Effortless JWT Authentication for WordPress

Secure your WordPress REST API with the authentication method trusted by leading tech companies worldwide—robust, reliable, and ready to scale.

Get startedDocumentation

Authentication

All-in-One JWT Authentication for WordPress

Add modern JWT authentication to your WordPress REST API. Built specifically for API requests, JWT Authentication Pro provides secure, stateless token-based authentication that works alongside WordPress's existing authentication system.

Features

Everything developers need for secure API authentication

Token lifecycle management, user activity monitoring, automatic revocation controls, and detailed analytics that give you complete visibility and control over your WordPress REST API access.

Complete Control

Track all your authentication tokens in one place, monitor who's accessing your APIs, and revoke access instantly when needed.

Token management

Manage authentication tokens for API access and service integrations.

Jessica Smith
Last used: June 13, 2025 3:08 am
Active
Jane Doe
Last used: April 2, 2025 1:40 am
Revoked
Sam Peterson
Last used: January 1, 2025 1:40 am
Expired
Nayeli Strosin
Last used: June 13, 2025 3:08 am
Active
Brett Rogahn
Last used: June 10, 2025 10:34 am
Revoked

Save Development Time

Streamline your workflow—focus on building features with comprehensive documentation and easy-to-use code examples to get started quickly.

Custom Claims

Add custom claims to JWT tokens using WordPress filters

functions.php
add_filter('jwt_auth_token_before_sign', function($token, $user) {
    $token['customer_type'] = get_user_meta($user->ID, 'customer_type', true);
    $token['loyalty_points'] = get_user_meta($user->ID, 'loyalty_points', true);
    $token['preferred_currency'] = get_user_meta($user->ID, 'currency', true);
    $token['customer_id'] = get_user_meta($user->ID, 'customer_id', true);
    $token['customer_email'] = get_user_meta($user->ID, 'customer_email', true);
    return $token;
}, 10, 2);

Advanced Protection

Industry-standard JWT tokens safeguard your API endpoints with reliable, stateless authentication trusted by developers worldwide.

Security Audit Trail

Complete compliance logging with full context

Created
June 13, 2025 3:08 am
Client Context
IP: 110.11.194.83
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Token Details
Revoked
Hash: bb414972b6df2f5a902...
User: John Doe (ID: 1)
Last Used
June 13, 2025 3:08 am
Revoked
June 13, 2025 3:08 am

Management Dashboard

Oversee API authentication from a centralized dashboard—view token details, manage user tokens, and maintain full control.

Admin Configuration Interface

All settings are managed through the admin interface.

Token Settings
JWT Token Expiration:
7 days
Refresh Token Expiration:
30 days
Advanced Options
Enable CORS:
Analytics Retention:
90 days
Anonymize IP:

Implementation

Industry-Leading JWT implementation

Modern, reliable authentication for your WordPress REST API—simple, seamless, and hassle-free. Connect any app or service without complex setups or compatibility issues.

Generate Token

Authenticate users and issue JWT tokens with a single API call. Receive both user details and tokens in one seamless response.

User Authentication
Active
Credential Validation
Active

Validate Token

Ensure robust security with built-in JWT validation. Verify token signatures and claims to confirm authenticity and expiration status.

Signature Check
Verified
Claims Validation
Verified
Expiration Status
Verified

Refresh Token

Keep users seamlessly authenticated while maintaining strong security. Automatically manage token expiration and renewal.

Auto Renewal
Enabled
Lifecycle Management
Enabled
Session Continuity
Enabled

Education

What is JWT and why it's vital for your WordPress REST API

JSON Web Tokens (JWT) provide a lightweight, secure way to enable stateless authentication for your WordPress REST API, simplifying processes and enhancing performance.

What is JWT?

JWT (JSON Web Token) is a compact and secure method for transmitting authentication and authorization data between two parties. Each token consists of three parts: a header, which defines the type of token and algorithm used; a payload, which contains the claims or user information; and a signature, which verifies the token's authenticity. Once a user is authenticated, a JWT is issued and can be used to securely access protected API endpoints without needing to authenticate repeatedly.

In the context of the WordPress REST API, JWT provides an efficient solution for managing secure interactions between your WordPress site and external applications or services. Unlike traditional session-based authentication methods, JWT is stateless, eliminating the need for server-side session storage. This approach reduces server load, simplifies scaling, and enables seamless integration with modern web and mobile applications. By leveraging JWT, developers can enhance the security and performance of their WordPress REST API, ensuring that only authorized users can access critical data and functionality.

September 12, 2025 15:01:00
API\Auth\JWTDecoder
September 12, 2025 15:02:00
INFO: Decoding JWT token structure
Header: {"alg":"HS256","typ":"JWT"}
Payload: {"sub":"1234567890", "name":"John Doe", "iat":1516239022, "exp":1516239022}
September 12, 2025 15:03:00
API\Request\Authenticator
September 12, 2025 15:04:00
Error: Token signature verification failed
class: Invalid secret key or token tampering detected
file: /var/www/html/routes/web.php: 22
Show stack trace ⌄
September 12, 2025 15:05:00
API\Auth\StatelessValidator
September 12, 2025 15:06:00
INFO: Stateless authentication successful
method: Bearer token validation
endpoint: /api/v1/protected/users

Key Benefits

Protection
Enhanced Security
Flexibility
Scalability
Efficiency
Improved Performance
Compatibility
Seamless Integration

