Is JWT Authentication for WP REST API free?

Yes, JWT Authentication for WP REST API is free to use. It is available as a free plugin on WordPress.org.

How many websites use JWT Authentication for WP REST API?

JWT Authentication for WP REST API has 60K+ active installations as tracked by WordPress.org.

What are the best JWT Authentication for WP REST API alternatives?

Popular alternatives to JWT Authentication for WP REST API include JWT Auth – WordPress JSON Web Token…, Simple JWT Login – Allows you to use…, Firebase Authentication. You can compare them side-by-side on our comparison pages.

Does JWT Authentication for WP REST API work with the latest WordPress?

JWT Authentication for WP REST API has been tested up to WordPress 6.9.4. It requires WordPress 4.2+ and PHP 7.4.0+.

PluginSift

JWT Authentication for WP REST API

Name: JWT Authentication for WP REST API
Rating: 4.4 (53 reviews)
Author: tmeister

Extends the WP REST API using JSON Web Tokens Authentication as an authentication method.

By tmeister·Jwt·Free

4.4(53 reviews)

·60K+ active installs·Updated 1 month ago

Download Visit Homepage Compare

As of April 2026, JWT Authentication for WP REST API is a WordPress jwt plugin with 60K+ active installations and a 4.4/5 rating from 53 reviews. It has been downloaded 902K+ times in total. Requires WordPress 4.2+ and PHP 7.4.0+. Available on WordPress.org since 2015. Recently updated within the last 3 months. Downloads are down 21% this week. Top alternative: JWT Auth – WordPress JSON Web Token….

4.4/553 reviews

60K+active installs

902K+total downloads

11 yearssince 2015

Overview

This plugin seamlessly extends the WP REST API, enabling robust and secure authentication using JSON Web Tokens (JWT). It provides a straightforward way to authenticate users via the REST API, returning a standard JWT upon successful login.

Key features of this free version include:

Standard JWT Authentication: Implements the industry-standard RFC 7519 for secure claims representation.
Simple Endpoints: Offers clear /token and /token/validate endpoints for generating and validating tokens.
Configurable Secret Key: Define your unique secret key via wp-config.php for secure token signing.
Optional CORS Support: Easily enable Cross-Origin Resource Sharing support via a wp-config.php constant.
Developer Hooks: Provides filters (jwt_auth_expire, jwt_auth_token_before_sign, etc.) for customizi…

Read full description on WordPress.org

Ratings & Reviews

4.453 reviews

5 ★

4 ★

3 ★

2 ★

1 ★

Recent Reviews

Simple and Great

by hozayrayz·1 month ago

I currently have the free version, and it’s great and simple to use. I never had an issue with it.

it’s just sales

by dorf·2 months ago

they make it confusing and confounding on purpose

Works Very well & Paid support is great

by xmtek·6 months ago

The support guy is not a non-techie, so the support was actually helpful! The plugin works great and let me really extend the user system of my WP so it can act in a auth/auth capacity for the services behind it.

Upgrade message cannot be removed from my site.

by Bizberg Themes·10 months ago·1 reply

Upgrade message cannot be removed from my site.

This topic was modified 10 months, 3 weeks ago by Bizberg Themes.

Getting an Issue while generating a token at login time

by vaibhavk326·11 months ago·1 reply

Hi, actually I am trying to generate token at my login time using an wp_login hook but i am unable to do so, can you provide me any way to do it.

Tell me whether there is any buildin function is there that I can use.

add_action(‘wp_login’, function ($user_login, $user) {
if (!user_can($user, ‘dokandar’)) {
return;
}

$response = wp_remote_post(site_url('/wp-json/jwt-auth/v1/token'), [
    'body' => [
        'username' => $user_login,
        'password' => 'YOUR_DEFAULT_PASSWORD_IF_AVAILABLE', // Not ideal, see note below
    ],
]);

if (is_wp_error($response)) {
    error_log('Token request failed: ' . $response->get_error_message());
    return;
}

$body = json_decode(wp_remote_retrieve_body($response), true);

if (!empty($body['token'])) {
    update_user_meta($user->ID, 'vendor_jwt_token_key', $body['token']);
} else {
    error_log('JWT token missing: ' . json_encode($body));
}

}, 10, 2); I am using this thing but thing is password can’t be accessed directly in wordpress.

