Plugin Directory

XMPP Authentication

Allows users to authenticate without password via XMPP and for visitors to be filtered by XMPP verification.


  • Fix comment validation.
  • Comment validation through XMPP is now marked as "experimental". Though still functional, I find the user experience crappy. I will want to review this deeply before considering it in release state.
  • Comment validation times out at 50 sec (was 30).
  • Transaction IDs are 6 characters. This makes them easier to copy, even on smaller virtual keyboard (for instance to validate on your personal smartphone a login made on a third-party untrusted machine).


  • Update SASL lib to Auth_SASL2 0.1.0.
  • Fix Cacert root certificate.
  • Add Let's Encrypt root certificate.
  • Improving/experimenting the protocole from XEP-0070. It should be more user-friendly, while still staying secure.


  • When login is disabled, login page look is not modified.
  • When comments is disabled, I still display the JID field, but simply don't process anything and without the '*' of mandatory fields.
  • Localization prepared and French localization available.
  • DNS results are now cached. I use the ttl of records (maximum 1 week, as proposed in RFC-1035) and reorder cached data using failure and success knowledge.
  • PEAR Auth_SASL coded is included in the plugin, hence the dependency is no more.
  • A patch has been sent upstream for SCRAM support.

  • After many years of inactivity, I fixed all the code and tested it against Wordpress 4.4.1.

  • Root certificates were also updated.


  • Profile page configuration: per-user choice to disable password, IM authentication, or use both.
  • IPv6 support and better DNS integration.
  • The core XMPP library has been rewritten in a much more robust, hence secure API. The current version had been started in 2008. My first XMPP experiment that I used for the plugin Jabber Feed (that I will probably soon merge with the current plugin) and the API was not very nice and could break more easily on some unexpected outputs.


  • Admins have now possibility to deactivate the plugin on a per-feature basis.
  • Experimental component support.
  • "Jabber / Google Talk" in profile renamed to "Standard IM".


  • TLS certificates were not properly configured.
  • Various fixes.


Initial Release. The plugin can be used to login as a user, or post comments as an unsubscribed visitor.

Requires: 3.2.0 or higher
Compatible up to: 4.4.5
Last Updated: 10 months ago
Active Installs: 10+


0 out of 5 stars


Got something to say? Need help?


Not enough data

0 people say it works.
0 people say it's broken.

100,1,1 100,1,1 100,1,1 100,1,1