WordPress Single Sign On with Auth0

In this article, you’ll learn about WordPress Single Sign-On in general and, specifically, how it works with Auth0

Auth0 is an identity platform that offers comprehensive authentication solutions to cover customers in every market sector. One of our most popular features is Single Sign-On or SSO, for short. This feature lets users sign in only once to gain access to different sites and mobile and web applications.

To help secure one of the most popular web platforms in the world with the flexibility and power of SSO, Auth0 offers WordPress developers the Login by Auth0 plugin, which provides SSO between different WordPress installs and applications on any other platform.

The concept of SSO can be a little confusing for developers and site administrators that may be new to it. So in this post, we’ll explore the different concepts associated with SSO and how our WordPress plugin can help you.

What Is SSO?

SSO allows multiple apps to share a single session from a central provider. Users log in once, in this case to an authorization server powered by Auth0, to establish the main session and then are redirected to the application to establish a session there. When that user visits a different site or application associated with the same authorization server, the existing first session is used to create a session without having to log in again.

When you delegate authentication, you hand off the responsibility of verifying a user’s credentials (such as username and password) to a third party. In this post, that third party is Auth0 but it could also be Google, Facebook, or another identity provider. For SSO to work, you need to have two sessions:

1. The session with the Auth0 authorization server, created when you log in.
2. The session with WordPress, created when you’re redirected back after logging in.

At Auth0, we use the term tenant to indicate a particular namespace. When you sign up for Auth0, you choose a tenant name which becomes part of your Auth0 domain used for OAuth and API endpoints.

When you log in to the Auth0 dashboard, the controls and menus that you see are for the specific tenant you are using. If you create a second tenant or are added to an existing one, you can switch tenants from the menu on the top right. The name next to your avatar is the tenant that you are currently using.

This tenant is a logical boundary around Auth0 functionality like Applications, Connections, Users, Rules, and more. All the Applications within a tenant can share a session (in other words, can use SSO between them) and can use the same Connections to log in if configured to do so.

This means that once you login to Auth0 and establish the first session, all the applications for that same tenant can use that session to determine whether the user is logged in or not. For the user, the process looks like this:

1. Click “Login” on App 1
2. Log in with Auth0
3. *The user is now logged in with *App 1
4. Visit App 2 and click on “Login” there. Note:* The user may also be redirected to log in from a page that requires authentication*
5. The user bypasses any login forms and is now logged in with App 2 as well
6. Visit App 3 and click “Login”
7. The user is then logged in with App 3 as well

For a more detailed description of how this process works, see our Single Sign-On with Auth0 document.
As you can see, this is a great way to create a simple, low-friction authentication experience for users in your network of sites and apps.

How Does Single Sign-On (SSO) Work in WordPress?

SSO in WordPress works the same as above, just replace “App” with “WP Site” anywhere in the process. SSO can happen between WordPress sites as well as with other web or mobile applications. As long as the different instances are using Auth0 and a browser for authentication, you can use SSO between them.

Let’s see how that works in a little more detail:

1. Users request a restricted page or try to take an action that requires authentication (like accessing the profile page).
2. The site checks for a session in WordPress with <a href="https://developer.wordpress.org/reference/functions/is_user_logged_in/" target="_blank">is_user_logged_in()</a> (this checks for a specific cookie set by WordPress on login).
3. If there is no session, users are redirected to check for an Auth0 session.
4. If users already have a valid session with Auth0 (they are already logged in to Auth0 and it has not expired), they are prompted (if desired) to continue with the same account then redirected back to WordPress.
5. Once redirected, the Auth0 authentication is verified and the WordPress session is re-started.
6. Users proceed to view the restricted page or carry out the action they wanted to take.

While there is a lot going on behind the scenes, most of this will be transparent to the users. Their session was renewed without asking for credentials again and they were able to continue with their action.

This process works whether the users have an account with the second (or third or fourth) WordPress site or not. The plugin can be configured to allow new accounts to be created from Auth0 users even if site registration is turned off. This allows new sites to be added without requiring known users to register!

Additional Benefits of Enabling SSO

The benefits of enabling SSO for a network of sites and applications aren’t limited to just simplifying the user experience, but also include storing users in a central location and improving sign-up conversions. You can easily bring these benefits to your WordPress project by implementing SSO with Auth0.

Auth0 connects to many different identity providers while also providing you with a central user database that can be associated with some or all of your WordPress sites and applications. This central user database creates a single source of truth for all user data and allows you to efficiently search for and update users in the dashboard or using our Management API.

A single database for multiple sites also allows you to streamline and enforce security measures across all the sites that use it. Password strength and composition, as well as username restrictions, can be enabled and managed in one place, improving the security of all sites within the network.

