前言介紹
- 這款 WordPress 外掛「Simple JWT Login – Allows you to use JWT on REST endpoints.」是 2019-06-13 上架。
- 目前有 4000 個安裝啟用數。
- 上一次更新是 2025-04-17,距離現在已有 19 天。
- 外掛最低要求 WordPress 4.4.0 以上版本才可以安裝。
- 外掛要求網站主機運作至少需要 PHP 版本 5.5 以上。
- 有 45 人給過評分。
- 論壇上目前有 3 個提問,問題解答率 33%
外掛協作開發者
nicu_m |
外掛標籤
api | jwt | tokens | register | auto login |
內容簡介
Simple JWT Login 是一個免費的 WordPress 外掛,可讓您在 WordPress REST 端點上使用 JWT。此外掛可讓您使用 JWT 登入、註冊、驗證、刪除和更改使用者密碼。其主要目的是讓您將行動應用程式或其他網站與 WordPress 連接起來。 此外掛具有以下一些很棒的功能:
- 使用 JWT 和 AUTH_KEY 進行自動登入
- 通過 API 註冊新使用者
- 基於 JWT 刪除 WordPress 使用者
- 重設使用者密碼
- 只允許從特定 IP 位址進行自動登入/註冊/刪除使用者
- 只允許從特定域名註冊使用者
- 生成新 JWT 的 API 路由
- 從 URL、SESSION、COOKIE 或 HEADER 獲取 JWT
- 傳遞請求參數到登入 URL
- 外掛路由的 CORS 設置
- 钩子
- JWT 驗證
- 使用 JWT 存取私有端點
- 使用 JWT 保護端點
此外掛可以自定義且提供多種登入你的網站的方法,基於多種情況。使用者必須傳送 JWT 以登入,如果 JWT 完好無缺,則可驗證 JWT,並提取 WordPress 電子郵件地址或使用者 ID。以下是傳送 JWT 的方法:
- URL
- Header
- Cookie
- Session
如果 JWT 同時存在於多個位置(例如 URL 和 Header),則將覆蓋 JWT。此外掛還支持多種 JWT 解密算法,例如:HS256、HS512、HS384、RS256、RS384 和 RS512。使用者登入後,您可以自動將其重定向到某個頁面,例如:
- 控制台
- 主頁
- 或任何其他自訂頁面(通常用於將使用者重定向到登陸頁面)
您可以在您的重新導向 URL 中附加 URL 參數 redirectUrl,它將用於重定向而非定義的 URL。要使用此功能,您必須勾選「允許重定向到特定 URL」選項。 此外,登入後重新導向還提供了一些變數,您可以在自訂 URL 和 redirectUrl 中使用,以下是您可以在 URL 中使用的變數:
- {{site_url}}:站點 URL
- {{user_id}}:已登入使用者 ID
- {{user_email}}:已登錄使用者的電子郵件
- {{user_login}}:已登入使用者名稱
- {{user_first_name}}:使用者名字
- {{user_last_name}}:使用者姓氏
- {{user_nicename}}:使用者暱稱
您可以使用這些變數生成動態 URL,並在重新導向之前替換特定值。假設你的 URL 是這樣的:
http://yourdomain.com?param1={{user_id}}¶m2={{user_login}}
此外掛還允許您基於客戶端 IP 位址限制自動登錄。如果您關心安全性,您可以僅從某些 IP 位址限制自動登入。此外掛還允許您在任何時候啟用創建 WordPress 使用者的功能。為了創建使用者,您只需向路由 URL 發送 POST 請求並將電子郵件和密碼作為參數傳遞。
原文外掛簡介
Simple JWT Login is a FREE WordPress plugin that enables secure authentication for your WordPress REST API using JSON Web Tokens (JWT).
With this powerful plugin, you can:
– Log in, register, and authenticate users effortlessly
– Connect mobile apps, external websites, or third-party services to WordPress with ease
– Change or delete user passwords securely
Whether you’re building a headless WordPress setup or integrating with external platforms, Simple JWT Login provides a fast, secure, and reliable authentication solution.
You can read more on our plugin documentation website https://simplejwtlogin.com.
Some awesome features
Auto-login using JWT and AUTH_KEY
Register new users via API
Delete WordPress users based on a JWT
Reset user password
Allow auto-login / register / delete users only from specific IP addresses
Allow register users only from a specific domain name
API Route for generating new JWT
Get JWT from URL, SESSION, COOKIE or HEADER
Pass request parameters to login URL
CORS settings for plugin Routes
Hooks
JWT Authentication
Allow access private endpoints with JWT
Protect endpoints with JWT
beta Google OAuth Integration
beta Google JWT on all endpoints
beta WPGraphQL integration
Check the plugin website for more features.
