[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fABAOGgX2YQmCeRNBg4gBbqqdsd-C0se0nFaEX3-5RH8":3,"$fPipsoGes8lKXJ0Xnsf1EeJrg3LK4PlD1UYw10yFkNCg":196,"$fJ224xf9pu90WYDFWVHbrs__Ts7bP4jTJcxEF1V7cnWA":200},{"slug":4,"name":4,"version":5,"author":6,"author_profile":7,"description":8,"short_description":9,"active_installs":10,"downloaded":11,"rating":10,"num_ratings":10,"last_updated":12,"tested_up_to":13,"requires_at_least":14,"requires_php":15,"tags":16,"homepage":15,"download_link":22,"security_score":23,"vuln_count":10,"unpatched_count":10,"last_vuln_date":24,"fetched_at":25,"discovery_status":26,"vulnerabilities":27,"developer":28,"crawl_stats":24,"alternatives":34,"analysis":127,"fingerprints":178},"wp-sso-client","1.0","MarianoFerro","https:\u002F\u002Fprofiles.wordpress.org\u002Fferromariano-1\u002F","\u003Ch4>Documentacion completa\u003C\u002Fh4>\n\u003Cp>https:\u002F\u002Fgitlab.com\u002Fwp-sso\u002Fwp-sso-client\u003C\u002Fp>\n\u003Ch3>¿ Afectas a las URL ?\u003C\u002Fh3>\n\u003Cp>NO\u003C\u002Fp>\n\u003Ch3>¿ Requiere compartir servidor ?\u003C\u002Fh3>\n\u003Cp>NO\u003C\u002Fp>\n\u003Ch3>¿ Requiere compartir DBS ?\u003C\u002Fh3>\n\u003Cp>NO\u003C\u002Fp>\n\u003Ch3>¿ como lo hace ?\u003C\u002Fh3>\n\u003Cp>El cliente incluye un jsonp el cual le entrega la sobre el usuario, el login y un token. Si el usuario no esta registrado en el WP cliente pero esta logueado en el WP servidor, este pide información al servidor, servidor a servidor, enviando el token. Con la información devuelta comprueba si el usuario esta registrado un usuario en el WP cliente, ( si no está lo registra ) y lo loguea\u003C\u002Fp>\n","Documentacion completa https:\u002F\u002Fgitlab.com\u002Fwp-sso\u002Fwp-sso-client",0,1081,"2018-02-27T03:55:00.000Z","4.9.29","4.9.2","",[17,18,19,20,21],"authentication","my-sso","one-login","single-sign-on","sso","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-sso-client.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":29,"display_name":6,"profile_url":7,"plugin_count":30,"total_installs":10,"avg_security_score":23,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"ferromariano-1",1,30,84,"2026-05-20T00:34:19.137Z",[35,56,71,87,109],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":10,"downloaded":43,"rating":44,"num_ratings":30,"last_updated":45,"tested_up_to":46,"requires_at_least":47,"requires_php":48,"tags":49,"homepage":52,"download_link":53,"security_score":54,"vuln_count":10,"unpatched_count":10,"last_vuln_date":24,"fetched_at":55},"frontegg-saml-sso","Frontegg SAML SSO","1.0.1","Frontegg","https:\u002F\u002Fprofiles.wordpress.org\u002Ffrontegg\u002F","\u003Cp>Frontegg SAML SSO replaces the default WordPress login and logout experiences with seamless SAML authentication via \u003Ca href=\"https:\u002F\u002Ffrontegg.com\" rel=\"nofollow ugc\">Frontegg\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This plugin is designed for modern SaaS and enterprise WordPress environments where you need to enforce login via an external identity provider (IdP).\u003C\u002Fp>\n\u003Cp>It includes:\u003Cbr \u002F>\n– 🔐 Secure SAML 2.0 login and logout\u003Cbr \u002F>\n– 📋 Admin-friendly configuration of SSO URLs and certificate\u003Cbr \u002F>\n– 📎 Auto-generated SP (Service Provider) values (Entity ID, ACS URL, SLO URL)\u003Cbr \u002F>\n– 🧭 Redirect control after logout\u003Cbr \u002F>\n– 🔄 Auto-redirects from \u003Ccode>wp-login.php\u003C\u002Fcode> to Frontegg\u003Cbr \u002F>\n– ✨ Clean and accessible admin UI using native WordPress components\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPL v2.0 or later. See LICENSE.txt for details.\u003C\u002Fp>\n","Replace the WordPress login and logout flows with secure SAML-based authentication via Frontegg. Easily configure your SSO app from the admin panel.",342,100,"2025-04-23T23:01:00.000Z","6.8.5","5.0","7.4",[17,50,51,20,21],"login","saml","https:\u002F\u002Ffrontegg.