We have created an OAuth server and an OAuth client plugin, which allows us to Single Sign On between two WordPress websites, where we can use the server’s authentication for login.
The Lana Passport – OAuth 2.0 Server is a premium WordPress plugin that can be purchased from CodeCanyon for $79.
The Lana Single Sign On – OAuth 2.0 Client is a WordPress plugin that can be downloaded from WordPress.org for free.
Lana Single Sign On was primarily created for the Lana Passport plugin.
We also wrote a Case Study on the development of plugins, which is quite an interesting read for everyone.
Audit and security
At Lana Codes, we always pay special attention to safety. We checked Lana Passport with PHP_CodeSniffer. We tested these plugins a lot, because these plugins do user authentication, which requires special development.
We also checked similar plugins in repositories and marketplaces and found a very high-rated vulnerability:
Simple Single Sign On by Dash10 Digital WordPress plugin Authentication Bypass:
OAuth Single Sign On – SSO (OAuth Client) by miniOrange WordPress plugin Authentication Bypass:
WP OAuth Server (Login with WordPress) by miniOrange WordPress plugin Authentication Bypass: