Enabling JWT Authentication on WordPress

There are lots of reasons a developer might have for Enabling JWT Authentication for their WordPress instance. Perhaps you are doing some automated migration, or maybe you are building an app that uses WordPress as a back-end with some other technology on the front-end, such as Vue or React. Whatever you might need JWT for, it’s a pretty simple process to enable. After enabling JWT authentication, you will be able to authenticate via scripts or other code bases to add, update, read, and delete data as you please.

Step 1: Modify Your .htaccess file

This step requires modification to the WordPress files. So beware if you aren’t familiar with this. This file is read by Apache, and it can make all sorts of things go wrong if you aren’t careful. Go ahead and add the following lines of code between the IfModule tags:

RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]

This code allows HTTP Authorization headers, which are disabled by WordPress out of the box.

Step 2: Install the JWT Authentication Plugin

After trying a few solutions, this plugin by Enrique Chavez ended up being the one that worked best. It has a few drawbacks in certain situations, but it was perfect for us. Notably, if you are using basic auth for your site, this plugin won’t work simply for you. There seem to be a few workarounds, but I haven’t tested them.

Log in to your WP admin page and go to Plugins. Search for JWT, and the first result should JWT Authentication for WP REST API. This is the one we want.

Step 3: Authenticate with JWT

With those steps out of the way, you can use whatever code language you want to authenticate with JWT. I have done this with Python and Javascript, both of which worked just fine. If you are interested in seeing an example of WordPress authentication with Node.js, check out this article.