Configuration of the Login by Auth0 WordPress Plugin

To configure the Login by Auth0 WordPress Plugin, copy the Domain, Client Id and Client Secret from the Settings page of your client in the Auth0 dashboard to the Basic settings page of the Auth0 plugin in WordPress.

In order to install or customize plugins, you will need to use a self-hosted site. Using the site does not allow installing plugins.

Create a New Client

You must first create a client in the Auth0 dashboard before you can configure the Auth0 for WordPress plugin. If you already have created the client you want to connect to WordPress, you can skip to the next section.

  1. Log in to the Auth0 dashboard. (If you don't already have an Auth0 account, you can create one.
  2. Navigate to the Clients page and click + Create Client.

Listing of Auth0 Clients in the Management Dashboard

  1. In the Create Client window, name your Client and select your Client type, and click Save.

Creating the Client in the Management Dashboard

Get your Domain, Client Id and Client Secret

  1. Go to the Clients section of the Auth0 dashboard and select the client you want to connect to WordPress.

Client Settings in the Management Dashboard

  1. Leave this browser window open.

Set your Domain, Client Id and Client Secret

  1. Log in as an administrator of your WordPress installation.

  2. Click on Plugins in the left menu of the WordPress dashboard and select the Settings link associated with the Login by Auth0 plugin.

  3. Copy the Domain, Client Id and Client Secret settings from the Settings page of your app in the Auth0 dashboard to the Auth0 Settings > Basic page of your WordPress account.

Providing Auth0 Client Settings to WordPress

  1. Click Save Changes at the bottom of the page.

Auth0 for WordPress Plugin Settings


  • Domain: The app domain copied from the app settings in your dashboard.
  • Client Id: The app client id copied from the app settings in your dashboard.
  • Client Secret: The app client secret copied from the app settings in your dashboard.
  • Client token: The token required to allow the plugin to communicate with Auth0 to update your tenant settings. If the token has been set, this field will display "Not Visible". If blank, no token has been provided and you will have to generate a token with the appropriate scopes listed here.
  • WordPress login enabled: If enabled, displays a link on the login page to access the regular WordPress login.
  • Allow signup: User signup will be available only if the WordPress Anyone can register option is enabled. You can find this setting under Settings > General > Membership.


  • Password Policy: Select the level of complexity you want to enforce for user passwords. For more information on password policies, see Password Strength in Auth0 Database Connections.
  • Single Sign On (SSO): Enables SSO on your WordPress, allowing users to log in once and be automatically logged into any of your sites which use Auth0. For more information, see What is SSO?.
  • Single Logout: Enable this option for Single Logout. For more information, see What is Single Log Out?.
  • Multifactor Authentication (MFA): Enable this option for multifactor authentication with Google Authenticator. (See Multifactor Authentication in Auth0 for more information.) You can enable other MFA providers on the Auth0 dashboard.
  • FullContact integration: Enable this option to fill your user profiles with the data provided by FullContact. A valid API key is required. For more information, see Augment User Profile with FullContact.
  • Store geolocation: Enable this option to store geolocation information based on the IP addresses saved in user_metadata.
  • Store zip-code income: Enable this option to store income data based on the zip-code calculated from each user's IP address.


Enable the supported social identity providers you want to allow users to login with. You can configure your own app keys and settings for these connections in the Auth0 Dashboard.


  • Form Title: Sets the title of the Lock widget.
  • Show big social buttons: Toggles the social buttons size between big and small.
  • Icon URL: Sets the Lock display icon.
  • Enable Gravatar integration: When user enters their email, their associated gravatar picture is displayed in the Lock header.
  • Customize the Login Widget CSS: A valid CSS that will be applied to the login page. For more information on customizing Lock, see Can I customize the Login Widget?
  • Username style: Selecting Email will require users to enter their email address to login. Set this to username if you do not want to force a username to be a valid email address.
  • Remember last login: Requests SSO data and enables the Last time you signed in with[...] option. For more information, see rememberLastLogin {Boolean}.
  • Translation: A valid JSON object representing the Lock's dict parameter. The 'dict' parameter can be a string matching any supported language ('en', 'es', 'it', etc...) or an object containing customized label text. If set, this will override the Title setting. For more info see dict {String|Object}.


  • Use passwordless login: Enable this option to replace the login widget with Lock Passwordless.
  • Widget URL: The URL of to the latest available widget in the CDN.
  • Connections: List here each of the identity providers you want to allow users to login with. If left blank, all enabled providers will be allowed. (See connections {Array} for more information.)

    If you have enabled Passwordless login, you must list here all allowed social identity providers. (See .social(options, callback) for more information.)

  • Remember users session: By default, user sessions live for two days. Enable this setting to keep user sessions live for 14 days.
  • Link users with same email: This option enables the linking of accounts with the same verified e-mail address.
  • Twitter consumer key and consumer secret: The credentials from your Twitter app. For instructions on creating an app on Twitter, see Obtain Consumer and Secret Keys for Twitter.
  • Facebook app key and app secret: The credentials from your Facebook app. For instructions on creating an app on Facebook, see Obtain an App ID and App Secret for Facebook.
  • User Migration: Enabling this option will expose the Auth0 migration web services. However, the connection will need to be manually configured in the Auth0 dashboard. For more information on the migration process, see Import users to Auth0.
  • Migration IPs whitelist: Only requests from listed IPs will be allowed access to the migration webservice.
  • Auth0 Implicit Flow: If enabled, uses the Implicit Flow protocol for authorization in cases where the server is without internet access or behind a firewall.
  • Login redirection URL: If set, redirects users to the specified URL after login.
  • Requires verified email: If set, requires the user to have a verified email to login.
  • Auto Login (no widget): Skips the login page (a single login provider must be selected).
  • Enable on IP Ranges: Select to enable the Auth0 plugin only for the IP ranges you specify in the IP Ranges textbox.
  • IP Ranges: Enter one range per line. Range format should be: xx.xx.xx.xx - yy.yy.yy.y
  • Valid Proxy IP: List the IP address of your proxy or load balancer to enable IP checks for logins and migration web services.
  • Extra settings: A valid JSON object that includes options to call Lock with. This overrides all other options set above. For a list of available options, see Lock: User configurable options (e.g.: {"disableResetAction": true }).
  • Anonymous data: The plugin tracks anonymous usage data by default. Click to disable.
  • Enable JWT Auth integration: This enables JWT Auth integration.


Here you can customize the dashboard's display and segmentation of data.

Integrate the Plugin

The plugin includes an auth0_user_login action to provide notification for each time a user logs in or is created in WordPress.

Learn more about WordPress actions.

This action accepts five parameters:

  1. $user_id (int): The id of the user logged in.
  2. $user_profile (stdClass): The Auth0 profile of the user.
  3. $is_new (boolean): If the user has created a new WordPress login, this is set to true, otherwise false. Not to be confused with Auth0 registration, this flag is true only if a new user is created in the WordPress database.
  4. $id_token (string): The user's JWT.
  5. $access_token (string): The user's access token.

An access token is not provided when using Implicit Flow.

To hook to this action, include the following code:

// php
add_action( 'auth0_user_login', 'auth0UserLoginAction', 0,5 );

function auth0UserLoginAction($user_id, $user_profile, $is_new, $id_token, $access_token) {

Click here to learn more about the add_action function.

Keep reading

For more information on the Login by Auth0 WordPress Plugin, follow these links.