PHPackages                             wildwolf/wp-jwt-auth - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. wildwolf/wp-jwt-auth

ActiveWordpress-plugin[Authentication &amp; Authorization](/categories/authentication)

wildwolf/wp-jwt-auth
====================

WordPress plugin for JWT authentication for the REST API

052[1 PRs](https://github.com/sjinks/wp-jwt-auth/pulls)PHPCI passing

Since Jan 16Pushed 5mo ago1 watchersCompare

[ Source](https://github.com/sjinks/wp-jwt-auth)[ Packagist](https://packagist.org/packages/wildwolf/wp-jwt-auth)[ RSS](/packages/wildwolf-wp-jwt-auth/feed)WikiDiscussions master Synced today

READMEChangelogDependenciesVersions (3)Used By (0)

wp-jwt-auth
===========

[](#wp-jwt-auth)

WordPress plugin for JWT authentication for the REST / XML-RPC API

Installation
------------

[](#installation)

### Composer Way

[](#composer-way)

```
composer require wildwolf/wp-jwt-auth
```

Then go to Admin Dashboard, Plugins, find and activate the "WW JWT Auth" plugin

### Manual Way

[](#manual-way)

Grab the plugin zip file from Releases, then go to Admin Dashboard, Plugins, Add New, Upload Plugin. Select the zip file, the click Install Now. Finally, activate the plugin.

REST API Authentication
-----------------------

[](#rest-api-authentication)

The plugin uses *bearer authentication* (also known as *token authentication*) to authenticate the user.

To authenticate the request, you need to have a JWT. Then you need to set the `Authorization` header:

```
Authorization: Bearer jwt-goes-here

```

API
---

[](#api)

### REST API

[](#rest-api)

#### Generate Token

[](#generate-token)

`POST /wp-json/wildwolf/jwtauth/v1/generate`

or

`POST /wp-json/jwt-auth/v1/token`

Request body:

- `username`: login;
- `password`: password.

Successful Response: Status code: 200 JSON Object:

- `token`: JWT token;
- `user_email`: email address of the user;
- `display_name`: display name of the user.

Failure: Status code: 403 for authentication failures, 500 for misconfiguration (JWT secret is not set)

#### Validate Token

[](#validate-token)

`GET /wp-json/wildwolf/jwtauth/v1/verify`

or

`GET /wp-json/jwt-auth/v1/token/validate`

Required headers:

- `Authorization: Bearer JWT-goes-here`

Successfule response: Status code: 200

Failure: Status code: 403

### WordPress Filters

[](#wordpress-filters)

#### jwt\_auth\_not\_before

[](#jwt_auth_not_before)

Used to filter the `nbf` (not before) claim for the token. Parameters:

- `int $value`: filtered value; set to the value of the `iat` (issued at) claim;
- `int $iat`: the original unfiltered `iat` value. Expects: integer, the new value for the `nbf` claim.

### jwt\_auth\_not\_after

[](#jwt_auth_not_after)

Used to filter the `exp` (expiration) claim for the token. Parameters:

- `int $value`: filtered value; set to the value of the `iat` (issued at) claim plus the value of the JWT TTL setting;
- `int $iat`: the `iat` value;
- `int $ttl`: the JWT time to live value. Expects: integer, the new value for the `exp` claim.

### jwt\_auth\_token\_before\_sign

[](#jwt_auth_token_before_sign)

Used to filter the JWT payload before signing. Parameters:

- `array $token`: JWT payload. By default, it contains the following fields:
    - `iss`: token issuer; equal to the URL of the site (`get_bloginfo( 'url' )`);
    - `iat`: time the token was issued at;
    - `nbf`: time before which the JWT must not be accepted for processing;
    - `exp`: expiration time on or after which the JWT must not be accepted for processing;
    - `sub`: the ID of the user
- `WP_User $user`: the authenticated user. Expects: array, the new payload to sign.

###  Health Score

26

—

LowBetter than 41% of packages

Maintenance49

Moderate activity, may be stable

Popularity9

Limited adoption so far

Community9

Small or concentrated contributor base

Maturity31

Early-stage or recently created project

 Bus Factor1

Top contributor holds 70.3% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/1079712?v=4)[wildwolf](/maintainers/wildwolf)[@wildwolf](https://github.com/wildwolf)

---

Top Contributors

[![sjinks](https://avatars.githubusercontent.com/u/7810770?v=4)](https://github.com/sjinks "sjinks (52 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (22 commits)")

---

Tags

authenticationjwtjwt-authenticationrest-apiwordpress-plugin

### Embed Badge

![Health badge](/badges/wildwolf-wp-jwt-auth/health.svg)

```
[![Health](https://phpackages.com/badges/wildwolf-wp-jwt-auth/health.svg)](https://phpackages.com/packages/wildwolf-wp-jwt-auth)
```

###  Alternatives

[vitalybaev/laravel5-dkim

Laravel 5/6 package for signing outgoing messages with DKIM.

3163.1k](/packages/vitalybaev-laravel5-dkim)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