Comparison

Free vs. Pro: Unlock the full potential

Already using our free plugin? Discover how the Pro version enhances your API security with advanced features, comprehensive monitoring, and professional-grade controls to safeguard your WordPress site.
FeatureWP.org versionFree foreverJWT Auth Prostarts at $59/yr
Basic JWT AuthenticationIncluded in WP.org versionIncluded in JWT Auth Pro
Token GenerationIncluded in WP.org versionIncluded in JWT Auth Pro
Token ValidationIncluded in WP.org versionIncluded in JWT Auth Pro
Token Refresh MechanismNot included in WP.org versionIncluded in JWT Auth Pro
Token revocationNot included in WP.org versionIncluded in JWT Auth Pro
Token Management DashboardNot included in WP.org versionIncluded in JWT Auth Pro
Analytics & MonitoringNot included in WP.org versionIncluded in JWT Auth Pro
Geo-IP IdentificationNot included in WP.org versionIncluded in JWT Auth Pro
Premium SupportNot included in WP.org versionIncluded in JWT Auth Pro
Detailed DocumentationNot included in WP.org versionIncluded in JWT Auth Pro
Rate LimitingNot included in WP.org versionIncluded in JWT Auth Pro
Developer ToolsNot included in WP.org versionIncluded in JWT Auth Pro

Pricing

Simple, Site-Based Pricing

All plans include the exact same powerful features. Just pick how many sites you need to secure: single site, small team (5 sites), or agency (20 sites).

Professional Single Site

Ideal for individual WordPress sites requiring robust, professional-grade API authentication solutions.

$5999

USD

per year

Lifetime license:$179.993-YEAR VALUE
Get it now!

Features:

  • 1 site
  • Token Refresh Mechanism
  • Manual and automatic token revocation
  • Premium Support
  • Token Management Dashboard

Professional Team (5 Sites)

Secure and manage multiple WordPress sites with ease—perfect for teams and small businesses.

$14999

USD

per year

Lifetime license:$449.993-YEAR VALUE
Get it now!

Features:

  • Up to 5 sites
  • Token Refresh Mechanism
  • Manual and automatic token revocation
  • Premium Support
  • Token Management Dashboard

Professional Agency (20 Sites)

Comprehensive API security tailored for agencies and developers managing multiple client sites.

$33999

USD

per year

Lifetime license:$999.993-YEAR VALUE
Get it now!

Features:

  • Up to 20 sites
  • Token Refresh Mechanism
  • Manual and automatic token revocation
  • Premium Support
  • Token Management Dashboard
  • White-labeling

Note: JWT Authentication Pro requires PHP 8.1 or higher

Common Questions

Get the answers you need

Quick solutions to implementation questions and technical details about JWT Authentication Pro.
Who is behind JWT Authentication Pro?

JWT Authentication Pro is developed by Enrique Chavez (@tmeister), a seasoned full-stack developer with a strong focus on WordPress and open-source technologies. Enrique has contributed to the WordPress ecosystem for years, creating plugins, and tools that help developers build more efficiently. His commitment to open-source development ensures that his projects, including JWT Authentication Pro, are designed to be simple, flexible, and developer-friendly.

What are the system requirements for JWT Authentication Pro?

JWT Authentication Pro requires PHP 8.1 or higher and WordPress 5.0 or higher with REST API enabled. You'll need to configure a secret key in your wp-config.php file and ensure your server has HTTP Authorization Header enabled.

How does token refresh mechanism work?

When you authenticate, you receive both an access token and a refresh token. The access token is used for API requests and expires after a configurable period (default 7 days). When it expires, you can use the refresh token (valid for 30 days by default) to obtain a new access token without re-authenticating with username and password.

Can I track and analyze JWT usage?

Yes, JWT Authentication Pro includes a detailed analytics dashboard that tracks authentication attempts, token usage, active users, etc. You can configure retention periods as well.

How do I handle CORS in my application?

CORS support can be enabled in the plugin settings. The plugin provides filters to customize CORS headers.

What happens to tokens when a user changes their password?

By default, all tokens are automatically revoked when a user changes their password, email, or role. This behavior can be customized using filters. The Pro version gives you granular control over token lifecycle management.

What signing algorithms are supported?

The plugin supports multiple signing algorithms including HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512, PS256, PS384, and PS512. You can choose and configure your preferred algorithm through settings or using the jwt_auth_algorithm filter.

How can I customize token claims and validation rules?

You can use filters like jwt_auth_token_before_sign and jwt_auth_token_before_dispatch to modify token claims and data. The Pro version also provides an interface for configuring custom validation rules, token lifetime, and security policies.

Does an installation on a local environment count as a site for my license?

No, a site on a local environment does not count as a site for your license. You can use JWT Authentication Pro on your local environment without any restrictions. However, if you deploy your site to a production server, you will need to activate the license key.

Do you offer lifetime access?

Yes, we offer lifetime access to JWT Authentication Pro. You can purchase the plugin once and use it as long as you want.

Do you offer a free trial?

No, we do not offer a free trial. However, we provide a 14-day compatibility guarantee for technical incompatibility issues that our support team cannot resolve.

Do you offer refunds?

Yes, we offer a 14-day compatibility guarantee. Refunds are provided only for unresolvable technical compatibility issues that our support team cannot solve. You must work with our support team first before requesting a refund. Payment processor fees (3-5%) are deducted from approved refunds.