PHPackages                             jamesmorrison/cloudflare-access-sso - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. jamesmorrison/cloudflare-access-sso

ActiveWordpress-plugin[Authentication &amp; Authorization](/categories/authentication)

jamesmorrison/cloudflare-access-sso
===================================

Facilitates SSO login to WordPress via Cloudflare Access.

1.0.6(2y ago)756[1 issues](https://github.com/jamesmorrison/cloudflare-access-sso/issues)[2 PRs](https://github.com/jamesmorrison/cloudflare-access-sso/pulls)GPL-2.0-or-laterPHPPHP &gt;=8.0CI passing

Since Feb 27Pushed 4mo ago2 watchersCompare

[ Source](https://github.com/jamesmorrison/cloudflare-access-sso)[ Packagist](https://packagist.org/packages/jamesmorrison/cloudflare-access-sso)[ Docs](https://james.morrison.uk/plugins/cloudflare-access-sso/)[ RSS](/packages/jamesmorrison-cloudflare-access-sso/feed)WikiDiscussions trunk Synced today

READMEChangelog (6)Dependencies (1)Versions (9)Used By (0)

Cloudflare Access SSO for WordPress
===================================

[](#cloudflare-access-sso-for-wordpress)

Cloudflare Access SSO (Single Sign On) is a plugin to facilitate auto-login to WordPress. The plugin relies on authorisation by Cloudflare, so it's important that you follow this setup guide carefully to ensure your site remains secure. For further guidance, refer to [Cloudflare Documentation: Add Site to Cloudflare](https://developers.cloudflare.com/fundamentals/get-started/setup/add-site/).

> Note: If you don't currently use Cloudflare and don't plan to, this plugin probably isn't suitable for your site.

### Cloudflare Access Setup

[](#cloudflare-access-setup)

In order to use Cloudflare Access for SSO, you must create an application that covers `wp-login.php` on the site you wish to protect. No other URLs are required to be protected for this to function, but for better security you may wish to include others. Note that (as of June, 2023) it is not possible to define more than one path in a single application; for now multiple applications are required if you additionally wish to protect `/wp-admin`.

Follow this guide to create a [Cloudflare Access Application: Self Hosted Applications](https://developers.cloudflare.com/cloudflare-one/applications/configure-apps/self-hosted-apps/)

### Plugin Configuration

[](#plugin-configuration)

Two constants are required to be set in `wp-config.php` (note: a settings page will be added in a future release):

`CF_ACCESS_TEAM_NAME` The Cloudflare Access Team Name To get the Team Name:

- Open the Zero Trust Dashboard (see above)
- Navigate to "Settings" in the left sidebar menu, then click "General Settings"
- Edit the Team domain - the editable component is the Team Name (ignore `.cloudflareaccess.com` that follows)
    - e.g. if the value once saved is `mysite.cloudflareaccess.com`, the Team Name is `mysite`.

Example for `wp-config.php`: `define( 'CF_ACCESS_TEAM_NAME', 'mysite' );`

`CF_ACCESS_AUD` The Application Audience (AUD) Tag for the Cloudflare Access application To get the Application Audience (AUD) Tag

- Open the Zero Trust Dashboard (see above)
- Navigate to Access =&gt; Applications
- Select the Application, then click "Configure" in the overlaid modal
- On the application page, navigate to the "Overview" tab
- Copy the "Application Audience (AUD) Tag" value

Example for `wp-config.php`: `define( 'CF_ACCESS_AUD', '12345-67890-12345-67890-12345-67890' );`

> Note: If you have multiple Cloudflare Access Applications, ensure the AUD covers `wp-login.php` - if it doesn't, SSO will not function correctly.

`CF_ACCESS_AUD` accepts a single string (per example above) or an array of strings, like this:

```
define( 'CF_ACCESS_AUD',
	[
		'12345-67890-12345-67890-12345-67890',
		'54321-12345-54321-12345-54321-12345',
	]
);

```

Optionally, four additional constants can also be set:

`CF_ACCESS_ATTEMPTS` The number of attempts to login via Cloudflare Access.

Default: (int) `3` if not set.

`CF_ACCESS_LEEWAY` The number of seconds leeway allowed in the authorisation headers.

Default (int) `60` if not set.

`CF_ACCESS_CREATE_ACCOUNT` Whether an account should be created for a (Cloudflare) authenticated user if it doesn't exist Note: This is dependent on the settings for your Cloudflare Access application; if you only allow "internal" users, "external" users won't be able to access the site at all.

Default: (bool) `false` if not set.

`CF_ACCESS_NEW_USER_ROLE` The role for user accounts created. Requires `CF_ACCESS_CREATE_ACCOUNT` to be true (is otherwise ignored).

Default: (string) `subscriber`

> **Note:** Where the application is not configured correctly (authorisation header is not set, or the team name / AUD are incorrect), SSO is **silently disabled**. You can check the cookies section of inspector tools to confirm whether the cookie has been set.

### Disclaimer

[](#disclaimer)

This plugin is not affiliated with nor developed by Cloudflare. All trademarks, service marks and company names are the property of their respective owners.

###  Health Score

34

—

LowBetter than 75% of packages

Maintenance48

Moderate activity, may be stable

Popularity13

Limited adoption so far

Community8

Small or concentrated contributor base

Maturity56

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~76 days

Recently: every ~66 days

Total

6

Last Release

839d ago

Major Versions

0.1.0 → 1.0.02023-06-23

### Community

Maintainers

![](https://www.gravatar.com/avatar/e0ee7431c71e3454af9be0a8fdcb4ae217b6cffe5a116dd222dbd383804f468b?d=identicon)[jamesmorrison](/maintainers/jamesmorrison)

---

Top Contributors

[![jamesmorrison](https://avatars.githubusercontent.com/u/141750?v=4)](https://github.com/jamesmorrison "jamesmorrison (17 commits)")

### Embed Badge

![Health badge](/badges/jamesmorrison-cloudflare-access-sso/health.svg)

```
[![Health](https://phpackages.com/badges/jamesmorrison-cloudflare-access-sso/health.svg)](https://phpackages.com/packages/jamesmorrison-cloudflare-access-sso)
```

###  Alternatives

[google/auth

Google Auth Library for PHP

1.4k294.2M217](/packages/google-auth)[thenetworg/oauth2-azure

Azure Active Directory OAuth 2.0 Client Provider for The PHP League OAuth2-Client

25310.7M83](/packages/thenetworg-oauth2-azure)[stevenmaguire/oauth2-keycloak

Keycloak OAuth 2.0 Client Provider for The PHP League OAuth2-Client

2306.4M45](/packages/stevenmaguire-oauth2-keycloak)[robsontenorio/laravel-keycloak-guard

🔑 Simple Keycloak Guard for Laravel

5181.2M3](/packages/robsontenorio-laravel-keycloak-guard)[ellaisys/aws-cognito

Laravel Authentication using AWS Cognito (Web and API)

123256.9k1](/packages/ellaisys-aws-cognito)[rainlab/user-plugin

User plugin for October CMS

11955.0k15](/packages/rainlab-user-plugin)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