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffrontegg-saml-sso.zip",92,"2026-04-06T09:54:40.288Z",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":10,"downloaded":64,"rating":10,"num_ratings":10,"last_updated":65,"tested_up_to":46,"requires_at_least":66,"requires_php":67,"tags":68,"homepage":15,"download_link":70,"security_score":44,"vuln_count":10,"unpatched_count":10,"last_vuln_date":24,"fetched_at":55},"twelve-legs-marketing-sso","Twelve Legs Marketing SSO","1.0.2","websitetwelvelegsmarketing","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebsitetwelvelegsmarketing\u002F","\u003Cp>TWL SSO is a secure single sign-on plugin for WordPress that enables seamless authentication using RS256 JWT tokens from an external SSO application.\u003Cbr \u002F>\nThis plugin provides login security features and is designed for allowing Twelve Legs Marketing centralized authentication management.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Single Sign In\u003C\u002Fstrong>: Agency employees can log into websites they manage from a central dashboard.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Just-in-Time User Provisioning\u003C\u002Fstrong>: Automatic user creation and role assignment\u003C\u002Fli>\n\u003Cli>\u003Cstrong>JWT Validation\u003C\u002Fstrong>: Full RS256 signature verification with JWKS endpoint integration\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Key Rotation\u003C\u002Fstrong>: Support key rotation through JWKS endpoint\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role Management\u003C\u002Fstrong>: Flexible role assignment from JWT claims\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Referrer Validation\u003C\u002Fstrong>: Enhanced security through referrer validation\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Audience Validation\u003C\u002Fstrong>: Ensures tokens are valid for the specific WordPress site\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Expiration\u003C\u002Fstrong>: Built-in token expiration and clock skew tolerance\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Validation\u003C\u002Fstrong>: Comprehensive email validation with optional allowlist\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Caching\u003C\u002Fstrong>: JWKS caching for improved performance\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Security Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Referrer validation to prevent unauthorized access\u003C\u002Fli>\n\u003Cli>JWT signature verification using public key cryptography\u003C\u002Fli>\n\u003Cli>Issuer validation to ensure tokens come from trusted sources\u003C\u002Fli>\n\u003Cli>Audience validation to prevent token reuse across sites\u003C\u002Fli>\n\u003Cli>Token expiration validation with configurable leeway\u003C\u002Fli>\n\u003Cli>Email format validation and filtering via hook\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Use Cases\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress installations managed centrally by agency\u003C\u002Fli>\n\u003Cli>Organization using Google for external identity provider\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Ch4>Authentication Flow\u003C\u002Fh4>\n\u003Col>\n\u003Cli>User clicks login link from SSO application sso.twelvelegsmarketing.com\u003C\u002Fli>\n\u003Cli>SSO application redirects to WordPress with JWT token: \u003Ccode>\u002Fwp-login.php?action=twl_sso&token=JWT_TOKEN\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Plugin validates the JWT token signature and claims\u003C\u002Fli>\n\u003Cli>Plugin extracts user information from JWT claims\u003C\u002Fli>\n\u003Cli>Plugin creates or retrieves WordPress user\u003C\u002Fli>\n\u003Cli>Plugin assigns appropriate role based on JWT claims\u003C\u002Fli>\n\u003Cli>User is logged into WordPress\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>JWT Claims\u003C\u002Fh4>\n\u003Cp>The plugin expects the following JWT claims:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>email\u003C\u002Fcode> or \u003Ccode>sub\u003C\u002Fcode>: User’s email address\u003C\u002Fli>\n\u003Cli>\u003Ccode>iss\u003C\u002Fcode>: Issuer (must match allowed issuers)\u003C\u002Fli>\n\u003Cli>\u003Ccode>aud\u003C\u002Fcode>: Audience (must match WordPress site URL)\u003C\u002Fli>\n\u003Cli>\u003Ccode>exp\u003C\u002Fcode>: Expiration time\u003C\u002Fli>\n\u003Cli>\u003Ccode>nbf\u003C\u002Fcode>: Not before time (optional)\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp_role\u003C\u002Fcode>: WordPress role to assign (optional)\u003C\u002Fli>\n\u003Cli>\u003Ccode>name\u003C\u002Fcode>: User’s display name (optional)\u003C\u002Fli>\n\u003Cli>\u003Ccode>given_name\u003C\u002Fcode>: User’s first name (optional)\u003C\u002Fli>\n\u003Cli>\u003Ccode>family_name\u003C\u002Fcode>: User’s last name (optional)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Configuration\u003C\u002Fh4>\n\u003Cp>The plugin automatically configures itself based on the WordPress environment:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Production\u003C\u002Fstrong>: Only allows \u003Ccode>https:\u002F\u002Fsso.twelvelegsmarketing.com\u003C\u002Fcode> as issuer\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Development\u002FStaging\u003C\u002Fstrong>: Also allows \u003Ccode>https:\u002F\u002Flocalhost:8443\u003C\u002Fcode> as issuer\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Customization\u003C\u002Fh4>\n\u003Cp>You can customize the plugin behavior using WordPress filters:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>twl_sso_allow_email\u003C\u002Fcode>: Filter to control which email addresses are allowed\u003C\u002Fli>\n\u003Cli>\u003Ccode>twl_sso_allowed_roles\u003C\u002Fcode>: Filter to control which roles can be assigned\u003C\u002Fli>\n\u003Cli>\u003Ccode>twl_sso_allowed_issuers\u003C\u002Fcode>: Filter to control which issuers are allowed\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support, please contact Twelve Legs Marketing at https:\u002F\u002Ftwelvelegsmarketing.com\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>This plugin does not collect, store, or transmit any personal data. All authentication is handled through secure JWT tokens from your configured SSO provider.\u003C\u002Fp>\n","Single sign-on plugin for WordPress that accepts RS256 JWTs from the TWL SSO application for secure authentication.",202,"2025-10-22T14:34:00.000Z","5.8","8.0",[17,69,50,20,21],"jwt","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftwelve-legs-marketing-sso.1.0.2.zip",{"slug":72,"name":73,"version":74,"author":75,"author_profile":76,"description":77,"short_description":78,"active_installs":10,"downloaded":79,"rating":44,"num_ratings":80,"last_updated":81,"tested_up_to":82,"requires_at_least":47,"requires_php":15,"tags":83,"homepage":15,"download_link":86,"security_score":44,"vuln_count":10,"unpatched_count":10,"last_vuln_date":24,"fetched_at":25},"wpoauth","Secufor_OAuth","0.0","Secufor","https:\u002F\u002Fprofiles.wordpress.org\u002Fsecufor\u002F","\u003Cp>Looking for a budget-friendly alternative to expensive SSO solutions? Our OAuth extension provides the same robust security and provider support as Mini Orange but at a fraction of the cost.\u003C\u002Fp>\n\u003Cp>Features:\u003Cbr \u002F>\n1. OAuth-based Single Sign-On (SSO)\u003Cbr \u002F>\n2. Secure authentication with external applications\u003Cbr \u002F>\n3. Simplifies user login experience\u003Cbr \u002F>\n4. Centralized identity management\u003Cbr \u002F>\n5. No need for multiple credentials across different platforms\u003C\u002Fp>\n\u003Cp>Popular OAuth providers:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Google\u003C\u002Fli>\n\u003Cli>Facebook\u003C\u002Fli>\n\u003Cli>Twitter\u003C\u002Fli>\n\u003Cli>GitHub\u003C\u002Fli>\n\u003Cli>Microsoft\u003C\u002Fli>\n\u003Cli>LinkedIn\u003C\u002Fli>\n\u003Cli>Amazon\u003C\u002Fli>\n\u003Cli>Apple\u003C\u002Fli>\n\u003Cli>GitLab\u003C\u002Fli>\n\u003Cli>Bitbucket\u003C\u002Fli>\n\u003Cli>Slack\u003C\u002Fli>\n\u003Cli>Discord\u003C\u002Fli>\n\u003Cli>Spotify\u003C\u002Fli>\n\u003Cli>Instagram\u003C\u002Fli>\n\u003Cli>Reddit\u003C\u002Fli>\n\u003Cli>Dropbox\u003C\u002Fli>\n\u003Cli>AWS\u003C\u002Fli>\n\u003Cli>Azure\u003C\u002Fli>\n\u003Cli>Salesforce\u003C\u002Fli>\n\u003Cli>Zoom\u003C\u002Fli>\n\u003Cli>PayPal\u003C\u002Fli>\n\u003Cli>Stripe\u003C\u002Fli>\n\u003Cli>Twitch\u003C\u002Fli>\n\u003Cli>WordPress.com\u003C\u002Fli>\n\u003Cli>Keycloak\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>https:\u002F\u002Fsecufor.net : Secufor website used to connect to your secufor account and retrieve your accounts informations to the plugin.