Everything you need for JWT authentication
Log users in instantly via URL, header, cookie, or session — perfect for magic links, email campaigns, and SSO flows.
Expose a secure REST endpoint to register new WordPress users programmatically — no custom code needed.
Generate, refresh, revoke, and validate JWT tokens via REST. Supports HS256/384/512 and RS256/384/512 algorithms.
Let users change or reset their password through the API — ideal for headless and mobile apps.
Limit Access by IP
Restrict access to trusted IPs — supports wildcards (e.g. 85.*.*.*) for subnet-level control.
Assign roles at registration time — create admins, editors, or subscribers through a single endpoint.
First-class support for MailPoet magic-link emails, WPGraphQL authorization, and any plugin that extends the WordPress REST API.
Require a valid JWT per route — filter by HTTP method (GET, POST, PUT, DELETE) with exact or prefix matching.
Pass a JWT to any WordPress endpoint and act as a fully authenticated user — no session cookies required.
Let users sign in with their Google account — zero passwords, instant trust.
Use Google-issued tokens to authenticate against any WordPress REST endpoint seamlessly.
Why developers choose Simple JWT Login
No coding required
Set up JWT authentication in minutes via the WordPress admin UI — no custom code needed.
6 supported algorithms
Choose from HS256/384/512 or RS256/384/512 to match your security policy.
4 JWT delivery methods
Authorization header, cookie, session, or query parameter — works everywhere.
Built for developers
16 WordPress action and filter hooks to customize every authentication flow.
CORS-ready
Works out of the box with React, Vue, Angular, mobile apps, WPGraphQL, and headless CMS setups.
PHP 5.5+ compatible
Works on any PHP version from 5.5 onwards — no matter how old or new your server is.
Auto-login & magic links
Authenticate users via a tokenized URL — no password form needed. Perfect for email campaigns and passwordless flows.
Full token lifecycle
Refresh, validate, and revoke tokens on demand to keep sessions secure and under your control.
Free & open source
GPL3.0-licensed, community-supported, no hidden costs — ever.
Drop into any stack in minutes
PHP
Connect any PHP app to Simple JWT Login with one Composer package — supports Laravel, Yii, CodeIgniter, and more.
composer require "nicumicle/simple-jwt-login-client-php"JavaScript
Add JWT authentication to React, Vue, Angular, or any JS app with an npm package and a handful of lines.
npm install simple-jwt-loginWPGraphQL
Use your JWT tokens to authenticate GraphQL queries and mutations — enable it with a single checkbox.
MailPoet
Send magic-link login emails via MailPoet — let subscribers log in with one click, no password required.
Export & Import
Back up and restore your entire plugin configuration in one click — perfect for staging-to-production migrations.
WP-CLI
Generate tokens, validate JWTs, revoke sessions, and manage every setting from your terminal — ideal for CI/CD.
wp jwt login --username=admin --password=secretUp and running in 3 steps
Search for Simple JWT Login in the WordPress plugin directory, install, and activate in one click.
Customize authentication rules, token expiration, algorithms, and access control from the WordPress admin UI.
Use JWT tokens to authenticate users on any WordPress REST API endpoint — no additional code required.
Join the community
Simple JWT Login is built in the open, by the community. Whether you write code, speak another language, or just want to spread the word — there's a place for you.
Rate on WordPress
Love the plugin? A 5-star review on WordPress.org makes a big difference.
Leave a review →Help Translate
Make JWT auth accessible in every language — join us on translate.wordpress.org.
Start translating →What developers are saying
"This plugin serves now as a one-stop shop for JWT authentication, esp for headless WP/web app setups. The even better part is the author who's extremely helpful, swift in responding & fixing issues, acknowledging improvement suggestions, pleasing to talk to and patient. I hope you can keep up the dedicated work, Nicu!"
"This is probably the very absolute best no-nonsense JWT plugin on WordPress. Exceptionally well documented, high customization, easy to setup, and works out of the box with basic setup. No nonsense ads, either. Definitely deserving the 5-star rating across the board. Recommended."
"JWT login plugin is awesome, their support is quite responsive and efficient. They are able to help me and guide me on my customize function to custom generate jwt using their classes."
"it's the best of all JWT plugins, the responsiveness of the developer is simply incredible, he knows his project by heart and will help you efficiently."
Ready to add JWT to your WordPress site?
Install Simple JWT Login in minutes, configure it through the admin UI, and start issuing tokens — completely free, no account required.