Finally, Auth0 provides additional login security, particularly when using the Universal Login Page. The WordPress login page URL is standard across all sites, making it a common target for enumeration and DDoS attacks. Putting Auth0 in front of your authentication flow protects from as-yet-unknown vulnerabilities, out-of-date core code, and additional holes that might be opened by plugins.

Does SSO Work with Multisite Networks?

The Login by Auth0 plugin is regularly tested with WordPress multisite. That means that multisite networks can use SSO between networks with the same benefits as single sites. Network administration (such as managing access to each site for each user) still happens in WordPress but the initial authentication will happen in Auth0. To be clear, SSO with Auth0 does not happen between sites within a WordPress multisite network but can between networks.

There are some considerations regarding setup that are covered in our Auth0 WordPress plugin installation documentation. Also, the plugin settings can be set via PHP constants and will map to all sites in the multisite network. If you have any questions about plugin configuration or how it works, please see the end of this post for a link to our Community channel where you can connect with other WordPress developers like you using Auth0.

Try WordPress SSO with Auth0 Out

The best way to see how WordPress SSO works with Auth0 is to try it out yourself. This will require setting up two different WordPress sites and connecting them through Auth0. You can set this up between two existing sites but please note that while the Auth0 plugin is not destructive (it will not delete users, metadata, or roles), it does take control over your login process so it’s best to try the setup on test/development sites or on sites that only use authentication for site administration. Deactivating the plugin will return the login process to its original state.

For this setup and testing process, make sure to use the same browser window (separate tabs are fine) to guarantee that you’re using the same cookie store to make SSO work.

First, sign up for an Auth0 account here (it’s free for up to 7,000 users). If you want to get more familiar with the dashboard and what Auth0 has to offer, follow the tutorials that appear. Don’t worry about creating Applications or Connections for your test WordPress sites, that’s all done automatically during plugin setup.

Next, decide which two sites you want to connect, log in as an administrator and install the Login by Auth0 plugin on both (the login page will not change until the plugin is configured).

On one of the sites, activate the plugin and you’ll be redirected to a Setup Wizard.

Follow the Standard Setup instructions from this document to create an Application, Database Connection, and a user account for yourself. Before continuing, check your email and click on the verify email link that was sent.

Once the setup is complete, go to Auth0 > Settings > Features tab in your WordPress admin and make sure that Universal Login Page is turned on (this is a default setting in the latest version of the plugin).

To test that everything is working properly, log out of WordPress, then visit the wp-login.php page. You should be redirected to the Universal Login Page on Auth0.

Try logging in with the same credentials used during Auth0 WordPress plugin setup to make sure it’s working properly.

If your site is set up to require verified email addresses, you’ll see the following page if you haven’t done so:

Once you are logged in, you’ll see the home page of your first site:

On the second site, follow the same procedure to install and activate the plugin. There’s one difference to have in mind when running through the Setup Wizard: on the screen where you’re asked for an admin password, click Skip this step.

You’re going to use SSO to link your Auth0 account to your WordPress one. Once the setup completes, go to Auth0 > Settings > Features tab in your WordPress admin, make sure that Universal Login Page is turned on, and turn Single Logout off.

The Single Logout feature logs users out of Auth0 when they log out of WordPress. By turning this off, you allow users to keep an active session with the Auth0 authorization server even after they log out from one of your sites. Users are also allowed to log back into one of your sites using SSO and without having to re-enter their credentials.

Next, go to your Auth0 Dashboard > Setup > Applications and select the Application created for the second WordPress site.

If your dashboard looks different than the screenshots above, go to Auth0 Dashboard > Applications to select the application.
Click the Connections tab, turn off the database Connection created for this site, and turn **on ** the Database Connection being used for the first site.

To avoid confusion, go to Auth0 Dashboard > Authentication > Database and delete the Connection created for the second site.

If your dashboard looks different than the screenshots above, go to Auth0 Dashboard > Connections > Database to delete the second database.
Select the database of the second WordPress application from the list and scroll down until you see a red button named “Delete” and click it:

Finally, confirm the database deletion in the modal that comes up.

You now have two Applications and one Database Connection that’s activated for both.

On the second site, you want to test that the account that was created during the setup of the first site, the one tied to the session created at Auth0, maps to the second site. Log out of the second site and visit the wp-login.php page. You will see a pause in your browser followed by the homepage of your second site, where you are logged in.

Congrats, you just set up SSO between two WordPress sites! You can follow the steps for the second site for as many WordPress sites as you need. Just make sure they are all using the same Database Connection so that same Auth0 user account is used across applications.