\u003C\u002Fp>\n","Looking for a budget-friendly alternative to expensive SSO solutions? Our OAuth extension provides the same robust security and provider support as Mi &hellip;",1758,2,"2026-03-24T09:18:00.000Z","6.7.5",[17,84,85,20,21],"oauth","security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpoauth.1.0.8.zip",{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":95,"downloaded":96,"rating":97,"num_ratings":98,"last_updated":99,"tested_up_to":100,"requires_at_least":101,"requires_php":48,"tags":102,"homepage":15,"download_link":105,"security_score":106,"vuln_count":107,"unpatched_count":10,"last_vuln_date":108,"fetched_at":25},"auth0","Login by Auth0","4.6.2","Auth0","https:\u002F\u002Fprofiles.wordpress.org\u002Fauth0\u002F","\u003Cp>This plugin replaces standard WordPress login forms with one powered by \u003Ca href=\"https:\u002F\u002Fauth0.com\" rel=\"nofollow ugc\">Auth0\u003C\u002Fa> that enables:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Universal authentication\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>Over 30 social login providers\u003C\u002Fli>\n\u003Cli>Enterprise connections (ADFS, Active Directory \u002F LDAP, SAML, Office 365, Google Apps and more)\u003C\u002Fli>\n\u003Cli>Connect your own database\u003C\u002Fli>\n\u003Cli>Passwordless connections (using email or SMS)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ultra secure\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>Multifactor authentication\u003C\u002Fli>\n\u003Cli>Password policies\u003C\u002Fli>\n\u003Cli>Email validation\u003C\u002Fli>\n\u003Cli>Mitigate brute force attacks\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Technical Notes\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>IMPORTANT\u003C\u002Fstrong>: By using this plugin you are delegating the site authentication and profile handling to Auth0. That means that you won’t be using the WordPress database to authenticate users and the default WordPress login forms will be replaced.\u003C\u002Fp>\n\u003Cp>Please see our \u003Ca href=\"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fcms\u002Fwordpress\u002Fhow-does-it-work\" rel=\"nofollow ugc\">How It Works page\u003C\u002Fa> for more information on how Auth0 authenticates and manages your users.\u003C\u002Fp>\n\u003Ch4>Migrating Existing Users\u003C\u002Fh4>\n\u003Cp>Auth0 allows multiple authentication providers. You can have social providers like Facebook, Twitter, Google+, and more, a database of users and passwords (just like WordPress but hosted in Auth0), or you can use an Enterprise directory like Active Directory, LDAP, Office365, Google Apps, or SAML. All those authentication providers might give you an email and a flag indicating whether the email was verified or not. We use that email (only if it is verified) to associate a previous \u003Cstrong>existing\u003C\u002Fstrong> user with the one coming from Auth0.\u003C\u002Fp>\n\u003Cp>If the email was not verified and there is an account with that email in WordPress, the user will be presented with a page saying that the email was not verified and a link to “Re-send the verification email.” For either scenario, you can choose whether it is mandatory that the user has a verified email or not in the plugin settings.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Please note:\u003C\u002Fstrong> In order for a user to log in using Auth0, they will need to sign up via the Auth0 login form (or have an account created for them in Auth0). Once signup is complete, their Auth0 user will be automatically associated with their WordPress user.\u003C\u002Fp>\n\u003Ch4>Widget\u003C\u002Fh4>\n\u003Cp>You can enable Auth0 as a WordPress widget in order to show it in a sidebar. The widget inherits the main plugin settings but can be overridden with its own settings in the widget form. Note: this form will not display for logged-in users.