WordPress Plugin for Auth0 Authentication
🚀 Getting Started - 💬 Feedback
- PHP 8.0+
- Most recent version of WordPress
- WordPress configured with database privileges allowing database table creation
Please review our support policy to learn when language and framework versions will exit support in the future.
The plugin supports installation through Composer, and is WPackagist compatible. This approach is preferred when using Bedrock or WordPress Core configurations.
When using Composer-based WordPress configurations like Bedrock, you'll usually run this command from the root WordPress installation directory, but it's advisable to check the documentation provided by the project's maintainers for best guidance. For standard installs, this command should just be run from the wp-content/plugins sub-directory.
composer require symfony/http-client nyholm/psr7 auth0/wordpress:^5.0
Note When installing with Composer, you will also need to install PSR-18 and PSR-17 compatible support libraries. The above command includes some well known defaults, but any libraries compatible with those PSRs will work.
Once the package is installed, you will need to activate the plugin for use with your WordPress site.
- Open your Dashboard.
- Select 'Plugins' from the sidebar, and then 'Installed Plugins'.
- Choose 'Activate' under the Auth0 plugin's name.
Create a Regular Web Application in the Auth0 Dashboard. Verify that the "Token Endpoint Authentication Method" is set to POST.
Next, configure the callback and logout URLs for your application under the "Application URIs" section of the "Settings" page:
- Allowed Callback URLs: The URL of your application where Auth0 will redirect to during authentication, e.g.,
http://localhost:3000/callback. - Allowed Logout URLs: The URL of your application where Auth0 will redirect to after the user logout, e.g.,
http://localhost:3000/login.
Note the Domain, Client ID, and Client Secret. These values will be used later.
Upon activating the Auth0 WordPress plugin, you will find a new "Auth0" section on the left-hand side of your WordPress Dashboard. This section enables you to configure the plugin.
At a minimum, you will need to configure the Domain, Client ID, and Client Secret sections for the plugin to function.
We recommend testing on a staging/development site using a separate Auth0 Application before putting the plugin live on your production site. Be sure to enable the plugin from the Auth0's plugins admin settings page for authentication with Auth0 to function.
For performance reasons, V5 of the WordPress plugin has adopted its own database tables. This means the WordPress database credentials you have configured must have appropriate privileges to create new tables.
It's essential to configure your WordPress site's built-in background task system, WP-Cron. This is the mechanism by which the plugin keeps WordPress and Auth0 in sync. If this is not enabled, changes within WordPress may not be reflected fully on Auth0, and vice versa.
- Our PHP version support window mirrors the PHP release support schedule. Our support for PHP versions ends when they stop receiving security fixes.
- As Automattic's stated policy is "security patches are backported when possible, but this is not guaranteed", we only support the latest release marked as "actively supported" by Automattic.
| Plugin Version | WordPress Version | PHP Version | Support Ends |
|---|---|---|---|
| 5 | 6 | 8.2 | Dec 2025 |
| 8.1 | Nov 2024 | ||
| 8.0 | Nov 2023 |
Deprecations of EOL'd language, or framework versions are not considered a breaking change. Legacy applications will stop receiving updates from us but will continue to function on those unsupported SDK versions. Please ensure your PHP and WordPress environments always remain up to date.
We appreciate feedback and contribution to this repo! Before you get started, please see the following:
To provide feedback or report a bug, please raise an issue on our issue tracker.
Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
Auth0 is an easy-to-implement, adaptable authentication and authorization platform. To learn more checkout Why Auth0?
This project is licensed under the MIT license. See the LICENSE file for more info.