Login by Auth0
Login by Auth0
Description
This plugin replaces standard WordPress login forms with one powered by Auth0 that enables:
- Universal authentication
- Over 30 social login providers
- Enterprise connections (ADFS, Active Directory / LDAP, SAML, Office 365, Google Apps and more)
- Connect your own database
- Passwordless connections (using email or SMS)
- Ultra secure
- Multifactor authentication
- Password policies
- Email validation
- Mitigate brute force attacks
Technical Notes
IMPORTANT: By using this plugin you are delegating the site authentication and profile handling to Auth0. That means that you won’t be using the WordPress database to authenticate users and the default WordPress login forms will be replaced.
Please see our How It Works page for more information on how Auth0 authenticates and manages your users.
Migrating Existing Users
Auth0 allows multiple authentication providers. You can have social providers like Facebook, Twitter, Google+, and more, a database of users and passwords (just like WordPress but hosted in Auth0), or you can use an Enterprise directory like Active Directory, LDAP, Office365, Google Apps, or SAML. All those authentication providers might give you an email and a flag indicating whether the email was verified or not. We use that email (only if it is verified) to associate a previous existing user with the one coming from Auth0.
If the email was not verified and there is an account with that email in WordPress, the user will be presented with a page saying that the email was not verified and a link to “Re-send the verification email.” For either scenario, you can choose whether it is mandatory that the user has a verified email or not in the plugin settings.
Please note: In order for a user to log in using Auth0, they will need to sign up via the Auth0 login form (or have an account created for them in Auth0). Once signup is complete, their Auth0 user will be automatically associated with their WordPress user.
Widget
You can enable Auth0 as a WordPress widget in order to show it in a sidebar. The widget inherits the main plugin settings but can be overridden with its own settings in the widget form. Note: this form will not display for logged-in users.
Shortcode
Also, you can use the Auth0 widget as a shortcode in your editor. Just add the following to use the global settings:
[auth0]
Like widgets, shortcode login forms will use the settings of the plugin. It can be customized by adding the following attributes:
icon_url– A direct URL to an image used at the top of the login formform_title– Text to appear at the top of the login formgravatar– Display the user’s Gravatar; set to1for yesredirect_to– A direct URL to use after successful logindict– Valid JSON to override form text (see options here)extra_conf– Valid JSON to override Lock configuration (see options here)show_as_modal– Display a button that triggers the login form in a modal; set to1for yesmodal_trigger_name– Button text to display when using a modal
Example:
[auth0 show_as_modal="1" modal_trigger_name="Login button: This text is configurable!"]
Note: this form will not display for logged-in users.
Installation
This plugin requires a free or paid Auth0 account.
- Sign up here.
- Follow the installation instructions here.
Faq
The Auth0 login form is called Lock and it’s open source on GitHub. You can style the form like any of your site components by enqueuing a stylesheet in your theme. Use the login_enqueue_scripts hook to style the form on wp-login.php, wp_enqueue_scripts to style widgets and shortcodes, or both to affect the form in all locations.
The Auth0 plugin transparently handles login information for your WordPress site and the plugins you use, so that it looks like any other login. User profile data changes in WordPress are not currently sent to Auth0 but changes to the Auth0 user account are stored in WordPress user meta (under the key auth0_obj prefixed with $wpdb->prefix).
Yes, either by allowing the WordPress login form to be displayed or through migrating existing users. See the Technical Notes section above.
Please see our complete list of supported social and enterprise authentication providers.
Use the “Extra Settings” field on the plugin settings’ Advanced tab to add a JSON object with all additional configurations. For more information on what else can be configured, see the documentation.
Yes, this plugin will override the default WooCommerce login forms with the Auth0 login form.
All is not lost!
- If you’re setting up the plugin for the first time or having issues with users logging in, please review our troubleshooting and configuration documentation.
- If you found a bug in the plugin code, please submit an issue or create a pull request on GitHub.
- If you have questions about how to use Auth0 or the plugin, please post on our community site or create a support forum request here.
- You can see additional documentation and answers on our support site. Customers on a paid Auth0 plan can submit a trouble ticket for a fast response.
Reviews
Avoid "Login by Auth0" – A Broken, Abandoned Mess! 🚨
By 
If you're considering using the "Login by Auth0" plugin for WordPress authentication, DON'T. This plugin is an outdated, poorly maintained disaster that can break your site entirely.
❌ Fatal Errors & Crashes
Installing and activating this plugin caused a fatal error on my WordPress site, making the entire login process unusable. It hasn't been properly tested with the latest WordPress versions, and there's no sign of maintenance or bug fixes.
❌ No Support, No Updates
The plugin is practically abandoned – the last update was ages ago, and support requests are ignored or unanswered. If you run into issues, you're on your own. For a security-focused plugin, this is completely unacceptable.
❌ Security Risks
An authentication plugin that isn’t actively maintained is a massive security liability. If a vulnerability is found (which is likely, given the outdated codebase), you won’t get a fix anytime soon.
❌ Terrible User Experience
Even if the plugin doesn't crash your site (which it likely will), the configuration is a nightmare. The setup process is clunky, error-prone, and riddled with outdated documentation. Expect a frustrating experience from start to finish.
💀 Final Verdict: DO NOT USE.
Auth0 is a great identity provider, but this WordPress plugin is a complete embarrassment. If you value site stability, security, and actual support, avoid this plugin at all costs.
🔹 Uninstall immediately.
🔹 Look for a better alternative.
🔹 Hope Auth0 either fixes or completely deprecates this mess.
🚨 DO NOT TRUST YOUR SITE’S LOGIN SECURITY TO THIS BROKEN PLUGIN. 🚨
Broken wizard, poor documentation, and poor support
By 
The title says it all. I spent the better part of 3 days trying to get this to work with no luck. I even paid for a plan to get support. They were little to no help. I use miniorange for my SSO needs. It works decently and has good support.
Doesn't work, abandoned
By 
Unfortunately, plugin doesn't work and abandoned. On official Github repository you can find this text:
v4 of the plugin is no longer supported as of June 2023. We are no longer providing new features or bugfixes for that release. Please upgrade to v5 as soon as possible.
OAuth0 Github
But irony that v5 doesn't work as well, so both versions of plugin are just a waste of time
Excellent Plugin Made by Excellent People
By 
Great Plugin. Best for SSO between sites.
By 
Fails at times for no apparent reason
By 
Does updated the plugin used Lock 10 or Later?
By 
Despite some issues, works well.
By 
Auth0: great idea, some plugin problems, resolved quickly by Auth0 support
By 
Does not work, No support
By 