SSOPress
השגת גרסה חינמיתקניית Pro

תכונות

OAuth עבור WordPress, ללא קצוות מחוספסים.

OAuth 2.0 ו-OpenID Connect תואמי תקנים, נבנו מאפס עבור WordPress עם התכונות התפעוליות שבאמת צריכים בייצור.

01 Providers

Any OAuth 2.0 provider. Really.

If it speaks standards-compliant OAuth 2.0 or OpenID Connect, it works. No vendor-specific SDKs, no lock-in, no "enterprise" tenant provisioning.

  • Google, Microsoft, Azure AD, Okta, Auth0, GitHub, GitLab
  • Self-hosted: Keycloak, Authentik, Ory Hydra, Casdoor
  • Custom providers via manual endpoint configuration
  • PKCE supported where the provider requires it
Provider configuration
  • Authorization URL
  • Token URL
  • User Info URL
  • Client ID & Secret
  • Scopes (space-separated)

02 User provisioning

Automatic users from any claim shape.

SSOPress maps OpenID Connect claims and OAuth userinfo responses into WordPress user fields. Standard claims work out of the box; custom claims need nothing more than a dot path.

  • Email, name, username, display name mapped automatically
  • Custom attribute mapping with dot notation for nested fields
  • First-login user creation, subsequent-login profile sync
  • Fallback username generation from email when no preferred_username exists
{
  "sub": "42",
  "email": "sarah@example.com",
  "given_name": "Sarah",
  "family_name": "Chen",
  "profile": {
    "department": "engineering"
  }
}

# Maps to WP fields:
# email         → user_email
# given_name    → first_name
# family_name   → last_name
# profile.department → attribute for role mapping

03 Role mapping

Group-based roles, without the middleware.

Map OAuth claim values straight to WordPress roles. No sync jobs, no webhooks, no third-party identity bridges. The role is set on every login, so revocations happen naturally.

  • Map any claim value (groups, department, custom field) to a WP role
  • Case-insensitive and partial matching rules
  • Default fallback role for unmatched users
  • Re-evaluated on every login, so revocations take effect immediately
Example role mappings
  • engineering → editor
  • marketing → author
  • support → contributor
  • contractor-* → subscriber

04 Audit logs

Every auth event, searchable forever.

Login attempts, token exchanges, userinfo fetches, user provisioning events and errors land in a queryable table with IP, user agent, and error codes. Retention is configurable and pruning runs daily.

  • Seven event types: attempt, success, failure, token exchange, userinfo, user created, user updated
  • Per-event IP address, user agent, error code, error message, and metadata
  • Admin UI with filtering, search, and date-range queries
  • Configurable retention policy, pruned automatically via WP-Cron
247
Login attempts (30d)
239
Successful
8
Failed
12
Users created

05 Security

Built with defense in depth.

SSOPress takes credential storage, CSRF, replay attacks, and rate limiting seriously. It's the auth plugin we wanted to exist when we needed one for real production sites.

  • Client secrets encrypted at rest via libsodium (AES-256-CBC fallback)
  • 64-char hex state tokens validated on callback
  • Per-IP rate limiting on OAuth init and callback endpoints
  • Safe redirect validation (no open redirect vulnerabilities)
  • Nonce protection on all admin forms
// Client secret as stored:
sodium:rUixTVfn+zYe22fahdUS2mOMev...

// State token format:
60b15c5cdd6ed499fc999204868375d7
385bf90f44bf2f9222811adcc628e5a0

// Rate limit (default, filterable):
20 requests / 60 seconds / IP

06 WordPress integration

A first-class WordPress citizen.

SSOPress doesn't replace wp-login.php, it augments it. The plugin adds an OAuth button to the standard login form, optionally hides the password form, and preserves redirect_to behaviour for seamless UX.

  • Works alongside the native WordPress login, no URL replacements
  • Admin backdoor via ?oauthlogin=false so you can always recover your site
  • Preserves and validates redirect_to parameter across OAuth round-trip
  • Uses WordPress nonces, capabilities, and settings API throughout
Things we don't do
  • Replace wp-login.php
  • Require a custom proxy or middleware
  • Phone home with site data
  • Store passwords on external servers

מוכנים להריץ את זה?

התקינו את הגרסה החינמית מ-WordPress.org כדי לנסות את זרימת ה-OAuth המרכזית, או עברו ישירות ל-Pro עבור מיפוי תפקידים, יומני ביקורת ותמיכה באימייל.

התקנת גרסה חינמיתהצגת מחירים