PHPackages rumur/wp-jwt - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. rumur/wp-jwt ActiveLibrary[Authentication & Authorization](/categories/authentication) rumur/wp-jwt ============ WordPress JSON Web Token Authentication tool v1.0.2(3y ago)110[1 PRs](https://github.com/rumur/wp-jwt/pulls)MITPHPPHP >=7.4.0|>=8.0.0 Since Jul 2Pushed 1y ago1 watchersCompare [ Source](https://github.com/rumur/wp-jwt)[ Packagist](https://packagist.org/packages/rumur/wp-jwt)[ Docs](https://github.com/rumur/wp-jwt)[ RSS](/packages/rumur-wp-jwt/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (3)Dependencies (6)Versions (6)Used By (0) wp-jwt ====== [](#wp-jwt) WordPress JSON Web Token Authentication tool. ### Minimum Requirements: [](#minimum-requirements) - PHP: 7.4+ - WordPress: 5.9+ Installation ------------ [](#installation) `composer require rumur/wp-jwt` ### Themosis 2.x [](#themosis-2x) `php console vendor:publish --provider='Rumur\WordPress\JsonWebToken\JWTServiceProvider'` ### Sage 10.x [](#sage-10x) `wp acorn vendor:publish --provider='Rumur\WordPress\JsonWebToken\JWTServiceProvider'` ### How to use it? [](#how-to-use-it) **Define Secret Key** ``` // wp-config.php // ... define('JWT_SECRET_KEY', 'SomeSecretYouKey'); // Optional. Default `HS256`, Possible options `ES384`, `ES256`, `HS256`, `HS384`, `HS512`, `RS256`, `RS384`, `RS512`, `EdDSA`. define('JWT_ALGO', 'HS256'); /* That's all, stop editing! Happy blogging. */ // ... ``` ``` use function Rumur\WordPress\JsonWebToken\jwt; use Rumur\WordPress\JsonWebToken\Service; add_action('rest_api_init', function () { // Creates a Service for you. jwt() // List routes that need to be guarded by JWT, support wildcards. ->guard( [ 'app/*', 'wp/*/posts/*', ] ) // In case if you need to skip some routes, otherwise you might get errors, // because absence of a Bearer Token within headers triggers that errors. ->ignore( [ 'app/*/auth/login', 'app/*/auth/validate', 'app/*/auth/register', ] ) // There is also available some builtin middlewares // but also supports simple closures as well, // ⚠️ NOTE: Middleware won't apply if that endpoint within ignore list ⚠️ ->middleware( [ 'app/*/entity/*' => [ 'role:editor', 'can:edit_entity', function(\WP_REST_Request $request, Closure $next, array $attributes) { // Do some logic. // in case of success just pass the request to the next middleware if (! current_user_can('edit_other_users')) { return false; } return $next($request); } ], 'wp/*/media/*' => function(\WP_REST_Request $request, Closure $next, array $attributes) { if (! current_user_can('edit_post', $request['id'])) { return false; } return $next($request); } ] ) // In case if you need to take over the control and register your own routes. ->takeOver(function (string $namespace, string $rest_base, Service $jwt ) { ( new Api\AuthController($namespace, $rest_base, $jwt) )->register_routes(); } ) // And last but not least, Engage function needs to be called on `rest_api_init` action, // otherwise it will tell you about that error. ->engage( $namespace = 'jwt/v1', $rest_base = 'auth' ); }, 10 ); ``` License ------- [](#license) This package is licensed under the MIT License - see the [LICENSE.md](https://github.com/rumur/wp-jwt/blob/master/LICENSE) file for details. ### Health Score 27 — LowBetter than 49% of packages Maintenance29 Infrequent updates — may be unmaintained Popularity7 Limited adoption so far Community7 Small or concentrated contributor base Maturity56 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~64 days Total 3 Last Release 1288d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/6abf40367e7632006f4b3274bba92c886a41df07f04c736d7083d31631d85645?d=identicon)[rumur](/maintainers/rumur) --- Top Contributors [![rumur](https://avatars.githubusercontent.com/u/15267625?v=4)](https://github.com/rumur "rumur (19 commits)") --- Tags jwtwordpressauthJSON Web Token ### Code Quality TestsPHPUnit Code StylePHP\_CodeSniffer ### Embed Badge ![Health badge](/badges/rumur-wp-jwt/health.svg) ``` [![Health](https://phpackages.com/badges/rumur-wp-jwt/health.svg)](https://phpackages.com/packages/rumur-wp-jwt) ``` ### Alternatives [tymon/jwt-auth JSON Web Token Authentication for Laravel and Lumen 11.5k49.1M350](/packages/tymon-jwt-auth)[benbjurstrom/cognito-jwt-guard A laravel auth guard for JSON Web Tokens issued by Amazon AWS Cognito 1113.1k](/packages/benbjurstrom-cognito-jwt-guard) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)