WP OAuth Server ( Login with WordPress )
WP OAuth Server plugin turns your WordPress site into an OAuth Server, enabling Login with WordPress. It allows you to login into Rocket Chat, Invision Community, WordPress, Odoo, EasyGenerator, Salesforce, Zapier, Moodle WordPress SSO, ServiceNow, Edunext, Wickr, Freshdesk, FreshWorks, ServiceNow, ShinyProxy, Knack database, Circle.so, Tribe.so, Tribe, Mobilize, Nextcloud SSO, Church Online, iSpring LMS, Academy of Mine, BoardEffect, TalentLMS, Laravel, PowerSchool, PowerSchool, Joomla, HubSpot SSO, shopify sso integration, MeritHub, Bookstack, Pimcore, 360 Learning, EventMobi, Synology, Drupal, Piano Analytics, Zerotier, and any other OAuth 2.0 compliant applications using WordPress SSO credentials. | WordPress OAuth Server Setup Guides | API Documentation | Demo / Trial | You can checkout the below video tutorial to know how to setup SSO with your OAuth/OpenID Compliant Applications. Basically, the OAuth Server plugin allows users to login into applications that are OAuth 2.0 compliant, facilitating oauth server SSO using their WordPress login credentials. As it’s name suggests, it follows the OAuth 2.0 protocol. Along with that, it also supports OpenID Connect (OIDC), and JWT protocols. The primary goal of the OAuth Server plugin is to provide Single Sign-On Login with WordPress, so users do not need to remember a username and password for each application. Using WordPress as OAuth Server, once Single Sign On is enabled, users do not need to store sensitive information to login into different applications. Discovery URL The discovery url / well-known endpoint can be used to get metadata about your Identity Server, essential for setting up oauth server SSO. It will return information about the OAuth/OpenID endpoints, issuer URL, supported grant types, supported scopes, key material along with claims in the JSON format. These details can be used by the clients to create an OpenID server request, enhancing the WordPress SSO experience. The well known configuration URL is accessible via /.well-known/openid-configuration, in relation to the issuer URL. JWT Token Verification JWT signing, which ensures the integrity of the tokens used during the WordPress SSO process, supports both symmetric and asymmetric algorithms provided by the OAuth Server. The plugin’s free version supports HS256, while the premium version supports RS256, enhancing security especially in scenarios involving HubSpot SSO and Nextcloud SSO. HS256, a symmetric signature algorithm, indicates that the signature is generated and verified using the same secret key. It is supported in the free version of the OAuth Server plugin, which is useful for basic OAuth Server SSO configurations. RS256, an asymmetric signature algorithm is different from a symmetric algorithm in that a pair of private and public keys is used to sign and validate the data respectively instead of a single secret key in an oauth server SSO setup. Why RSA algorithm should be used? The use of a public and private key pair makes RS256 more secure in comparison to HS256 where the public key is shared and might be compromised whereas in RS256, even if you do not have the control over your client, your data remains secure as it is signed using a private key. The premium version of the OAuth Server plugin supports the RS256 algorithm. Postman collection Postman collection JSON is a file that can be used for testing the configuration of OAuth 2.0 flow in the WP OAuth Server plugin without configuring an external OAuth Client by generating the access token and the API call to the resource endpoint subsequently. LIST OF POPULAR OAUTH CLIENTS SUPPORTED Rocket.Chat Invision Community (IPB Forum) Odoo WordPress SSO into other WordPress Sites EasyGenerator Salesforce Zapier Moodle Edunext Wickr Freshdesk FreshWorks ServiceNow Knack database Circle.so Tribe.so Mobilize Nextcloud iSpring LMS Church Online Academy of Mine BoardEffect Laravel PowerSchool Joomla HubSpot Shopify MeritHub Bookstack Pimcore 360 Learning EventMobi Synology Drupal Piano Analytics Zerotier WORDPRESS OAUTH / OPENID CONNECT SERVER USE CASES If you want to use your WordPress site as an Identity Server / OAuth Server / OAuth Provider and utilize Login with WordPress to access your client site/application with WordPress user’s login credentials, then you can use this plugin. You can also decide what kind of user data/attributes you want to send while Single Sign-On into your client site/application, including Moodle WordPress SSO and Nextcloud SSO functionalities. If you want to login to your Mobile app / Single Page