Skip to main contentArrow Right
BlogArrow Right

Descope WordPress Plugin: Secure Auth, MFA, SSO & More

Company Updates
Anvi Headshot

Developer Relations Engineer

Share on:

Bluesky Social

Hello Descopers! Descope now offers a pre-built plugin for the WordPress content management system. WordPress sites of all sizes can utilize secure, frictionless, enterprise-grade authentication, multi-factor authentication (MFA), and single sign-on (SSO) capabilities through their Descope Project. Whether you're running a small blog or an enterprise site, the Descope WordPress Plugin offers all the tools you need to bolster security and improve user experience.

The plugin will be available in the WordPress Marketplace soon. In the meantime, you can download the plugin and follow simple setup instructions in our docs. The video below shows the plugin in action.

To learn more about how the plugin works and how you can benefit from it, keep reading. We'll explore why secure authentication is crucial for WordPress sites, dive deeper into the plugin's capabilities, and walk you through practical use cases for adding customer authentication and SSO.

The world runs on WordPress

After nearly two decades in the marketplace, WordPress remains one of the most popular tools for creating and maintaining websites and storefronts. According to W3Techs and Barn2, WordPress powers nearly half (43.5%) of all websites, including many high-traffic and notable sites like The TED Blog, Reuters, The New Yorker, and Vogue. Its flexibility, ease of use, and scalability have made it the go-to platform for bloggers, businesses, and developers alike.

However, WordPress sites, especially those using default or outdated authentication methods, are vulnerable to security threats like brute force attacks, account takeover, and phishing. That’s why it’s critical to prioritize secure, user-friendly authentication, and the Descope WordPress Plugin is the perfect solution for that.

Introducing the Descope WordPress Plugin

The Descope WordPress Plugin provides a comprehensive suite of authentication tools designed to enhance both security and user experience. Here’s what you can achieve with the plugin:

  • Fast and easy implementation of various passwordless authentication methods (magic links, social login, OTP, etc.)

  • Phishing-resistant MFA options like passkeys for strong security

  • SAML / OIDC SSO capabilities for a unified experience across apps

  • Customizable authentication flows to match your users and brand

  • Protection against account takeover attempts and other credential-based attacks

You can find detailed instructions and documentation for the plugin in our documentation, but setup is straightforward. Once installed, you can manage and customize all aspects of your authentication flows directly from the Descope Console.

Plugin setup instructions

  1. Download the plugin: Download the plugin as a ZIP file from the Descope GitHub repository.

  2. Install the plugin: Install the plugin on your WordPress Admin dashboard by uploading the ZIP file.

  3. Activate the plugin: Go to the "Plugins" section in your WordPress dashboard and activate Descope.

  4. Configure your authentication: Use the Descope Console to configure your preferred authentication methods (passwordless, MFA, SSO).

  5. Add your project details: Add your project details in the Descope Settings tab of your WordPress site.

  6. Embed login flows: Add Descope login flows to your WordPress site using simple shortcodes.

Once you’ve followed these steps, your WordPress site will have enterprise-grade authentication up and running!

In the next two sections, we will use our sample WordPress site and show how easily you can add customer authentication and SSO to it using our plugin.

Use case: social login

For websites focused on customer experience, providing social login options is a great way to reduce the cognitive load on users. The Descope plugin supports social login from platforms like Google, Microsoft, Facebook, and Apple, allowing users to log in to your site with their existing accounts on these platforms. This reduces friction and offers a user-friendly, familiar experience.

All you need to do is add the shortcode with your Descope Flow ID to the WordPress page where you would like your users to log in...

…which runs the “Sign Up Or In” Flow…

…which shows your end users a natively embedded login form aligned with your brand.

In addition to social login, Descope supports other passwordless authentication methods, including magic links, one-time passwords (OTP), passkeys, and SAML SSO (as we will showcase below). You can easily configure multiple methods within the Descope Console, giving your users flexibility in how they choose to log in.

Use case: SAML SSO

Organizations with multiple web presences or integrated systems often require SSO to improve user experience and streamline access management. For example, a company might have a corporate site hosted on a different platform but run their WordPress site as a separate instance.

Fig: An example of WordPress SSO

With SAML SSO from Descope, login for these sites can be integrated so that users only need to authenticate once to gain access to both the main site and the WordPress site.

To set up SAML SSO on your WordPress site, you must first set up an SSO application in your Descope Console. This is how you define your Identity Provider. Then, you can set up connection details in the Descope Configuration page of your WordPress Admin Console as shown below (some fields have been masked in the screenshot).

Fig: Configuring SSO settings in the WordPress Admin Console

Finally, to add SSO to your WordPress site, simply add the saml_login_form shortcode to your main page as shown below.

If your user is logged in to another application with the same Identity Provider as your WordPress site, they will be able to access the WordPress site without having to enter their credentials again. Moreover, if the user is already logged in to the WordPress site, they will be able to access the other application without having to re-enter their credentials there.

Why choose Descope for WordPress sites?

The default WordPress login functionality is basic and restrictive, often relying solely on usernames and passwords. Descope offers a modern, flexible, more robust alternative to WordPress’s default authentication, allowing site owners to implement advanced security features such as MFA, passwordless login, and SAML SSO, without the need to build it and maintain it themselves.

Many WordPress plugins offer one or two authentication features, but Descope consolidates several capabilities into one powerful, easy-to-use tool. Whether you need MFA, SSO, social login, or magic links, Descope provides a complete solution that can be dropped directly onto your WordPress site. It’s designed to be flexible and customizable for developers, yet simple enough for non-technical users to manage.

Conclusion

The Descope WordPress Plugin is the ideal solution for anyone looking to improve the security and user experience of their WordPress site. With advanced features like passwordless login, MFA, and SSO, you can protect your site while providing a seamless experience for your users.

Download the Descope WordPress Plugin today and check out our documentation to start building a more secure, user-friendly WordPress experience. Have more questions about Descope? Book a demo with our team or join AuthTown, our user community that’s forever online!

Liked what you saw?

Check out these posts next

How Descope Uses Descope for Customer Authentication

Read moreArrow Right

Adding Zendesk SSO (and More) With Descope

Read moreArrow Right

Google One Tap For Your App With Descope

Read moreArrow Right
Chat with Sales

Anonymously - no Slack account required

Users Love Us BadgeLeave a Descope review

All systems operational

Copyright © Descope Inc. All rights reserved.