\u003C\u002Fp>\n\u003Ch4>Shortcode\u003C\u002Fh4>\n\u003Cp>Also, you can use the Auth0 widget as a shortcode in your editor. Just add the following to use the global settings:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[auth0]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Like widgets, shortcode login forms will use the settings of the plugin. It can be customized by adding the following attributes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>icon_url\u003C\u002Fcode> – A direct URL to an image used at the top of the login form\u003C\u002Fli>\n\u003Cli>\u003Ccode>form_title\u003C\u002Fcode> – Text to appear at the top of the login form\u003C\u002Fli>\n\u003Cli>\u003Ccode>gravatar\u003C\u002Fcode> – Display the user’s Gravatar; set to \u003Ccode>1\u003C\u002Fcode> for yes\u003C\u002Fli>\n\u003Cli>\u003Ccode>redirect_to\u003C\u002Fcode> – A direct URL to use after successful login\u003C\u002Fli>\n\u003Cli>\u003Ccode>dict\u003C\u002Fcode> – Valid JSON to override form text (\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fauth0\u002Flock\u002Fblob\u002Fmaster\u002Fsrc\u002Fi18n\u002Fen.js\" rel=\"nofollow ugc\">see options here\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>\u003Ccode>extra_conf\u003C\u002Fcode> – Valid JSON to override Lock configuration (\u003Ca href=\"https:\u002F\u002Fauth0.com\u002Fdocs\u002Flibraries\u002Flock\u002Fv11\u002Fconfiguration\" rel=\"nofollow ugc\">see options here\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>\u003Ccode>show_as_modal\u003C\u002Fcode> – Display a button that triggers the login form in a modal; set to \u003Ccode>1\u003C\u002Fcode> for yes\u003C\u002Fli>\n\u003Cli>\u003Ccode>modal_trigger_name\u003C\u002Fcode> – Button text to display when using a modal\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[auth0 show_as_modal=\"1\" modal_trigger_name=\"Login button: This text is configurable!\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Note: this form will not display for logged-in users.\u003C\u002Fp>\n","Login by Auth0 provides improved username\u002Fpassword login, Passwordless login, Social login and Single Sign On for all your sites.",10000,256122,62,18,"2024-07-12T16:57:00.000Z","6.5.8","6.5.5",[17,103,85,20,104],"multi-factor","social","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauth0.4.6.2.zip",83,7,"2024-07-09 00:00:00",{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":95,"downloaded":117,"rating":54,"num_ratings":118,"last_updated":119,"tested_up_to":46,"requires_at_least":120,"requires_php":121,"tags":122,"homepage":124,"download_link":125,"security_score":54,"vuln_count":30,"unpatched_count":10,"last_vuln_date":126,"fetched_at":25},"google-apps-login","Login for Google Apps","3.5.2","Syed Balkhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmub\u002F","\u003Cp>Login for Google Apps allows existing WordPress user accounts to log in to your website using Google to securely authenticate their account. This means that if they are already logged into Gmail – they can simply click their way through the WordPress login screen – no username or password is explicitly required!\u003C\u002Fp>\n\u003Cp>Login for Google Apps uses \u003Cstrong>secure oAuth2 authentication recommended by Google\u003C\u002Fstrong>, including 2-factor authentication (2FA) if enabled for your Google Workspace (formerly known as Google Apps and G Suite) accounts.\u003C\u002Fp>\n\u003Cp>This is far simpler to configure than the older SAML protocol.\u003C\u002Fp>\n\u003Cp>Login for Google Apps is trusted by thousands of organizations from schools to large public companies. Login for Google Apps for WordPress is the most popular enterprise grade plugin enabling login and user management based on your Google Workspace domain.\u003C\u002Fp>\n\u003Cp>Its plugin setup requires you to have admin access to any Google Workspace domain, or a regular Gmail account, to register and obtain two simple codes from Google.\u003C\u002Fp>\n\u003Ch4>Support and Premium features\u003C\u002Fh4>\n\u003Cp>Full support and premium features are also available for purchase:\u003C\u002Fp>\n\u003Cp>Eliminate the need for Google Workspace (previously called “Google Apps and G Suite”) domain admins to separately manage WordPress user accounts, and get peace of mind that only authorized employees have access to your organization’s websites and intranet.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>See \u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Fglogin\u002F?utm_source=Login%20Readme%20Top&utm_medium=freemium&utm_campaign=Freemium\" rel=\"nofollow ugc\">our website at wp-glogin.com\u003C\u002Fa> for more details.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The Premium version allows everyone in your Google Workspace (Google Apps \u002F G Suite) domain to log in to WordPress – an account will be automatically created in WordPress if one doesn’t already exist.