Everything you need for professional-grade WordPress API authentication
Powerful
Complete Control
Track all your authentication tokens in one place, monitor who's accessing your APIs, and revoke access instantly when needed.
Centralized
Management Dashboard
Oversee API authentication from a centralized dashboard—view token details, manage user tokens, and maintain full control over your API operations.
Intelligent
Actionable Insights
Gain a deeper understanding of API usage with detailed analytics on authentication, token lifecycles, and security events.
Secure
Advanced Protection
Industry-standard JWT tokens safeguard your API endpoints with reliable, stateless authentication trusted by developers worldwide.
Seamless
Modern Integration
Easily integrate with modern frameworks and mobile apps using standardized JWT authentication trusted across the industry.
Productive
Save Development Time
Streamline your workflow—focus on building features with the help of comprehensive documentation to get started quickly.
Industry-Leading JWT implementation
Modern, reliable authentication for your WordPress REST API—simple, seamless, and hassle-free. Connect any app or service without complex setups or compatibility issues.
Simple
Generate Token
Authenticate users and issue JWT tokens with a single API call. Receive both user details and tokens in one seamless response. Secure your API endpoints in just seconds.
Reliable
Validate Token
Ensure robust security with built-in JWT validation. Verify token signatures and claims to confirm authenticity, expiration status, and proper signing. Block unauthorized access with ease.
Automatic
Refresh Token
Keep users seamlessly authenticated while maintaining strong security. Automatically manage token expiration and renewal, ensuring uninterrupted sessions without manual intervention.
What is JWT and why it's vital for your WordPress REST API
JSON Web Tokens (JWT) provide a lightweight, secure way to enable stateless authentication for your WordPress REST API, simplifying processes and enhancing performance.
What is JWT?
JWT (JSON Web Token) is a compact and secure method for transmitting authentication and authorization data between two parties. Each token consists of three parts: a header, which defines the type of token and algorithm used; a payload, which contains the claims or user information; and a signature, which verifies the token's authenticity. Once a user is authenticated, a JWT is issued and can be used to securely access protected API endpoints without needing to authenticate repeatedly.
In the context of the WordPress REST API, JWT provides an efficient solution for managing secure interactions between your WordPress site and external applications or services. Unlike traditional session-based authentication methods, JWT is stateless, eliminating the need for server-side session storage. This approach reduces server load, simplifies scaling, and enables seamless integration with modern web and mobile applications. By leveraging JWT, developers can enhance the security and performance of their WordPress REST API, ensuring that only authorized users can access critical data and functionality.
Key Benefits
- Protection
- Enhanced Security
- Flexibility
- Scalability
- Efficiency
- Improved Performance
- Compatibility
- Seamless Integration
Free vs. Pro: Unlock the full potential
Already using our free plugin? Discover how the Pro version enhances your API security with advanced features, comprehensive monitoring, and professional-grade controls to safeguard your WordPress site.
| Feature | WP.org versionFree forever | JWT Auth Prostarts at $59/yr |
|---|---|---|
| Basic JWT Authentication | Included in WP.org version | Included in JWT Auth Pro |
| Token Generation | Included in WP.org version | Included in JWT Auth Pro |
| Token Validation | Included in WP.org version | Included in JWT Auth Pro |
| Token Refresh Mechanism | Not included in WP.org version | Included in JWT Auth Pro |
| Token revocation | Not included in WP.org version | Included in JWT Auth Pro |
| Token Management Dashboard | Not included in WP.org version | Included in JWT Auth Pro |
| Analytics & Monitoring | Not included in WP.org version | Included in JWT Auth Pro |
| IP Blacklist | Not included in WP.org version | Included in JWT Auth Pro |
| Premium Support | Not included in WP.org version | Included in JWT Auth Pro |
| Detailed Documentation | Not included in WP.org version | Included in JWT Auth Pro |
Simple, Site-Based Pricing
All plans include the exact same powerful features. Just pick how many sites you need to secure: single site, small team (5 sites), or agency (20 sites).