web app (SPA) using your WordPress credentials, then you can use the Authorization code with PKCE flow grant type to achieve your use case. Single set of credentials will be used to login to multiple WordPress websites. You can access the NGINX resources using NGINX Authentication. Once you login into your client application using WP OAuth Server credentials, you will get JWT. Your client application can further use it for NGINX Authentication. Membership sync or role mapping is used to sync the memberships or roles assigned to your users from OAuth Server to OAuth/OpenID Client. Custom Attribute Mapping is helpful if you want to send additional attributes (beyond the default ones) from your WordPress usermeta table to your OAuth/OpenID client using Login with WordPress. WORDPRESS OAUTH / OPENID CONNECT SERVER FREE VERSION FEATURES Supports Login with WordPress for Single Client application Protocol Support: OAuth 2.0, OpenID Connect (OIDC) Discovery document / well-known endpoint for automatic configuration JWT signing using HS256 or RS256 algorithm (Note: In RS256 algorithm, the keys will be common for all the free version installations) Postman collection for testing OAuth 2.0 flow without actually configuring the client application Server Response: Sends User ID, username, email, first name, last name, display name in the response Grant types Supported: Authorization Code grant Multi-Site Support: Implement the WordPress as OAuth Server within a WordPress Multisite network environment to Login with WordPress users into configured applications. Master Switch: Block / unblock OAuth API calls between OAuth Clients and OAuth Server Token Length: Change the access token length OAuth API Documentation Setup guides to configure the plugin with various OAuth Clients (more coming soon) WORDPRESS OAUTH / OPENID CONNECT SERVER PREMIUM VERSION FEATURES All FREE version features Supports Login with WordPress for Multiple Client applications Server Response: Sends all the profile attributes along with roles, allows to send custom attributes from usermeta table and also customize the attribute names that need to be sent in server response Grant Types Supported: Authorization Code Grant, Implicit Grant, Password Grant, Client Credentials Grant, Refresh Token Grant, Authorization Code grant with PKCE flow Token Lifetime: Configure the access token and refresh token expiry time Enforce State Parameter: Based on client configuration, you can enable or disable state parameter Authorize / Consent prompt: Enable / disable the consent screen Redirect / Callback URI Validation: Enable / disable this feature, based on dynamic redirect to a different pages for certain conditions JWT Signing Algorithm: Supports signing algorithms HSA and RSA (with dynamic keys for each client setup) Additional endpoints: Provides Introspection endpoint, OpenID Connect Single logout endpoint, Revoke endpoint A grant is a method of acquiring an access token. Deciding which grants to implement depends on the type of client the end user will be using, and the experience you want for your users. WE SUPPORT FOLLOWING GRANTS: Authorization code grant : This code grant is used when there is a need to access the protected resources on behalf of the user on another third party application. Implicit grant : This grant relies on resource owner and registration of redirect uri. In authorization code grant users need to ask for authorization and access token each time, but here access token is granted for a particular redirect uri provided by a client using a particular browser. Client credential grant : This grant type heads towards specific clients, where access token is obtained by client by only providing client credentials. This grant type is quite confidential. Resource owner password credentials grant : This type of grant is used where the resource owner has a trust relationship with the client. Just by using username and password, provided by resource owner authorization and authentication can be achieved. Refresh token grant : Access tokens obtained in OAuth flow eventually expire. In this grant type client can refresh his or her access token. Authorization code grant with PKCE flow : This grant type is used for public clients like mobile and native apps, Single Page web apps, where there is a risk of client secret being compromised. REST API AUTHENTICATION Rest API is very much open to interact. Creating posts, getting information of users and much more is readily available. It secures unauthorized access to your WordPress sites/pages using our WordPress REST API Authentication plugin .