\u003C\u002Fp>\n\u003Cp>Our Enterprise version goes further, allowing you to specify granular access and role controls based on Google Group or Organizational Unit membership.\u003C\u002Fp>\n\u003Cp>You can also see logs of accounts created and roles changed by the plugin.\u003C\u002Fp>\n\u003Ch4>Extensible Platform\u003C\u002Fh4>\n\u003Cp>Login for Google Apps allows you to centralize your site’s Google functionality and build your own extensions, or use third-party extensions, which require no configuration themselves and share the same user authentication and permissions that users already allowed for Login for Google Apps itself.\u003C\u002Fp>\n\u003Cp>Using our platform, your website appears to Google accounts as one unified ‘web application’, making it more secure and easier to manage.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Fwpgoogledriveembedder\" rel=\"nofollow ugc\">Google Drive Embedder\u003C\u002Fa> is an extension plugin allowing\u003Cbr \u002F>\nusers to browse for Google Drive documents to embed directly in their posts or pages.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Fwpgoogleappsdirectory\" rel=\"nofollow ugc\">Google Apps Directory\u003C\u002Fa> is an extension plugin allowing\u003Cbr \u002F>\nlogged-in users to search your Google Apps employee directory from a widget on your intranet or client site.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Favatars\u002F?utm_source=Login%20Readme%20Avatars&utm_medium=freemium&utm_campaign=Freemium\" rel=\"nofollow ugc\">Google Profile Avatars\u003C\u002Fa>\u003Cbr \u002F>\nis available on our website. It displays users’ Google profile photos in place of their avatars throughout your site.\u003C\u002Fp>\n\u003Cp>Login for Google Apps works on single or multisite WordPress websites or private intranets.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cp>One-click login will work for the following domains and user accounts:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Google Workspace Starter\u003C\u002Fli>\n\u003Cli>Google Workspace Business Standard\u003C\u002Fli>\n\u003Cli>Google Workspace Business Plus\u003C\u002Fli>\n\u003Cli>Google Workspace Enterprise\u003C\u002Fli>\n\u003Cli>Google Workspace for Nonprofits\u003C\u002Fli>\n\u003Cli>Google Workspace for Government\u003C\u002Fli>\n\u003Cli>Google Classroom (Google Workspace for Education)\u003C\u002Fli>\n\u003Cli>Personal gmail.com and googlemail.com emails\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Login for Google Apps uses the latest secure OAuth2 authentication recommended by Google. Other 3rd party authentication plugins may allow you to use your Google username and password to login, but they do not do this securely unless they also use OAuth2. This is discussed further in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgoogle-apps-login\u002F#faq\" rel=\"ugc\">FAQ\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cp>This plugin currently operates in multiple languages.\u003C\u002Fp>\n\u003Cp>We welcome volunteers to translate into their own language. If you would like to contribute a translation, please open the WordPress.org \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fgoogle-apps-login\u002F\" rel=\"nofollow ugc\">Translation portal\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Website and Upgrades\u003C\u002Fh4>\n\u003Cp>Please see our website \u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002F?utm_source=Login%20Readme%20Website&utm_medium=freemium&utm_campaign=Freemium\" rel=\"nofollow ugc\">https:\u002F\u002Fwp-glogin.com\u002F\u003C\u002Fa> for more information about this free plugin and extra features available in our Premium and Enterprise upgrades, plus support details, other plugins, and useful guides for admins of WordPress sites and Google Apps.\u003C\u002Fp>\n\u003Cp>The \u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Fglogin\u002F?utm_source=Login%20Readme%20PremEnt&utm_medium=freemium&utm_campaign=Freemium\" rel=\"nofollow ugc\">Premium and Enterprise versions\u003C\u002Fa> eliminate the need to manage user accounts in your WordPress site – everything is synced from Google Apps instead.