Professional Single Site
Ideal for individual WordPress sites requiring robust, professional-grade API security.
USD
per year
Features:
- 1 site
- Token Refresh Mechanism
- Manual and automatic token revocation
- Premium Support
- Token Management Dashboard
Professional Team (5 Sites)
Secure and manage multiple WordPress sites with ease—perfect for growing teams and small businesses.
USD
per year
Features:
- Up to 5 sites
- Token Refresh Mechanism
- Manual and automatic token revocation
- Premium Support
- Token Management Dashboard
Professional Agency (20 Sites)
Comprehensive API security tailored for agencies and developers managing multiple client sites.
USD
per year
Features:
- Up to 20 sites
- Token Refresh Mechanism
- Manual and automatic token revocation
- Premium Support
- Token Management Dashboard
Frequently asked questions
Your questions answered
- Who is behind JWT Authentication Pro?
- JWT Authentication Pro is developed by Enrique Chavez (@tmeister), a seasoned full-stack developer with a strong focus on WordPress and open-source technologies. Enrique has contributed to the WordPress ecosystem for years, creating plugins, and tools that help developers build more efficiently. His commitment to open-source development ensures that his projects, including JWT Authentication Pro, are designed to be simple, flexible, and developer-friendly.
- What are the system requirements for JWT Authentication Pro?
- JWT Authentication Pro requires PHP 8.1 or higher and WordPress 5.0 or higher with REST API enabled. You'll need to configure a secret key in your wp-config.php file and ensure your server has HTTP Authorization Header enabled.
- How does token refresh mechanism work?
- When you authenticate, you receive both an access token and a refresh token. The access token is used for API requests and expires after a configurable period (default 7 days). When it expires, you can use the refresh token (valid for 30 days by default) to obtain a new access token without re-authenticating with username and password.
- Can I track and analyze JWT usage?
- Yes, JWT Authentication Pro includes a detailed analytics dashboard that tracks authentication attempts, token usage patterns, active users, security events, and system health metrics. You can configure retention periods and export analytics data in CSV/JSON formats.
- How do I handle CORS in my application?
- CORS support can be enabled by adding JWT_AUTH_CORS_ENABLE constant in your wp-config.php file. The plugin provides filters to customize CORS headers, and you can configure allowed origins, methods, and headers through the settings interface.
- What happens to tokens when a user changes their password?
- By default, all tokens are automatically revoked when a user changes their password, email, or role. This behavior can be customized using filters like jwt_auth_pro_revoke_tokens_on_password_change. The Pro version gives you granular control over token lifecycle management.
- Does the plugin support multisite installations?
- Yes, JWT Authentication Pro is fully compatible with WordPress multisite installations. Each site can have its own JWT configuration, and the analytics and token management features work across the entire network.
- What signing algorithms are supported?
- The plugin supports multiple signing algorithms including HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512, PS256, PS384, and PS512. You can choose and configure your preferred algorithm through settings or using the jwt_auth_algorithm filter.
- How can I customize token claims and validation rules?
- You can use filters like jwt_auth_token_before_sign and jwt_auth_token_before_dispatch to modify token claims and data. The Pro version also provides an interface for configuring custom validation rules, token lifetime, and security policies.
- Do you offer lifetime access?
- Yes, we offer lifetime access to JWT Authentication Pro. You can purchase the plugin once and use it on any number of sites for as long as you want.
- Do you offer a free trial?
- No sorry, we do not offer a free trial. We offer a 30-day money-back guarantee.
- Do you offer refunds?
- Yes, we offer a 30-day money-back guarantee. If you are not satisfied with the product, you can request a refund within 30 days of purchase. Please note that we charge a 10% processing fee for refunds.
- What is the refund processing fee?
- When processing refunds, a 10% fee is applied to help cover transaction costs. For example, if you request a refund for a $100 purchase, you'll receive $90 back. This modest fee helps us maintain quality service and efficient refund processing for all our customers.