Login User
This plugin is customizable and offers you multiple methods to log in to you website, based on multiple scenarios.
In order to login, users have to send JWT. The plugin, validates the JWT, and if everything is OK, it can extract the WordPress email address or user ID.
Users can specify the exact key of the JWT payload where this information can be found.
Here are the methods how you can send the JWT in order to auto-login:
URL
Header
Cookie
Session
If the JWT is present in multiple places ( like URL and Header), the JWT will be overwritten.
This plugin supports multiple JWT Decryption algorithms, like: HS256, HS512, HS384, RS256,RS384 and RS512.
After the user is logged in you can automatically redirect the user to a page like:
Dashboard
Homepage
or any other custom Page ( this is mainly used for redirecting users to a landing page)
You can attach to your redirect a URL parameter redirectUrl that will be used for redirect instead of the defined ones.
In order to use this, you have to enable it by checking the option Allow redirect to a specific URL.
Also, redirect after login offers some variables that you can use in the customURL and redirectUrl.
Here are the variables which you can use in your URL:
– {{site_url}} : Site URL
– {{user_id}} : Logged in user ID
– {{user_email}} : Logged in user email
– {{user_login}} : Logged in username
– {{user_first_name}} : User first name
– {{user_last_name}} : User last name
– {{user_nicename}} : User nice name
You can generate dynamic URLs with these variables, and, before the redirect, the specific value will be replaced.
Here is an example:
http://yourdomain.com?param1={{user_id}}¶m2={{user_login}}
Also, this plugin allows you to limit the auto-login based on the client IP address.
If you are concerned about security, you can limit the auto-login only from some IP addresses.
Read more on our website.
Register Users
This plugin also allows you to create WordPress users.
This option is disabled by default, but you can enable it at any time.
In order to create users, you just have to make a POST request to the route URL, and send an email and a password as parameter and the new user will be created.
You can select the type for the new users: editor, author, contributor, subscriber, etc.
Also, you can limit the user creating only for specific IP addresses, or specific email domains.
Another cool option is “Generate a random password when a new user is created”.
If this option is selected, the password is no more required when a new user is created a random password will be generated.
Another option that you have for register user is “Initialize force login after register”.
When the user registration is completed, the user will continue on the flow configured on login config.
If auto-login is disabled, this feature will not work and the register user will go on a normal flow and return a json response.
If you want to add custom user_meta on user creation, just add the parameter user_meta with a json. This will create user_meta for the new user.
{
"meta_key":"meta_value",
"meta_key2":"meta_value"
}
These properties can be passed in the request when the new user is created.
email : (required) (string) The user email address.
password : (required) (string) The plain-text user password.
user_login : (string) The user’s login username.
user_nicename : (string) The URL-friendly username.
user_url : (string) The user URL.
display_name : (string) The user’s display name. Default is the user’s username.
nickname : (string) The user’s nickname. Default is the user’s username.
first_name : (string) The user’s first name. For new users, will be used to build the first part of the user’s display name if $display_name is not specified.
last_name : (string) The user’s last name. For new users, will be used to build the second part of the user’s display name if $display_name is not specified.
description : (string) The user’s biographical description.
rich_editing : (string) Whether to enable the rich-editor for the user. Accepts ‘true’ or ‘false’ as a string literal, not boolean. Default ‘true’.
syntax_highlighting : (string) Whether to enable the rich code editor for the user. Accepts ‘true’ or ‘false’ as a string literal, not boolean. Default ‘true’.
comment_shortcuts : (string) Whether to enable comment moderation keyboard shortcuts for the user. Accepts ‘true’ or ‘false’ as a string literal, not boolean. Default ‘false’.
admin_color : (string) Admin color scheme for the user. Default ‘fresh’.
use_ssl : (bool) Whether the user should always access the admin over https. Default false.
user_registered : (string) Date the user registered. Format is Y-m-d H:m:s.
user_activation_key : (string) Password reset key. Default empty.
spam : (bool) Multisite only. Whether the user is marked as spam. Default false.
show_admin_bar_front : (string) Whether to display the Admin Bar for the user on the site’s front end. Accepts ‘true’ or ‘false’ as a string literal, not boolean. Default ‘true’.
locale : (string) User’s locale. Default empty.
Read More on our website.
Delete User
Delete user it is disabled by default.
In order to delete a user, you have to configure where to search the details in the JWT.
You can delete users by WordPress User ID or by Email address.
