Authentication
All-in-One JWT Authentication for WordPress
Features
Everything developers need for secure API authentication
Complete Control
Track all your authentication tokens in one place, monitor who's accessing your APIs, and revoke access instantly when needed.
Token management
Manage authentication tokens for API access and service integrations.
Save Development Time
Streamline your workflow—focus on building features with comprehensive documentation and easy-to-use code examples to get started quickly.
Custom Claims
Add custom claims to JWT tokens using WordPress filters
add_filter('jwt_auth_token_before_sign', function($token, $user) {
$token['customer_type'] = get_user_meta($user->ID, 'customer_type', true);
$token['loyalty_points'] = get_user_meta($user->ID, 'loyalty_points', true);
$token['preferred_currency'] = get_user_meta($user->ID, 'currency', true);
$token['customer_id'] = get_user_meta($user->ID, 'customer_id', true);
$token['customer_email'] = get_user_meta($user->ID, 'customer_email', true);
return $token;
}, 10, 2);Advanced Protection
Industry-standard JWT tokens safeguard your API endpoints with reliable, stateless authentication trusted by developers worldwide.
Security Audit Trail
Complete compliance logging with full context
Management Dashboard
Oversee API authentication from a centralized dashboard—view token details, manage user tokens, and maintain full control.
Admin Configuration Interface
All settings are managed through the admin interface.
Complete Features Overview
Explore all the features that make JWT Authentication Pro the most comprehensive authentication solution for WordPress. Each feature is designed with security, performance, and developer experience in mind.
Authentication & Token Management
Professional JWT Token Creation
Industry-standard JWT tokens with configurable expiration (minutes to years)
Multiple Signing Algorithms
Support for HS256, RS256, and all Firebase JWT library algorithms
Token Payload Customization
Add custom user data and claims to JWT token payload
Multi-Layer Token Validation
Signature, expiration, issuer, and revocation checks
Bearer Token Support
Standard Authorization header parsing
Secure Token Hashing
All tokens hashed with WordPress security functions before storage
Secure Refresh Tokens
Cryptographically secure refresh token generation
Independent Expiration Control
Separate expiration settings for JWT and refresh tokens (default 30 days)
Token Rotation
Automatic token rotation with family relationship maintenance
| Authentication & Token Management | |
Professional JWT Token Creation | Industry-standard JWT tokens with configurable expiration (minutes to years) |
Multiple Signing Algorithms | Support for HS256, RS256, and all Firebase JWT library algorithms |
Token Payload Customization | Add custom user data and claims to JWT token payload |
Multi-Layer Token Validation | Signature, expiration, issuer, and revocation checks |
Bearer Token Support | Standard Authorization header parsing |
Secure Token Hashing | All tokens hashed with WordPress security functions before storage |
Secure Refresh Tokens | Cryptographically secure refresh token generation |
Independent Expiration Control | Separate expiration settings for JWT and refresh tokens (default 30 days) |
Token Rotation | Automatic token rotation with family relationship maintenance |
Implementation
Industry-Leading JWT implementation
Generate Token
Authenticate users and issue JWT tokens with a single API call. Receive both user details and tokens in one seamless response.
Validate Token
Ensure robust security with built-in JWT validation. Verify token signatures and claims to confirm authenticity and expiration status.
Refresh Token
Keep users seamlessly authenticated while maintaining strong security. Automatically manage token expiration and renewal.
Education
What is JWT and why it's vital for your WordPress REST API
What is JWT?
JWT (JSON Web Token) is a compact and secure method for transmitting authentication and authorization data between two parties. Each token consists of three parts: a header, which defines the type of token and algorithm used; a payload, which contains the claims or user information; and a signature, which verifies the token's authenticity. Once a user is authenticated, a JWT is issued and can be used to securely access protected API endpoints without needing to authenticate repeatedly.
In the context of the WordPress REST API, JWT provides an efficient solution for managing secure interactions between your WordPress site and external applications or services. Unlike traditional session-based authentication methods, JWT is stateless, eliminating the need for server-side session storage. This approach reduces server load, simplifies scaling, and enables seamless integration with modern web and mobile applications. By leveraging JWT, developers can enhance the security and performance of their WordPress REST API, ensuring that only authorized users can access critical data and functionality.
