Skip to main content

Auto-login user into WordPress

GET 

/autologin

Validates the supplied JWT, resolves the matching WordPress user, and redirects the browser to the site (or to redirectUrl if provided and allowed by settings).

Requirements

  • Auto-login must be enabled in the plugin settings.
  • The JWT must be valid, not expired, and not revoked.
  • If "Auto-Login Requires Auth Code" is enabled, AUTH_KEY must be provided.
  • The calling IP must pass any IP allow-list configured in the plugin settings.

JWT delivery The JWT can be supplied via:

  • JWT query parameter (default)
  • JWT in request body
  • Authorization: Bearer <token> header (when enabled in plugin General Settings)
  • Cookie or session (when enabled in plugin General Settings)

Success behaviour The response is an HTTP redirect (302) to the WordPress home URL or the custom redirectUrl. The browser session is authenticated as the resolved user.

Request

Responses

Login successful. Two possible responses depending on the plugin's "Redirect after auto-login" setting:

  • Redirect (default): The browser is redirected (302) to the WordPress home URL, dashboard, or a custom URL. The response body is empty HTML.
  • No redirect: When "No redirect" is configured, returns a JSON body: {"success": true, "message": "User was logged in."}.