Skip to main content
Free & Open Source WordPress Plugin
Simple JWT Login logo

Simple JWT Login

The WordPress Authentication Framework for your REST API -
set up in minutes, no coding required.

0+Active installs
0+Downloads
0 / 5Rating
100%Free

6+ yearsActive development
NewSimple JWT Login v4 is now available - API Keys, 2FA, Audit Logs, Webhooks, and more. v3 is now in maintenance mode (EOL Jan 31, 2027).See what's new →
Core Features

Everything you need for JWT authentication

Each feature is tagged V3 or V4 depending on which version introduced it.

V3V4
Login user

Log users in instantly via URL, header, cookie, or session - perfect for magic links, email campaigns, and SSO flows.

V3V4
Register user

Expose a secure REST endpoint to register new WordPress users programmatically - no custom code needed.

V3V4
Delete user

Delete Users

Remove users securely via API using verified JWT tokens.

V3V4
Authenticate user

Generate, refresh, revoke, and validate JWT tokens via REST. Supports HS256/384/512 and RS256/384/512 algorithms.

V3V4
Change and Reset password

Let users change or reset their password through the API - ideal for headless and mobile apps.

V3V4
Limit access by IP

Limit Access by IP

Restrict access to trusted IPs - supports wildcards (e.g. 85.*.*.*) for subnet-level control.

V3V4
Roles

Assign roles at registration time - create admins, editors, or subscribers through a single endpoint.

V3V4
Integrate with other plugins

First-class support for MailPoet magic-link emails, WPGraphQL authorization, and any plugin that extends the WordPress REST API.

V3V4
Protect endpoints

Require a valid JWT per route - filter by HTTP method (GET, POST, PUT, DELETE) with exact or prefix matching.

V3V4
JWT on other endpoints

Pass a JWT to any WordPress endpoint and act as a fully authenticated user - no session cookies required.

V3V4
Google OAuth

Let users sign in with their Google account - zero passwords, instant trust.

V3V4
Google OAuth endpoints

Use Google-issued tokens to authenticate against any WordPress REST endpoint seamlessly.

V4

Issue long-lived, scoped API keys for server-to-server integrations and CI/CD - no JWT expiry to manage.

V4

Expand OAuth beyond Google - let users sign in with Auth0, Facebook, or GitHub and receive a WordPress JWT.

V4

Require a 2FA code before issuing a full JWT - works with the WordPress Two Factor plugin.

V4

Every login, registration, token, and OAuth event is logged for auditing and debugging - searchable from the admin.

V4

Fire HTTP callbacks on authentication events - integrate with Slack, logging services, or any external system.

V4

Authenticate the WooCommerce REST and Store API with a JWT - manage products and run a headless cart & checkout.

V4

Define multiple decryption keys and let the plugin pick the right one automatically, based on the JWT header or payload.

V4

Paste any JWT in the WordPress admin to inspect its header and payload instantly - no external tools needed.

Benefits

Why developers choose Simple JWT Login

No coding required

Set up JWT authentication in minutes via the WordPress admin UI - no custom code needed.

6 supported algorithms

Choose from HS256/384/512 or RS256/384/512 to match your security policy.

4 JWT delivery methods

Authorization header, cookie, session, or query parameter - works everywhere.

Built for developers

16 WordPress action and filter hooks to customize every authentication flow.

CORS-ready

Works out of the box with React, Vue, Angular, mobile apps, WPGraphQL, and headless CMS setups.

PHP 5.5+ compatible

Works on any PHP version from 5.5 onwards - no matter how old or new your server is.

Auto-login & magic links

Authenticate users via a tokenized URL - no password form needed. Perfect for email campaigns and passwordless flows.

Full token lifecycle

Refresh, validate, and revoke tokens on demand to keep sessions secure and under your control.

Free & open source

GPL3.0-licensed, community-supported, no hidden costs - ever.

Ecosystem

Drop into any stack in minutes

PHP

Connect any PHP app to Simple JWT Login with one Composer package - supports Laravel, Yii, CodeIgniter, and more.

PHPLaravelYiiCodeIgniter
composer require "nicumicle/simple-jwt-login-client-php"

JavaScript

Add JWT authentication to React, Vue, Angular, or any JS app with an npm package and a handful of lines.

JavaScriptVueReactAngular
npm install simple-jwt-login

WPGraphQL

Use your JWT tokens to authenticate GraphQL queries and mutations - enable it with a single checkbox.

WPGraphQL

MailPoet

Send magic-link login emails via MailPoet - let subscribers log in with one click, no password required.

Export & Import

Back up and restore your entire plugin configuration in one click - perfect for staging-to-production migrations.

WP-CLI

Generate tokens, validate JWTs, revoke sessions, and manage every setting from your terminal - ideal for CI/CD.

wp jwt login --username=admin --password=secret
Try it live

See it in action

Run live demos right in your browser, against your own WordPress site - nothing is sent anywhere except the URL you provide.

One-click deploy

Don't have a site yet? Launch one in one click

Spin up a fully installed WordPress server on DigitalOcean - with Simple JWT Login ready for headless and REST API authentication. No Marketplace setup, no terminal, no install wizard. We hand you the login.

Quick Start

Up and running in 3 steps

1
Install & Activate

Search for Simple JWT Login in the WordPress plugin directory, install, and activate in one click.

2
Configure Settings

Customize authentication rules, token expiration, algorithms, and access control from the WordPress admin UI.

3
Authenticate Effortlessly

Use JWT tokens to authenticate users on any WordPress REST API endpoint - no additional code required.

Get started →
Community

Join the community

Simple JWT Login is built in the open, by the community. Whether you write code, speak another language, or just want to spread the word - there's a place for you.

Star on GitHub

Show your appreciation and help others discover the project.

Star on GitHub →

Contribute Code

Submit issues, propose features, or open a pull request on GitHub.

Open a PR →

Rate on WordPress

Love the plugin? A 5-star review on WordPress.org makes a big difference.

Leave a review →

Help Translate

Make JWT auth accessible in every language - join us on translate.wordpress.org.

Start translating →
Reviews

What developers are saying

Awesome plugin

"The plugin works perfect and the support is even better!"

Thanks for a great plugin

"Works like a dream. Does what it needs to do. Thanks!"

Amazing work

"This plugin serves now as a one-stop shop for JWT authentication, esp for headless WP/web app setups. The even better part is the author who's extremely helpful, swift in responding & fixing issues, acknowledging improvement suggestions, pleasing to talk to and patient. I hope you can keep up the dedicated work, Nicu!"

Really good plugin, very straight forward

"Really good plugin, very straight forward to use"

No-Nonsense JWT (Excellence)

"This is probably the very absolute best no-nonsense JWT plugin on WordPress. Exceptionally well documented, high customization, easy to setup, and works out of the box with basic setup. No nonsense ads, either. Definitely deserving the 5-star rating across the board. Recommended."

Service & Support

"JWT login plugin is awesome, their support is quite responsive and efficient. They are able to help me and guide me on my customize function to custom generate jwt using their classes."

Awesome plugin

"This is what I needed, works as expected. Nice work!"

best all times

"it's the best of all JWT plugins, the responsiveness of the developer is simply incredible, he knows his project by heart and will help you efficiently."

Ready to add JWT to your WordPress site?

Install Simple JWT Login in minutes, configure it through the admin UI, and start issuing tokens - completely free, no account required.