http://localhost:3000/login
.
Note the Domain, Client ID, and Client Secret. These values will be used later.
Upon activating the Auth0 WordPress plugin, you will find a new "Auth0" section on the left-hand side of your administrative dashboard. This section enables you to configure the plugin.
At a minimum, you will need to configure the Domain, Client ID, and Client Secret sections for the plugin to function.
We recommend testing on a staging/development site using a separate Auth0 Application before putting the plugin live on your production site. Be sure to enable the plugin from the Auth0's plugins admin settings page for authentication with Auth0 to function.
For performance reasons, V5 of the WordPress plugin has adopted its own database tables. This means the WordPress database credentials you have configured must have appropriate privileges to create new tables.
It's essential to configure your WordPress site's built-in background task system, WP-Cron. This is the mechanism that V5 of the WordPress plugin keeps WordPress and Auth0 in sync.
- Our PHP version support window mirrors the PHP release support schedule. Our support for PHP versions ends when they stop receiving security fixes.
- As Automattic's stated policy is "security patches are backported when possible, but this is not guaranteed", we only support the latest release marked as "actively support" by Automattic.
Plugin Version | WordPress Version | PHP Version | Support Ends |
---|---|---|---|
5 | 6 | 8.2 | Dec 2025 |
8.1 | Nov 2024 | ||
8.0 | Nov 2023 |
Deprecations of EOL'd language, or framework versions are not considered a breaking change. Legacy applications will stop receiving updates from us but will continue to function on those unsupported SDK versions. Please ensure your PHP and WordPress environments always remain up to date.
We appreciate feedback and contribution to this repo! Before you get started, please see the following:
To provide feedback or report a bug, please raise an issue on our issue tracker.
Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
Auth0 is an easy-to-implement, adaptable authentication and authorization platform. To learn more checkout Why Auth0?
This project is licensed under the MIT license. See the LICENSE file for more info.