Summary

We hope you learned a bit about SSO in general and, specifically, how it works with WordPress. If you have any questions about capability, configuration, or anything else, please post in the thread below and we’ll be happy to help!

#web-development #wordpress #security

What is GEEK

Buddha Community

Why Use WordPress? What Can You Do With WordPress?

Can you use WordPress for anything other than blogging? To your surprise, yes. WordPress is more than just a blogging tool, and it has helped thousands of websites and web applications to thrive. The use of WordPress powers around 40% of online projects, and today in our blog, we would visit some amazing uses of WordPress other than blogging.
What Is The Use Of WordPress?

WordPress is the most popular website platform in the world. It is the first choice of businesses that want to set a feature-rich and dynamic Content Management System. So, if you ask what WordPress is used for, the answer is – everything. It is a super-flexible, feature-rich and secure platform that offers everything to build unique websites and applications. Let’s start knowing them:

1. Multiple Websites Under A Single Installation
WordPress Multisite allows you to develop multiple sites from a single WordPress installation. You can download WordPress and start building websites you want to launch under a single server. Literally speaking, you can handle hundreds of sites from one single dashboard, which now needs applause.
It is a highly efficient platform that allows you to easily run several websites under the same login credentials. One of the best things about WordPress is the themes it has to offer. You can simply download them and plugin for various sites and save space on sites without losing their speed.

2. WordPress Social Network
WordPress can be used for high-end projects such as Social Media Network. If you don’t have the money and patience to hire a coder and invest months in building a feature-rich social media site, go for WordPress. It is one of the most amazing uses of WordPress. Its stunning CMS is unbeatable. And you can build sites as good as Facebook or Reddit etc. It can just make the process a lot easier.
To set up a social media network, you would have to download a WordPress Plugin called BuddyPress. It would allow you to connect a community page with ease and would provide all the necessary features of a community or social media. It has direct messaging, activity stream, user groups, extended profiles, and so much more. You just have to download and configure it.
If BuddyPress doesn’t meet all your needs, don’t give up on your dreams. You can try out WP Symposium or PeepSo. There are also several themes you can use to build a social network.

3. Create A Forum For Your Brand’s Community
Communities are very important for your business. They help you stay in constant connection with your users and consumers. And allow you to turn them into a loyal customer base. Meanwhile, there are many good technologies that can be used for building a community page – the good old WordPress is still the best.
It is the best community development technology. If you want to build your online community, you need to consider all the amazing features you get with WordPress. Plugins such as BB Press is an open-source, template-driven PHP/ MySQL forum software. It is very simple and doesn’t hamper the experience of the website.
Other tools such as wpFoRo and Asgaros Forum are equally good for creating a community blog. They are lightweight tools that are easy to manage and integrate with your WordPress site easily. However, there is only one tiny problem; you need to have some technical knowledge to build a WordPress Community blog page.

4. Shortcodes
Since we gave you a problem in the previous section, we would also give you a perfect solution for it. You might not know to code, but you have shortcodes. Shortcodes help you execute functions without having to code. It is an easy way to build an amazing website, add new features, customize plugins easily. They are short lines of code, and rather than memorizing multiple lines; you can have zero technical knowledge and start building a feature-rich website or application.
There are also plugins like Shortcoder, Shortcodes Ultimate, and the Basics available on WordPress that can be used, and you would not even have to remember the shortcodes.

5. Build Online Stores
If you still think about why to use WordPress, use it to build an online store. You can start selling your goods online and start selling. It is an affordable technology that helps you build a feature-rich eCommerce store with WordPress.
WooCommerce is an extension of WordPress and is one of the most used eCommerce solutions. WooCommerce holds a 28% share of the global market and is one of the best ways to set up an online store. It allows you to build user-friendly and professional online stores and has thousands of free and paid extensions. Moreover as an open-source platform, and you don’t have to pay for the license.
Apart from WooCommerce, there are Easy Digital Downloads, iThemes Exchange, Shopify eCommerce plugin, and so much more available.

6. Security Features
WordPress takes security very seriously. It offers tons of external solutions that help you in safeguarding your WordPress site. While there is no way to ensure 100% security, it provides regular updates with security patches and provides several plugins to help with backups, two-factor authorization, and more.
By choosing hosting providers like WP Engine, you can improve the security of the website. It helps in threat detection, manage patching and updates, and internal security audits for the customers, and so much more.

Read More

#use of wordpress #use wordpress for business website #use wordpress for website #what is use of wordpress #why use wordpress #why use wordpress to build a website

Hire WordPress Developer

Whether you want to develop a blog or you want a feature-rich, interactive WordPress website?

