New providers and features are being added regularly! See the Changelog for details.
As a reminder, WP-OAuth is a still a pre-v1.0 release, which means some features may not work as intended or might change over time. Please report any bugs/issues to the support forum so they can be fixed as soon as possible. Thank you!
Facts
- With so many sites offering membership now, users may suffer registration fatigue and forget their passwords, or use the same password for several sites, increasing their security risk.
- 56% of consumers have at least one major social network profile they could be using for membership, registration and login purposes across multiple websites without having to maintain multiple accounts and passwords (2013).
- 40% of consumers currently utilize social login (2012).
Features
- Free, unlimited, unbranded and white-labeled from the beginning. No upselling, no payment plans, no SaaS, no proxy authentication! WP-OAuth communicates from your WordPress site directly with the trusted third-party login providers.
- WP-OAuth collects and stores ONLY the user’s OAuth identity in the WordPress database for future logins; no other user information is collected or stored.
- Fully integrates with WordPress. Drops into existing WordPress sites and integrates with existing WordPress users.
- Supports third-party authentication with Google, Facebook, LinkedIn, Github, Reddit, Windows Live, PayPal and Instagram via OAuth 2.0 / OpenID Connect. Providers can be enabled or disabled.
- Automatic user registration if Anyone can register has been enabled under Settings > General > Membership.
- Users can manage their third-party login providers via the standard “Your Profile” WordPress page. They may link more providers, or unlink existing providers.
- Displays a message via Javascript to the user when they login or logout. This feature can also be disabled.
- Add a custom login form to any post or page using the [wpoa_login_form] shortcode. Choose from 4 different layouts. See Installation for details.
- Customize the default login screen with a logo or background. Point the logo URL to your home page instead of WordPress.org. Hide the default username/password login form if you want. Automatically include login buttons for any providers that are enabled.
- Supports cURL or stream context for the authentication flow, meaning the plugin should be compatible with a wide range of PHP servers.
- The authentication flow was adapted from code samples provided by Google, Facebook and LinkedIn. It has been updated, rigorously tested and debugged for solid error handling. Provider implementations share much of the same code (very high code re-use) and the differences between the providers have been fully documented.
- The user experience and on-boarding process was inspired by StackExchange/StackOverflow login system.
- Extremely light-weight, optimized code base for high performance. Doesn’t require third-party OAuth libraries; everything is built first-class into the plugin. Previously, WP-OpenLogin required LightOpenID and Facebook-PHP-SDK, but this is no longer necessary. Keeps the bloat low and the performance high. Tested with P3 Plugin Profiler, WP-OAuth’s plugin overhead is around 0.001 seconds which is 6x less overhead than Akismet in the same run! That means there shouldn’t be a performance hit.
How to Contribute
Visit the GitHub development repository.
History
This project is a continuation of WP-OpenLogin which was originally developed with OpenID in mind. We’re moving on; OAuth 2.0 is now the standard.