Download Trends

Today: 310Yesterday: 416This week: 3KPeriod total: 242K

Compatibility

WordPress	4.2+ requiredTested up to 6.9.4
PHP	7.4.0+ required

Version Adoption

v1.5

35.2%

v1.4

29.4%

v1.3

27.5%

v1.2

7.9%

Top Alternatives to JWT Authentication for WP REST API

JWT Auth – WordPress JSON Web Token…

56.0K+ installsUpdated 1 year ago

View Compare

Simple JWT Login – Allows you to use…

55.0K+ installsUpdated 3 weeks ago

View Compare

Firebase Authentication

4500 installsUpdated 10 months ago

View Compare

API Bearer Auth

5300 installsUpdated 3 months ago

View Compare

WP Login and Register using JWT

5200 installsUpdated 3 months ago

View Compare

View all jwt plugins →

Frequently Asked Questions

Changelog

1.5.0

Security: Updated dependencies to latest secure versions (deep-copy, php-parser, phpunit)
Feature: Smart upgrade prompts that appear based on actual plugin usage rather than immediately after installation
Feature: Usage-based notifications showing real token activity in the dashboard for more relevant upgrade recommendations
Improvement: Better first-time experience – new users won’t see upgrade prompts until they’ve had a chance to use the plugin
Fix: UTM tracking on upgrade links now works correctly to measure campaign effectiveness

View full changelog on WordPress.org

Contributors

tmeister

Plugin data sourced from WordPress.org. Analysis and metrics by PluginSift.

JWT Authentication for WP REST API

Extends the WP REST API using JSON Web Tokens Authentication as an authentication method.

By tmeister·Jwt·Free

4.4(53 reviews)

·60K+ active installs·Updated 1 month ago

Download Visit Homepage Compare

4.4/553 reviews

60K+active installs

902K+total downloads

11 yearssince 2015

Overview

Key features of this free version include:

Standard JWT Authentication: Implements the industry-standard RFC 7519 for secure claims representation.
Simple Endpoints: Offers clear /token and /token/validate endpoints for generating and validating tokens.
Configurable Secret Key: Define your unique secret key via wp-config.php for secure token signing.
Optional CORS Support: Easily enable Cross-Origin Resource Sharing support via a wp-config.php constant.
Developer Hooks: Provides filters (jwt_auth_expire, jwt_auth_token_before_sign, etc.) for customizi…

Read full description on WordPress.org

Ratings & Reviews

4.453 reviews

5 ★

4 ★

3 ★

2 ★

1 ★

Recent Reviews

Simple and Great

by hozayrayz·1 month ago

I currently have the free version, and it’s great and simple to use. I never had an issue with it.

it’s just sales

by dorf·2 months ago

they make it confusing and confounding on purpose

Works Very well & Paid support is great

by xmtek·6 months ago

Upgrade message cannot be removed from my site.

by Bizberg Themes·10 months ago·1 reply

Upgrade message cannot be removed from my site.

This topic was modified 10 months, 3 weeks ago by Bizberg Themes.

Getting an Issue while generating a token at login time

by vaibhavk326·11 months ago·1 reply

Hi, actually I am trying to generate token at my login time using an wp_login hook but i am unable to do so, can you provide me any way to do it.

Tell me whether there is any buildin function is there that I can use.

add_action(‘wp_login’, function ($user_login, $user) {
if (!user_can($user, ‘dokandar’)) {
return;
}

$response = wp_remote_post(site_url('/wp-json/jwt-auth/v1/token'), [
    'body' => [
        'username' => $user_login,
        'password' => 'YOUR_DEFAULT_PASSWORD_IF_AVAILABLE', // Not ideal, see note below
    ],
]);

if (is_wp_error($response)) {
    error_log('Token request failed: ' . $response->get_error_message());
    return;
}

$body = json_decode(wp_remote_retrieve_body($response), true);

if (!empty($body['token'])) {
    update_user_meta($user->ID, 'vendor_jwt_token_key', $body['token']);
} else {
    error_log('JWT token missing: ' . json_encode($body));
}

}, 10, 2); I am using this thing but thing is password can’t be accessed directly in wordpress.

Download Trends

Today: 310Yesterday: 416This week: 3KPeriod total: 242K

Compatibility

WordPress	4.2+ requiredTested up to 6.9.4
PHP	7.4.0+ required

Version Adoption

v1.5

35.2%

v1.4

29.4%

v1.3

27.5%

v1.2

7.9%

Top Alternatives to JWT Authentication for WP REST API

JWT Auth – WordPress JSON Web Token…

56.0K+ installsUpdated 1 year ago

View Compare

Simple JWT Login – Allows you to use…

55.0K+ installsUpdated 3 weeks ago

View Compare

Firebase Authentication

4500 installsUpdated 10 months ago

View Compare

API Bearer Auth

5300 installsUpdated 3 months ago

View Compare

WP Login and Register using JWT

5200 installsUpdated 3 months ago

View Compare

View all jwt plugins →

Frequently Asked Questions

Changelog

1.5.0

Security: Updated dependencies to latest secure versions (deep-copy, php-parser, phpunit)
Feature: Smart upgrade prompts that appear based on actual plugin usage rather than immediately after installation
Feature: Usage-based notifications showing real token activity in the dashboard for more relevant upgrade recommendations
Improvement: Better first-time experience – new users won’t see upgrade prompts until they’ve had a chance to use the plugin
Fix: UTM tracking on upgrade links now works correctly to measure campaign effectiveness

View full changelog on WordPress.org

Contributors

tmeister

Plugin data sourced from WordPress.org. Analysis and metrics by PluginSift.