\u003C\u002Fp>\n\u003Cp>If you are building your organization’s intranet on WordPress, try out our \u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Fintranet\u002F?utm_source=Login%20Readme%20AIOI&utm_medium=freemium&utm_campaign=Freemium\" rel=\"nofollow ugc\">All-In-One Intranet plugin\u003C\u002Fa>.\u003C\u002Fp>\n","Simple secure login and user management through your Google Workspace for WordPress (using oAuth2 and MFA if enabled).",664671,64,"2025-05-08T16:01:00.000Z","5.5","7.2",[17,123,50,84,21],"google","https:\u002F\u002Fwp-glogin.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgoogle-apps-login.3.5.2.zip","2022-12-01 00:00:00",{"attackSurface":128,"codeSignals":154,"taintFlows":164,"riskAssessment":165,"analyzedAt":177},{"hooks":129,"ajaxHandlers":142,"restRoutes":151,"shortcodes":152,"cronEvents":153,"entryPointCount":80,"unprotectedCount":80},[130,137],{"type":131,"name":132,"callback":133,"priority":134,"file":135,"line":136},"filter","authenticate","filter_allow_login",10,"wp-sso-client.php",74,{"type":138,"name":139,"callback":140,"priority":44,"file":135,"line":141},"action","wp_enqueue_scripts","load_scripts",207,[143,148],{"action":144,"nopriv":145,"callback":146,"hasNonce":145,"hasCapCheck":145,"file":135,"line":147},"sso_token",false,"request_token",209,{"action":144,"nopriv":149,"callback":146,"hasNonce":145,"hasCapCheck":145,"file":135,"line":150},true,210,[],[],[],{"dangerousFunctions":155,"sqlUsage":156,"outputEscaping":158,"fileOperations":10,"externalRequests":30,"nonceChecks":10,"capabilityChecks":10,"bundledLibraries":163},[],{"prepared":10,"raw":10,"locations":157},[],{"escaped":30,"rawEcho":30,"locations":159},[160],{"file":135,"line":161,"context":162},160,"raw output",[],[],{"summary":166,"deductions":167},"The wp-sso-client v1.0 plugin exhibits a concerning security posture due to a small but significant attack surface without proper authentication.  The presence of two AJAX handlers that lack authentication checks is a primary area of concern, as these can be exploited by unauthenticated users to trigger plugin functionality. While the plugin demonstrates good practices in other areas, such as the absence of dangerous functions, 100% use of prepared statements for SQL queries, and no file operations or external HTTP requests (beyond one unclassified request), the lack of robust authorization on its entry points significantly elevates its risk profile.\n\nThe static analysis reveals no critical or high-severity taint flows, which is a positive indicator. However, the limited scope of taint analysis (0 flows analyzed) means this cannot be considered a comprehensive assessment of potential data handling vulnerabilities.  The absence of any recorded historical vulnerabilities (CVEs) is generally positive, suggesting the plugin has not been a frequent target or has had a relatively clean history. However, this can also be attributed to its limited adoption or potentially insufficient security auditing in the past.  The plugin's strengths lie in its avoidance of common pitfalls like raw SQL and dangerous functions, but the critical weakness of unprotected AJAX handlers overshadows these positives, making it a moderate risk for environments where security is paramount.",[168,170,172,175],{"reason":169,"points":134},"AJAX handlers without auth checks",{"reason":171,"points":107},"Missing nonce checks on AJAX",{"reason":173,"points":174},"Incomplete taint analysis",3,{"reason":176,"points":174},"50% output escaping","2026-04-16T13:48:21.999Z",{"wat":179,"direct":187},{"assetPaths":180,"generatorPatterns":182,"scriptPaths":183,"versionParams":185},[181],"\u002Fwp-content\u002Fplugins\u002Fwp-sso-client\u002Fwp-sso-client.js",[],[184],"wp-sso-client.js",[186],"wp-sso-client\u002Fwp-sso-client.js?ver=1.0",{"cssClasses":188,"htmlComments":189,"htmlAttributes":190,"restEndpoints":191,"jsGlobals":192,"shortcodeOutput":195},[],[],[],[],[193,194],"wp_sso_client","wp_sso_client_urls",[],{"error":149,"url":197,"statusCode":198,"statusMessage":199,"message":199},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fwp-sso-client\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":5,"total_versions":10,"versions":201},[]]