Replace wp-login.php with messenger authentication — Telegram, WhatsApp, MAX. Match users by phone; password fallback enabled by default.
WordPress 5.8+, PHP 7.4+
1. Sign in to the Auth Cloud cabinet and create an application.
2. Connect at least one messenger bot (Telegram, WhatsApp or MAX).
3. Add your site origin (e.g. https://yoursite.com) to allowed domains.
4. Copy the application _id — you will enter it as Application ID in WordPress.
1. Download the plugin archive using the button above.
2. In WordPress admin go to Plugins → Add New → Upload Plugin.
3. Select antirius-auth-cloud.zip and click Install Now, then activate.
1. Go to Settings → Antirius Auth Cloud.
2. Enter the Antirius Auth Cloud URL (e.g. https://id.antirius.com) and Application ID.
3. Bind the administrator phone via the button in settings (required before enabling the plugin).
4. Optionally enable auto-create users and set the default role, then enable the plugin and save.
5. wp-login.php now shows the widget.
| Setting | Description |
|---|---|
| Antirius Auth Cloud URL | Base URL of your Auth Cloud instance (API, JWKS, default widget.js). |
| Widget script URL (optional) | Override widget.js URL; leave empty to use {Base URL}/widget.js. |
| Application ID | Application _id from the cabinet. |
| Auto-create users | Create a WordPress account if no user matches by phone. |
| Default role | Role for newly created users. |
| User matching | Phone only: WordPress user meta `phone` must match the number from Auth Cloud. |
| Hide password login on messenger screen | Opt-out checkbox. Unchecked (default) — backup link to wp-login.php?abc_bypass=1 is shown. Check only to hide the link. |
1. User opens wp-login.php → the plugin shows the Auth Cloud widget instead of the standard form.
2. User scans the QR code or opens a messenger link and confirms login in the bot.
3. The browser exchanges session_id; the plugin verifies JWT (RS256) via JWKS.
4. The plugin finds a user by phone meta or creates one (if enabled), then sets the auth cookie.
5. User is redirected to the dashboard or the original redirect_to URL.
A link to the standard WordPress login is shown on the messenger screen by default. You can also open it directly (cookie keeps bypass mode after form POST):
https://yoursite.com/wp-login.php?abc_bypass=1To hide the on-screen link, check “Hide password login on messenger screen” in plugin settings. The direct URL above still works unless you block it separately.
JWT is verified with the public key from JWKS (RS256); app_id in the token must match your Application ID. No shared secrets are stored in WordPress. The public key is cached as a transient.