Also, you have to choose the JWT parameter key where email or user ID it is stored in the JWT.
Also, you can limit the deletion of users to specific IP addresses for security reasons.
Reset Password
Reset password and change password endpoints are disabled by default.
This plugin allows you to send the reset password endpoint, just by calling an endpoint. An email with the code will be sent to a specific email address.
Also, you are able to customize this email, or even not send at email at all.
The change password endpoint, changes the user password, based on the reset password code.
Read More on our website.
Authentication
This plugin allows users to generate JWT tokens based from WordPress user email and password.
In order to Get a new JWT, just make a POST request to /auth route with your WordPress email(or username) and password ( or password_hash) and the response will look something like this:
{
"success": true,
"data": {
"jwt": "NEW_GENERATED_JWT_HERE"
}
}
If you want to add extra parameters in the JWT payload, just send the parameter payload on /auth endpoint, and add a json with the values you want to be added in the payload.
At some point, the JWT will expire.
So, if you want to renew it without having to ask again for user and password, you will have to make a POST request to the auth/refresh route.
This will generate a response with a new JWT, similar to the one that /auth generates.
If you want to get some details about a JWT, and validate that JWT, you can call /auth/validate. If you have a valid JWT, details about the available WordPress user will be returned, and some JWT details.
If you want to revoke a JWT, access /auth/revoke and send the jwt as a parameter.
The plugin auto-generates the example URL you might need to test these scenarios.
Read More on our website.
Auth codes
Auth codes are optional, but you can enable them for Auto-login, Register User and Delete user.
This feature allows you to add a layer of protection to your API routes.
The Auth codes contains 3 parts:
1. Authentication Key: This is the actual code that you have to add in the request.
2. WordPress new User Role: can be used when you want to create multiple user types with the create user endpoint. If you leave it blank, the value configured in the ‘Register Settings’ will be used.
3. Expiration Date: This allows you to set an expiration date for you auth codes. The format is `Y-M-D H:m:s’. Example : 2020-12-24 23:00:00. If you leave it blank, it will never expire.
Expiration date format: year-month-day hours:minutes:seconds
Read More on our website.
Hooks
This plugin allows advanced users to link some hooks with the plugin and perform some custom scripts.
Some available hooks:
simple_jwt_login_login_hook
type: action
parameters: Wp_User $user
description: This hook it is called after the user has been logged in.
simple_jwt_login_redirect_hook
type: action
parameters: string $url, array $request
description: This hook it is called before the user it will be redirected to the page he specified in the login section.
simple_jwt_login_register_hook
type: action
parameters: Wp_User $user, string $plain_text_password
description: This hook it is called after a new user has been created.
simple_jwt_login_delete_user_hook
type: action
parameters: Wp_User $user
description: This hook it is called right after the user has been deleted.
simple_jwt_login_jwt_payload_auth
type: filter
parameters: array $payload, array $request
return: array $payload
description: This hook is called on /auth endpoint. Here you can modify payload parameters.
simple_jwt_login_no_redirect_message
type: filter
parameters: array $payload, array $request
return: array $payload
description: This hook is called on /autologin endpoint when the option No Redirect is selected. You can customize the message and add parameters.
simple_jwt_login_reset_password_custom_email_template
type: filter
parameters: string $template, array $request
return: string $template
description: This is executed when POST /user/reset_password is called. It will replace the email template that has been added in Reset Password settings
View full list of hooks on https://simplejwtlogin.com/docs/hooks.
CORS
The CORS standard it is needed because it allows servers to specify who can access its assets and how the assets can be accessed.
Cross-origin requests are made using the standard HTTP request methods like GET, POST, PUT, DELETE, etc.
Read More on our website.
Protect endpoints
This option is disabled by default. In order to enable it, you need to set “Protect endpoints enabled” to true.
This feature comes with 2 actions:
– Apply on All REST Endpoints
– Apply only on specific REST endpoints
When you choose Apply on All REST Endpoints, you will be able to whitelist some endpoints from your WordPress REST by adding them to the whitelist section.
For example, If you only want to allow users to access the wp/v2/posts endpoint without having to provide the JWT, you save in the whitelist section wp/v2/posts
When you choose Apply only on specific endpoints, you will have to add all the endpoints you want to be protected by JWT.
When an endpoint is protected, and you don’t provide a JWT, you will get the following response:
{
"success":false,
"data":{
"message":"Your are not authorized to access this endpoint.",
"errorCode":403,
"type":"simple-jwt-login-route-protect"
}
}
Read More on our website.