Key Benefits
- Protection
- Enhanced Security
- Flexibility
- Scalability
- Efficiency
- Improved Performance
- Compatibility
- Seamless Integration
Comparison
Free vs. Pro: Unlock the full potential
Basic JWT Authentication
Token Generation
Token Validation
Token Refresh Mechanism
Token revocation
Token Management Dashboard
Analytics & Monitoring
Geo-IP Identification
Premium Support
Detailed Documentation
Rate Limiting
Developer Tools
| Feature | WP.org version | JWT Auth Pro |
|---|---|---|
| Basic JWT Authentication | Included in WP.org version | Included in JWT Auth Pro |
| Token Generation | Included in WP.org version | Included in JWT Auth Pro |
| Token Validation | Included in WP.org version | Included in JWT Auth Pro |
| Token Refresh Mechanism | Not included in WP.org version | Included in JWT Auth Pro |
| Token revocation | Not included in WP.org version | Included in JWT Auth Pro |
| Token Management Dashboard | Not included in WP.org version | Included in JWT Auth Pro |
| Analytics & Monitoring | Not included in WP.org version | Included in JWT Auth Pro |
| Geo-IP Identification | Not included in WP.org version | Included in JWT Auth Pro |
| Premium Support | Not included in WP.org version | Included in JWT Auth Pro |
| Detailed Documentation | Not included in WP.org version | Included in JWT Auth Pro |
| Rate Limiting | Not included in WP.org version | Included in JWT Auth Pro |
| Developer Tools | Not included in WP.org version | Included in JWT Auth Pro |
Pricing
Simple, Site-Based Pricing
Professional Single Site
Ideal for individual WordPress sites requiring robust, professional-grade API authentication solutions.
USD
per year
Features:
- 1 site
- Token Refresh Mechanism
- Manual and automatic token revocation
- Premium Support
- Token Management Dashboard
Professional Team (5 Sites)
Secure and manage multiple WordPress sites with ease—perfect for teams and small businesses.
USD
per year
Features:
- Up to 5 sites
- Token Refresh Mechanism
- Manual and automatic token revocation
- Premium Support
- Token Management Dashboard
Professional Agency (20 Sites)
Comprehensive API security tailored for agencies and developers managing multiple client sites.
USD
per year
Features:
- Up to 20 sites
- Token Refresh Mechanism
- Manual and automatic token revocation
- Premium Support
- Token Management Dashboard
- White-labeling
Note: JWT Authentication Pro requires PHP 8.1 or higher
Common Questions
Get the answers you need
- Who is behind JWT Authentication Pro?
JWT Authentication Pro is developed by Enrique Chavez (@tmeister), a seasoned full-stack developer with a strong focus on WordPress and open-source technologies. Enrique has contributed to the WordPress ecosystem for years, creating plugins, and tools that help developers build more efficiently. His commitment to open-source development ensures that his projects, including JWT Authentication Pro, are designed to be simple, flexible, and developer-friendly.
- What are the system requirements for JWT Authentication Pro?
JWT Authentication Pro requires PHP 8.1 or higher and WordPress 5.0 or higher with REST API enabled. You'll need to configure a secret key in your wp-config.php file and ensure your server has HTTP Authorization Header enabled.
- How does token refresh mechanism work?
When you authenticate, you receive both an access token and a refresh token. The access token is used for API requests and expires after a configurable period (default 7 days). When it expires, you can use the refresh token (valid for 30 days by default) to obtain a new access token without re-authenticating with username and password.
- Can I track and analyze JWT usage?
Yes, JWT Authentication Pro includes a detailed analytics dashboard that tracks authentication attempts, token usage, active users, etc. You can configure retention periods as well.
- How do I handle CORS in my application?
CORS support can be enabled in the plugin settings. The plugin provides filters to customize CORS headers.
- What happens to tokens when a user changes their password?
By default, all tokens are automatically revoked when a user changes their password, email, or role. This behavior can be customized using filters. The Pro version gives you granular control over token lifecycle management.
- What signing algorithms are supported?
The plugin supports multiple signing algorithms including HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512, PS256, PS384, and PS512. You can choose and configure your preferred algorithm through settings or using the jwt_auth_algorithm filter.
- How can I customize token claims and validation rules?
You can use filters like jwt_auth_token_before_sign and jwt_auth_token_before_dispatch to modify token claims and data. The Pro version also provides an interface for configuring custom validation rules, token lifetime, and security policies.
- Does an installation on a local environment count as a site for my license?
No, a site on a local environment does not count as a site for your license. You can use JWT Authentication Pro on your local environment without any restrictions. However, if you deploy your site to a production server, you will need to activate the license key.
- Do you offer lifetime access?
Yes, we offer lifetime access to JWT Authentication Pro. You can purchase the plugin once and use it as long as you want.
- Do you offer a free trial?
No, we do not offer a free trial. However, we provide a 14-day compatibility guarantee for technical incompatibility issues that our support team cannot resolve.
- Do you offer refunds?
Yes, we offer a 14-day compatibility guarantee. Refunds are provided only for unresolvable technical compatibility issues that our support team cannot solve. You must work with our support team first before requesting a refund. Payment processor fees (3-5%) are deducted from approved refunds.