01
Real OAuth 2.0 / OIDC
Standards-compliant authorization code flow with state validation, encrypted client secrets, and rate-limited callbacks. No bespoke nonsense.
OAuth 2.0 / OpenID Connect · for WordPress
Modern OAuth single sign-on,
built forWordPress.
Connect Google, Azure AD, Okta, Auth0, or any OAuth 2.0 provider in minutes. Standards-compliant. Free to start.
Drop-in install · No vendor lock-in · Open standards
Works with any OAuth 2.0 provider, including yours
Why SSOPress
Production-ready OAuth,
without the rough edges.
02
Role & attribute mapping
Map any OAuth claim to WordPress fields, including nested values with dot notation. Auto-assign roles from group memberships. (Pro)
03
Audit logs that matter
Every login attempt, token exchange, and user provisioning event. Searchable, filterable, with IP and user-agent forensics. Configurable retention. (Pro)
Pricing
One product. Four ways to use it.
Start free on WordPress.org. Upgrade when you need premium features or more than one site. Annual prices below. Monthly billing available at checkout.
Free
0forever
Unlimited sites
- One OAuth provider config
- Standard attribute mapping
- Hide WP login form
- Custom login button
- Community support
Most popular
Pro
99/ year
1 site
- Everything in Free, plus:
- Role mapping & group sync
- Custom attribute mapping
- Searchable audit logs
- Configurable log retention
- Email support, 48-hour response
Agency
249/ year
Up to 5 sites
- Everything in Pro, plus:
- Activate on 5 sites
- Priority support, 24-hour response
- License management dashboard
Unlimited
499/ year
Unlimited sites
- Everything in Agency, plus:
- Activate on unlimited sites
- Priority queue support
- Onboarding session
All paid plans include lifetime updates while your license is active · Compare features in detail
Common questions
Before you install, a few things you might ask.
What OAuth providers does SSOPress support?
Any standards-compliant OAuth 2.0 or OpenID Connect provider. That includes Google, Microsoft Entra ID (Azure AD), Okta, Auth0, GitHub, GitLab, Keycloak, Authentik, Ory Hydra, Casdoor, Dex, Zitadel, and any in-house OIDC server. If your provider publishes a discovery document, you can wire it up in a minute.
Is the free version actually useful, or is it crippleware?
It's a complete working OAuth flow. One provider, standard attribute mapping, encrypted client secret storage, rate-limited callbacks, optional hiding of the WP login form, and a custom login button. You can run a real production site on the free tier. Pro adds role mapping, searchable audit logs, and custom attribute mapping for more complex identity setups.
Will it replace the WordPress login page?
No. SSOPress augments wp-login.php rather than replacing it. The standard login form is still there and can be hidden with a setting. There's an admin backdoor URL (?oauthlogin=false) that always shows the native form so you can never lock yourself out.
How secure is it?
Client secrets are encrypted at rest via libsodium (with an OpenSSL fallback). OAuth state tokens are 64-character hex and validated on callback. Both the initiation and callback endpoints are rate-limited per IP. Every auth event is recorded in an audit log. Session redirects are validated to prevent open redirect vulnerabilities.
Does it work with multisite?
The current version targets single-site installs. Multisite network support is on the roadmap for an Agency-tier feature. If you need multisite today, get in touch and we'll talk about timing.
What happens when my Pro license expires?
The plugin keeps working indefinitely with all Pro features still active. You just stop receiving updates and support until you renew. Nothing gets disabled on expiry and you don't lose any data.
Ready when you are
Drop it in. Configure your provider.
You're done.
SSOPress installs like any WordPress plugin. Paste your client ID and secret, point it at your provider's authorize and token URLs, and your users have single sign-on. No middleware, no proxies, no tenants to provision.