HourlyDeveloper.io is a distinguished leader in the WordPress development market. Hire WordPress Developer that develop easy-to-manage and high-performance WordPress websites that deliver the kind of results you have always wished for!

Consult with experts: https://bit.ly/3hiHIqj

#hire wordpress developer #wordpress #wordpress developer #wordpress development company #wordpress development services #wordpress development

Wordpress Development India, Hire Wordpress Developers

Hire WordPress developers from IndianAppDevelopers on an hourly or full-time basis to build advanced custom WordPress applications. Our WordPress developers have 5+ years of experience building websites, themes and plugins for small- and large-scale businesses.

You can hire highly knowledgeable WordPress developers in India from us to maintain and deliver the highest quality standards on-time solutions.

Looking to outsource a WordPress development project? Or want to hire WordPress developers? Then, get in touch with us.

#wordpress development india #hire wordpress developers india #wordpress development #wordpress developers #wordpress programmers #hire wordpress programmers

Hire Dedicated Wordpress Developer

Looking for a WordPress Development Company to revamp your website?

Hire Dedicated WordPress Developers from HourlyDeveloper.io, with absolute flexibility as per your business requirements such as hourly basis, monthly basis, part-time, full-time, or just according to their project requirements, with vast experience of WordPress projects of all sizes & industry verticals with complete client satisfaction.

Consult with experts:- https://bit.ly/2YMesRJ

#hire dedicated wordpress developer #wordpress development company #wordpress development services #wordpress development #wordpress developer #wordpress

Best WordPress Development Services in India

WordPress is used by many bloggers during the world which could be the explanation for some believe it to be the foremost prevalent blogging apparatus on the web. If you’re thinking of putting up a blog site but don’t know any coding languages (or even what code is) then your next best choice can be signing up for a WordPress website. you’ll easily register for a free WordPress blog account if you’re just starting and getting a for-pay WordPress blog account in a while.

WordPress is extremely user-friendly so beginners won’t find it hard to deal with fixing their new blog account. you simply got to give the proper information about yourself and choose the blog theme for your site from the list WordPress will offer you. There are various WordPress development companies within the market offering high-quality, fast, and all-inclusive WordPress services to clients. But, only some of them are genuine. So, it becomes difficult for a standard individual to decide on a competent WordPress development company for web development projects? Are you searching for an appropriate WordPress Development Company that would help you get the required WordPress site with all essential features? Skenix infotech is a prominent solution for you. Skenix Infotech is a leading IT company located in the USA & India and offers you all-inclusive WordPress Development Services at affordable prices and with quality to all needy individuals around the World.

Benefits of using WordPress for your website:

Since it’s starting in 2003, WordPress has been the foremost popular blogging platform within the market, and over the past few years, the platform is also getting appreciated as a content management software by non-blogging web platforms. Here are some reasons why WordPress is getting the most attention in very little time.

Search Engine Loves WordPress Sites:

WordPress is endued with a clean and easy coding behind it, by which the search engines don’t need to hustle much in reading and indexing any site’s content. Moreover, you’ll add meta tag keywords, descriptions, and titles for every page, post, and image, which can help in making precise search engine optimization.

The blog is Built-in and prepared to Go:

WordPress made its debut as a blogging platform, hence, it comes with some easy to use built-in blogging capabilities like fixing RSS / email subscriptions to your blog, commenting capability & automatically adding the foremost recent blog posts to other pages of the site are very simple while functioning on this platform.

Easy to use:

WordPress has been designed in an especially easy to use and intuitive interface. Adding blog posts, new pages, and pictures, etc regularly is simply as a piece of cake on this platform. The easiness of this platform reduces an excellent amount of your working time.

Have multiple users:

The administrator of a WordPress website also has the correct to set up multiple users for the website. Moreover, he/she also can assign different access levels and capabilities to each user.

Customizable Web Design:

Another advantage of the WordPress interface (Admin panel) is that it helps you to make any changes to the design and layout of the website, such as background image/color, display of sidebars, etc. without even using any FTP software.

No HTML Editing or FTP Software Required:

Since WordPress has its inbuilt editor, you’ll perform all the coding operations right from your website’s admin panel. No got to pay money for or use any external editing software like Dreamweaver or Notepad++. WordPress editor features a very friendly user-interface where you won’t even need to edit the code for performing various tasks.

Hire WordPress Developers from Skenix Infotech:

Hire dedicated, skilled, and highly experiences WordPress developer at affordable rates at Skenix Infotech which is the prominent WordPress Development Company in India and the USA, Click here to know about: Hire WordPress Developers

#wordpress development services #wordpress development company in india #hire wordpress developers #wordpress development company usa #wordpress web development #wordpress