Getting Started/Web Development Platforms

Descope With WordPress

Add Descope's advanced authentication features to your WordPress site using our WordPress Plugin. This guide walks you through the integration process.

Watch our video tutorial for a live demonstration of the WordPress Plugin.

Installation

  1. Open your WordPress dashboard
  2. Navigate to Plugins --> Add New Plugin
  3. Search for "Descope"
  4. Click Install and then Activate

Install Descope Wordpress Plugin

Configuration

Basic Setup

  1. Go to the Descope Settings tab in your WordPress dashboard
  2. Under Descope Configuration, enter your Descope Project ID

SSO Setup (Optional)

If you plan to use SSO:

  1. Set up a SAML or OIDC Federated Application
  2. Navigate to the SSO Configuration tab in WordPress
  3. Enter your SAML/OIDC configuration details

Shortcodes

WordPress shortcodes let you add Embedded Flows, SAML/OIDC SSO, Google OneTap, Protected Pages, and Logout Buttons to your site.

Embedded Flows

Add authentication flows to any page using the [descope_wc] shortcode:

[descope_wc flow_id="sign-up-or-in"]

You can customize your flow to include any of our Authentication Methods from the Descope Console. If you don't specify a flow_id, the flow will default to "sign-up-or-in".

WordPress login page shortcode WordPress login page

SAML/OIDC SSO

First, make sure you have set up your federated app in your Descope console, as described in our Federated Applications guide.

Then, make sure to provide your SAML or OIDC Configuration Details in the Descope Settings page of your WordPress dashboard. Some values have been masked below, but make sure to provide all the values in the relevant column.

WordPress SSO config

Add the [saml_login_form] or [oidc_login_form] shortcode to your page to add the SSO capabilities.

WordPress SSO shortcodes

When the user is not logged in, the shortcode will display a login button, and when the user is logged in, a logout button will be displayed instead.

Google One Tap

Add Google One Tap authentication using the [onetap_form] shortcode:

[onetap_form provider_id="google"]

WordPress One Tap shortcode WordPress One Tap popup

Logout Button

Add a logout button that's only visible to authenticated users:

[logout_button]

WordPress Logout Button shortcode

Protected Page

Protect pages from unauthorized access using the [descope_protected_page] shortcode. Configure redirection behavior for unauthenticated users:

Basic Redirection

[descope_protected_page redirect_page_path="/login-page"]

Redirects unauthenticated users to another page, such as your login page.

OIDC Auto-Login

[descope_protected_page redirect_page_path="/oidc_login" return_to="/protected-content"]
  • Automatically initiates OIDC login for unauthenticated users
  • Optional return_to parameter specifies the post-authentication redirect

OIDC auto-login requires proper OIDC configuration.

User Syncing

The WordPress user table is the source of truth for your site's users. The user table is synced with Descope every 24 hours, but you can also manually sync users under Sync Users in the Descope Settings tab of your WordPress dashboard.

WordPress sync users

This is also where you can map WordPress custom fields to a Descope custom attribute you have already created. Any WordPress custom fields mapped here will show up in the Descope user table as custom attributes.

Was this helpful?

WeWeb

If you're using WeWeb to design and build your web applications, this tutorial will walk you through how to integrate Descope into your WeWeb website.

Business to Business (B2B)

Learn how to implement B2B use cases with Descope's multi-tenancy, tenant management, SSO, and user provisioning for robust applications.

On this page