Integration
PHP
In order to easily integrate your app/site with simple-jwt-login, we have developed a composer package.
composer require nicumicle/simple-jwt-login-client-php
You can check the package page for more details and code examples.
Javascript
Also, there is a Javascript SDK that you can install with npm or yarn.
npm install "simple-jwt-login"
or
yarn add "simple-jwt-login"
各版本下載點
- 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
- 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「Simple JWT Login – Allows you to use JWT on REST endpoints.」來進行安裝。
(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。
3.4.6 | 3.4.7 | 3.4.8 | 3.4.9 | 3.5.0 | 3.5.1 | 3.5.2 | 3.5.3 | 3.5.4 | 3.5.5 | 3.5.6 | 3.5.7 | 3.5.8 | 3.6.0 | 3.6.1 | 3.6.2 | 3.6.3 | 3.6.4 | trunk |
延伸相關外掛(你可能也想知道)
Theme My Login 》曾經希望您的 WordPress 登入頁面與網站的其餘部分相匹配嗎?現在您的願望成真了!「Theme My Login」讓您可以繞過預設的 WordPress 標誌登入頁面,該頁面與...。
WordPress Social Login 》WordPress Social Login 允許你的網站讀者和顧客使用他們現有的社交帳戶 ID 註冊,消除填寫註冊表格和記住用戶名和密碼的需求。, WordPress Social Login 還...。
Force Authentification Before Checkout for WooCommerce 》強制顧客在結帳前登入或註冊以提高您的轉換率。, 貢獻, , 如有錯誤、建議或貢獻,請在我們的Github存儲庫中開啟一個問題或在WordPress外掛論壇中創建一個主題...。
AJAX Login and Registration modal popup + inline form 》這款外掛容易整合 Login 和 Registration 功能,並使用shortcode的內置表單提供模態對話框(nodal)。與任何主題兼容。, DEMO >>, 功能:, , 容易整合(可...。
UsersWP – ReCaptcha 》UsersWP 的 ReCaptcha 外掛程式。, UsersWP ReCaptcha 外掛允許您將高級安全性驗證碼 (captcha) 嵌入表格,如註冊、登入表單中。, 使用 UsersWP Re-Captcha ...。
WP User – Custom Registration Forms, Login and User Profile 》ul>, WP使用者外掛程式可以幫助您建立前端登入和註冊表單。, 使用者登入或註冊,並希望避免使用一般的WordPress登入頁面,這個外掛程式可以新增在AJAX中平滑...。
Register IPs 》 垃圾郵件是一回事,但惡意留言和假帳戶卻另當別論。有時候,有些人會決定成為爛人並創建多個帳戶來騷擾您的誠實用戶。此外掛可幫助您通過記錄創建時使用的 I...。
Sign In With Google 》此外掛可讓您的使用者使用他們的 G Suite 帳戶登入。如果他們沒有您網站上的使用者帳戶,且他們嘗試登入,系統將為他們建立帳戶(如果他們的電子郵件地址域名...。
OTP Login Woocommerce (Login with OTP) 》現場示範, 允許使用者通過在您的行動裝置上收到的一次性密碼(OTP)登錄/註冊。, 特色與選項:, , 向註冊表單添加電話號碼欄位, 無需記住電子郵件/密碼,使用 OT...。
MihanPanel – User Login , Registration and Dashboard 》MihanPanel 是由 Ertano 所開發的 WordPress 登入和會員外掛程式。, 這款外掛可以使你的 WordPress 登入和註冊表單成為網站中具有影響力的一部分。, 你可以使...。
Auto Login New User After Registration 》這個外掛有以下的出色功能:, , , 自動登入:當新使用者註冊時,這個外掛會自動幫他們登入。, , , 重新導向:設定註冊後自動登入後,想要使用者導向的網頁。,...。
WP Telegram Login & Register 》讓使用者使用 Telegram 登入您的網站,讓他們更容易連線,並讓他們透過 Telegram 接收電子郵件通知。, 優質支援, 加入聊天室, 我們在 Telegram 上有一個公開...。
Login with phone number 》使用手機號碼註冊/登入, 新增功能:, 在手機號碼登入表單中新增了國旗圖示, 你可以自行免費添加幾乎所有的簡訊閘道(如果你有的話), 你可以更改表單的樣式和...。
Personalize Login 》, , 此外掛可讓您自訂預設的登入頁、註冊頁、重設密碼頁和個人檔案頁面。。
Nice Login Widget 》一個優雅的登入和註冊小工具,可放置在您網站上的任何小工具區。, , 在您網站的任何小工具區添加登入/註冊小工具。, 只使用一個區域和屏幕來登入、註冊和找回...。