Plugin Directory

Test out the new Plugin Directory and let us know what you think.

XMPP Authentication

Allows users to authenticate without password via XMPP and for visitors to be filtered by XMPP verification.


  • Fix comment validation.
  • Comment validation through XMPP is now marked as "experimental". Though still functional, I find the user experience crappy. I will want to review this deeply before considering it in release state.
  • Comment validation times out at 50 sec (was 30).
  • Transaction IDs are 6 characters. This makes them easier to copy, even on smaller virtual keyboard (for instance to validate on your personal smartphone a login made on a third-party untrusted machine).


  • Update SASL lib to Auth_SASL2 0.1.0.
  • Fix Cacert root certificate.
  • Add Let's Encrypt root certificate.
  • Improving/experimenting the protocole from XEP-0070. It should be more user-friendly, while still staying secure.


  • When login is disabled, login page look is not modified.
  • When comments is disabled, I still display the JID field, but simply don't process anything and without the '*' of mandatory fields.
  • Localization prepared and French localization available.
  • DNS results are now cached. I use the ttl of records (maximum 1 week, as proposed in RFC-1035) and reorder cached data using failure and success knowledge.
  • PEAR Auth_SASL coded is included in the plugin, hence the dependency is no more.
  • A patch has been sent upstream for SCRAM support.

  • After many years of inactivity, I fixed all the code and tested it against Wordpress 4.4.1.

  • Root certificates were also updated.


  • Profile page configuration: per-user choice to disable password, IM authentication, or use both.
  • IPv6 support and better DNS integration.
  • The core XMPP library has been rewritten in a much more robust, hence secure API. The current version had been started in 2008. My first XMPP experiment that I used for the plugin Jabber Feed (that I will probably soon merge with the current plugin) and the API was not very nice and could break more easily on some unexpected outputs.


  • Admins have now possibility to deactivate the plugin on a per-feature basis.
  • Experimental component support.
  • "Jabber / Google Talk" in profile renamed to "Standard IM".


  • TLS certificates were not properly configured.
  • Various fixes.


Initial Release. The plugin can be used to login as a user, or post comments as an unsubscribed visitor.

Requires: 3.2.0 or higher
Compatible up to: 4.4.8
Last Updated: 1 year ago
Active Installs: Less than 10


5 out of 5 stars


Got something to say? Need help?


Not enough data

0 people say it works.
0 people say it's broken.

100,1,1 100,1,1 100,1,1 100,1,1