Simple secure login and user management for WordPress through your G Suite / Google Apps domain (uses secure OAuth2, and MFA if enabled)
Full support is available if you purchase the appropriate license from the author via: http://wp-glogin.com/glogin/
Please feel free to email firstname.lastname@example.org with any questions, as we may be able to help, but you may be required to purchase a support license if the problem is specific to your installation or requirements.
We may occasionally be able to respond to support queries posted on the 'Support' forum here on the wordpress.org plugin page, but we recommend sending us an email instead if possible.
No, once you set up the plugin, any WordPress accounts whose email address corresponds to any Google account, whether on a different G Suite domain or even a personal gmail.com account, will be able to use 'Login with Google' to easily connect to your WordPress site.
However, our premium plugin has features that greatly simplify your WordPress user management if your WordPress users are mostly on the same G Suite domain(s).
The plugin will work whether your site is configured for HTTP or HTTPS.
However, you may have configured your site to run so that the login pages can be accessed by either HTTP or HTTPS. In that case, you may run into problems. We recommend that you set FORCE_SSL_ADMIN to true. This will ensure that all users are consistently using HTTPS for login.
You may then need to ensure the Redirect URL and Web Origin in the Google Cloud Console are set as HTTPS (this will make sense if you follow the installation instructions again).
If for some reason you cannot set FORCE_SSL_ADMIN, then instead you can add two URLs to the Google Cloud Console for each entry, e.g. Redirect URL = http://wpexample.com/wp-login.php, and then add another one for https://wpexample.com/wp-login.php. Same idea for Web Origin.
It is written, tested, and secure for multisite WordPress, both for subdirectories and subdomains, and must be activated network-wide for security reasons.
There are many different possible configurations of multisite WordPress, however, so you must test carefully if you have any other plugins or special setup.
In a multisite setup, you will see an extra option in Settings -> Google Apps Login, named 'Use sub-site specific callback from Google'. Read details in the configuration instructions (linked from the Settings page). This setting will need to be ON if you are using any domain mapping plugin, and extra Redirect URIs will need to be registered in Google Cloud Console.
Yes, and depending on your setup, it can be much more secure than just using WordPress usernames and passwords.
However, the author does not accept liability or offer any guarantee, and it is your responsibility to ensure that your site is secure in the way you require.
In particular, other plugins may conflict with each other, and different WordPress versions and configurations may render your site insecure.
Sometimes conflicts can arise. We have built workarounds for some problems, and would always appreciate your feedback to resolve any issues you might encounter yourself.
One known issue is with iThemes Security: the settings 'filter suspicious query strings' and 'filter long URL strings' can both cause intermittent conflicts and should be turned off if you are happy with the implications.
My Private Site - Try setting the My Private Site option "Omit ?redirect_to= from URL (this option is recommended for Custom Login pages)".
WP Email Login - incompatible with Google Apps Login
Google Apps Login uses the latest secure OAuth2 authentication recommended by Google. Other 3rd party authentication plugins may allow you to use your Google username and password to login, but they do not always do this securely:
Other plugins: Users' passwords may be handled by your blog's server, potentially unencrypted. If these are compromised, hackers would be able to gain access to your Google email accounts! This includes all G Suite apps (Gmail, Drive, Calendar etc), and any other services which use your Google account to login.
This plugin: Users' passwords are only ever submitted to Google itself, then Google is asked to authenticate the user to your WordPress site. This means Multi-factor Authentication can still be used (if set up on your Google account). Your website only requires permission to authenticate the user and obtain basic profile data - it can never have access to your emails and other data.
And you will need a Google account to set up the plugin.
Requires: 3.7 or higher
Compatible up to: 4.7.1
Last Updated: 2 months ago
Active Installs: 10,000+
2 of 2 support threads in the last two months have been marked resolved.
Got something to say? Need help?