Everything you need for JWT authentication
Each feature is tagged V3 or V4 depending on which version introduced it.
Log users in instantly via URL, header, cookie, or session - perfect for magic links, email campaigns, and SSO flows.
Expose a secure REST endpoint to register new WordPress users programmatically - no custom code needed.
Delete Users
Remove users securely via API using verified JWT tokens.
Generate, refresh, revoke, and validate JWT tokens via REST. Supports HS256/384/512 and RS256/384/512 algorithms.

Let users change or reset their password through the API - ideal for headless and mobile apps.

Limit Access by IP
Restrict access to trusted IPs - supports wildcards (e.g. 85.*.*.*) for subnet-level control.

Assign roles at registration time - create admins, editors, or subscribers through a single endpoint.

First-class support for MailPoet magic-link emails, WPGraphQL authorization, and any plugin that extends the WordPress REST API.

Require a valid JWT per route - filter by HTTP method (GET, POST, PUT, DELETE) with exact or prefix matching.

Pass a JWT to any WordPress endpoint and act as a fully authenticated user - no session cookies required.

Let users sign in with their Google account - zero passwords, instant trust.

Use Google-issued tokens to authenticate against any WordPress REST endpoint seamlessly.
Expand OAuth beyond Google - let users sign in with Auth0, Facebook, or GitHub and receive a WordPress JWT.
Require a 2FA code before issuing a full JWT - works with the WordPress Two Factor plugin.
Every login, registration, token, and OAuth event is logged for auditing and debugging - searchable from the admin.
Authenticate the WooCommerce REST and Store API with a JWT - manage products and run a headless cart & checkout.
Define multiple decryption keys and let the plugin pick the right one automatically, based on the JWT header or payload.
Paste any JWT in the WordPress admin to inspect its header and payload instantly - no external tools needed.
Why developers choose Simple JWT Login
No coding required
Set up JWT authentication in minutes via the WordPress admin UI - no custom code needed.
6 supported algorithms
Choose from HS256/384/512 or RS256/384/512 to match your security policy.
4 JWT delivery methods
Authorization header, cookie, session, or query parameter - works everywhere.
Built for developers
16 WordPress action and filter hooks to customize every authentication flow.
CORS-ready
Works out of the box with React, Vue, Angular, mobile apps, WPGraphQL, and headless CMS setups.
PHP 5.5+ compatible
Works on any PHP version from 5.5 onwards - no matter how old or new your server is.
Auto-login & magic links
Authenticate users via a tokenized URL - no password form needed. Perfect for email campaigns and passwordless flows.
Full token lifecycle
Refresh, validate, and revoke tokens on demand to keep sessions secure and under your control.
Free & open source
GPL3.0-licensed, community-supported, no hidden costs - ever.
Drop into any stack in minutes
PHP
Connect any PHP app to Simple JWT Login with one Composer package - supports Laravel, Yii, CodeIgniter, and more.
composer require "nicumicle/simple-jwt-login-client-php"JavaScript
Add JWT authentication to React, Vue, Angular, or any JS app with an npm package and a handful of lines.
npm install simple-jwt-loginWPGraphQL
Use your JWT tokens to authenticate GraphQL queries and mutations - enable it with a single checkbox.
MailPoet
Send magic-link login emails via MailPoet - let subscribers log in with one click, no password required.
Export & Import
Back up and restore your entire plugin configuration in one click - perfect for staging-to-production migrations.
WP-CLI
Generate tokens, validate JWTs, revoke sessions, and manage every setting from your terminal - ideal for CI/CD.
wp jwt login --username=admin --password=secretSee it in action
Run live demos right in your browser, against your own WordPress site - nothing is sent anywhere except the URL you provide.
Don't have a site yet? Launch one in one click
Spin up a fully installed WordPress server on DigitalOcean - with Simple JWT Login ready for headless and REST API authentication. No Marketplace setup, no terminal, no install wizard. We hand you the login.
Up and running in 3 steps
Search for Simple JWT Login in the WordPress plugin directory, install, and activate in one click.
Customize authentication rules, token expiration, algorithms, and access control from the WordPress admin UI.
Use JWT tokens to authenticate users on any WordPress REST API endpoint - no additional code required.
Join the community
Simple JWT Login is built in the open, by the community. Whether you write code, speak another language, or just want to spread the word - there's a place for you.
Rate on WordPress
Love the plugin? A 5-star review on WordPress.org makes a big difference.
Leave a review →Help Translate
Make JWT auth accessible in every language - join us on translate.wordpress.org.
Start translating →What developers are saying
"This plugin serves now as a one-stop shop for JWT authentication, esp for headless WP/web app setups. The even better part is the author who's extremely helpful, swift in responding & fixing issues, acknowledging improvement suggestions, pleasing to talk to and patient. I hope you can keep up the dedicated work, Nicu!"
"This is probably the very absolute best no-nonsense JWT plugin on WordPress. Exceptionally well documented, high customization, easy to setup, and works out of the box with basic setup. No nonsense ads, either. Definitely deserving the 5-star rating across the board. Recommended."
"JWT login plugin is awesome, their support is quite responsive and efficient. They are able to help me and guide me on my customize function to custom generate jwt using their classes."
"it's the best of all JWT plugins, the responsiveness of the developer is simply incredible, he knows his project by heart and will help you efficiently."
Ready to add JWT to your WordPress site?
Install Simple JWT Login in minutes, configure it through the admin UI, and start issuing tokens - completely free, no account required.