Top keywords
- oauth40×2.84%
- wordpress31×2.20%
- server28×1.99%
- grant26×1.85%
- client22×1.56%
- oauth server19×1.35%
- sso17×1.21%
- login15×1.07%
- token14×0.99%
- access13×0.92%
- openid11×0.78%
- authorization9×0.64%
Smush – Image Optimization, Compression, Lazy Load, WebP & CDN
Compress images, optimize images, and enable image lazy load automatically with the powerful Smush image optimizer to keep your WordPress site fast, without losing quality. Smush makes it easy to optimize images, compress images, and deliver images faster across your entire WordPress site. This all-in-one image optimizer automatically reduces image file sizes, enables image lazy load, and serves modern formats like WebP and AVIF, all without breaking image quality or adding extra work. Whether you’re running a blog, store, or portfolio, Smush helps you optimize images at scale and keep your site fast with a trusted WordPress image optimizer. Trusted by 1+ Million Sites | 4.8/5 Star Rating Get everything you need to optimize images and speed up your site. Smush works out of the box with no complicated setup – just install and let it handle the rest. Compress images without losing quality Reduce image file size automatically while keeping your images sharp and clear. Smush is an easy-to-use image optimizer which let’s you compress images using both lossless and lossy compression, giving you the best balance of quality and performance without extra work. You can also compress images outside the media library using Directory Smush, making it easy to optimize images stored in theme folders, plugins, or other directories on your server. Lazy load images for faster pages Enable image lazy load across your site so images load only when needed. This image optimizer improves initial page speed and creates a smoother experience for visitors without extra configuration. Serve WebP and AVIF images automatically (PRO) Convert images to WebP and AVIF and serve them automatically to supported browsers. Smush helps you optimize images using next-gen formats to reduce file size and improve load times across your WordPress site. Deliver images faster with an Image CDN (PRO) Serve images through a global image CDN to reduce latency and improve load times for visitors around the world. 119 global CDN servers Up to 500 GB of bandwidth Faster image delivery based on visitor location Improved performance for image-heavy and high-traffic sites Automatically resize and fix image dimensions (PRO) Eliminate common PageSpeed warnings and improve layout stability with automatic image sizing. Smush dynamically resizes images to perfectly fit their containers, regardless of original size, helping fix the “Properly size images” warning in Google PageSpeed Insights. It also automatically adds missing width and height attributes to your images, improving rendering speed and reducing layout shifts. This helps you meet the “Ensure images have explicit width and height” recommendation without any manual work. Optimize your entire site, automatically Smush works across your whole site as a powerful image optimizer to optimize images as you upload them and maintain performance over time without manual work. Optimize images automatically on upload Compress images in bulk or individually Works with your existing media library No need to re-upload images Enable image lazy load across your site Convert images to WebP and AVIF Deliver images with an integrated image CDN Automatically resize and serve correctly sized images Optimize images outside the media library with Directory Smush Built for performance Smush improves page speed and overall performance by reducing image weight and improving how images are delivered. Reduce page load times Improve user experience Better performance for image-heavy pages Supports image lazy load and preload images (PRO) for faster perceived performance Works with your existing setup Smush is built to work with your current WordPress setup, including popular themes, page builders, and plugins. Compatible with Gutenberg, Elementor, WPBakery, and more Works with WooCommerce stores No need to change your workflow Easy to enable and configure Designed to be simple You don’t need to be a performance expert to optimize images with Smush image optimizer. Works out of the box Simple settings when you need them No technical knowledge required Safe to use on any site Why choose Smush? There are plenty of image optimization plugins, but Smush focuses on making it easy to optimize images, compress images, and improve performance without complexity. As a leading WordPress image optimizer, Smush gives you powerful optimization tools without the technical hassle. Trusted by over 1 million WordPress users Built specifically for WordPress Regular updates and improvements Backed by the WPMU DEV team Get started in minutes Install Smush, activate it, and start to compress images, optimize images, and enable image lazy load right away. This easy-to-use image optimizer helps most sites see improvements immediately without changing how they upload or manage images. About Us WPMU DEV is a premium supplier of quality WordPress plugins, services and support. Learn more here: https://wpmudev.com/ Don’t forget to stay up to date on everything WordPress from the Internet’s number one resource: WPMU DEV Blog Hey, one more thing… we hope you enjoy our free offerings as much as we’ve loved making them for you! Contact and Credits Originally written by Alex Dunae at Dialect (dialect.ca, e-mail ‘alex’ at ‘dialect dot ca’), 2008-11.