內容簡介
總結:
Auth0 Login for WordPress 提供了一個簡單安全的方式,使用 Auth0 登入 WordPress。它將預設的登入畫面換成重定向至 Auth0 的畫面。
問與答:
1. Auth0 Login for WordPress 提供了哪些特點?
- 非常容易設置
- 使用一個秘密鏈接取代標準的 WordPress 登入 URL 以提供額外安全性
- 使用 OAuth 2.0 / OIDC 透過 Auth0 驗證用戶
2. 如何進行外掛設置?
- 可透過 WordPress 管理界面或在 wp-config.php 文件中定義常數來配置外掛
- 選項1:透過 WordPress 管理員界面進行設置
- 進入 WordPress Admin > Settings > Auth0
- 輸入以下必要信息:秘密登入令牌、Auth0 域名、Auth0 應用程式 Client ID、Auth0 應用程式 Client Secret
- 點擊保存更改
- 選項2:透過 wp-config.php 進行設置(建議)
- 在 wp-config.php 文件中添加以下行: Auth0 設置常數 (AYSNC_AUTH0_SECRET_LOGIN_TOKEN、AYSNC_AUTH0_DOMAIN、AYSNC_AUTH0_CLIENT_ID、AYSNC_AUTH0_CLIENT_SECRET)
3. Auth0 用於什麼以及它的資料處理方式?
- Auth0 是一個基於雲的身份和存取管理平台,提供身份驗證和授權服務。此外掛使用 Auth0 進行用戶驗證,而不使用 WordPress 內置的驗證系統。
- 用戶嘗試登入時將數據發送至 Auth0,進行身份認證和獲取用戶憑證和用戶配置文件信息。
- 用戶配置文件信息如電子郵件地址將從 Auth0 源取出以匹配或創建 WordPress 用戶帳戶
4. 服務信息
- 服務提供者:Auth0, Inc.
- 服務網址:https://auth0.com/
- 服務條款:https://auth0.com/terms
- 隱私政策:https://auth0.com/privacy
- 重要提示:您必須配置自己的 Auth0 應用程序並負責審閱和遵守 Auth0 的服務條款和隱私政策。資料處理取決於您的 Auth0 配置以及用戶在驗證過程中提供的信息。
外掛標籤
開發者團隊
原文外掛簡介
❤️ Contribute on GitHub
Auth0 Login for WordPress provides a simple, secure way to log in to WordPress using Auth0. It hides the default login screen with a redirect to Auth0.
Watch this video to see how to configure your Auth0 application and hook it up to WordPress:
Features
Very easy to set up
Replaces the standard WordPress login URL with a secret link for additional security
Authenticates users via Auth0 using OAuth 2.0 / OIDC
Configuration
You can configure the plugin either through the WordPress admin interface or by defining constants in your wp-config.php file (recommended for enhanced security).
Option 1: WordPress Admin Configuration (Basic)
Go to WordPress Admin > Settings > Auth0
Enter the following required information:
Secret Login Token: A unique, random string that will be used for your custom login URL
Domain: Your Auth0 domain (e.g., your-tenant.auth0.com)
Client ID: Your Auth0 application Client ID
Client Secret: Your Auth0 application Client Secret
Save changes
Option 2: wp-config.php Configuration (Recommended)
For enhanced security, add the following lines to your wp-config.php file:
// Auth0 Configuration
define( 'AYSNC_AUTH0_SECRET_LOGIN_TOKEN', 'your-secret-token' );
define( 'AYSNC_AUTH0_DOMAIN', 'your-tenant.auth0.com' );
define( 'AYSNC_AUTH0_CLIENT_ID', 'your-client-id' );
define( 'AYSNC_AUTH0_CLIENT_SECRET', 'your-client-secret' );
This method prevents your Auth0 credentials from being stored in the database.
Important: Don’t lose your login URL!
After configuring the plugin:
Your WordPress login URL will change to: https://your-wordpress-site.com/your-secret-token
The standard wp-login.php page will be disabled
Save your new login URL in a secure location – you’ll need it to access your WordPress admin area
If you change your Secret Login Token in wp-config.php, use the “Update Login URL” button in the Auth0 settings page to refresh the login URL.
External Services
This plugin connects to Auth0, a third-party authentication service, to provide secure user authentication for your WordPress site.
What is Auth0 and what is it used for?
Auth0 is a cloud-based identity and access management platform that provides authentication and authorization services. This plugin uses Auth0 to authenticate users instead of using WordPress’s built-in authentication system.
What data is sent and when?
The following data is transmitted to Auth0:
* When a user attempts to log in: The user is redirected to Auth0’s servers for authentication
* During the OAuth flow: Auth0 receives user credentials and returns authentication tokens and user profile information (email, name, etc.) back to your WordPress site
* User profile information such as email address is retrieved from Auth0 to match or create WordPress user accounts
Service Information
Service Provider: Auth0, Inc.
Service Website: https://auth0.com/
Terms of Service: https://auth0.com/terms
Privacy Policy: https://auth0.com/privacy
Important: You must configure your own Auth0 application and are responsible for reviewing and complying with Auth0’s terms of service and privacy policy. The data processing depends on your Auth0 configuration and the information users provide during authentication.
